keycloak-admin 1.1.5 → 1.1.7

data/lib/keycloak-admin/representation/identity_provider_representation.rb

@@ -11,6 +11,7 @@ module KeycloakAdmin
                   :add_read_token_role_on_create,
                   :authenticate_by_default,
                   :link_only,
+                  :organization_id,
                   :first_broker_login_flow_alias,
                   :config
 
@@ -30,6 +31,7 @@ module KeycloakAdmin
           hash["addReadTokenRoleOnCreate"],
           hash["authenticateByDefault"],
           hash["linkOnly"],
+          hash["organizationId"],
           hash["firstBrokerLoginFlowAlias"],
           hash["config"]
         )
@@ -47,6 +49,7 @@ module KeycloakAdmin
                    add_read_token_role_on_create,
                    authenticate_by_default,
                    link_only,
+                   organization_id,
                    first_broker_login_flow_alias,
                    config)
       @alias                           = alias_name
@@ -60,6 +63,7 @@ module KeycloakAdmin
       @add_read_token_role_on_create   = add_read_token_role_on_create
       @authenticate_by_default         = authenticate_by_default
       @link_only                       = link_only
+      @organization_id                 = organization_id
       @first_broker_login_flow_alias   = first_broker_login_flow_alias
       @config                          = config || {}
     end

data/lib/keycloak-admin/representation/member_representation.rb

@@ -0,0 +1,11 @@
+module KeycloakAdmin
+  class MemberRepresentation < UserRepresentation
+    attr_accessor :membership_type
+
+    def self.from_hash(hash)
+      member                 = super(hash)
+      member.membership_type = hash["membershipType"]
+      member
+    end
+  end
+end

data/lib/keycloak-admin/representation/organization_domain_representation.rb

@@ -0,0 +1,18 @@
+module KeycloakAdmin
+  class OrganizationDomainRepresentation < Representation
+    attr_accessor :name, :verified
+
+    def initialize(name, verified)
+      @name     = name
+      @verified = verified
+    end
+
+    def self.from_hash(hash)
+      new(hash["name"], hash["verified"])
+    end
+  end
+end
+
+
+
+

data/lib/keycloak-admin/representation/organization_representation.rb

@@ -0,0 +1,30 @@
+module KeycloakAdmin
+  class OrganizationRepresentation < Representation
+    attr_accessor :id,
+      :name,
+      :alias,
+      :enabled,
+      :description,
+      :redirect_url,
+      :attributes,
+      :domains,
+      :members,
+      :attributes,
+      :identity_providers
+
+    def self.from_hash(hash)
+      role                    = new
+      role.id                 = hash["id"]
+      role.name               = hash["name"]
+      role.alias              = hash["alias"]
+      role.enabled            = hash["enabled"]
+      role.description        = hash["description"]
+      role.redirect_url       = hash["redirectUrl"]
+      role.attributes         = hash["attributes"] || {}
+      role.domains            = hash["domains"].nil? ? [] : hash["domains"].map { |domain| KeycloakAdmin::OrganizationDomainRepresentation.from_hash(domain) }
+      role.members            = hash["members"].nil? ? [] : hash["members"].map { |member| KeycloakAdmin::MemberRepresentation.from_hash(member) }
+      role.identity_providers = hash["identityProviders"].nil? ? [] : hash["identityProviders"].map { |provider| KeycloakAdmin::IdentityProviderRepresentation.from_hash(provider) }
+      role
+    end
+  end
+end

data/lib/keycloak-admin/version.rb

@@ -1,3 +1,3 @@
 module KeycloakAdmin
-  VERSION = "1.1.5"
+  VERSION = "1.1.7"
 end

data/lib/keycloak-admin.rb

@@ -7,6 +7,7 @@ require_relative "keycloak-admin/client/client_role_client"
 require_relative "keycloak-admin/client/client_role_mappings_client"
 require_relative "keycloak-admin/client/group_client"
 require_relative "keycloak-admin/client/realm_client"
+require_relative "keycloak-admin/client/organization_client"
 require_relative "keycloak-admin/client/role_client"
 require_relative "keycloak-admin/client/role_mapper_client"
 require_relative "keycloak-admin/client/token_client"
@@ -15,6 +16,8 @@ require_relative "keycloak-admin/client/identity_provider_client"
 require_relative "keycloak-admin/client/configurable_token_client"
 require_relative "keycloak-admin/client/attack_detection_client"
 require_relative "keycloak-admin/client/client_authz_scope_client"
+require_relative "keycloak-admin/client/client_scope_client"
+require_relative "keycloak-admin/client/client_scope_protocol_mapper_client"
 require_relative "keycloak-admin/client/client_authz_resource_client"
 require_relative "keycloak-admin/client/client_authz_policy_client"
 require_relative "keycloak-admin/client/client_authz_permission_client"
@@ -27,14 +30,18 @@ require_relative "keycloak-admin/representation/token_representation"
 require_relative "keycloak-admin/representation/impersonation_redirection_representation"
 require_relative "keycloak-admin/representation/impersonation_representation"
 require_relative "keycloak-admin/representation/credential_representation"
+require_relative "keycloak-admin/representation/organization_domain_representation"
+require_relative "keycloak-admin/representation/organization_representation"
 require_relative "keycloak-admin/representation/realm_representation"
 require_relative "keycloak-admin/representation/role_representation"
 require_relative "keycloak-admin/representation/federated_identity_representation"
 require_relative "keycloak-admin/representation/user_representation"
+require_relative "keycloak-admin/representation/member_representation"
 require_relative "keycloak-admin/representation/identity_provider_mapper_representation"
 require_relative "keycloak-admin/representation/identity_provider_representation"
 require_relative "keycloak-admin/representation/attack_detection_representation"
 require_relative "keycloak-admin/representation/session_representation"
+require_relative "keycloak-admin/representation/client_scope_representation"
 require_relative "keycloak-admin/representation/client_authz_scope_representation"
 require_relative "keycloak-admin/representation/client_authz_resource_representation"
 require_relative "keycloak-admin/representation/client_authz_policy_representation"

data/spec/client/client_scope_client_spec.rb

@@ -0,0 +1,220 @@
+RSpec.describe KeycloakAdmin::ClientScopeClient do
+  let(:realm_name)      { "valid-realm" }
+  let(:client_scope_id) { "valid-scope-id" }
+
+  let(:scope_json) do
+    <<~JSON
+      {"id":"valid-scope-id","name":"my-scope","description":"A test scope","protocol":"openid-connect","attributes":{"display.on.consent.screen":"true","include.in.token.scope":"true"}}
+    JSON
+  end
+
+  let(:scope_with_mappers_json) do
+    <<~JSON
+      {"id":"valid-scope-id","name":"my-scope","description":"A test scope","protocol":"openid-connect","attributes":{},"protocolMappers":[{"id":"mapper-id","name":"my-claim","protocol":"openid-connect","protocolMapper":"oidc-hardcoded-claim-mapper","config":{"claim.name":"my_claim","claim.value":"bar","access.token.claim":"true"}}]}
+    JSON
+  end
+
+  describe "#initialize" do
+    context "when realm_name is defined" do
+      it "does not raise any error" do
+        expect { KeycloakAdmin.realm(realm_name).client_scopes }.to_not raise_error
+      end
+    end
+
+    context "when realm_name is not defined" do
+      it "raises an argument error" do
+        expect { KeycloakAdmin.realm(nil).client_scopes }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#list" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scopes
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return stub_response
+    end
+
+    context "with one scope" do
+      let(:stub_response) { "[#{scope_json}]" }
+
+      it "returns one scope" do
+        expect(@client.list.size).to eq 1
+      end
+
+      it "returns the correct scope attributes" do
+        expect(@client.list.first).to have_attributes(
+          id:          "valid-scope-id",
+          name:        "my-scope",
+          description: "A test scope",
+          protocol:    "openid-connect"
+        )
+      end
+
+      it "returns attributes map" do
+        expect(@client.list.first.attributes).to include(
+          "display.on.consent.screen" => "true",
+          "include.in.token.scope"    => "true"
+        )
+      end
+    end
+
+    context "with multiple scopes" do
+      let(:second_scope_json) { '{"id":"other-scope-id","name":"other-scope","protocol":"openid-connect"}' }
+      let(:stub_response) { "[#{scope_json},#{second_scope_json}]" }
+
+      it "returns two scopes" do
+        expect(@client.list.size).to eq 2
+      end
+
+      it "includes both scope names" do
+        expect(@client.list.map(&:name)).to include("my-scope", "other-scope")
+      end
+    end
+  end
+
+  describe "#get" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scopes
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return stub_response
+    end
+
+    context "without protocol mappers" do
+      let(:stub_response) { scope_json }
+
+      it "returns the correct id" do
+        expect(@client.get(client_scope_id).id).to eq "valid-scope-id"
+      end
+
+      it "returns the correct name" do
+        expect(@client.get(client_scope_id).name).to eq "my-scope"
+      end
+
+      it "returns the correct description" do
+        expect(@client.get(client_scope_id).description).to eq "A test scope"
+      end
+
+      it "returns the correct protocol" do
+        expect(@client.get(client_scope_id).protocol).to eq "openid-connect"
+      end
+
+      it "returns an empty protocolMappers list" do
+        expect(@client.get(client_scope_id).protocol_mappers).to eq []
+      end
+    end
+
+    context "with protocol mappers" do
+      let(:stub_response) { scope_with_mappers_json }
+
+      it "returns protocol mappers" do
+        expect(@client.get(client_scope_id).protocol_mappers.size).to eq 1
+      end
+
+      it "returns the correct mapper name" do
+        expect(@client.get(client_scope_id).protocol_mappers.first.name).to eq "my-claim"
+      end
+    end
+  end
+
+  describe "#create!" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scopes
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return ""
+    end
+
+    let(:scope_representation) do
+      scope             = KeycloakAdmin::ClientScopeRepresentation.new
+      scope.name        = "my-scope"
+      scope.description = "A test scope"
+      scope.protocol    = "openid-connect"
+      scope.attributes  = { "display.on.consent.screen" => "true", "include.in.token.scope" => "true" }
+      scope
+    end
+
+    it "creates successfully" do
+      expect(@client.create!(scope_representation)).to be true
+    end
+  end
+
+  describe "#save" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scopes
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:put).and_return ""
+    end
+
+    let(:scope_representation) { KeycloakAdmin::ClientScopeRepresentation.from_hash(JSON.parse(scope_json)) }
+
+    it "calls put on the scope url" do
+      expect_any_instance_of(RestClient::Resource).to receive(:put).with(anything, anything)
+      @client.save(scope_representation)
+    end
+
+    it "returns true" do
+      expect(@client.save(scope_representation)).to be true
+    end
+  end
+
+  describe "#search" do
+    let(:second_scope_json) { '{"id":"other-scope-id","name":"other-scope","protocol":"openid-connect"}' }
+
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scopes
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return "[#{scope_json},#{second_scope_json}]"
+    end
+
+    context "when the name matches one scope" do
+      it "returns only the matching scope" do
+        expect(@client.search("my-scope").size).to eq 1
+      end
+
+      it "returns the correct scope" do
+        expect(@client.search("my-scope").first).to have_attributes(id: "valid-scope-id", name: "my-scope")
+      end
+    end
+
+    context "when the name is a partial match" do
+      it "returns all scopes containing the substring" do
+        expect(@client.search("scope").size).to eq 2
+      end
+    end
+
+    context "when no scope matches" do
+      it "returns an empty array" do
+        expect(@client.search("unknown")).to eq []
+      end
+    end
+  end
+
+  describe "#delete" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scopes
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return ""
+    end
+
+    it "returns true" do
+      expect(@client.delete(client_scope_id)).to eq true
+    end
+  end
+
+  describe "#client_scopes_url" do
+    let(:client)   { KeycloakAdmin.realm(realm_name).client_scopes }
+    let(:base_url) { "http://auth.service.io/auth/admin/realms/valid-realm/client-scopes" }
+
+    context "without a client_scope_id" do
+      it "returns the base url" do
+        expect(client.client_scopes_url).to eq base_url
+      end
+    end
+
+    context "with a client_scope_id" do
+      it "returns the url with client_scope_id appended" do
+        expect(client.client_scopes_url(client_scope_id)).to eq "#{base_url}/valid-scope-id"
+      end
+    end
+  end
+end

data/spec/client/client_scope_protocol_mapper_client_spec.rb

@@ -0,0 +1,230 @@
+RSpec.describe KeycloakAdmin::ClientScopeProtocolMapperClient do
+  let(:realm_name)      { "valid-realm" }
+  let(:client_scope_id) { "valid-scope-id" }
+  let(:mapper_id)       { "valid-mapper-id" }
+
+  let(:mapper_json) do
+    <<~JSON
+      {"id":"valid-mapper-id","name":"my-claim","protocol":"openid-connect","protocolMapper":"oidc-hardcoded-claim-mapper","config":{"claim.name":"my_claim","claim.value":"bar","access.token.claim":"true"}}
+    JSON
+  end
+
+  let(:audience_mapper_json) do
+    <<~JSON
+      {"protocol":"openid-connect","protocolMapper":"oidc-audience-mapper","name":"audience-config-rvw-123","config":{"included.client.audience":"","included.custom.audience":"https://api.example.com","id.token.claim":"false","access.token.claim":"true","lightweight.claim":"false","introspection.token.claim":"true"}}
+    JSON
+  end
+
+  describe "#initialize" do
+    context "when realm_name is defined" do
+      it "does not raise any error" do
+        expect { KeycloakAdmin.realm(realm_name).client_scope_protocol_mappers(client_scope_id) }.to_not raise_error
+      end
+    end
+
+    context "when realm_name is not defined" do
+      it "raises an argument error" do
+        expect { KeycloakAdmin.realm(nil).client_scope_protocol_mappers(client_scope_id) }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#list" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scope_protocol_mappers(client_scope_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return stub_response
+    end
+
+    context "with a hardcoded claim mapper" do
+      let(:stub_response) { "[#{mapper_json}]" }
+
+      it "returns one mapper" do
+        expect(@client.list.size).to eq 1
+      end
+
+      it "returns the correct mapper attributes" do
+        expect(@client.list.first).to have_attributes(id: "valid-mapper-id", name: "my-claim", protocol: "openid-connect", protocolMapper: "oidc-hardcoded-claim-mapper")
+      end
+    end
+
+    context "with an audience mapper" do
+      let(:stub_response) { "[#{audience_mapper_json}]" }
+
+      it "returns one mapper" do
+        expect(@client.list.size).to eq 1
+      end
+
+      it "returns the correct mapper attributes" do
+        expect(@client.list.first).to have_attributes(name: "audience-config-rvw-123", protocol: "openid-connect", protocolMapper: "oidc-audience-mapper")
+      end
+    end
+
+    context "with multiple mappers" do
+      let(:stub_response) { "[#{mapper_json},#{audience_mapper_json}]" }
+
+      it "returns two mappers" do
+        expect(@client.list.size).to eq 2
+      end
+
+      it "includes both mapper names" do
+        expect(@client.list.map(&:name)).to include("my-claim", "audience-config-rvw-123")
+      end
+    end
+  end
+
+  describe "#get" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scope_protocol_mappers(client_scope_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return stub_response
+    end
+
+    context "with a hardcoded claim mapper" do
+      let(:stub_response) { mapper_json }
+
+      it "returns the correct id" do
+        expect(@client.get(mapper_id).id).to eq "valid-mapper-id"
+      end
+
+      it "returns the correct name" do
+        expect(@client.get(mapper_id).name).to eq "my-claim"
+      end
+
+      it "returns the correct protocol" do
+        expect(@client.get(mapper_id).protocol).to eq "openid-connect"
+      end
+
+      it "returns the correct protocolMapper" do
+        expect(@client.get(mapper_id).protocolMapper).to eq "oidc-hardcoded-claim-mapper"
+      end
+    end
+
+    context "with an audience mapper" do
+      let(:stub_response) { audience_mapper_json }
+
+      it "returns the correct name" do
+        expect(@client.get(mapper_id).name).to eq "audience-config-rvw-123"
+      end
+
+      it "returns the correct protocol" do
+        expect(@client.get(mapper_id).protocol).to eq "openid-connect"
+      end
+
+      it "returns the correct protocolMapper" do
+        expect(@client.get(mapper_id).protocolMapper).to eq "oidc-audience-mapper"
+      end
+
+      it "returns the correct config" do
+        expect(@client.get(mapper_id).config).to include(
+          "included.custom.audience"  => "https://api.example.com",
+          "access.token.claim"        => "true",
+          "introspection.token.claim" => "true",
+          "id.token.claim"            => "false"
+        )
+      end
+    end
+  end
+
+  describe "#create!" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scope_protocol_mappers(client_scope_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:post).and_return stub_response
+    end
+
+    context "with a hardcoded claim mapper" do
+      let(:stub_response) { mapper_json }
+      let(:mapper_representation) do
+        mapper = KeycloakAdmin::ProtocolMapperRepresentation.new
+        mapper.name           = "my-claim"
+        mapper.protocol       = "openid-connect"
+        mapper.protocolMapper = "oidc-hardcoded-claim-mapper"
+        mapper.config         = { "claim.name" => "my_claim", "claim.value" => "bar", "access.token.claim" => "true" }
+        mapper
+      end
+
+      it "creates successfully" do
+        expect(@client.create!(mapper_representation)).to be true
+      end
+    end
+
+    context "with an audience mapper" do
+      let(:stub_response)         { audience_mapper_json }
+      let(:mapper_representation) do
+        mapper = KeycloakAdmin::ProtocolMapperRepresentation.new
+        mapper.name           = "audience-config-rvw-123"
+        mapper.protocol       = "openid-connect"
+        mapper.protocolMapper = "oidc-audience-mapper"
+        mapper.config         = {
+          "included.client.audience"  => "",
+          "included.custom.audience"  => "https://api.example.com",
+          "id.token.claim"            => "false",
+          "access.token.claim"        => "true",
+          "lightweight.claim"         => "false",
+          "introspection.token.claim" => "true"
+        }
+        mapper
+      end
+
+      it "creates successfully" do
+        expect(@client.create!(mapper_representation)).to be true
+      end
+    end
+  end
+
+  describe "#save" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scope_protocol_mappers(client_scope_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:put).and_return ""
+    end
+
+    context "with a hardcoded claim mapper" do
+      let(:mapper_representation) { KeycloakAdmin::ProtocolMapperRepresentation.from_hash(JSON.parse(mapper_json)) }
+
+      it "calls put on the mapper url" do
+        expect_any_instance_of(RestClient::Resource).to receive(:put).with(anything, anything)
+        @client.save(mapper_representation)
+      end
+    end
+
+    context "with an audience mapper" do
+      let(:mapper_representation) { KeycloakAdmin::ProtocolMapperRepresentation.from_hash(JSON.parse(audience_mapper_json)) }
+
+      it "calls put on the mapper url" do
+        expect_any_instance_of(RestClient::Resource).to receive(:put).with(anything, anything)
+        @client.save(mapper_representation)
+      end
+    end
+  end
+
+  describe "#delete" do
+    before(:each) do
+      @client = KeycloakAdmin.realm(realm_name).client_scope_protocol_mappers(client_scope_id)
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:delete).and_return ""
+    end
+
+    it "returns true" do
+      expect(@client.delete(mapper_id)).to eq true
+    end
+  end
+
+  describe "#protocol_mappers_url" do
+    let(:client)   { KeycloakAdmin.realm(realm_name).client_scope_protocol_mappers(client_scope_id) }
+    let(:base_url) { "http://auth.service.io/auth/admin/realms/valid-realm/client-scopes/valid-scope-id/protocol-mappers/models" }
+
+    context "without a mapper_id" do
+      it "returns the base url" do
+        expect(client.protocol_mappers_url).to eq base_url
+      end
+    end
+
+    context "with a mapper_id" do
+      it "returns the url with mapper_id appended" do
+        expect(client.protocol_mappers_url(mapper_id)).to eq "#{base_url}/valid-mapper-id"
+      end
+    end
+  end
+end