keycloak-admin 1.1.4 → 1.1.6

data/lib/keycloak-admin/client/client.rb

@@ -1,56 +1,56 @@
-module KeycloakAdmin
-  class Client
-
-    def initialize(configuration)
-      @configuration = configuration
-    end
-
-    def server_url
-      @configuration.server_url
-    end
-
-    def current_token
-      @current_token ||= KeycloakAdmin.create_client(@configuration, @configuration.client_realm_name).token.get
-    end
-
-    def headers
-      {
-        Authorization: "Bearer #{current_token.access_token}",
-        content_type: :json,
-        accept:       :json
-      }
-    end
-
-    def execute_http
-      yield
-    rescue RestClient::Exceptions::Timeout => e
-      raise
-    rescue RestClient::ExceptionWithResponse => e
-      http_error(e.response)
-    end
-
-    def created_id(response)
-      unless response.net_http_res.is_a? Net::HTTPCreated
-        raise "Create method returned status #{response.net_http_res.message} (Code: #{response.net_http_res.code}); expected status: Created (201)"
-      end
-      (_head, _separator, id) = response.headers[:location].rpartition("/")
-      id
-    end
-
-    def create_payload(value)
-      if value.nil?
-        ""
-      elsif value.kind_of?(Array)
-        "[#{value.map(&:to_json) * ","}]"
-      else
-        value.to_json
-      end
-    end
-
-    private
-
-    def http_error(response)
-      raise "Keycloak: The request failed with response code #{response.code} and message: #{response.body}"
-    end
-  end
-end
+module KeycloakAdmin
+  class Client
+
+    def initialize(configuration)
+      @configuration = configuration
+    end
+
+    def server_url
+      @configuration.server_url
+    end
+
+    def current_token
+      @current_token ||= KeycloakAdmin.create_client(@configuration, @configuration.client_realm_name).token.get
+    end
+
+    def headers
+      {
+        Authorization: "Bearer #{current_token.access_token}",
+        content_type: :json,
+        accept:       :json
+      }
+    end
+
+    def execute_http
+      yield
+    rescue RestClient::Exceptions::Timeout => e
+      raise
+    rescue RestClient::ExceptionWithResponse => e
+      http_error(e.response)
+    end
+
+    def created_id(response)
+      unless response.net_http_res.is_a? Net::HTTPCreated
+        raise "Create method returned status #{response.net_http_res.message} (Code: #{response.net_http_res.code}); expected status: Created (201)"
+      end
+      (_head, _separator, id) = response.headers[:location].rpartition("/")
+      id
+    end
+
+    def create_payload(value)
+      if value.nil?
+        ""
+      elsif value.kind_of?(Array)
+        "[#{value.map(&:to_json) * ","}]"
+      else
+        value.to_json
+      end
+    end
+
+    private
+
+    def http_error(response)
+      raise "Keycloak: The request failed with response code #{response.code} and message: #{response.body}"
+    end
+  end
+end

data/lib/keycloak-admin/client/client_authz_permission_client.rb

@@ -1,81 +1,81 @@
-module KeycloakAdmin
-  class ClientAuthzPermissionClient < Client
-    def initialize(configuration, realm_client, client_id, type, resource_id = nil)
-      super(configuration)
-      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
-      raise ArgumentError.new("bad permission type") if !resource_id && !%i[resource scope].include?(type.to_sym)
-
-      @realm_client = realm_client
-      @client_id = client_id
-      @type = type
-      @resource_id = resource_id
-    end
-
-    def delete(permission_id)
-      execute_http do
-        RestClient::Resource.new(authz_permission_url(@client_id, nil, nil, permission_id), @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def find_by(name, resource, scope = nil)
-      response = execute_http do
-        url = "#{authz_permission_url(@client_id)}?name=#{name}&resource=#{resource}&type=#{@type}&scope=#{scope}&deep=true&first=0&max=100"
-        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzPermissionRepresentation.from_hash(role_as_hash) }
-    end
-
-    def create!(name, description, decision_strategy,logic = "POSITIVE", resources = [], policies = [], scopes = [], resource_type = nil)
-      response = save(build(name, description, decision_strategy, logic, resources, policies, scopes, resource_type))
-      ClientAuthzPermissionRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def save(permission_representation)
-      execute_http do
-        RestClient::Resource.new(authz_permission_url(@client_id, nil, permission_representation.type), @configuration.rest_client_options).post(
-          create_payload(permission_representation), headers
-        )
-      end
-    end
-
-    def list
-      response = execute_http do
-        RestClient::Resource.new(authz_permission_url(@client_id, @resource_id), @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzPermissionRepresentation.from_hash(role_as_hash) }
-    end
-
-    def get(permission_id)
-      response = execute_http do
-        RestClient::Resource.new(authz_permission_url(@client_id, nil, @type, permission_id), @configuration.rest_client_options).get(headers)
-      end
-      ClientAuthzPermissionRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def authz_permission_url(client_id, resource_id = nil, type = nil, id = nil)
-      if resource_id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{resource_id}/permissions"
-      elsif id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/permission/#{type}/#{id}"
-      else
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/permission/#{type}"
-      end
-    end
-
-    def build(name, description, decision_strategy, logic, resources, policies, scopes, resource_type)
-      policy                   = ClientAuthzPermissionRepresentation.new
-      policy.name              = name
-      policy.description       = description
-      policy.type              = @type
-      policy.decision_strategy = decision_strategy
-      policy.resource_type     = resource_type
-      policy.resources         = resources
-      policy.policies          = policies
-      policy.scopes            = scopes
-      policy.logic             = logic
-      policy
-    end
-
-  end
+module KeycloakAdmin
+  class ClientAuthzPermissionClient < Client
+    def initialize(configuration, realm_client, client_id, type, resource_id = nil)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      raise ArgumentError.new("bad permission type") if !resource_id && !%i[resource scope].include?(type.to_sym)
+
+      @realm_client = realm_client
+      @client_id = client_id
+      @type = type
+      @resource_id = resource_id
+    end
+
+    def delete(permission_id)
+      execute_http do
+        RestClient::Resource.new(authz_permission_url(@client_id, nil, nil, permission_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def find_by(name, resource, scope = nil)
+      response = execute_http do
+        url = "#{authz_permission_url(@client_id)}?name=#{name}&resource=#{resource}&type=#{@type}&scope=#{scope}&deep=true&first=0&max=100"
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzPermissionRepresentation.from_hash(role_as_hash) }
+    end
+
+    def create!(name, description, decision_strategy,logic = "POSITIVE", resources = [], policies = [], scopes = [], resource_type = nil)
+      response = save(build(name, description, decision_strategy, logic, resources, policies, scopes, resource_type))
+      ClientAuthzPermissionRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def save(permission_representation)
+      execute_http do
+        RestClient::Resource.new(authz_permission_url(@client_id, nil, permission_representation.type), @configuration.rest_client_options).post(
+          create_payload(permission_representation), headers
+        )
+      end
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(authz_permission_url(@client_id, @resource_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzPermissionRepresentation.from_hash(role_as_hash) }
+    end
+
+    def get(permission_id)
+      response = execute_http do
+        RestClient::Resource.new(authz_permission_url(@client_id, nil, @type, permission_id), @configuration.rest_client_options).get(headers)
+      end
+      ClientAuthzPermissionRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def authz_permission_url(client_id, resource_id = nil, type = nil, id = nil)
+      if resource_id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{resource_id}/permissions"
+      elsif id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/permission/#{type}/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/permission/#{type}"
+      end
+    end
+
+    def build(name, description, decision_strategy, logic, resources, policies, scopes, resource_type)
+      policy                   = ClientAuthzPermissionRepresentation.new
+      policy.name              = name
+      policy.description       = description
+      policy.type              = @type
+      policy.decision_strategy = decision_strategy
+      policy.resource_type     = resource_type
+      policy.resources         = resources
+      policy.policies          = policies
+      policy.scopes            = scopes
+      policy.logic             = logic
+      policy
+    end
+
+  end
 end

data/lib/keycloak-admin/client/client_authz_policy_client.rb

@@ -1,76 +1,76 @@
-module KeycloakAdmin
-  class ClientAuthzPolicyClient < Client
-    def initialize(configuration, realm_client, client_id, type)
-      super(configuration)
-      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
-      raise ArgumentError.new("type must be defined") unless type
-      raise ArgumentError.new("only 'role' policies supported") unless type.to_sym == :role
-
-      @realm_client = realm_client
-      @client_id = client_id
-      @type = type
-    end
-
-    def create!(name, description, type, logic, decision_strategy, fetch_roles, roles)
-      response = save(build(name, description, type, logic, decision_strategy, fetch_roles, roles))
-      ClientAuthzPolicyRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def save(policy_representation)
-      execute_http do
-        RestClient::Resource.new(authz_policy_url(@client_id, @type), @configuration.rest_client_options).post(
-          create_payload(policy_representation), headers
-        )
-      end
-    end
-
-    def get(policy_id)
-      response = execute_http do
-        RestClient::Resource.new(authz_policy_url(@client_id, @type, policy_id), @configuration.rest_client_options).get(headers)
-      end
-      ClientAuthzPolicyRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def find_by(name, type)
-      response = execute_http do
-        url = "#{authz_policy_url(@client_id, @type)}?permission=false&name=#{name}&type=#{type}&first=0&max=11"
-        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzPolicyRepresentation.from_hash(role_as_hash) }
-    end
-
-    def delete(policy_id)
-      execute_http do
-        RestClient::Resource.new(authz_policy_url(@client_id, @type, policy_id), @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def list
-      response = execute_http do
-        RestClient::Resource.new(authz_policy_url(@client_id, @type), @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzPolicyRepresentation.from_hash(role_as_hash) }
-    end
-
-    def authz_policy_url(client_id, type, id = nil)
-      if id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/policy/#{type}/#{id}"
-      else
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/policy/#{type}?permission=false"
-      end
-    end
-
-    def build(name, description, type, logic, decision_strategy, fetch_roles, roles=[])
-      policy                   = ClientAuthzPolicyRepresentation.new
-      policy.name              = name
-      policy.description       = description
-      policy.type              = type
-      policy.logic             = logic
-      policy.decision_strategy = decision_strategy
-      policy.fetch_roles       = fetch_roles
-      policy.roles             = roles
-      policy
-    end
-  end
+module KeycloakAdmin
+  class ClientAuthzPolicyClient < Client
+    def initialize(configuration, realm_client, client_id, type)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      raise ArgumentError.new("type must be defined") unless type
+      raise ArgumentError.new("only 'role' policies supported") unless type.to_sym == :role
+
+      @realm_client = realm_client
+      @client_id = client_id
+      @type = type
+    end
+
+    def create!(name, description, type, logic, decision_strategy, fetch_roles, roles)
+      response = save(build(name, description, type, logic, decision_strategy, fetch_roles, roles))
+      ClientAuthzPolicyRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def save(policy_representation)
+      execute_http do
+        RestClient::Resource.new(authz_policy_url(@client_id, @type), @configuration.rest_client_options).post(
+          create_payload(policy_representation), headers
+        )
+      end
+    end
+
+    def get(policy_id)
+      response = execute_http do
+        RestClient::Resource.new(authz_policy_url(@client_id, @type, policy_id), @configuration.rest_client_options).get(headers)
+      end
+      ClientAuthzPolicyRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def find_by(name, type)
+      response = execute_http do
+        url = "#{authz_policy_url(@client_id, @type)}?permission=false&name=#{name}&type=#{type}&first=0&max=11"
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzPolicyRepresentation.from_hash(role_as_hash) }
+    end
+
+    def delete(policy_id)
+      execute_http do
+        RestClient::Resource.new(authz_policy_url(@client_id, @type, policy_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(authz_policy_url(@client_id, @type), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzPolicyRepresentation.from_hash(role_as_hash) }
+    end
+
+    def authz_policy_url(client_id, type, id = nil)
+      if id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/policy/#{type}/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/policy/#{type}?permission=false"
+      end
+    end
+
+    def build(name, description, type, logic, decision_strategy, fetch_roles, roles=[])
+      policy                   = ClientAuthzPolicyRepresentation.new
+      policy.name              = name
+      policy.description       = description
+      policy.type              = type
+      policy.logic             = logic
+      policy.decision_strategy = decision_strategy
+      policy.fetch_roles       = fetch_roles
+      policy.roles             = roles
+      policy
+    end
+  end
 end

data/lib/keycloak-admin/client/client_authz_resource_client.rb

@@ -1,93 +1,93 @@
-module KeycloakAdmin
-  class ClientAuthzResourceClient < Client
-    def initialize(configuration, realm_client, client_id)
-      super(configuration)
-      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
-      @realm_client = realm_client
-      @client_id = client_id
-    end
-
-    def list
-      response = execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id), @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzResourceRepresentation.from_hash(role_as_hash) }
-    end
-
-    def get(resource_id)
-      response = execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).get(headers)
-      end
-      ClientAuthzResourceRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def update(resource_id, client_authz_resource_representation)
-      raise "scope[:name] is mandatory and the only necessary attribute to add scope to resource" if client_authz_resource_representation[:scopes] && client_authz_resource_representation[:scopes].any?{|a| !a[:name]}
-
-      existing_resource = get(resource_id)
-      new_resource = build(
-        client_authz_resource_representation[:name] || existing_resource.name,
-        client_authz_resource_representation[:type] || existing_resource.type,
-        (client_authz_resource_representation[:uris] || [] ) + existing_resource.uris,
-        client_authz_resource_representation[:owner_managed_access] || existing_resource.owner_managed_access,
-        client_authz_resource_representation[:display_name] || existing_resource.display_name,
-        (client_authz_resource_representation[:scopes] || []) + existing_resource.scopes.map{|s| {name: s.name}},
-        client_authz_resource_representation[:attributes] || existing_resource.attributes
-      )
-
-      execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).put(new_resource.to_json, headers)
-      end
-      get(resource_id)
-    end
-
-    def create!(name, type, uris, owner_managed_access, display_name, scopes, attributes = {})
-      save(build(name, type, uris, owner_managed_access, display_name, scopes, attributes))
-    end
-
-    def find_by(name, type, uris, owner, scope)
-      response = execute_http do
-        url = "#{authz_resources_url(@client_id)}?name=#{name}&type=#{type}&uris=#{uris}&owner=#{owner}&scope=#{scope}&deep=true&first=0&max=100"
-        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
-      end
-      JSON.parse(response).map { |role_as_hash| ClientAuthzResourceRepresentation.from_hash(role_as_hash) }
-    end
-
-    def save(client_authz_resource_representation)
-      response = execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id), @configuration.rest_client_options).post(client_authz_resource_representation.to_json, headers)
-      end
-      ClientAuthzResourceRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def delete(resource_id)
-      execute_http do
-        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def authz_resources_url(client_id, id = nil)
-      if id
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{id}"
-      else
-        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource"
-      end
-    end
-
-    private
-
-    def build(name, type, uris, owner_managed_access, display_name, scopes, attributes={})
-      resource                      = ClientAuthzResourceRepresentation.new
-      resource.name                 = name
-      resource.type                 = type
-      resource.uris                 = uris
-      resource.owner_managed_access = owner_managed_access
-      resource.display_name         = display_name
-      resource.scopes               = scopes
-      resource.attributes           = attributes || {}
-      resource
-    end
-
-  end
+module KeycloakAdmin
+  class ClientAuthzResourceClient < Client
+    def initialize(configuration, realm_client, client_id)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+      @client_id = client_id
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzResourceRepresentation.from_hash(role_as_hash) }
+    end
+
+    def get(resource_id)
+      response = execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).get(headers)
+      end
+      ClientAuthzResourceRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def update(resource_id, client_authz_resource_representation)
+      raise "scope[:name] is mandatory and the only necessary attribute to add scope to resource" if client_authz_resource_representation[:scopes] && client_authz_resource_representation[:scopes].any?{|a| !a[:name]}
+
+      existing_resource = get(resource_id)
+      new_resource = build(
+        client_authz_resource_representation[:name] || existing_resource.name,
+        client_authz_resource_representation[:type] || existing_resource.type,
+        (client_authz_resource_representation[:uris] || [] ) + existing_resource.uris,
+        client_authz_resource_representation[:owner_managed_access] || existing_resource.owner_managed_access,
+        client_authz_resource_representation[:display_name] || existing_resource.display_name,
+        (client_authz_resource_representation[:scopes] || []) + existing_resource.scopes.map{|s| {name: s.name}},
+        client_authz_resource_representation[:attributes] || existing_resource.attributes
+      )
+
+      execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).put(new_resource.to_json, headers)
+      end
+      get(resource_id)
+    end
+
+    def create!(name, type, uris, owner_managed_access, display_name, scopes, attributes = {})
+      save(build(name, type, uris, owner_managed_access, display_name, scopes, attributes))
+    end
+
+    def find_by(name, type, uris, owner, scope)
+      response = execute_http do
+        url = "#{authz_resources_url(@client_id)}?name=#{name}&type=#{type}&uris=#{uris}&owner=#{owner}&scope=#{scope}&deep=true&first=0&max=100"
+        RestClient::Resource.new(url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |role_as_hash| ClientAuthzResourceRepresentation.from_hash(role_as_hash) }
+    end
+
+    def save(client_authz_resource_representation)
+      response = execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id), @configuration.rest_client_options).post(client_authz_resource_representation.to_json, headers)
+      end
+      ClientAuthzResourceRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def delete(resource_id)
+      execute_http do
+        RestClient::Resource.new(authz_resources_url(@client_id, resource_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def authz_resources_url(client_id, id = nil)
+      if id
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource/#{id}"
+      else
+        "#{@realm_client.realm_admin_url}/clients/#{client_id}/authz/resource-server/resource"
+      end
+    end
+
+    private
+
+    def build(name, type, uris, owner_managed_access, display_name, scopes, attributes={})
+      resource                      = ClientAuthzResourceRepresentation.new
+      resource.name                 = name
+      resource.type                 = type
+      resource.uris                 = uris
+      resource.owner_managed_access = owner_managed_access
+      resource.display_name         = display_name
+      resource.scopes               = scopes
+      resource.attributes           = attributes || {}
+      resource
+    end
+
+  end
 end