keycloak-admin 1.1.4 → 1.1.5

data/lib/keycloak-admin/client/client_authz_permission_client.rb

@@ -1,81 +1,81 @@
-module KeycloakAdmin
-  class ClientAuthzPermissionClient < Client
-    def initialize(configuration, realm_client, client_id, type, resource_id = nil)
-      super(configuration)
-      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
-      raise ArgumentError.new("bad permission type") if !resource_id && !%i[resource scope].include?(type.to_sym)
-
-      @realm_client = realm_client
-      @client_id = client_id
-      @type = type
-      @resource_id = resource_id
-    end
-
-    def delete(permission_id)
-      execute_http do
-        RestClient::Resource.new(authz_permission_url(@client_id, nil, nil, permission_id), @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def find_by(name, resource, scope = nil)
-      response = execute_http do
-        url = "#{authz_permission_url(@client_id)}?name=#{name}&resource=#{resource}&type=#{@type}&scope=#{scope}&deep=true&first=0&max=100"
-        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzPermissionRepresentation.from_hash(role_as_hash) }
-    end
-
-    def create!(name, description, decision_strategy,logic = "POSITIVE", resources = [], policies = [], scopes = [], resource_type = nil)
-      response = save(build(name, description, decision_strategy, logic, resources, policies, scopes, resource_type))
-      ClientAuthzPermissionRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def save(permission_representation)
-      execute_http do
-        RestClient::Resource.new(authz_permission_url(@client_id, nil, permission_representation.type), @configuration.rest_client_options).post(
-          create_payload(permission_representation), headers
-        )
-      end
-    end
-
-    def list
-      response = execute_http do
-        RestClient::Resource.new(authz_permission_url(@client_id, @resource_id), @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzPermissionRepresentation.from_hash(role_as_hash) }
-    end
-
-    def get(permission_id)
-      response = execute_http do
-        RestClient::Resource.new(authz_permission_url(@client_id, nil, @type, permission_id), @configuration.rest_client_options).get(headers)
-      end
-      ClientAuthzPermissionRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def authz_permission_url(client_id, resource_id = nil, type = nil, id = nil)
-      if resource_id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{resource_id}/permissions"
-      elsif id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/permission/#{type}/#{id}"
-      else
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/permission/#{type}"
-      end
-    end
-
-    def build(name, description, decision_strategy, logic, resources, policies, scopes, resource_type)
-      policy                   = ClientAuthzPermissionRepresentation.new
-      policy.name              = name
-      policy.description       = description
-      policy.type              = @type
-      policy.decision_strategy = decision_strategy
-      policy.resource_type     = resource_type
-      policy.resources         = resources
-      policy.policies          = policies
-      policy.scopes            = scopes
-      policy.logic             = logic
-      policy
-    end
-
-  end
+module KeycloakAdmin
+  class ClientAuthzPermissionClient < Client
+    def initialize(configuration, realm_client, client_id, type, resource_id = nil)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      raise ArgumentError.new("bad permission type") if !resource_id && !%i[resource scope].include?(type.to_sym)
+
+      @realm_client = realm_client
+      @client_id = client_id
+      @type = type
+      @resource_id = resource_id
+    end
+
+    def delete(permission_id)
+      execute_http do
+        RestClient::Resource.new(authz_permission_url(@client_id, nil, nil, permission_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def find_by(name, resource, scope = nil)
+      response = execute_http do
+        url = "#{authz_permission_url(@client_id)}?name=#{name}&resource=#{resource}&type=#{@type}&scope=#{scope}&deep=true&first=0&max=100"
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzPermissionRepresentation.from_hash(role_as_hash) }
+    end
+
+    def create!(name, description, decision_strategy,logic = "POSITIVE", resources = [], policies = [], scopes = [], resource_type = nil)
+      response = save(build(name, description, decision_strategy, logic, resources, policies, scopes, resource_type))
+      ClientAuthzPermissionRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def save(permission_representation)
+      execute_http do
+        RestClient::Resource.new(authz_permission_url(@client_id, nil, permission_representation.type), @configuration.rest_client_options).post(
+          create_payload(permission_representation), headers
+        )
+      end
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(authz_permission_url(@client_id, @resource_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzPermissionRepresentation.from_hash(role_as_hash) }
+    end
+
+    def get(permission_id)
+      response = execute_http do
+        RestClient::Resource.new(authz_permission_url(@client_id, nil, @type, permission_id), @configuration.rest_client_options).get(headers)
+      end
+      ClientAuthzPermissionRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def authz_permission_url(client_id, resource_id = nil, type = nil, id = nil)
+      if resource_id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{resource_id}/permissions"
+      elsif id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/permission/#{type}/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/permission/#{type}"
+      end
+    end
+
+    def build(name, description, decision_strategy, logic, resources, policies, scopes, resource_type)
+      policy                   = ClientAuthzPermissionRepresentation.new
+      policy.name              = name
+      policy.description       = description
+      policy.type              = @type
+      policy.decision_strategy = decision_strategy
+      policy.resource_type     = resource_type
+      policy.resources         = resources
+      policy.policies          = policies
+      policy.scopes            = scopes
+      policy.logic             = logic
+      policy
+    end
+
+  end
 end

data/lib/keycloak-admin/client/client_authz_policy_client.rb

@@ -1,76 +1,76 @@
-module KeycloakAdmin
-  class ClientAuthzPolicyClient < Client
-    def initialize(configuration, realm_client, client_id, type)
-      super(configuration)
-      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
-      raise ArgumentError.new("type must be defined") unless type
-      raise ArgumentError.new("only 'role' policies supported") unless type.to_sym == :role
-
-      @realm_client = realm_client
-      @client_id = client_id
-      @type = type
-    end
-
-    def create!(name, description, type, logic, decision_strategy, fetch_roles, roles)
-      response = save(build(name, description, type, logic, decision_strategy, fetch_roles, roles))
-      ClientAuthzPolicyRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def save(policy_representation)
-      execute_http do
-        RestClient::Resource.new(authz_policy_url(@client_id, @type), @configuration.rest_client_options).post(
-          create_payload(policy_representation), headers
-        )
-      end
-    end
-
-    def get(policy_id)
-      response = execute_http do
-        RestClient::Resource.new(authz_policy_url(@client_id, @type, policy_id), @configuration.rest_client_options).get(headers)
-      end
-      ClientAuthzPolicyRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def find_by(name, type)
-      response = execute_http do
-        url = "#{authz_policy_url(@client_id, @type)}?permission=false&name=#{name}&type=#{type}&first=0&max=11"
-        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzPolicyRepresentation.from_hash(role_as_hash) }
-    end
-
-    def delete(policy_id)
-      execute_http do
-        RestClient::Resource.new(authz_policy_url(@client_id, @type, policy_id), @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def list
-      response = execute_http do
-        RestClient::Resource.new(authz_policy_url(@client_id, @type), @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzPolicyRepresentation.from_hash(role_as_hash) }
-    end
-
-    def authz_policy_url(client_id, type, id = nil)
-      if id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/policy/#{type}/#{id}"
-      else
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/policy/#{type}?permission=false"
-      end
-    end
-
-    def build(name, description, type, logic, decision_strategy, fetch_roles, roles=[])
-      policy                   = ClientAuthzPolicyRepresentation.new
-      policy.name              = name
-      policy.description       = description
-      policy.type              = type
-      policy.logic             = logic
-      policy.decision_strategy = decision_strategy
-      policy.fetch_roles       = fetch_roles
-      policy.roles             = roles
-      policy
-    end
-  end
+module KeycloakAdmin
+  class ClientAuthzPolicyClient < Client
+    def initialize(configuration, realm_client, client_id, type)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      raise ArgumentError.new("type must be defined") unless type
+      raise ArgumentError.new("only 'role' policies supported") unless type.to_sym == :role
+
+      @realm_client = realm_client
+      @client_id = client_id
+      @type = type
+    end
+
+    def create!(name, description, type, logic, decision_strategy, fetch_roles, roles)
+      response = save(build(name, description, type, logic, decision_strategy, fetch_roles, roles))
+      ClientAuthzPolicyRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def save(policy_representation)
+      execute_http do
+        RestClient::Resource.new(authz_policy_url(@client_id, @type), @configuration.rest_client_options).post(
+          create_payload(policy_representation), headers
+        )
+      end
+    end
+
+    def get(policy_id)
+      response = execute_http do
+        RestClient::Resource.new(authz_policy_url(@client_id, @type, policy_id), @configuration.rest_client_options).get(headers)
+      end
+      ClientAuthzPolicyRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def find_by(name, type)
+      response = execute_http do
+        url = "#{authz_policy_url(@client_id, @type)}?permission=false&name=#{name}&type=#{type}&first=0&max=11"
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzPolicyRepresentation.from_hash(role_as_hash) }
+    end
+
+    def delete(policy_id)
+      execute_http do
+        RestClient::Resource.new(authz_policy_url(@client_id, @type, policy_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(authz_policy_url(@client_id, @type), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzPolicyRepresentation.from_hash(role_as_hash) }
+    end
+
+    def authz_policy_url(client_id, type, id = nil)
+      if id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/policy/#{type}/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/policy/#{type}?permission=false"
+      end
+    end
+
+    def build(name, description, type, logic, decision_strategy, fetch_roles, roles=[])
+      policy                   = ClientAuthzPolicyRepresentation.new
+      policy.name              = name
+      policy.description       = description
+      policy.type              = type
+      policy.logic             = logic
+      policy.decision_strategy = decision_strategy
+      policy.fetch_roles       = fetch_roles
+      policy.roles             = roles
+      policy
+    end
+  end
 end

data/lib/keycloak-admin/client/client_authz_resource_client.rb

@@ -1,93 +1,93 @@
-module KeycloakAdmin
-  class ClientAuthzResourceClient < Client
-    def initialize(configuration, realm_client, client_id)
-      super(configuration)
-      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
-      @realm_client = realm_client
-      @client_id = client_id
-    end
-
-    def list
-      response = execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id), @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzResourceRepresentation.from_hash(role_as_hash) }
-    end
-
-    def get(resource_id)
-      response = execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).get(headers)
-      end
-      ClientAuthzResourceRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def update(resource_id, client_authz_resource_representation)
-      raise "scope[:name] is mandatory and the only necessary attribute to add scope to resource" if client_authz_resource_representation[:scopes] && client_authz_resource_representation[:scopes].any?{|a| !a[:name]}
-
-      existing_resource = get(resource_id)
-      new_resource = build(
-        client_authz_resource_representation[:name] || existing_resource.name,
-        client_authz_resource_representation[:type] || existing_resource.type,
-        (client_authz_resource_representation[:uris] || [] ) + existing_resource.uris,
-        client_authz_resource_representation[:owner_managed_access] || existing_resource.owner_managed_access,
-        client_authz_resource_representation[:display_name] || existing_resource.display_name,
-        (client_authz_resource_representation[:scopes] || []) + existing_resource.scopes.map{|s| {name: s.name}},
-        client_authz_resource_representation[:attributes] || existing_resource.attributes
-      )
-
-      execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).put(new_resource.to_json, headers)
-      end
-      get(resource_id)
-    end
-
-    def create!(name, type, uris, owner_managed_access, display_name, scopes, attributes = {})
-      save(build(name, type, uris, owner_managed_access, display_name, scopes, attributes))
-    end
-
-    def find_by(name, type, uris, owner, scope)
-      response = execute_http do
-        url = "#{authz_resources_url(@client_id)}?name=#{name}&type=#{type}&uris=#{uris}&owner=#{owner}&scope=#{scope}&deep=true&first=0&max=100"
-        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzResourceRepresentation.from_hash(role_as_hash) }
-    end
-
-    def save(client_authz_resource_representation)
-      response = execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id), @configuration.rest_client_options).post(client_authz_resource_representation.to_json, headers)
-      end
-      ClientAuthzResourceRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def delete(resource_id)
-      execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def authz_resources_url(client_id, id = nil)
-      if id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{id}"
-      else
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource"
-      end
-    end
-
-    private
-
-    def build(name, type, uris, owner_managed_access, display_name, scopes, attributes={})
-      resource                      = ClientAuthzResourceRepresentation.new
-      resource.name                 = name
-      resource.type                 = type
-      resource.uris                 = uris
-      resource.owner_managed_access = owner_managed_access
-      resource.display_name         = display_name
-      resource.scopes               = scopes
-      resource.attributes           = attributes || {}
-      resource
-    end
-
-  end
+module KeycloakAdmin
+  class ClientAuthzResourceClient < Client
+    def initialize(configuration, realm_client, client_id)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+      @client_id = client_id
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzResourceRepresentation.from_hash(role_as_hash) }
+    end
+
+    def get(resource_id)
+      response = execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).get(headers)
+      end
+      ClientAuthzResourceRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def update(resource_id, client_authz_resource_representation)
+      raise "scope[:name] is mandatory and the only necessary attribute to add scope to resource" if client_authz_resource_representation[:scopes] && client_authz_resource_representation[:scopes].any?{|a| !a[:name]}
+
+      existing_resource = get(resource_id)
+      new_resource = build(
+        client_authz_resource_representation[:name] || existing_resource.name,
+        client_authz_resource_representation[:type] || existing_resource.type,
+        (client_authz_resource_representation[:uris] || [] ) + existing_resource.uris,
+        client_authz_resource_representation[:owner_managed_access] || existing_resource.owner_managed_access,
+        client_authz_resource_representation[:display_name] || existing_resource.display_name,
+        (client_authz_resource_representation[:scopes] || []) + existing_resource.scopes.map{|s| {name: s.name}},
+        client_authz_resource_representation[:attributes] || existing_resource.attributes
+      )
+
+      execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).put(new_resource.to_json, headers)
+      end
+      get(resource_id)
+    end
+
+    def create!(name, type, uris, owner_managed_access, display_name, scopes, attributes = {})
+      save(build(name, type, uris, owner_managed_access, display_name, scopes, attributes))
+    end
+
+    def find_by(name, type, uris, owner, scope)
+      response = execute_http do
+        url = "#{authz_resources_url(@client_id)}?name=#{name}&type=#{type}&uris=#{uris}&owner=#{owner}&scope=#{scope}&deep=true&first=0&max=100"
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzResourceRepresentation.from_hash(role_as_hash) }
+    end
+
+    def save(client_authz_resource_representation)
+      response = execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id), @configuration.rest_client_options).post(client_authz_resource_representation.to_json, headers)
+      end
+      ClientAuthzResourceRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def delete(resource_id)
+      execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def authz_resources_url(client_id, id = nil)
+      if id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource"
+      end
+    end
+
+    private
+
+    def build(name, type, uris, owner_managed_access, display_name, scopes, attributes={})
+      resource                      = ClientAuthzResourceRepresentation.new
+      resource.name                 = name
+      resource.type                 = type
+      resource.uris                 = uris
+      resource.owner_managed_access = owner_managed_access
+      resource.display_name         = display_name
+      resource.scopes               = scopes
+      resource.attributes           = attributes || {}
+      resource
+    end
+
+  end
 end

data/lib/keycloak-admin/client/client_authz_scope_client.rb

@@ -1,71 +1,71 @@
-module KeycloakAdmin
-  class ClientAuthzScopeClient < Client
-    def initialize(configuration, realm_client, client_id, resource_id = nil)
-      super(configuration)
-      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
-      @realm_client = realm_client
-      @client_id = client_id
-      @resource_id = resource_id
-    end
-
-    def create!(name, display_name, icon_uri)
-      response = save(build(name, display_name, icon_uri))
-      ClientAuthzScopeRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def list
-      response = execute_http do
-        RestClient::Resource.new(authz_scopes_url(@client_id, @resource_id), @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzScopeRepresentation.from_hash(role_as_hash) }
-    end
-
-    def delete(scope_id)
-      execute_http do
-        RestClient::Resource.new(authz_scopes_url(@client_id, nil, scope_id), @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def get(scope_id)
-      response = execute_http do
-        RestClient::Resource.new(authz_scopes_url(@client_id, nil, scope_id), @configuration.rest_client_options).get(headers)
-      end
-      ClientAuthzScopeRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def search(name)
-      url = "#{authz_scopes_url(@client_id)}?first=0&max=11&deep=false&name=#{name}"
-      response = execute_http do
-        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzScopeRepresentation.from_hash(role_as_hash) }
-    end
-
-    def authz_scopes_url(client_id, resource_id = nil, id = nil)
-      if resource_id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{resource_id}/scopes"
-      elsif id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/scope/#{id}"
-      else
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/scope"
-      end
-    end
-
-    def save(scope_representation)
-      execute_http do
-        RestClient::Resource.new(authz_scopes_url(@client_id), @configuration.rest_client_options).post(
-          create_payload(scope_representation), headers
-        )
-      end
-    end
-
-    def build(name, display_name, icon_uri)
-      scope              = ClientAuthzScopeRepresentation.new
-      scope.name         = name
-      scope.icon_uri     = icon_uri
-      scope.display_name = display_name
-      scope
-    end
-  end
+module KeycloakAdmin
+  class ClientAuthzScopeClient < Client
+    def initialize(configuration, realm_client, client_id, resource_id = nil)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+      @client_id = client_id
+      @resource_id = resource_id
+    end
+
+    def create!(name, display_name, icon_uri)
+      response = save(build(name, display_name, icon_uri))
+      ClientAuthzScopeRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(authz_scopes_url(@client_id, @resource_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzScopeRepresentation.from_hash(role_as_hash) }
+    end
+
+    def delete(scope_id)
+      execute_http do
+        RestClient::Resource.new(authz_scopes_url(@client_id, nil, scope_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def get(scope_id)
+      response = execute_http do
+        RestClient::Resource.new(authz_scopes_url(@client_id, nil, scope_id), @configuration.rest_client_options).get(headers)
+      end
+      ClientAuthzScopeRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def search(name)
+      url = "#{authz_scopes_url(@client_id)}?first=0&max=11&deep=false&name=#{name}"
+      response = execute_http do
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzScopeRepresentation.from_hash(role_as_hash) }
+    end
+
+    def authz_scopes_url(client_id, resource_id = nil, id = nil)
+      if resource_id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{resource_id}/scopes"
+      elsif id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/scope/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/scope"
+      end
+    end
+
+    def save(scope_representation)
+      execute_http do
+        RestClient::Resource.new(authz_scopes_url(@client_id), @configuration.rest_client_options).post(
+          create_payload(scope_representation), headers
+        )
+      end
+    end
+
+    def build(name, display_name, icon_uri)
+      scope              = ClientAuthzScopeRepresentation.new
+      scope.name         = name
+      scope.icon_uri     = icon_uri
+      scope.display_name = display_name
+      scope
+    end
+  end
 end