keycloak-admin 0.6.5 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +12 -3
- data/README.md +13 -7
- data/keycloak-admin.gemspec +3 -0
- data/lib/keycloak-admin.rb +1 -0
- data/lib/keycloak-admin/client/client.rb +2 -0
- data/lib/keycloak-admin/client/token_client.rb +6 -1
- data/lib/keycloak-admin/client/user_client.rb +2 -4
- data/lib/keycloak-admin/configuration.rb +1 -1
- data/lib/keycloak-admin/representation/representation.rb +1 -0
- data/lib/keycloak-admin/version.rb +1 -1
- data/spec/client/client_spec.rb +28 -0
- data/spec/client/token_client_spec.rb +32 -1
- data/spec/client/user_client_spec.rb +56 -0
- data/spec/configuration_spec.rb +2 -0
- metadata +18 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 970da832a135573c026406dd6e24bebad0faadde
|
4
|
+
data.tar.gz: 0116019f2c32443bbd8c9567b8243cb84e75da7a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 65fab8de261bdb5bbef86e05961e4c49858143d6b0eb3e1282ed13b67aa3d4b2e2a7bf6a54788cf02ebaee78eea9c2658644d54e70b45777e6348ac4867c199e
|
7
|
+
data.tar.gz: b8ab004c2772051d424f277572b42c57ef523d04fc1f43274c97964bd4dc1291b54d24bb70b8785b0fe404c30a23f2bba2636efb244ac6a4eb663bc40e58708f
|
data/Gemfile.lock
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
keycloak-admin (0.
|
4
|
+
keycloak-admin (0.7.0)
|
5
5
|
http-cookie (~> 1.0, >= 1.0.3)
|
6
|
+
rest-client (~> 2.0)
|
6
7
|
|
7
8
|
GEM
|
8
9
|
remote: https://rubygems.org/
|
@@ -13,6 +14,14 @@ GEM
|
|
13
14
|
unf (>= 0.0.5, < 1.0.0)
|
14
15
|
http-cookie (1.0.3)
|
15
16
|
domain_name (~> 0.5)
|
17
|
+
mime-types (3.2.2)
|
18
|
+
mime-types-data (~> 3.2015)
|
19
|
+
mime-types-data (3.2019.0331)
|
20
|
+
netrc (0.11.0)
|
21
|
+
rest-client (2.0.2)
|
22
|
+
http-cookie (>= 1.0.2, < 2.0)
|
23
|
+
mime-types (>= 1.16, < 4.0)
|
24
|
+
netrc (~> 0.8)
|
16
25
|
rspec (3.7.0)
|
17
26
|
rspec-core (~> 3.7.0)
|
18
27
|
rspec-expectations (~> 3.7.0)
|
@@ -28,7 +37,7 @@ GEM
|
|
28
37
|
rspec-support (3.7.0)
|
29
38
|
unf (0.1.4)
|
30
39
|
unf_ext
|
31
|
-
unf_ext (0.0.7.
|
40
|
+
unf_ext (0.0.7.6)
|
32
41
|
|
33
42
|
PLATFORMS
|
34
43
|
ruby
|
@@ -39,4 +48,4 @@ DEPENDENCIES
|
|
39
48
|
rspec (= 3.7.0)
|
40
49
|
|
41
50
|
BUNDLED WITH
|
42
|
-
1.
|
51
|
+
1.17.3
|
data/README.md
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
Ruby client that acts as a client for the Keycloak REST API.
|
5
5
|
This gem basically acts as an url builder using `http-client` to get responses and serialize them into _representation_ objects.
|
6
6
|
|
7
|
-
_Warning: This beta gem is currently used for personal
|
7
|
+
_Warning: This beta gem is currently used for personal use. Most Keycloak Admin features are not implemented yet._
|
8
8
|
|
9
9
|
## Install
|
10
10
|
|
@@ -12,7 +12,7 @@ This gem *does not* require Rails.
|
|
12
12
|
For example, using `bundle`, add this line to your Gemfile.
|
13
13
|
|
14
14
|
```ruby
|
15
|
-
gem "keycloak-admin", "0.
|
15
|
+
gem "keycloak-admin", "0.7.0"
|
16
16
|
```
|
17
17
|
|
18
18
|
## Login
|
@@ -69,12 +69,12 @@ All options have a default value. However, all of them can be changed in your in
|
|
69
69
|
| Option | Default Value | Type | Required? | Description | Example |
|
70
70
|
| ---- | ----- | ------ | ----- | ------ | ----- |
|
71
71
|
| `server_url` | `nil`| String | Required | The base url where your Keycloak server is located. This value can be retrieved in your Keycloak client configuration. | `server_domain` | `nil`| String | Required | Public domain that identify your authentication cookies. | `auth.service.io` |
|
72
|
-
| `client_realm_name` | `""`| String | Required | Name of the realm that
|
72
|
+
| `client_realm_name` | `""`| String | Required | Name of the realm that contains the admin client. | `master` |
|
73
73
|
| `client_id` | `admin-cli`| String | Required | Client that should be used to access admin capabilities. | `api-cli` |
|
74
74
|
| `client_secret` | `nil`| String | Optional | If your client is `confidential`, this parameter must be specified. | `4e3c481c-f823-4a6a-b8a7-bf8c86e3eac3` |
|
75
|
-
| `use_service_account` | `true` | Boolean | Required | `true` if the connection to the client uses a Service Account. `false` if the
|
76
|
-
| `username` | `nil`| String | Optional | Username
|
77
|
-
| `password` | `nil`| String | Optional | Clear password
|
75
|
+
| `use_service_account` | `true` | Boolean | Required | `true` if the connection to the client uses a Service Account. `false` if the connection to the client uses a username/password credential. | `false` |
|
76
|
+
| `username` | `nil`| String | Optional | Username to access the Admin REST API. Recommended if `user_service_account` is set to `false`. | `mummy` |
|
77
|
+
| `password` | `nil`| String | Optional | Clear password to access the Admin REST API. Recommended if `user_service_account` is set to `false`. | `bobby` |
|
78
78
|
| `logger` | `Logger.new(STDOUT)`| Logger | Optional | The logger used by `keycloak-admin` | `Rails.logger` |
|
79
79
|
|
80
80
|
|
@@ -97,7 +97,7 @@ Returns an instance of `KeycloakAdmin::TokenRepresentation`.
|
|
97
97
|
KeycloakAdmin.realm("a_realm").token.get
|
98
98
|
```
|
99
99
|
|
100
|
-
### Get a user from its
|
100
|
+
### Get a user from its identifier
|
101
101
|
|
102
102
|
Returns an instance of `KeycloakAdmin::UserRepresentation` or `nil` when this user does not exist.
|
103
103
|
|
@@ -132,6 +132,12 @@ KeycloakAdmin.realm("a_realm").users.update("05c135c6-5ad8-4e17-b1fa-635fc089fd7
|
|
132
132
|
})
|
133
133
|
```
|
134
134
|
|
135
|
+
### Delete a user
|
136
|
+
|
137
|
+
```ruby
|
138
|
+
KeycloakAdmin.realm("a_realm").users.delete(user_id)
|
139
|
+
```
|
140
|
+
|
135
141
|
### Create and save a user with password and a locale
|
136
142
|
|
137
143
|
Returns the created user of type `KeycloakAdmin::UserRepresentation`.
|
data/keycloak-admin.gemspec
CHANGED
@@ -15,7 +15,10 @@ Gem::Specification.new do |spec|
|
|
15
15
|
spec.files = `git ls-files -z`.split("\x0")
|
16
16
|
spec.require_paths = ["lib"]
|
17
17
|
|
18
|
+
spec.required_ruby_version = '>= 2.3'
|
19
|
+
|
18
20
|
spec.add_dependency "http-cookie", "~> 1.0", ">= 1.0.3"
|
21
|
+
spec.add_dependency "rest-client", "~> 2.0"
|
19
22
|
spec.add_development_dependency "rspec", "3.7.0"
|
20
23
|
spec.add_development_dependency "byebug", "9.1.0"
|
21
24
|
end
|
data/lib/keycloak-admin.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require "rest-client"
|
2
|
+
|
1
3
|
module KeycloakAdmin
|
2
4
|
class TokenClient < Client
|
3
5
|
def initialize(configuration, realm_client)
|
@@ -16,7 +18,10 @@ module KeycloakAdmin
|
|
16
18
|
|
17
19
|
def get
|
18
20
|
response = execute_http do
|
19
|
-
RestClient.
|
21
|
+
RestClient::Resource.new(token_url, @configuration.rest_client_options).post(
|
22
|
+
@configuration.body_for_token_retrieval,
|
23
|
+
@configuration.headers_for_token_retrieval
|
24
|
+
)
|
20
25
|
end
|
21
26
|
TokenRepresentation.from_json(response.body)
|
22
27
|
end
|
@@ -24,11 +24,9 @@ module KeycloakAdmin
|
|
24
24
|
|
25
25
|
def get(user_id)
|
26
26
|
response = execute_http do
|
27
|
-
RestClient.
|
27
|
+
RestClient::Resource.new(users_url(user_id), @configuration.rest_client_options).get(headers)
|
28
28
|
end
|
29
29
|
UserRepresentation.from_hash(JSON.parse(response))
|
30
|
-
rescue
|
31
|
-
nil
|
32
30
|
end
|
33
31
|
|
34
32
|
def search(query)
|
@@ -40,7 +38,7 @@ module KeycloakAdmin
|
|
40
38
|
|
41
39
|
def delete(user_id)
|
42
40
|
execute_http do
|
43
|
-
RestClient.
|
41
|
+
RestClient::Resource.new(users_url(user_id), @configuration.rest_client_options).delete(headers)
|
44
42
|
end
|
45
43
|
true
|
46
44
|
end
|
@@ -2,7 +2,7 @@ require "base64"
|
|
2
2
|
|
3
3
|
module KeycloakAdmin
|
4
4
|
class Configuration
|
5
|
-
attr_accessor :server_url, :server_domain, :client_id, :client_secret, :client_realm_name, :use_service_account, :username, :password, :logger
|
5
|
+
attr_accessor :server_url, :server_domain, :client_id, :client_secret, :client_realm_name, :use_service_account, :username, :password, :logger, :rest_client_options
|
6
6
|
|
7
7
|
def body_for_token_retrieval
|
8
8
|
if use_service_account
|
@@ -0,0 +1,28 @@
|
|
1
|
+
RSpec.describe KeycloakAdmin::Client do
|
2
|
+
describe "#execute_http" do
|
3
|
+
let(:realm_name) { "valid-realm" }
|
4
|
+
before(:each) do
|
5
|
+
@client = KeycloakAdmin::Client.new(KeycloakAdmin.config)
|
6
|
+
end
|
7
|
+
|
8
|
+
it "handles timeout" do
|
9
|
+
expect do
|
10
|
+
@client.execute_http do
|
11
|
+
raise RestClient::Exceptions::OpenTimeout.new
|
12
|
+
end
|
13
|
+
end.to raise_error(RestClient::Exceptions::OpenTimeout)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "handles response exception" do
|
17
|
+
response = double
|
18
|
+
allow(response).to receive(:code).and_return 500
|
19
|
+
allow(response).to receive(:body).and_return "Server error"
|
20
|
+
|
21
|
+
expect do
|
22
|
+
@client.execute_http do
|
23
|
+
raise RestClient::ExceptionWithResponse.new(response)
|
24
|
+
end
|
25
|
+
end.to raise_error("Keycloak: The request failed with response code 500 and message: Server error")
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -30,8 +30,39 @@ RSpec.describe KeycloakAdmin::TokenClient do
|
|
30
30
|
@built_url = KeycloakAdmin.realm(realm_name).token.token_url
|
31
31
|
end
|
32
32
|
|
33
|
-
it "
|
33
|
+
it "returns a proper url" do
|
34
34
|
expect(@built_url).to eq "http://auth.service.io/auth/realms/valid-realm/protocol/openid-connect/token"
|
35
35
|
end
|
36
36
|
end
|
37
|
+
|
38
|
+
describe "#get" do
|
39
|
+
let(:realm_name) { "valid-realm" }
|
40
|
+
before(:each) do
|
41
|
+
@token_client = KeycloakAdmin.realm(realm_name).token
|
42
|
+
end
|
43
|
+
|
44
|
+
it "parses the response" do
|
45
|
+
stub_post
|
46
|
+
|
47
|
+
token = @token_client.get
|
48
|
+
expect(token.access_token).to eq 'test_access_token'
|
49
|
+
end
|
50
|
+
|
51
|
+
it "passes rest client options" do
|
52
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
53
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
54
|
+
stub_post
|
55
|
+
|
56
|
+
expect(RestClient::Resource).to receive(:new).with(
|
57
|
+
"http://auth.service.io/auth/realms/valid-realm/protocol/openid-connect/token", rest_client_options).and_call_original
|
58
|
+
|
59
|
+
@token_client.get
|
60
|
+
end
|
61
|
+
|
62
|
+
def stub_post
|
63
|
+
response = double
|
64
|
+
allow(response).to receive(:body).and_return '{"access_token":"test_access_token"}'
|
65
|
+
allow_any_instance_of(RestClient::Resource).to receive(:post).and_return response
|
66
|
+
end
|
67
|
+
end
|
37
68
|
end
|
@@ -96,4 +96,60 @@ RSpec.describe KeycloakAdmin::TokenClient do
|
|
96
96
|
end
|
97
97
|
end
|
98
98
|
end
|
99
|
+
|
100
|
+
describe "#get" do
|
101
|
+
let(:realm_name) { "valid-realm" }
|
102
|
+
before(:each) do
|
103
|
+
@user_client = KeycloakAdmin.realm("a_realm").users
|
104
|
+
|
105
|
+
allow_any_instance_of(KeycloakAdmin::TokenClient).to receive(:get).and_return KeycloakAdmin::TokenRepresentation.new(
|
106
|
+
'test_access_token', 'token_type', 'expires_in', 'refresh_token',
|
107
|
+
'refresh_expires_in', 'id_token', 'not_before_policy', 'session_state'
|
108
|
+
)
|
109
|
+
allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"username":"test_username","createdTimestamp":1559347200}'
|
110
|
+
end
|
111
|
+
|
112
|
+
it "parses the response" do
|
113
|
+
user = @user_client.get('test_user_id')
|
114
|
+
expect(user.username).to eq 'test_username'
|
115
|
+
end
|
116
|
+
|
117
|
+
it "passes rest client options" do
|
118
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
119
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
120
|
+
|
121
|
+
expect(RestClient::Resource).to receive(:new).with(
|
122
|
+
"http://auth.service.io/auth/admin/realms/a_realm/users/test_user_id", rest_client_options).and_call_original
|
123
|
+
|
124
|
+
user = @user_client.get('test_user_id')
|
125
|
+
expect(user.username).to eq 'test_username'
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
describe "#delete" do
|
130
|
+
let(:realm_name) { "valid-realm" }
|
131
|
+
before(:each) do
|
132
|
+
@user_client = KeycloakAdmin.realm("a_realm").users
|
133
|
+
|
134
|
+
allow_any_instance_of(KeycloakAdmin::TokenClient).to receive(:get).and_return KeycloakAdmin::TokenRepresentation.new(
|
135
|
+
'test_access_token', 'token_type', 'expires_in', 'refresh_token',
|
136
|
+
'refresh_expires_in', 'id_token', 'not_before_policy', 'session_state'
|
137
|
+
)
|
138
|
+
allow_any_instance_of(RestClient::Resource).to receive(:delete)
|
139
|
+
end
|
140
|
+
|
141
|
+
it "parses the response" do
|
142
|
+
@user_client.delete('test_user_id')
|
143
|
+
end
|
144
|
+
|
145
|
+
it "passes rest client options" do
|
146
|
+
rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
|
147
|
+
allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
|
148
|
+
|
149
|
+
expect(RestClient::Resource).to receive(:new).with(
|
150
|
+
"http://auth.service.io/auth/admin/realms/a_realm/users/test_user_id", rest_client_options).and_call_original
|
151
|
+
|
152
|
+
@user_client.delete('test_user_id')
|
153
|
+
end
|
154
|
+
end
|
99
155
|
end
|
data/spec/configuration_spec.rb
CHANGED
@@ -6,6 +6,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
|
|
6
6
|
let(:use_service_account) { true }
|
7
7
|
let(:username) { "a" }
|
8
8
|
let(:password) { "b" }
|
9
|
+
let(:rest_client_options) { {verify_ssl: OpenSSL::SSL::VERIFY_NONE} }
|
9
10
|
|
10
11
|
before(:each) do
|
11
12
|
@configuration = KeycloakAdmin::Configuration.new
|
@@ -17,6 +18,7 @@ RSpec.describe KeycloakAdmin::RealmClient do
|
|
17
18
|
@configuration.use_service_account = use_service_account
|
18
19
|
@configuration.username = username
|
19
20
|
@configuration.password = password
|
21
|
+
@configuration.rest_client_options = rest_client_options
|
20
22
|
end
|
21
23
|
|
22
24
|
describe "#headers_for_token_retrieval" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: keycloak-admin
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Lorent Lempereur
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-06-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: http-cookie
|
@@ -30,6 +30,20 @@ dependencies:
|
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: 1.0.3
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: rest-client
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - "~>"
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '2.0'
|
40
|
+
type: :runtime
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - "~>"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '2.0'
|
33
47
|
- !ruby/object:Gem::Dependency
|
34
48
|
name: rspec
|
35
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -88,6 +102,7 @@ files:
|
|
88
102
|
- lib/keycloak-admin/representation/token_representation.rb
|
89
103
|
- lib/keycloak-admin/representation/user_representation.rb
|
90
104
|
- lib/keycloak-admin/version.rb
|
105
|
+
- spec/client/client_spec.rb
|
91
106
|
- spec/client/configurable_token_client_spec.rb
|
92
107
|
- spec/client/realm_client_spec.rb
|
93
108
|
- spec/client/token_client_spec.rb
|
@@ -107,7 +122,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
107
122
|
requirements:
|
108
123
|
- - ">="
|
109
124
|
- !ruby/object:Gem::Version
|
110
|
-
version: '
|
125
|
+
version: '2.3'
|
111
126
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
112
127
|
requirements:
|
113
128
|
- - ">="
|