RubyGems - keycloak-admin - Versions diffs - 1.1.4 → 1.1.6 - Mend

keycloak-admin 1.1.4 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

checksums.yaml +4 -4
data/.github/workflows/Dockerfile +24 -24
data/.github/workflows/ci.yml +80 -80
data/.gitignore +9 -9
data/.rspec +2 -2
data/CHANGELOG.md +23 -0
data/Dockerfile +12 -12
data/Gemfile +3 -3
data/Gemfile.lock +1 -1
data/MIT-LICENSE +20 -20
data/README.md +20 -1
data/bin/console +9 -9
data/keycloak-admin.gemspec +24 -24
data/lib/keycloak-admin/client/attack_detection_client.rb +41 -41
data/lib/keycloak-admin/client/client.rb +56 -56
data/lib/keycloak-admin/client/client_authz_permission_client.rb +80 -80
data/lib/keycloak-admin/client/client_authz_policy_client.rb +75 -75
data/lib/keycloak-admin/client/client_authz_resource_client.rb +92 -92
data/lib/keycloak-admin/client/client_authz_scope_client.rb +70 -70
data/lib/keycloak-admin/client/client_client.rb +71 -71
data/lib/keycloak-admin/client/client_role_client.rb +20 -20
data/lib/keycloak-admin/client/client_role_mappings_client.rb +32 -32
data/lib/keycloak-admin/client/configurable_token_client.rb +35 -35
data/lib/keycloak-admin/client/group_client.rb +148 -148
data/lib/keycloak-admin/client/identity_provider_client.rb +51 -51
data/lib/keycloak-admin/client/organization_client.rb +245 -0
data/lib/keycloak-admin/client/realm_client.rb +126 -122
data/lib/keycloak-admin/client/role_client.rb +59 -59
data/lib/keycloak-admin/client/role_mapper_client.rb +47 -47
data/lib/keycloak-admin/client/token_client.rb +29 -29
data/lib/keycloak-admin/client/user_client.rb +278 -266
data/lib/keycloak-admin/configuration.rb +52 -52
data/lib/keycloak-admin/representation/attack_detection_representation.rb +17 -17
data/lib/keycloak-admin/representation/camel_json.rb +12 -12
data/lib/keycloak-admin/representation/client_authz_permission_representation.rb +33 -33
data/lib/keycloak-admin/representation/client_authz_policy_config_representation.rb +14 -14
data/lib/keycloak-admin/representation/client_authz_policy_representation.rb +26 -26
data/lib/keycloak-admin/representation/client_authz_resource_representation.rb +25 -25
data/lib/keycloak-admin/representation/client_authz_scope_representation.rb +16 -16
data/lib/keycloak-admin/representation/client_representation.rb +71 -71
data/lib/keycloak-admin/representation/credential_representation.rb +71 -38
data/lib/keycloak-admin/representation/federated_identity_representation.rb +15 -15
data/lib/keycloak-admin/representation/group_representation.rb +21 -21
data/lib/keycloak-admin/representation/identity_provider_mapper_representation.rb +19 -19
data/lib/keycloak-admin/representation/identity_provider_representation.rb +71 -67
data/lib/keycloak-admin/representation/impersonation_redirection_representation.rb +16 -16
data/lib/keycloak-admin/representation/impersonation_representation.rb +43 -43
data/lib/keycloak-admin/representation/member_representation.rb +11 -0
data/lib/keycloak-admin/representation/organization_domain_representation.rb +18 -0
data/lib/keycloak-admin/representation/organization_representation.rb +30 -0
data/lib/keycloak-admin/representation/protocol_mapper_representation.rb +19 -19
data/lib/keycloak-admin/representation/realm_representation.rb +14 -14
data/lib/keycloak-admin/representation/representation.rb +23 -23
data/lib/keycloak-admin/representation/role_representation.rb +19 -19
data/lib/keycloak-admin/representation/session_representation.rb +22 -22
data/lib/keycloak-admin/representation/token_representation.rb +39 -39
data/lib/keycloak-admin/representation/user_representation.rb +47 -47
data/lib/keycloak-admin/resource/base_role_containing_resource.rb +28 -28
data/lib/keycloak-admin/resource/group_resource.rb +11 -11
data/lib/keycloak-admin/resource/user_resource.rb +7 -7
data/lib/keycloak-admin/version.rb +3 -3
data/lib/keycloak-admin.rb +88 -84
data/spec/client/attack_detection_client_spec.rb +102 -102
data/spec/client/client_authz_permission_client_spec.rb +170 -170
data/spec/client/client_authz_policy_client_spec.rb +169 -169
data/spec/client/client_authz_resource_client_spec.rb +150 -150
data/spec/client/client_authz_scope_client_spec.rb +133 -133
data/spec/client/client_client_spec.rb +133 -133
data/spec/client/client_role_mappings_client_spec.rb +82 -82
data/spec/client/client_spec.rb +28 -28
data/spec/client/configurable_token_client_spec.rb +34 -34
data/spec/client/group_client_spec.rb +328 -328
data/spec/client/identity_provider_client_spec.rb +92 -92
data/spec/client/organization_client_spec.rb +595 -0
data/spec/client/realm_client_spec.rb +155 -155
data/spec/client/role_client_spec.rb +79 -79
data/spec/client/role_mapper_client_spec.rb +113 -113
data/spec/client/token_client_spec.rb +68 -68
data/spec/client/user_client_spec.rb +418 -373
data/spec/configuration_spec.rb +113 -113
data/spec/integration/client_authorization_spec.rb +93 -93
data/spec/representation/attack_detection_representation_spec.rb +15 -15
data/spec/representation/client_authz_permission_representation_spec.rb +52 -52
data/spec/representation/client_authz_policy_representation_spec.rb +46 -46
data/spec/representation/client_authz_resource_representation_spec.rb +33 -33
data/spec/representation/client_authz_scope_representation_spec.rb +18 -18
data/spec/representation/client_representation_spec.rb +119 -119
data/spec/representation/credential_representation_spec.rb +68 -0
data/spec/representation/group_representation_spec.rb +22 -22
data/spec/representation/identity_provider_mapper_representation_spec.rb +24 -24
data/spec/representation/identity_provider_representation_spec.rb +113 -113
data/spec/representation/impersonation_representation_spec.rb +163 -163
data/spec/representation/organization_representation_spec.rb +64 -0
data/spec/representation/protocol_mapper_representation_spec.rb +57 -57
data/spec/representation/role_representation_spec.rb +37 -37
data/spec/representation/session_representation_spec.rb +15 -15
data/spec/representation/user_representation_spec.rb +15 -15
data/spec/resource/group_resource_spec.rb +14 -14
data/spec/resource/user_resource_spec.rb +14 -14
data/spec/spec_helper.rb +37 -37
metadata +13 -6

data/spec/configuration_spec.rb CHANGED Viewed

@@ -1,113 +1,113 @@
-RSpec.describe KeycloakAdmin::RealmClient do
-  let(:client_id)           { "admin-cli" }
-  let(:client_secret)       { "aaaaaaaa" }
-  let(:client_realm_name)   { "master2" }
-  let(:use_service_account) { true }
-  let(:username)            { "a" }
-  let(:password)            { "b" }
-  let(:rest_client_options) { {timeout: 10 } }
-  before(:each) do
-    @configuration                     = KeycloakAdmin::Configuration.new
-    @configuration.server_url          = "http://auth.service.io/auth"
-    @configuration.server_domain       = "auth.service.io"
-    @configuration.client_id           = client_id
-    @configuration.client_secret       = client_secret
-    @configuration.client_realm_name   = client_realm_name
-    @configuration.use_service_account = use_service_account
-    @configuration.username            = username
-    @configuration.password            = password
-    @configuration.rest_client_options = rest_client_options
-  end
-  describe "#headers_for_token_retrieval" do
-    before(:each) do
-      @headers = @configuration.headers_for_token_retrieval
-    end
-    context "when use_service_account is false" do
-      let(:use_service_account) { false }
-      it "returns an empty hash" do
-        expect(@headers).to be_empty
-      end
-    end
-    context "when use_service_account is true" do
-      let(:use_service_account) { true }
-      it "returns a single element" do
-        expect(@headers.size).to eq 1
-      end
-      it "returns the Authorization Key" do
-        expect(@headers.has_key?(:Authorization)).to be true
-      end
-      it "returns a Basic Authorization Key" do
-        expect(@headers[:Authorization]).to start_with "Basic"
-      end
-      context "client_id='a' and client_secret='b'" do
-        let(:client_id)           { "a" }
-        let(:client_secret)       { "b" }
-        it "returns a Basic Authorization = 'Basic YTpi'" do
-          expect(@headers[:Authorization]).to eq "Basic YTpi"
-        end
-      end
-      context "client_id='365e3c66-fd0f-11e7-8be5-0ed5f89f718b' and client_secret='411e6f9a-fd0f-11e7-8be5-0ed5f89f718b'" do
-        let(:client_id)           { "365e3c66-fd0f-11e7-8be5-0ed5f89f718b" }
-        let(:client_secret)       { "411e6f9a-fd0f-11e7-8be5-0ed5f89f718b" }
-        it "returns a Basic Authorization = 'Basic MzY1ZTNjNjYtZmQwZi0xMWU3LThiZTUtMGVkNWY4OWY3MThiOjQxMWU2ZjlhLWZkMGYtMTFlNy04YmU1LTBlZDVmODlmNzE4Yg=='" do
-          expect(@headers[:Authorization]).to eq "Basic MzY1ZTNjNjYtZmQwZi0xMWU3LThiZTUtMGVkNWY4OWY3MThiOjQxMWU2ZjlhLWZkMGYtMTFlNy04YmU1LTBlZDVmODlmNzE4Yg=="
-        end
-      end
-    end
-  end
-  describe "#body_for_token_retrieval" do
-    before(:each) do
-      @body = @configuration.body_for_token_retrieval
-    end
-    context "when use_service_account is false" do
-      let(:use_service_account) { false }
-      it "returns a hash of 5 elements" do
-        expect(@body.size).to eq 5
-      end
-      it "returns a hash containing the username" do
-        expect(@body[:username]).to eq username
-      end
-      it "returns a hash containing the password" do
-        expect(@body[:password]).to eq password
-      end
-      it "returns a hash containing the grant_type 'password'" do
-        expect(@body[:grant_type]).to eq "password"
-      end
-      it "returns a hash containing the client_id" do
-        expect(@body[:client_id]).to eq client_id
-      end
-      it "returns a hash containing the client_secret" do
-        expect(@body[:client_secret]).to eq client_secret
-      end
-    end
-    context "when use_service_account is true" do
-      let(:use_service_account) { true }
-      it "returns a hash of 1 element" do
-        expect(@body.size).to eq 1
-      end
-      it "returns a hash containing the grant_type" do
-        expect(@body[:grant_type]).to eq "client_credentials"
-      end
-    end
-  end
-end
+RSpec.describe KeycloakAdmin::RealmClient do
+  let(:client_id)           { "admin-cli" }
+  let(:client_secret)       { "aaaaaaaa" }
+  let(:client_realm_name)   { "master2" }
+  let(:use_service_account) { true }
+  let(:username)            { "a" }
+  let(:password)            { "b" }
+  let(:rest_client_options) { {timeout: 10 } }
+  before(:each) do
+    @configuration                     = KeycloakAdmin::Configuration.new
+    @configuration.server_url          = "http://auth.service.io/auth"
+    @configuration.server_domain       = "auth.service.io"
+    @configuration.client_id           = client_id
+    @configuration.client_secret       = client_secret
+    @configuration.client_realm_name   = client_realm_name
+    @configuration.use_service_account = use_service_account
+    @configuration.username            = username
+    @configuration.password            = password
+    @configuration.rest_client_options = rest_client_options
+  end
+  describe "#headers_for_token_retrieval" do
+    before(:each) do
+      @headers = @configuration.headers_for_token_retrieval
+    end
+    context "when use_service_account is false" do
+      let(:use_service_account) { false }
+      it "returns an empty hash" do
+        expect(@headers).to be_empty
+      end
+    end
+    context "when use_service_account is true" do
+      let(:use_service_account) { true }
+      it "returns a single element" do
+        expect(@headers.size).to eq 1
+      end
+      it "returns the Authorization Key" do
+        expect(@headers.has_key?(:Authorization)).to be true
+      end
+      it "returns a Basic Authorization Key" do
+        expect(@headers[:Authorization]).to start_with "Basic"
+      end
+      context "client_id='a' and client_secret='b'" do
+        let(:client_id)           { "a" }
+        let(:client_secret)       { "b" }
+        it "returns a Basic Authorization = 'Basic YTpi'" do
+          expect(@headers[:Authorization]).to eq "Basic YTpi"
+        end
+      end
+      context "client_id='365e3c66-fd0f-11e7-8be5-0ed5f89f718b' and client_secret='411e6f9a-fd0f-11e7-8be5-0ed5f89f718b'" do
+        let(:client_id)           { "365e3c66-fd0f-11e7-8be5-0ed5f89f718b" }
+        let(:client_secret)       { "411e6f9a-fd0f-11e7-8be5-0ed5f89f718b" }
+        it "returns a Basic Authorization = 'Basic MzY1ZTNjNjYtZmQwZi0xMWU3LThiZTUtMGVkNWY4OWY3MThiOjQxMWU2ZjlhLWZkMGYtMTFlNy04YmU1LTBlZDVmODlmNzE4Yg=='" do
+          expect(@headers[:Authorization]).to eq "Basic MzY1ZTNjNjYtZmQwZi0xMWU3LThiZTUtMGVkNWY4OWY3MThiOjQxMWU2ZjlhLWZkMGYtMTFlNy04YmU1LTBlZDVmODlmNzE4Yg=="
+        end
+      end
+    end
+  end
+  describe "#body_for_token_retrieval" do
+    before(:each) do
+      @body = @configuration.body_for_token_retrieval
+    end
+    context "when use_service_account is false" do
+      let(:use_service_account) { false }
+      it "returns a hash of 5 elements" do
+        expect(@body.size).to eq 5
+      end
+      it "returns a hash containing the username" do
+        expect(@body[:username]).to eq username
+      end
+      it "returns a hash containing the password" do
+        expect(@body[:password]).to eq password
+      end
+      it "returns a hash containing the grant_type 'password'" do
+        expect(@body[:grant_type]).to eq "password"
+      end
+      it "returns a hash containing the client_id" do
+        expect(@body[:client_id]).to eq client_id
+      end
+      it "returns a hash containing the client_secret" do
+        expect(@body[:client_secret]).to eq client_secret
+      end
+    end
+    context "when use_service_account is true" do
+      let(:use_service_account) { true }
+      it "returns a hash of 1 element" do
+        expect(@body.size).to eq 1
+      end
+      it "returns a hash containing the grant_type" do
+        expect(@body[:grant_type]).to eq "client_credentials"
+      end
+    end
+  end
+end

data/spec/integration/client_authorization_spec.rb CHANGED Viewed

@@ -1,93 +1,93 @@
-RSpec.describe 'ClientAuthorization' do
-  before(:each) do
-    skip("This test requires to be run in a Github action.")  unless ENV["GITHUB_ACTIONS"]
-    KeycloakAdmin.configure do |config|
-      config.use_service_account = false
-      config.server_url          = "http://localhost:8080/"
-      config.client_id           = "admin-cli"
-      config.client_realm_name   = "master"
-      config.username            = "admin"
-      config.password            = "admin"
-      config.rest_client_options = { timeout: 5, verify_ssl: false }
-    end
-  end
-  after(:each) do
-    configure
-  end
-  describe "ClientAuthorization Suite" do
-    it do
-      realm_name = "dummy"
-      client = KeycloakAdmin.realm(realm_name).clients.find_by_client_id("dummy-client")
-      client.authorization_services_enabled = true
-      KeycloakAdmin.realm(realm_name).clients.update(client)
-      expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).list.size).to eql(0)
-      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).list.size).to eql(1)
-      expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').list.size).to eql(0)
-      realm_role =  KeycloakAdmin.realm(realm_name).roles.get("default-roles-dummy")
-      scope_1 = KeycloakAdmin.realm(realm_name).authz_scopes(client.id).create!("POST_1", "POST 1 scope", "http://asdas")
-      scope_2 = KeycloakAdmin.realm(realm_name).authz_scopes(client.id).create!("POST_2", "POST 2 scope", "http://asdas")
-      expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).search("POST").first.name).to eql("POST_1")
-      expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).get(scope_1.id).name).to eql("POST_1")
-      resource = KeycloakAdmin.realm(realm_name).authz_resources(client.id).create!("Dummy Resource", "type", ["/asdf/*", "/tmp/"], true, "display_name", [], {"a": ["b", "c"]})
-      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).find_by("Dummy Resource", "", "", "", "").first.name).to eql("Dummy Resource")
-      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).find_by("", "type", "", "", "").first.name).to eql("Dummy Resource")
-      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).scopes.count).to eql(0)
-      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).uris.count).to eql(2)
-      KeycloakAdmin.realm(realm_name).authz_resources(client.id).update(resource.id,
-                                                                             {
-                                                                               "name": "Dummy Resource",
-                                                                               "type": "type",
-                                                                               "owner_managed_access": true,
-                                                                               "display_name": "display_name",
-                                                                               "attributes": {"a":["b","c"]},
-                                                                               "uris": [ "/asdf/*" , "/tmp/45" ],
-                                                                               "scopes":[
-                                                                                 {name: scope_1.name},{name: scope_2.name}
-                                                                               ],
-                                                                               "icon_uri": "https://icon.ico"
-                                                                             }
-      )
-      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).scopes.count).to eql(2)
-      policy = KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').create!("Policy 1", "description", "role", "POSITIVE", "UNANIMOUS", true, [{id: realm_role.id, required: true}])
-      expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').find_by("Policy 1", "role").first.name).to eql("Policy 1")
-      expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').get(policy.id).name).to eql("Policy 1")
-      scope_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client.id, :scope).create!("Dummy Scope Permission", "scope description", "UNANIMOUS", "POSITIVE", [resource.id], [policy.id], [scope_1.id, scope_2.id], "")
-      resource_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client.id, :resource).create!("Dummy Resource Permission", "resource description", "UNANIMOUS", "POSITIVE", [resource.id], [policy.id], nil, "")
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "", resource.id).list.size).to eql(2)
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").get(resource_permission.id).name).to eql("Dummy Resource Permission")
-      expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id, resource.id).list.size).to eql(2)
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'scope').list.size).to eql(3)
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'resource').list.size).to eql(3)
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(resource_permission.name, nil).first.name).to eql("Dummy Resource Permission")
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(resource_permission.name, resource.id).first.name).to eql("Dummy Resource Permission")
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, resource.id).first.name).to eql("Dummy Scope Permission")
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, resource.id, "POST_1").first.name).to eql("Dummy Scope Permission")
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(nil, resource.id).first.name).to eql("Dummy Resource Permission")
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(nil, resource.id).first.name).to eql("Dummy Scope Permission")
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(nil, resource.id, "POST_1").first.name).to eql("Dummy Scope Permission")
-      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, nil).first.name).to eql("Dummy Scope Permission")
-      KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'scope').delete(scope_permission.id)
-      KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'resource').delete(resource_permission.id)
-      KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').delete(policy.id)
-      KeycloakAdmin.realm(realm_name).authz_resources(client.id).delete(resource.id)
-      KeycloakAdmin.realm(realm_name).authz_scopes(client.id).delete(scope_1.id)
-      KeycloakAdmin.realm(realm_name).authz_scopes(client.id).delete(scope_2.id)
-    end
-  end
-end
+RSpec.describe 'ClientAuthorization' do
+  before(:each) do
+    skip("This test requires to be run in a Github action.")  unless ENV["GITHUB_ACTIONS"]
+    KeycloakAdmin.configure do |config|
+      config.use_service_account = false
+      config.server_url          = "http://localhost:8080/"
+      config.client_id           = "admin-cli"
+      config.client_realm_name   = "master"
+      config.username            = "admin"
+      config.password            = "admin"
+      config.rest_client_options = { timeout: 5, verify_ssl: false }
+    end
+  end
+  after(:each) do
+    configure
+  end
+  describe "ClientAuthorization Suite" do
+    it do
+      realm_name = "dummy"
+      client = KeycloakAdmin.realm(realm_name).clients.find_by_client_id("dummy-client")
+      client.authorization_services_enabled = true
+      KeycloakAdmin.realm(realm_name).clients.update(client)
+      expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).list.size).to eql(0)
+      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).list.size).to eql(1)
+      expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').list.size).to eql(0)
+      realm_role =  KeycloakAdmin.realm(realm_name).roles.get("default-roles-dummy")
+      scope_1 = KeycloakAdmin.realm(realm_name).authz_scopes(client.id).create!("POST_1", "POST 1 scope", "http://asdas")
+      scope_2 = KeycloakAdmin.realm(realm_name).authz_scopes(client.id).create!("POST_2", "POST 2 scope", "http://asdas")
+      expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).search("POST").first.name).to eql("POST_1")
+      expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id).get(scope_1.id).name).to eql("POST_1")
+      resource = KeycloakAdmin.realm(realm_name).authz_resources(client.id).create!("Dummy Resource", "type", ["/asdf/*", "/tmp/"], true, "display_name", [], {"a": ["b", "c"]})
+      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).find_by("Dummy Resource", "", "", "", "").first.name).to eql("Dummy Resource")
+      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).find_by("", "type", "", "", "").first.name).to eql("Dummy Resource")
+      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).scopes.count).to eql(0)
+      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).uris.count).to eql(2)
+      KeycloakAdmin.realm(realm_name).authz_resources(client.id).update(resource.id,
+                                                                             {
+                                                                               "name": "Dummy Resource",
+                                                                               "type": "type",
+                                                                               "owner_managed_access": true,
+                                                                               "display_name": "display_name",
+                                                                               "attributes": {"a":["b","c"]},
+                                                                               "uris": [ "/asdf/*" , "/tmp/45" ],
+                                                                               "scopes":[
+                                                                                 {name: scope_1.name},{name: scope_2.name}
+                                                                               ],
+                                                                               "icon_uri": "https://icon.ico"
+                                                                             }
+      )
+      expect(KeycloakAdmin.realm(realm_name).authz_resources(client.id).get(resource.id).scopes.count).to eql(2)
+      policy = KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').create!("Policy 1", "description", "role", "POSITIVE", "UNANIMOUS", true, [{id: realm_role.id, required: true}])
+      expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').find_by("Policy 1", "role").first.name).to eql("Policy 1")
+      expect(KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').get(policy.id).name).to eql("Policy 1")
+      scope_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client.id, :scope).create!("Dummy Scope Permission", "scope description", "UNANIMOUS", "POSITIVE", [resource.id], [policy.id], [scope_1.id, scope_2.id], "")
+      resource_permission = KeycloakAdmin.realm(realm_name).authz_permissions(client.id, :resource).create!("Dummy Resource Permission", "resource description", "UNANIMOUS", "POSITIVE", [resource.id], [policy.id], nil, "")
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "", resource.id).list.size).to eql(2)
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").get(resource_permission.id).name).to eql("Dummy Resource Permission")
+      expect(KeycloakAdmin.realm(realm_name).authz_scopes(client.id, resource.id).list.size).to eql(2)
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'scope').list.size).to eql(3)
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'resource').list.size).to eql(3)
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(resource_permission.name, nil).first.name).to eql("Dummy Resource Permission")
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(resource_permission.name, resource.id).first.name).to eql("Dummy Resource Permission")
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, resource.id).first.name).to eql("Dummy Scope Permission")
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, resource.id, "POST_1").first.name).to eql("Dummy Scope Permission")
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "resource").find_by(nil, resource.id).first.name).to eql("Dummy Resource Permission")
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(nil, resource.id).first.name).to eql("Dummy Scope Permission")
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(nil, resource.id, "POST_1").first.name).to eql("Dummy Scope Permission")
+      expect(KeycloakAdmin.realm(realm_name).authz_permissions(client.id, "scope").find_by(scope_permission.name, nil).first.name).to eql("Dummy Scope Permission")
+      KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'scope').delete(scope_permission.id)
+      KeycloakAdmin.realm(realm_name).authz_permissions(client.id, 'resource').delete(resource_permission.id)
+      KeycloakAdmin.realm(realm_name).authz_policies(client.id, 'role').delete(policy.id)
+      KeycloakAdmin.realm(realm_name).authz_resources(client.id).delete(resource.id)
+      KeycloakAdmin.realm(realm_name).authz_scopes(client.id).delete(scope_1.id)
+      KeycloakAdmin.realm(realm_name).authz_scopes(client.id).delete(scope_2.id)
+    end
+  end
+end

data/spec/representation/attack_detection_representation_spec.rb CHANGED Viewed

@@ -1,16 +1,16 @@
-# frozen_string_literal: true
-RSpec.describe KeycloakAdmin::AttackDetectionRepresentation do
-  describe '.from_hash' do
-    it 'converts json response to class structure' do
-      rep = described_class.from_hash({
-        'numFailures' => 2,
-        'disabled' => true,
-        'lastIPFailure' => 12345,
-        'last_failure' => 12345678
-      })
-      expect(rep.num_failures).to eq 2
-      expect(rep).to be_a described_class
-    end
-  end
+# frozen_string_literal: true
+RSpec.describe KeycloakAdmin::AttackDetectionRepresentation do
+  describe '.from_hash' do
+    it 'converts json response to class structure' do
+      rep = described_class.from_hash({
+        'numFailures' => 2,
+        'disabled' => true,
+        'lastIPFailure' => 12345,
+        'last_failure' => 12345678
+      })
+      expect(rep.num_failures).to eq 2
+      expect(rep).to be_a described_class
+    end
+  end
 end

data/spec/representation/client_authz_permission_representation_spec.rb CHANGED Viewed

@@ -1,52 +1,52 @@
-RSpec.describe KeycloakAdmin::ClientAuthzPermissionRepresentation do
-  describe '.from_hash, #resource based permission' do
-    it 'converts json response to class structure' do
-      rep = described_class.from_hash({
-                                        "id" => "e9e3bc49-fe11-4287-b6fc-fa8be4930ffa",
-                                        "resources" => ["4f55e984-d1ec-405c-a25c-1387f88acd5c"],
-                                        "policies" => ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"],
-                                        "name" => "delme policy",
-                                        "description" => "Delme policy description",
-                                        "decisionStrategy" => "UNANIMOUS",
-                                        "resourceType" => ""
-                                      })
-      expect(rep.id).to eq "e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"
-      expect(rep.resources).to eq ["4f55e984-d1ec-405c-a25c-1387f88acd5c"]
-      expect(rep.policies).to eq ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"]
-      expect(rep.name).to eq "delme policy"
-      expect(rep.description).to eq "Delme policy description"
-      expect(rep.decision_strategy).to eq "UNANIMOUS"
-      expect(rep.resource_type).to eq ""
-      expect(rep).to be_a described_class
-    end
-  end
-  describe '.from_hash, #scope based permission' do
-    it 'converts json response to class structure' do
-      rep = described_class.from_hash(
-        { "id" => "4d762e5d-bf3d-4641-8f94-97e8a1869d1d",
-          "name" => "permission name",
-          "description" => "permission description",
-          "type" => "scope",
-          "policies" => ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"],
-          "resources" => ["4f55e984-d1ec-405c-a25c-1387f88acd5c"],
-          "scopes" => ["7c4809c5-33b6-4668-a318-19b302214d20"],
-          "logic" => "POSITIVE",
-          "decisionStrategy" => "UNANIMOUS"
-        })
-      expect(rep.id).to eq "4d762e5d-bf3d-4641-8f94-97e8a1869d1d"
-      expect(rep.resources).to eq ["4f55e984-d1ec-405c-a25c-1387f88acd5c"]
-      expect(rep.policies).to eq ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"]
-      expect(rep.scopes).to eq ["7c4809c5-33b6-4668-a318-19b302214d20"]
-      expect(rep.name).to eq "permission name"
-      expect(rep.description).to eq "permission description"
-      expect(rep.decision_strategy).to eq "UNANIMOUS"
-      expect(rep.logic).to eq "POSITIVE"
-      expect(rep.type).to eq "scope"
-      expect(rep.resource_type).to eq nil
-      expect(rep).to be_a described_class
-    end
-  end
-end
+RSpec.describe KeycloakAdmin::ClientAuthzPermissionRepresentation do
+  describe '.from_hash, #resource based permission' do
+    it 'converts json response to class structure' do
+      rep = described_class.from_hash({
+                                        "id" => "e9e3bc49-fe11-4287-b6fc-fa8be4930ffa",
+                                        "resources" => ["4f55e984-d1ec-405c-a25c-1387f88acd5c"],
+                                        "policies" => ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"],
+                                        "name" => "delme policy",
+                                        "description" => "Delme policy description",
+                                        "decisionStrategy" => "UNANIMOUS",
+                                        "resourceType" => ""
+                                      })
+      expect(rep.id).to eq "e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"
+      expect(rep.resources).to eq ["4f55e984-d1ec-405c-a25c-1387f88acd5c"]
+      expect(rep.policies).to eq ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"]
+      expect(rep.name).to eq "delme policy"
+      expect(rep.description).to eq "Delme policy description"
+      expect(rep.decision_strategy).to eq "UNANIMOUS"
+      expect(rep.resource_type).to eq ""
+      expect(rep).to be_a described_class
+    end
+  end
+  describe '.from_hash, #scope based permission' do
+    it 'converts json response to class structure' do
+      rep = described_class.from_hash(
+        { "id" => "4d762e5d-bf3d-4641-8f94-97e8a1869d1d",
+          "name" => "permission name",
+          "description" => "permission description",
+          "type" => "scope",
+          "policies" => ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"],
+          "resources" => ["4f55e984-d1ec-405c-a25c-1387f88acd5c"],
+          "scopes" => ["7c4809c5-33b6-4668-a318-19b302214d20"],
+          "logic" => "POSITIVE",
+          "decisionStrategy" => "UNANIMOUS"
+        })
+      expect(rep.id).to eq "4d762e5d-bf3d-4641-8f94-97e8a1869d1d"
+      expect(rep.resources).to eq ["4f55e984-d1ec-405c-a25c-1387f88acd5c"]
+      expect(rep.policies).to eq ["e9e3bc49-fe11-4287-b6fc-fa8be4930ffa"]
+      expect(rep.scopes).to eq ["7c4809c5-33b6-4668-a318-19b302214d20"]
+      expect(rep.name).to eq "permission name"
+      expect(rep.description).to eq "permission description"
+      expect(rep.decision_strategy).to eq "UNANIMOUS"
+      expect(rep.logic).to eq "POSITIVE"
+      expect(rep.type).to eq "scope"
+      expect(rep.resource_type).to eq nil
+      expect(rep).to be_a described_class
+    end
+  end
+end