keycloak-api-manager 3.1.0 → 3.2.1

package/test/groups.test.js

@@ -0,0 +1,284 @@
+const { expect } = require('chai');
+const { getAdminClient } = require('./config');
+
+describe('Groups Handler', function () {
+  this.timeout(15000);
+  let client;
+  let testGroupId;
+  let testSubGroupId;
+  let testRoleId;
+  let testUserId;
+
+  before(async function () {
+    client = getAdminClient();
+
+    // Create test role for role mappings
+    const role = await client.roles.create(
+      { realm: 'test-realm' },
+      { name: `groups-test-role-${Date.now()}` }
+    );
+    testRoleId = role.id;
+
+    // Create test user for group membership
+    const user = await client.users.create(
+      { realm: 'test-realm' },
+      {
+        username: `groups-test-user-${Date.now()}`,
+        enabled: true,
+      }
+    );
+    testUserId = user.id;
+  });
+
+  // ==================== GROUP CRUD ====================
+  describe('CRUD Operations', function () {
+    describe('create', function () {
+      it('should create a group with valid representation', async function () {
+        const groupRep = {
+          name: `test-group-${Date.now()}`,
+        };
+
+        const result = await client.groups.create(
+          { realm: 'test-realm' },
+          groupRep
+        );
+
+        expect(result).to.have.property('id');
+        testGroupId = result.id;
+      });
+
+      it('should fail creating duplicate group name', async function () {
+        const groupName = `unique-group-${Date.now()}`;
+
+        await client.groups.create(
+          { realm: 'test-realm' },
+          { name: groupName }
+        );
+
+        try {
+          await client.groups.create(
+            { realm: 'test-realm' },
+            { name: groupName }
+          );
+          // Note: Some Keycloak versions allow duplicates at root level
+        } catch (err) {
+          expect(err).to.exist;
+        }
+      });
+    });
+
+    describe('find', function () {
+      it('should list all groups', async function () {
+        const groups = await client.groups.find({ realm: 'test-realm' });
+
+        expect(groups).to.be.an('array');
+        expect(groups.length).to.be.greaterThan(0);
+      });
+
+      it('should search groups by name', async function () {
+        const groups = await client.groups.find({
+          realm: 'test-realm',
+          search: 'test-group',
+        });
+
+        expect(groups).to.be.an('array');
+      });
+
+      it('should support pagination', async function () {
+        const groups = await client.groups.find({
+          realm: 'test-realm',
+          first: 0,
+          max: 5,
+        });
+
+        expect(groups).to.be.an('array');
+      });
+    });
+
+    describe('findOne', function () {
+      it('should find a specific group by id', async function () {
+        const group = await client.groups.findOne({
+          realm: 'test-realm',
+          id: testGroupId,
+        });
+
+        expect(group).to.exist;
+        expect(group.id).to.equal(testGroupId);
+      });
+    });
+
+    describe('count', function () {
+      it('should count total groups', async function () {
+        const count = await client.groups.count({ realm: 'test-realm' });
+
+        expect(count).to.be.a('number');
+        expect(count).to.be.greaterThan(0);
+      });
+    });
+
+    describe('update', function () {
+      it('should update group attributes', async function () {
+        const updateRep = {
+          name: `updated-group-${Date.now()}`,
+          attributes: {
+            department: ['Engineering'],
+          },
+        };
+
+        await client.groups.update(
+          { realm: 'test-realm', id: testGroupId },
+          updateRep
+        );
+
+        const updated = await client.groups.findOne({
+          realm: 'test-realm',
+          id: testGroupId,
+        });
+
+        expect(updated.name).to.include('updated-group');
+      });
+    });
+  });
+
+  // ==================== SUBGROUPS ====================
+  describe('Subgroups', function () {
+    describe('listSubGroups', function () {
+      it('should list subgroups of a group', async function () {
+        const subgroups = await client.groups.listSubGroups({
+          realm: 'test-realm',
+          id: testGroupId,
+        });
+
+        expect(subgroups).to.be.an('array');
+      });
+    });
+
+    // Note: Creating subgroups might require special handling in some Keycloak versions
+  });
+
+  // ==================== REALM ROLE MAPPINGS ====================
+  describe('Realm Role Mappings', function () {
+    describe('addRealmRoleMappings', function () {
+      it('should add realm roles to group', async function () {
+        await client.groups.addRealmRoleMappings({
+          realm: 'test-realm',
+          id: testGroupId,
+          roles: [
+            {
+              id: testRoleId,
+              name: `groups-test-role-${Date.now()}`,
+            },
+          ],
+        });
+
+        // Verify role added
+      });
+    });
+
+    describe('listRoleMappings', function () {
+      it('should list all role mappings for group', async function () {
+        const mappings = await client.groups.listRoleMappings({
+          realm: 'test-realm',
+          id: testGroupId,
+        });
+
+        expect(mappings).to.be.an('object');
+        expect(mappings).to.have.property('realmMappings');
+      });
+    });
+
+    describe('listRealmRoleMappings', function () {
+      it('should list realm role mappings', async function () {
+        const mappings = await client.groups.listRealmRoleMappings({
+          realm: 'test-realm',
+          id: testGroupId,
+        });
+
+        expect(mappings).to.be.an('array');
+      });
+    });
+
+    describe('listCompositeRealmRoleMappings', function () {
+      it('should list composite realm role mappings', async function () {
+        const mappings = await client.groups.listCompositeRealmRoleMappings({
+          realm: 'test-realm',
+          id: testGroupId,
+        });
+
+        expect(mappings).to.be.an('array');
+      });
+    });
+
+    describe('listAvailableRealmRoleMappings', function () {
+      it('should list available realm roles for group', async function () {
+        const available = await client.groups.listAvailableRealmRoleMappings({
+          realm: 'test-realm',
+          id: testGroupId,
+        });
+
+        expect(available).to.be.an('array');
+      });
+    });
+
+    describe('delRealmRoleMappings', function () {
+      it('should remove realm roles from group', async function () {
+        const mappings = await client.groups.listRealmRoleMappings({
+          realm: 'test-realm',
+          id: testGroupId,
+        });
+
+        if (mappings.length > 0) {
+          await client.groups.delRealmRoleMappings({
+            realm: 'test-realm',
+            id: testGroupId,
+            roles: mappings,
+          });
+
+          // Verify removed
+        }
+      });
+    });
+  });
+
+  // ==================== CLIENT ROLE MAPPINGS ====================
+  describe('Client Role Mappings', function () {
+    describe('listAvailableClientRoleMappings', function () {
+      it('should list available client roles for group', async function () {
+        // Get a client first
+        const clients = await client.clients.find({ realm: 'test-realm' });
+        if (clients.length > 0) {
+          const available = await client.groups.listAvailableClientRoleMappings({
+            realm: 'test-realm',
+            id: testGroupId,
+            clientUniqueId: clients[0].id,
+          });
+
+          expect(available).to.be.an('array');
+        }
+      });
+    });
+  });
+
+  // ==================== CLEANUP ====================
+  after(async function () {
+    try {
+      if (testGroupId) {
+        await client.groups.del({ realm: 'test-realm', id: testGroupId });
+      }
+      if (testRoleId) {
+        const role = await client.roles.findOneById({
+          realm: 'test-realm',
+          id: testRoleId,
+        });
+        if (role) {
+          await client.roles.delByName({ realm: 'test-realm', name: role.name });
+        }
+      }
+      if (testUserId) {
+        await client.users.del({ realm: 'test-realm', id: testUserId });
+      }
+    } catch (err) {
+      console.error('Cleanup error:', err.message);
+    }
+  });
+});

package/test/identityProviders.test.js

@@ -0,0 +1,197 @@
+const { expect } = require('chai');
+const { getAdminClient } = require('./config');
+
+describe('Identity Providers Handler', function () {
+  this.timeout(15000);
+  let client;
+  let testIdpAlias;
+  let testMapperId;
+
+  before(function () {
+    client = getAdminClient();
+    testIdpAlias = `test-idp-${Date.now()}`;
+  });
+
+  // ==================== IDENTITY PROVIDER CRUD ====================
+  describe('CRUD Operations', function () {
+    describe('create', function () {
+      it('should create an identity provider with valid representation', async function () {
+        const idpRep = {
+          alias: testIdpAlias,
+          displayName: 'Test IDP',
+          providerId: 'oidc',
+          enabled: true,
+          config: {
+            clientId: 'test-client',
+            clientSecret: 'test-secret',
+            tokenUrl: 'https://example.com/token',
+            authorizationUrl: 'https://example.com/authorize',
+            userInfoUrl: 'https://example.com/userinfo',
+          },
+        };
+
+        const result = await client.identityProviders.create(
+          { realm: 'test-realm' },
+          idpRep
+        );
+
+        expect(result).to.have.property('alias');
+        expect(result.alias).to.equal(testIdpAlias);
+      });
+    });
+
+    describe('find', function () {
+      it('should list all identity providers', async function () {
+        const idps = await client.identityProviders.find({ realm: 'test-realm' });
+
+        expect(idps).to.be.an('array');
+        expect(idps.some((idp) => idp.alias === testIdpAlias)).to.be.true;
+      });
+    });
+
+    describe('findOne', function () {
+      it('should find a specific identity provider by alias', async function () {
+        const idp = await client.identityProviders.findOne({
+          realm: 'test-realm',
+          alias: testIdpAlias,
+        });
+
+        expect(idp).to.exist;
+        expect(idp.alias).to.equal(testIdpAlias);
+      });
+    });
+
+    describe('update', function () {
+      it('should update identity provider attributes', async function () {
+        const updateRep = {
+          displayName: 'Updated IDP Name',
+          enabled: false,
+        };
+
+        await client.identityProviders.update(
+          { realm: 'test-realm', alias: testIdpAlias },
+          updateRep
+        );
+
+        const updated = await client.identityProviders.findOne({
+          realm: 'test-realm',
+          alias: testIdpAlias,
+        });
+
+        expect(updated.displayName).to.equal('Updated IDP Name');
+        expect(updated.enabled).to.be.false;
+      });
+    });
+  });
+
+  // ==================== IDENTITY PROVIDER MAPPERS ====================
+  describe('Mappers', function () {
+    describe('createMapper', function () {
+      it('should create a mapper for identity provider', async function () {
+        const mapperRep = {
+          name: 'test-mapper',
+          identityProviderAlias: testIdpAlias,
+          identityProviderMapper: 'oidc-user-attribute-idp-mapper',
+          config: {
+            'user.attribute': 'email',
+            'claim': 'email',
+          },
+        };
+
+        const result = await client.identityProviders.createMapper(
+          { realm: 'test-realm' },
+          mapperRep
+        );
+
+        expect(result).to.exist;
+        testMapperId = result.id;
+      });
+    });
+
+    describe('findMappers', function () {
+      it('should find all mappers for identity provider', async function () {
+        const mappers = await client.identityProviders.findMappers({
+          realm: 'test-realm',
+          alias: testIdpAlias,
+        });
+
+        expect(mappers).to.be.an('array');
+      });
+    });
+
+    describe('findOneMapper', function () {
+      it('should find a specific mapper by id', async function () {
+        if (testMapperId) {
+          const mapper = await client.identityProviders.findOneMapper({
+            realm: 'test-realm',
+            alias: testIdpAlias,
+            id: testMapperId,
+          });
+
+          expect(mapper).to.exist;
+        }
+      });
+    });
+
+    describe('delMapper', function () {
+      it('should delete a mapper', async function () {
+        if (testMapperId) {
+          await client.identityProviders.delMapper({
+            realm: 'test-realm',
+            alias: testIdpAlias,
+            id: testMapperId,
+          });
+
+          // Verify deleted
+        }
+      });
+    });
+  });
+
+  // ==================== IDENTITY PROVIDER MANAGEMENT ====================
+  describe('Management Operations', function () {
+    describe('findFactory', function () {
+      it('should retrieve identity provider factory', async function () {
+        try {
+          const factory = await client.identityProviders.findFactory({
+            realm: 'test-realm',
+            providerId: 'oidc',
+          });
+
+          expect(factory).to.exist;
+        } catch (err) {
+          // Factory endpoint might not be available
+        }
+      });
+    });
+
+    describe('listPermissions', function () {
+      it('should list identity provider permissions', async function () {
+        try {
+          const perms = await client.identityProviders.listPermissions({
+            realm: 'test-realm',
+            alias: testIdpAlias,
+          });
+
+          expect(perms).to.be.an('object');
+        } catch (err) {
+          // Permissions might not be enabled
+        }
+      });
+    });
+  });
+
+  // ==================== CLEANUP ====================
+  after(async function () {
+    try {
+      if (testIdpAlias) {
+        await client.identityProviders.del({
+          realm: 'test-realm',
+          alias: testIdpAlias,
+        });
+      }
+    } catch (err) {
+      console.error('Cleanup error:', err.message);
+    }
+  });
+});

package/test/mocha.env.js

@@ -0,0 +1,55 @@
+/**
+ * Mocha Root Setup Hook
+ * Orchestrates Docker container lifecycle and Keycloak initialization
+ */
+
+const { startDocker, stopDocker, waitForHealthy } = require('./docker-helpers');
+const { initializeAdminClient, setupTestRealm, cleanupTestRealm } = require('./config');
+
+// Root hook plugin for Mocha
+exports.mochaHooks = {
+  async beforeAll() {
+    this.timeout(120000); // 2 minutes max for setup
+
+    console.log('\n========== TEST SETUP ==========');
+    console.log('Starting Docker containers...');
+
+    try {
+      // Start Docker Compose
+      await startDocker();
+
+      // Wait for services to be healthy
+      await waitForHealthy();
+
+      // Initialize Keycloak admin client
+      await initializeAdminClient();
+
+      // Setup test realm
+      await setupTestRealm();
+
+      console.log('✓ Test environment ready\n');
+    } catch (err) {
+      console.error('✗ Test setup failed:', err.message);
+      throw err;
+    }
+  },
+
+  async afterAll() {
+    this.timeout(60000); // 1 minute max for teardown
+
+    console.log('\n========== TEST TEARDOWN ==========');
+
+    try {
+      // Cleanup Keycloak test realm
+      await cleanupTestRealm();
+
+      // Stop Docker Compose
+      await stopDocker();
+
+      console.log('✓ Test environment cleaned up\n');
+    } catch (err) {
+      console.error('✗ Test teardown failed:', err.message);
+      // Don't throw during cleanup to allow partial cleanup
+    }
+  },
+};