mirror of
https://github.com/keycloak/keycloak.git
synced 2026-01-10 15:32:05 -03:30
Move RealmRolesTest.java to the new testsuite (#41404)
Part of: #34494 Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
This commit is contained in:
Lukas Hanusovsky
GitHub
parent
da5f5281cd
commit
5b3b36e300
@ -4,6 +4,7 @@ import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.GroupRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.RolesRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
||||
@ -58,6 +59,26 @@ public class RealmConfigBuilder {
|
||||
return GroupConfigBuilder.update(group).name(name);
|
||||
}
|
||||
|
||||
public RoleConfigBuilder addRole(String name) {
|
||||
if (rep.getRoles() == null) {
|
||||
rep.setRoles(new RolesRepresentation());
|
||||
}
|
||||
|
||||
RoleRepresentation role = new RoleRepresentation();
|
||||
rep.getRoles().setRealm(Collections.combine(rep.getRoles().getRealm(), role));
|
||||
return RoleConfigBuilder.update(role).name(name);
|
||||
}
|
||||
|
||||
public RoleConfigBuilder addClientRole(String clientName, String roleName) {
|
||||
if (rep.getRoles() == null) {
|
||||
rep.setRoles(new RolesRepresentation());
|
||||
}
|
||||
|
||||
RoleRepresentation role = new RoleRepresentation();
|
||||
rep.getRoles().setClient(Collections.combine(rep.getRoles().getClient(), clientName, role));
|
||||
return RoleConfigBuilder.update(role).name(roleName);
|
||||
}
|
||||
|
||||
public RealmConfigBuilder registrationEmailAsUsername(boolean registrationEmailAsUsername) {
|
||||
rep.setRegistrationEmailAsUsername(registrationEmailAsUsername);
|
||||
return this;
|
||||
|
||||
@ -0,0 +1,76 @@
|
||||
package org.keycloak.testframework.realm;
|
||||
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class RoleConfigBuilder {
|
||||
|
||||
private final RoleRepresentation rep;
|
||||
|
||||
private RoleConfigBuilder(RoleRepresentation rep) {
|
||||
this.rep = rep;
|
||||
}
|
||||
|
||||
public static RoleConfigBuilder create() {
|
||||
RoleRepresentation rep = new RoleRepresentation();
|
||||
return new RoleConfigBuilder(rep);
|
||||
}
|
||||
|
||||
public static RoleConfigBuilder update(RoleRepresentation rep) {
|
||||
return new RoleConfigBuilder(rep);
|
||||
}
|
||||
|
||||
public RoleConfigBuilder id(String id) {
|
||||
rep.setId(id);
|
||||
return this;
|
||||
}
|
||||
|
||||
public RoleConfigBuilder name(String name) {
|
||||
rep.setName(name);
|
||||
return this;
|
||||
}
|
||||
|
||||
public RoleConfigBuilder description(String description) {
|
||||
rep.setDescription(description);
|
||||
return this;
|
||||
}
|
||||
|
||||
public RoleConfigBuilder attributes(Map<String, List<String>> attributes) {
|
||||
rep.setAttributes(Collections.combine(rep.getAttributes(), attributes));
|
||||
return this;
|
||||
}
|
||||
|
||||
public RoleConfigBuilder singleAttribute(String key, String value) {
|
||||
rep.singleAttribute(key, value);
|
||||
return this;
|
||||
}
|
||||
|
||||
public RoleConfigBuilder composite(boolean enabled) {
|
||||
rep.setComposite(enabled);
|
||||
return this;
|
||||
}
|
||||
|
||||
public RoleConfigBuilder realmComposite(String compositeRole) {
|
||||
if (rep.getComposites() == null) {
|
||||
rep.setComposites(new RoleRepresentation.Composites());
|
||||
}
|
||||
|
||||
rep.getComposites().setRealm(Collections.combine(rep.getComposites().getRealm(), compositeRole));
|
||||
return this;
|
||||
}
|
||||
|
||||
public RoleConfigBuilder clientComposite(String client, String compositeRole) {
|
||||
if (rep.getComposites() == null) {
|
||||
rep.setComposites(new RoleRepresentation.Composites());
|
||||
}
|
||||
|
||||
rep.getComposites().setClient(Collections.combine(rep.getComposites().getClient(), client, compositeRole));
|
||||
return this;
|
||||
}
|
||||
|
||||
public RoleRepresentation build() {
|
||||
return rep;
|
||||
}
|
||||
}
|
||||
@ -73,6 +73,11 @@ public class UserConfigBuilder {
|
||||
return this;
|
||||
}
|
||||
|
||||
public UserConfigBuilder requiredActions(String... requiredActions) {
|
||||
rep.setRequiredActions(Collections.combine(rep.getRequiredActions(), requiredActions));
|
||||
return this;
|
||||
}
|
||||
|
||||
public UserConfigBuilder groups(String... groups) {
|
||||
rep.setGroups(Collections.combine(rep.getGroups(), groups));
|
||||
return this;
|
||||
|
||||
@ -64,7 +64,7 @@ import org.keycloak.testframework.realm.UserConfigBuilder;
|
||||
import org.keycloak.tests.utils.Assert;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
import org.keycloak.tests.utils.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
|
||||
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
|
||||
|
||||
@ -379,11 +379,11 @@ public class ClientTest {
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), clientRep, ResourceType.CLIENT);
|
||||
ClientResource clientRsc = managedRealm.admin().clients().get(id);
|
||||
|
||||
RoleRepresentation roleB = RoleBuilder.create().name("role-b").build();
|
||||
RoleRepresentation roleB = RoleConfigBuilder.create().name("role-b").build();
|
||||
clientRsc.roles().create(roleB);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(id, "role-b"), roleB, ResourceType.CLIENT_ROLE);
|
||||
|
||||
RoleRepresentation roleA = RoleBuilder.create().name("role-a").build();
|
||||
RoleRepresentation roleA = RoleConfigBuilder.create().name("role-a").build();
|
||||
clientRsc.roles().create(roleA);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(id, "role-a"), roleA, ResourceType.CLIENT_ROLE);
|
||||
|
||||
@ -764,8 +764,8 @@ public class ClientTest {
|
||||
RolesResource roleContainerClientRolesRsc = managedRealm.admin().clients().get(roleContainerClientUuid).roles();
|
||||
managedRealm.cleanup().add(r -> r.clients().get(roleContainerClientUuid).remove());
|
||||
|
||||
roleContainerClientRolesRsc.create(RoleBuilder.create().name("client-composite").build());
|
||||
roleContainerClientRolesRsc.create(RoleBuilder.create().name("client-child").build());
|
||||
roleContainerClientRolesRsc.create(RoleConfigBuilder.create().name("client-composite").build());
|
||||
roleContainerClientRolesRsc.create(RoleConfigBuilder.create().name("client-child").build());
|
||||
roleContainerClientRolesRsc.get("client-composite").addComposites(List.of(
|
||||
roleContainerClientRolesRsc.get("client-child").toRepresentation()));
|
||||
|
||||
@ -823,10 +823,10 @@ public class ClientTest {
|
||||
RoleMappingResource scopesResource = managedRealm.admin().clients().get(idA).getScopeMappings();
|
||||
|
||||
// create a realm role and a role in clientB
|
||||
RoleRepresentation realmRoleRep = RoleBuilder.create().name("realm-role").build();
|
||||
RoleRepresentation realmRoleRep = RoleConfigBuilder.create().name("realm-role").build();
|
||||
managedRealm.admin().roles().create(realmRoleRep);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath(realmRoleRep.getName()), realmRoleRep, ResourceType.REALM_ROLE);
|
||||
RoleRepresentation clientBRoleRep = RoleBuilder.create().name("clientB-role").build();
|
||||
RoleRepresentation clientBRoleRep = RoleConfigBuilder.create().name("clientB-role").build();
|
||||
managedRealm.admin().clients().get(idB).roles().create(clientBRoleRep);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(idB, clientBRoleRep.getName()), clientBRoleRep, ResourceType.CLIENT_ROLE);
|
||||
|
||||
@ -1007,7 +1007,7 @@ public class ClientTest {
|
||||
}
|
||||
|
||||
private RoleRepresentation createRealmRole(String roleName) {
|
||||
RoleRepresentation role = RoleBuilder.create().name(roleName).build();
|
||||
RoleRepresentation role = RoleConfigBuilder.create().name(roleName).build();
|
||||
managedRealm.admin().roles().create(role);
|
||||
|
||||
String createdId = managedRealm.admin().roles().get(role.getName()).toRepresentation().getId();
|
||||
|
||||
@ -50,7 +50,7 @@ import org.keycloak.tests.utils.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.util.CredentialBuilder;
|
||||
import org.keycloak.testsuite.util.FederatedIdentityBuilder;
|
||||
import org.keycloak.testsuite.util.IdentityProviderBuilder;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -290,7 +290,7 @@ public class PermissionsTest extends AbstractPermissionsTest {
|
||||
|
||||
@Test
|
||||
public void roles() {
|
||||
RoleRepresentation newRole = RoleBuilder.create().name("sample-role").build();
|
||||
RoleRepresentation newRole = RoleConfigBuilder.create().name("sample-role").build();
|
||||
managedRealm1.admin().roles().create(newRole);
|
||||
managedRealm1.cleanup().add(r -> r.roles().deleteRole("sample-role"));
|
||||
|
||||
@ -320,7 +320,7 @@ public class PermissionsTest extends AbstractPermissionsTest {
|
||||
|
||||
@Test
|
||||
public void rolesById() {
|
||||
RoleRepresentation newRole = RoleBuilder.create().name("role-by-id").build();
|
||||
RoleRepresentation newRole = RoleConfigBuilder.create().name("role-by-id").build();
|
||||
managedRealm1.admin().roles().create(newRole);
|
||||
RoleRepresentation role = managedRealm1.admin().roles().get("role-by-id").toRepresentation();
|
||||
managedRealm1.cleanup().add(r -> r.roles().deleteRole("role-by-id"));
|
||||
|
||||
@ -38,7 +38,7 @@ import org.keycloak.testframework.realm.ManagedClient;
|
||||
import org.keycloak.testframework.realm.ManagedRealm;
|
||||
import org.keycloak.tests.utils.Assert;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
@ -86,20 +86,20 @@ public class RoleByIdResourceTest {
|
||||
|
||||
@BeforeEach
|
||||
public void before() {
|
||||
managedRealm.admin().roles().create(RoleBuilder.create().name(roleNameA).description("Role A").build());
|
||||
managedRealm.admin().roles().create(RoleBuilder.create().name(roleNameB).description("Role B").build());
|
||||
managedRealm.admin().roles().create(RoleConfigBuilder.create().name(roleNameA).description("Role A").build());
|
||||
managedRealm.admin().roles().create(RoleConfigBuilder.create().name(roleNameB).description("Role B").build());
|
||||
// add a role that is a composite role
|
||||
RoleRepresentation roleD = RoleBuilder.create().name(roleNameD).description("Role D").build();
|
||||
RoleRepresentation roleD = RoleConfigBuilder.create().name(roleNameD).description("Role D").build();
|
||||
managedRealm.admin().roles().create(roleD);
|
||||
managedRealm.admin().roles().create(RoleBuilder.create()
|
||||
managedRealm.admin().roles().create(RoleConfigBuilder.create()
|
||||
.name(roleNameCompositeWihD)
|
||||
.description("Composite Role with Role D")
|
||||
.composite()
|
||||
.realmComposite(roleD)
|
||||
.composite(true)
|
||||
.realmComposite(roleD.getName())
|
||||
.build()
|
||||
);
|
||||
|
||||
managedRealm.admin().clients().get(managedClient.getId()).roles().create(RoleBuilder.create().name(roleNameC).description("Role C").build());
|
||||
managedRealm.admin().clients().get(managedClient.getId()).roles().create(RoleConfigBuilder.create().name(roleNameC).description("Role C").build());
|
||||
|
||||
managedRealm.admin().roles().list()
|
||||
.forEach(r -> roleIds.put(r.getName(), r.getId()));
|
||||
@ -158,8 +158,8 @@ public class RoleByIdResourceTest {
|
||||
assertEquals(0, resource.getRoleComposites(roleIds.get(roleNameA)).size());
|
||||
|
||||
List<RoleRepresentation> l = new LinkedList<>();
|
||||
l.add(RoleBuilder.create().id(roleIds.get(roleNameB)).build());
|
||||
l.add(RoleBuilder.create().id(roleIds.get(roleNameC)).build());
|
||||
l.add(RoleConfigBuilder.create().id(roleIds.get(roleNameB)).build());
|
||||
l.add(RoleConfigBuilder.create().id(roleIds.get(roleNameC)).build());
|
||||
resource.addComposites(roleIds.get(roleNameA), l);
|
||||
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleByIdResourceCompositesPath(roleIds.get(roleNameA)), l, ResourceType.REALM_ROLE);
|
||||
@ -203,9 +203,9 @@ public class RoleByIdResourceTest {
|
||||
*/
|
||||
@Test
|
||||
public void createNewMixedRealmCompositeRole() {
|
||||
RoleRepresentation newRoleComp = RoleBuilder.create()
|
||||
RoleRepresentation newRoleComp = RoleConfigBuilder.create()
|
||||
.name("role-mixed-comp")
|
||||
.composite()
|
||||
.composite(true)
|
||||
.realmComposite(roleNameA)
|
||||
.realmComposite(roleNameCompositeWihD)
|
||||
.clientComposite(managedClient.getClientId(), roleNameC).build();
|
||||
@ -237,9 +237,9 @@ public class RoleByIdResourceTest {
|
||||
@Test
|
||||
public void createNewMixedRealmCompositeRoleWithUnknownRealmRoleShouldThrow() {
|
||||
String unknownRealmRole = "realm-role-unknown";
|
||||
RoleRepresentation newRoleComp = RoleBuilder.create()
|
||||
RoleRepresentation newRoleComp = RoleConfigBuilder.create()
|
||||
.name("role-broken-comp1")
|
||||
.composite()
|
||||
.composite(true)
|
||||
.realmComposite(unknownRealmRole)
|
||||
.clientComposite(managedRealm.getId(), roleNameC)
|
||||
.build();
|
||||
@ -253,9 +253,9 @@ public class RoleByIdResourceTest {
|
||||
@Test
|
||||
public void createNewMixedRealmCompositeRoleWithUnknownClientRoleShouldThrow() {
|
||||
String unknownClientRole = "client-role-unknown";
|
||||
RoleRepresentation newRoleComp = RoleBuilder.create()
|
||||
RoleRepresentation newRoleComp = RoleConfigBuilder.create()
|
||||
.name("role-broken-comp2")
|
||||
.composite()
|
||||
.composite(true)
|
||||
.realmComposite(roleNameA)
|
||||
.clientComposite(managedClient.getClientId(), unknownClientRole)
|
||||
.build();
|
||||
@ -315,7 +315,7 @@ public class RoleByIdResourceTest {
|
||||
@Test
|
||||
public void renameRoleToNamePreviouslyCached() {
|
||||
String roleName = "realm-role-new-" + new Random().nextInt();
|
||||
RoleRepresentation newRoleRepresentation = RoleBuilder.create()
|
||||
RoleRepresentation newRoleRepresentation = RoleConfigBuilder.create()
|
||||
.name(roleName)
|
||||
.build();
|
||||
managedRealm.admin().roles().create(newRoleRepresentation);
|
||||
@ -324,7 +324,7 @@ public class RoleByIdResourceTest {
|
||||
String newRoleName = "realm-role-renamed-" + new Random().nextInt();
|
||||
cacheMissingRoleName(newRoleName);
|
||||
|
||||
RoleRepresentation updatedRoleRepresentation = RoleBuilder.create()
|
||||
RoleRepresentation updatedRoleRepresentation = RoleConfigBuilder.create()
|
||||
.id(roleRepresentation.getId())
|
||||
.name(newRoleName)
|
||||
.build();
|
||||
@ -343,7 +343,7 @@ public class RoleByIdResourceTest {
|
||||
@Test
|
||||
public void createRolePreviouslyCached() {
|
||||
String roleName = "realm-role-new-" + new Random().nextInt();
|
||||
RoleRepresentation roleRepresentation = RoleBuilder.create()
|
||||
RoleRepresentation roleRepresentation = RoleConfigBuilder.create()
|
||||
.name(roleName)
|
||||
.build();
|
||||
|
||||
|
||||
@ -56,7 +56,7 @@ import org.keycloak.testframework.annotations.InjectAdminClient;
|
||||
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
|
||||
import org.keycloak.testframework.realm.UserConfigBuilder;
|
||||
import org.keycloak.testframework.util.ApiUtil;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
|
||||
@KeycloakIntegrationTest
|
||||
public class UserResourceTypeFilteringTest extends AbstractPermissionTest {
|
||||
@ -347,7 +347,7 @@ public class UserResourceTypeFilteringTest extends AbstractPermissionTest {
|
||||
List<UserRepresentation> search = realmAdminClient.realm(realm.getName()).users().search(null, 0, 10);
|
||||
assertTrue(search.isEmpty());
|
||||
|
||||
RoleRepresentation role = RoleBuilder.create().name("myrole").build();
|
||||
RoleRepresentation role = RoleConfigBuilder.create().name("myrole").build();
|
||||
realm.admin().roles().create(role);
|
||||
role = realm.admin().roles().get(role.getName()).toRepresentation();
|
||||
|
||||
@ -373,15 +373,15 @@ public class UserResourceTypeFilteringTest extends AbstractPermissionTest {
|
||||
List<UserRepresentation> search = realmAdminClient.realm(realm.getName()).users().search(null, 0, 10);
|
||||
assertTrue(search.isEmpty());
|
||||
|
||||
RoleRepresentation role = RoleBuilder.create().name("myrole").build();
|
||||
RoleRepresentation role = RoleConfigBuilder.create().name("myrole").build();
|
||||
|
||||
realm.admin().roles().create(role);
|
||||
role = realm.admin().roles().get(role.getName()).toRepresentation();
|
||||
|
||||
RoleRepresentation compositeRole = RoleBuilder.create()
|
||||
RoleRepresentation compositeRole = RoleConfigBuilder.create()
|
||||
.name("mycompositerole")
|
||||
.composite()
|
||||
.realmComposite(role)
|
||||
.composite(true)
|
||||
.realmComposite(role.getName())
|
||||
.build();
|
||||
realm.admin().roles().create(compositeRole);
|
||||
compositeRole = realm.admin().roles().get(compositeRole.getName()).toRepresentation();
|
||||
|
||||
@ -42,7 +42,7 @@ import org.keycloak.testframework.realm.ManagedRealm;
|
||||
import org.keycloak.tests.utils.Assert;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
import org.keycloak.tests.utils.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
@ -89,7 +89,7 @@ public class ClientRolesTest {
|
||||
}
|
||||
|
||||
private RoleRepresentation makeRole(String name) {
|
||||
return RoleBuilder.create()
|
||||
return RoleConfigBuilder.create()
|
||||
.name(name)
|
||||
.build();
|
||||
}
|
||||
@ -104,7 +104,7 @@ public class ClientRolesTest {
|
||||
|
||||
@Test
|
||||
public void testAddRole() {
|
||||
RoleRepresentation role1 = RoleBuilder.create()
|
||||
RoleRepresentation role1 = RoleConfigBuilder.create()
|
||||
.name("role1")
|
||||
.description("role1-description")
|
||||
.singleAttribute("role1-attr-key", "role1-attr-val")
|
||||
@ -121,7 +121,7 @@ public class ClientRolesTest {
|
||||
|
||||
@Test
|
||||
public void createRoleWithSameName() {
|
||||
RoleRepresentation role = RoleBuilder.create().name("role-a").build();
|
||||
RoleRepresentation role = RoleConfigBuilder.create().name("role-a").build();
|
||||
rolesRsc.create(role);
|
||||
managedClient.cleanup().add(c -> c.roles().deleteRole("role-a"));
|
||||
assertThrows(ClientErrorException.class, () -> rolesRsc.create(role), "Client role with the same name is not allowed");
|
||||
@ -129,7 +129,7 @@ public class ClientRolesTest {
|
||||
|
||||
@Test
|
||||
public void createRoleWithNamePattern() {
|
||||
RoleRepresentation role = RoleBuilder.create().name("role-a-{pattern}").build();
|
||||
RoleRepresentation role = RoleConfigBuilder.create().name("role-a-{pattern}").build();
|
||||
rolesRsc.create(role);
|
||||
managedClient.cleanup().add(c -> c.roles().deleteRole("role-a-{pattern}"));
|
||||
}
|
||||
@ -361,7 +361,7 @@ public class ClientRolesTest {
|
||||
public void getRolesWithFullRepresentation() {
|
||||
for (int i = 0; i < 5; i++) {
|
||||
String roleName = "attributesrole" + i;
|
||||
RoleRepresentation role = RoleBuilder.create()
|
||||
RoleRepresentation role = RoleConfigBuilder.create()
|
||||
.name(roleName)
|
||||
.attributes(Map.of("attribute1", List.of("value1", "value2")))
|
||||
.build();
|
||||
@ -379,7 +379,7 @@ public class ClientRolesTest {
|
||||
public void getRolesWithBriefRepresentation() {
|
||||
for (int i = 0; i < 5; i++) {
|
||||
String roleName = "attributesrole" + i;
|
||||
RoleRepresentation role = RoleBuilder.create()
|
||||
RoleRepresentation role = RoleConfigBuilder.create()
|
||||
.name(roleName)
|
||||
.attributes(Map.of("attribute1", List.of("value1", "value2")))
|
||||
.build();
|
||||
|
||||
@ -50,7 +50,7 @@ import org.keycloak.testframework.events.AdminEventAssertion;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
import org.keycloak.tests.utils.admin.ApiUtil;
|
||||
import org.keycloak.tests.utils.matchers.Matchers;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
@ -346,9 +346,9 @@ public class ClientScopeTest extends AbstractClientScopeTest {
|
||||
String roleContainerClientUuid = realm.clients().findByClientId("role-container-client").stream().findFirst().orElseThrow().getId();
|
||||
ClientResource roleContainerClient = realm.clients().get(roleContainerClientUuid);
|
||||
|
||||
RoleRepresentation clientCompositeRole = RoleBuilder.create().name("client-composite").build();
|
||||
RoleRepresentation clientCompositeRole = RoleConfigBuilder.create().name("client-composite").build();
|
||||
roleContainerClient.roles().create(clientCompositeRole);
|
||||
roleContainerClient.roles().create(RoleBuilder.create().name("client-child").build());
|
||||
roleContainerClient.roles().create(RoleConfigBuilder.create().name("client-child").build());
|
||||
roleContainerClient.roles().get("client-composite").addComposites(Collections
|
||||
.singletonList(
|
||||
roleContainerClient.roles().get("client-child").toRepresentation()));
|
||||
|
||||
@ -66,7 +66,7 @@ import org.keycloak.testframework.remote.runonserver.RunOnServerClient;
|
||||
import org.keycloak.tests.utils.Assert;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
import org.keycloak.tests.utils.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
import org.keycloak.testsuite.util.userprofile.UserProfileUtil;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
||||
@ -175,7 +175,7 @@ public class GroupTest extends AbstractGroupTest {
|
||||
.resourceType(ResourceType.CLIENT);
|
||||
client = realm.clients().findByClientId("foo").get(0);
|
||||
|
||||
RoleRepresentation role = RoleBuilder.create().name("foo-role").build();
|
||||
RoleRepresentation role = RoleConfigBuilder.create().name("foo-role").build();
|
||||
realm.clients().get(client.getId()).roles().create(role);
|
||||
AdminEventAssertion.assertSuccess(adminEvents.poll())
|
||||
.operationType(OperationType.CREATE)
|
||||
@ -370,9 +370,9 @@ public class GroupTest extends AbstractGroupTest {
|
||||
|
||||
@Test
|
||||
public void createAndTestGroups() throws IOException {
|
||||
RoleRepresentation topRole = createRealmRole(managedRealm, RoleBuilder.create().name("topRole").build());
|
||||
RoleRepresentation level2Role = createRealmRole(managedRealm, RoleBuilder.create().name("level2Role").build());
|
||||
RoleRepresentation level3Role = createRealmRole(managedRealm, RoleBuilder.create().name("level3Role").build());
|
||||
RoleRepresentation topRole = createRealmRole(managedRealm, RoleConfigBuilder.create().name("topRole").build());
|
||||
RoleRepresentation level2Role = createRealmRole(managedRealm, RoleConfigBuilder.create().name("level2Role").build());
|
||||
RoleRepresentation level3Role = createRealmRole(managedRealm, RoleConfigBuilder.create().name("level3Role").build());
|
||||
|
||||
// Role events tested elsewhere
|
||||
adminEvents.skipAll();
|
||||
@ -684,19 +684,19 @@ public class GroupTest extends AbstractGroupTest {
|
||||
@Test
|
||||
public void roleMappings() {
|
||||
RealmResource realm = managedRealm.admin();
|
||||
createRealmRole(managedRealm, RoleBuilder.create().name("realm-role").build());
|
||||
createRealmRole(managedRealm, RoleBuilder.create().name("realm-composite").build());
|
||||
createRealmRole(managedRealm, RoleBuilder.create().name("realm-child").build());
|
||||
createRealmRole(managedRealm, RoleConfigBuilder.create().name("realm-role").build());
|
||||
createRealmRole(managedRealm, RoleConfigBuilder.create().name("realm-composite").build());
|
||||
createRealmRole(managedRealm, RoleConfigBuilder.create().name("realm-child").build());
|
||||
realm.roles().get("realm-composite").addComposites(List.of(realm.roles().get("realm-child").toRepresentation()));
|
||||
|
||||
Response response = realm.clients().create(ClientConfigBuilder.create().clientId("myclient").build());
|
||||
String clientId = ApiUtil.getCreatedId(response);
|
||||
managedRealm.cleanup().add(r -> r.clients().get(clientId).remove());
|
||||
|
||||
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-role").build());
|
||||
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-role2").build());
|
||||
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-composite").build());
|
||||
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-child").build());
|
||||
realm.clients().get(clientId).roles().create(RoleConfigBuilder.create().name("client-role").build());
|
||||
realm.clients().get(clientId).roles().create(RoleConfigBuilder.create().name("client-role2").build());
|
||||
realm.clients().get(clientId).roles().create(RoleConfigBuilder.create().name("client-composite").build());
|
||||
realm.clients().get(clientId).roles().create(RoleConfigBuilder.create().name("client-child").build());
|
||||
realm.clients().get(clientId).roles().get("client-composite").addComposites(List.of(realm.clients().get(clientId).roles().get("client-child").toRepresentation()));
|
||||
|
||||
// Roles+clients tested elsewhere
|
||||
@ -760,8 +760,8 @@ public class GroupTest extends AbstractGroupTest {
|
||||
public void rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned() {
|
||||
RealmResource realm = managedRealm.admin();
|
||||
|
||||
createRealmRole(managedRealm, RoleBuilder.create().name("realm-composite").build());
|
||||
createRealmRole(managedRealm, RoleBuilder.create().name("realm-child").build());
|
||||
createRealmRole(managedRealm, RoleConfigBuilder.create().name("realm-composite").build());
|
||||
createRealmRole(managedRealm, RoleConfigBuilder.create().name("realm-child").build());
|
||||
realm.roles().get("realm-composite")
|
||||
.addComposites(List.of(realm.roles().get("realm-child").toRepresentation()));
|
||||
|
||||
@ -769,8 +769,8 @@ public class GroupTest extends AbstractGroupTest {
|
||||
String clientId = ApiUtil.getCreatedId(response);
|
||||
managedRealm.cleanup().add(r -> r.clients().get(clientId).remove());
|
||||
|
||||
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-composite").build());
|
||||
realm.clients().get(clientId).roles().create(RoleBuilder.create().name("client-child").build());
|
||||
realm.clients().get(clientId).roles().create(RoleConfigBuilder.create().name("client-composite").build());
|
||||
realm.clients().get(clientId).roles().create(RoleConfigBuilder.create().name("client-child").build());
|
||||
realm.clients().get(clientId).roles().get("client-composite").addComposites(
|
||||
List.of(realm.clients().get(clientId).roles().get("client-child").toRepresentation())
|
||||
);
|
||||
|
||||
@ -0,0 +1,59 @@
|
||||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.tests.admin.realm;
|
||||
|
||||
import org.keycloak.testframework.annotations.InjectAdminEvents;
|
||||
import org.keycloak.testframework.annotations.InjectRealm;
|
||||
import org.keycloak.testframework.events.AdminEvents;
|
||||
import org.keycloak.testframework.realm.ManagedRealm;
|
||||
import org.keycloak.testframework.realm.RealmConfigBuilder;
|
||||
import org.keycloak.testframework.realm.RealmConfig;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public class AbstractRealmRolesTest {
|
||||
|
||||
@InjectRealm(config = RealmRolesRealmConf.class)
|
||||
ManagedRealm managedRealm;
|
||||
|
||||
@InjectAdminEvents
|
||||
AdminEvents adminEvents;
|
||||
|
||||
private static class RealmRolesRealmConf implements RealmConfig {
|
||||
|
||||
@Override
|
||||
public RealmConfigBuilder configure(RealmConfigBuilder builder) {
|
||||
builder.addGroup("test-role-group").path("/test-role-group");
|
||||
builder.addUser("test-role-member").name("Test", "Role User").
|
||||
email("test-role-member@test-role-member.com").roles("default-roles-default").emailVerified(true).requiredActions();
|
||||
builder.addClient("client-a").id("client-a").description("Client A");
|
||||
builder.addClient("client-c").id("client-c").description("Client C");
|
||||
builder.addRole("role-a").description("Role A").attributes(Map.of("role-a-attr-key1", List.of("role-a-attr-val1")));
|
||||
builder.addRole("role-b").description("Role B");
|
||||
builder.addClientRole("client-a", "role-c").description("Role C");
|
||||
builder.addRole("role-with-users").description("Role with users");
|
||||
builder.addRole("role-without-users").description("role-without-users");
|
||||
|
||||
return builder;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,184 @@
|
||||
package org.keycloak.tests.admin.realm;
|
||||
|
||||
import jakarta.ws.rs.BadRequestException;
|
||||
import jakarta.ws.rs.ClientErrorException;
|
||||
import jakarta.ws.rs.NotFoundException;
|
||||
import org.junit.jupiter.api.Assertions;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testframework.annotations.InjectClient;
|
||||
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
|
||||
import org.keycloak.testframework.events.AdminEventAssertion;
|
||||
import org.keycloak.testframework.realm.ManagedClient;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
import org.keycloak.tests.utils.Assert;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.allOf;
|
||||
import static org.hamcrest.Matchers.empty;
|
||||
import static org.hamcrest.Matchers.hasItem;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
@KeycloakIntegrationTest
|
||||
public class RealmRolesCRUDTest extends AbstractRealmRolesTest {
|
||||
|
||||
@InjectClient(ref = "client-a", attachTo = "client-a")
|
||||
ManagedClient clientA;
|
||||
|
||||
@Test
|
||||
public void getRole() {
|
||||
RoleRepresentation role = managedRealm.admin().roles().get("role-a").toRepresentation();
|
||||
assertNotNull(role);
|
||||
assertEquals("role-a", role.getName());
|
||||
assertEquals("Role A", role.getDescription());
|
||||
assertEquals(Map.of("role-a-attr-key1", List.of("role-a-attr-val1")), role.getAttributes());
|
||||
assertFalse(role.isComposite());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void createRoleWithSameName() {
|
||||
Assertions.assertThrows(ClientErrorException.class, () -> {
|
||||
managedRealm.admin().roles().create(RoleConfigBuilder.create().name("role-a").build());
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateRole() {
|
||||
RoleRepresentation role = managedRealm.admin().roles().get("role-a").toRepresentation();
|
||||
|
||||
role.setName("role-a-new");
|
||||
role.setDescription("Role A New");
|
||||
Map<String, List<String>> newAttributes = Collections.singletonMap("attrKeyNew", Collections.singletonList("attrValueNew"));
|
||||
role.setAttributes(newAttributes);
|
||||
|
||||
managedRealm.admin().roles().get("role-a").update(role);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.UPDATE, AdminEventPaths.roleResourcePath("role-a"), role, ResourceType.REALM_ROLE);
|
||||
|
||||
role = managedRealm.admin().roles().get("role-a-new").toRepresentation();
|
||||
|
||||
assertNotNull(role);
|
||||
assertEquals("role-a-new", role.getName());
|
||||
assertEquals("Role A New", role.getDescription());
|
||||
assertEquals(newAttributes, role.getAttributes());
|
||||
assertFalse(role.isComposite());
|
||||
|
||||
managedRealm.cleanup().add(r -> r.roles().create(RoleConfigBuilder.create().name("role-a")
|
||||
.description("Role A").attributes(Map.of("role-a-attr-key1", List.of("role-a-attr-val1"))).build()));
|
||||
managedRealm.cleanup().add(r -> r.roles().get("role-a-new").remove());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void deleteRole() {
|
||||
assertNotNull(managedRealm.admin().roles().get("role-a"));
|
||||
managedRealm.admin().roles().deleteRole("role-a");
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.DELETE, AdminEventPaths.roleResourcePath("role-a"), ResourceType.REALM_ROLE);
|
||||
|
||||
try {
|
||||
managedRealm.admin().roles().get("role-a").toRepresentation();
|
||||
fail("Expected 404");
|
||||
} catch (NotFoundException e) {
|
||||
// expected
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void composites() {
|
||||
assertFalse(managedRealm.admin().roles().get("role-a").toRepresentation().isComposite());
|
||||
assertEquals(0, managedRealm.admin().roles().get("role-a").getRoleComposites().size());
|
||||
|
||||
List<RoleRepresentation> l = new LinkedList<>();
|
||||
l.add(RoleConfigBuilder.create().id(managedRealm.admin().roles().get("role-b").toRepresentation().getId()).build());
|
||||
l.add(RoleConfigBuilder.create().id(managedRealm.admin().clients().get(clientA.getId()).roles().get("role-c").toRepresentation().getId()).build());
|
||||
managedRealm.admin().roles().get("role-a").addComposites(l);
|
||||
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role-a"), l, ResourceType.REALM_ROLE);
|
||||
|
||||
Set<RoleRepresentation> composites = managedRealm.admin().roles().get("role-a").getRoleComposites();
|
||||
|
||||
assertTrue(managedRealm.admin().roles().get("role-a").toRepresentation().isComposite());
|
||||
Assert.assertNames(composites, "role-b", "role-c");
|
||||
|
||||
Set<RoleRepresentation> realmComposites = managedRealm.admin().roles().get("role-a").getRealmRoleComposites();
|
||||
Assert.assertNames(realmComposites, "role-b");
|
||||
|
||||
Set<RoleRepresentation> clientComposites = managedRealm.admin().roles().get("role-a").getClientRoleComposites(clientA.getId());
|
||||
Assert.assertNames(clientComposites, "role-c");
|
||||
|
||||
managedRealm.admin().roles().get("role-a").deleteComposites(l);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"), l, ResourceType.REALM_ROLE);
|
||||
|
||||
assertFalse(managedRealm.admin().roles().get("role-a").toRepresentation().isComposite());
|
||||
assertEquals(0, managedRealm.admin().roles().get("role-a").getRoleComposites().size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultRoles() {
|
||||
RoleResource defaultRole = managedRealm.admin().roles().get(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + managedRealm.getName());
|
||||
|
||||
UserRepresentation user = managedRealm.admin().users().search("test-role-member").get(0);
|
||||
|
||||
UserResource userResource = managedRealm.admin().users().get(user.getId());
|
||||
assertThat(convertRolesToNames(userResource.roles().realmLevel().listAll()), hasItem(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + managedRealm.getName()));
|
||||
assertThat(convertRolesToNames(userResource.roles().realmLevel().listEffective()), allOf(
|
||||
hasItem(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + managedRealm.getName()),
|
||||
hasItem(Constants.OFFLINE_ACCESS_ROLE),
|
||||
hasItem(Constants.AUTHZ_UMA_AUTHORIZATION)
|
||||
));
|
||||
|
||||
defaultRole.addComposites(Collections.singletonList(managedRealm.admin().roles().get("role-a").toRepresentation()));
|
||||
|
||||
userResource = managedRealm.admin().users().get(user.getId());
|
||||
assertThat(convertRolesToNames(userResource.roles().realmLevel().listAll()), allOf(
|
||||
hasItem(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + managedRealm.getName()),
|
||||
not(hasItem("role-a"))
|
||||
));
|
||||
assertThat(convertRolesToNames(userResource.roles().realmLevel().listEffective()), allOf(
|
||||
hasItem(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + managedRealm.getName()),
|
||||
hasItem(Constants.OFFLINE_ACCESS_ROLE),
|
||||
hasItem(Constants.AUTHZ_UMA_AUTHORIZATION),
|
||||
hasItem("role-a")
|
||||
));
|
||||
|
||||
assertThat(userResource.roles().clientLevel(clientA.getId()).listAll(), empty());
|
||||
assertThat(userResource.roles().clientLevel(clientA.getId()).listEffective(), empty());
|
||||
|
||||
defaultRole.addComposites(Collections.singletonList(managedRealm.admin().clients().get(clientA.getId()).roles().get("role-c").toRepresentation()));
|
||||
|
||||
userResource = managedRealm.admin().users().get(user.getId());
|
||||
|
||||
assertThat(userResource.roles().clientLevel(clientA.getId()).listAll(), empty());
|
||||
assertThat(convertRolesToNames(userResource.roles().clientLevel(clientA.getId()).listEffective()),
|
||||
hasItem("role-c")
|
||||
);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDeleteDefaultRole() {
|
||||
Assertions.assertThrows(BadRequestException.class, () -> {
|
||||
managedRealm.admin().roles().deleteRole(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + managedRealm.getName());
|
||||
});
|
||||
}
|
||||
|
||||
private List<String> convertRolesToNames(List<RoleRepresentation> roles) {
|
||||
return roles.stream().map(RoleRepresentation::getName).collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,51 @@
|
||||
package org.keycloak.tests.admin.realm;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.representations.idm.GroupRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
|
||||
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
@KeycloakIntegrationTest
|
||||
public class RealmRolesGroupTest extends AbstractRealmRolesTest {
|
||||
|
||||
/**
|
||||
* KEYCLOAK-4978 Verifies that Groups assigned to Role are being properly retrieved as members in API endpoint for role membership
|
||||
*/
|
||||
@Test
|
||||
public void testGroupsInRole() {
|
||||
RoleResource role = managedRealm.admin().roles().get("role-with-users");
|
||||
|
||||
List<GroupRepresentation> groups = managedRealm.admin().groups().groups();
|
||||
GroupRepresentation groupRep = groups.stream().filter(g -> g.getPath().equals("/test-role-group")).findFirst().get();
|
||||
|
||||
RoleResource roleResource = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
List<RoleRepresentation> rolesToAdd = new LinkedList<>();
|
||||
rolesToAdd.add(roleResource.toRepresentation());
|
||||
managedRealm.admin().groups().group(groupRep.getId()).roles().realmLevel().add(rolesToAdd);
|
||||
|
||||
roleResource = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
|
||||
Set<GroupRepresentation> groupsInRole = roleResource.getRoleGroupMembers();
|
||||
assertTrue(groupsInRole.stream().anyMatch(g -> g.getPath().equals("/test-role-group")));
|
||||
}
|
||||
|
||||
/**
|
||||
* KEYCLOAK-4978 Verifies that Role with no users assigned is being properly retrieved without groups in API endpoint for role membership
|
||||
*/
|
||||
@Test
|
||||
public void testGroupsNotInRole() {
|
||||
RoleResource role = managedRealm.admin().roles().get("role-without-users");
|
||||
|
||||
role = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
|
||||
Set<GroupRepresentation> groupsInRole = role.getRoleGroupMembers();
|
||||
assertTrue(groupsInRole.isEmpty());
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,148 @@
|
||||
package org.keycloak.tests.admin.realm;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
|
||||
import org.keycloak.testframework.events.AdminEventAssertion;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
@KeycloakIntegrationTest
|
||||
public class RealmRolesSearchTest extends AbstractRealmRolesTest {
|
||||
|
||||
// issue #9587
|
||||
@Test
|
||||
public void testSearchForRealmRoles() {
|
||||
managedRealm.admin().roles().list("role-", true).forEach(role -> assertThat("There is client role '" + role.getName() + "' among realm roles.", role.getClientRole(), is(false)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSearchForRoles() {
|
||||
|
||||
for(int i = 0; i<15; i++) {
|
||||
String roleName = "testrole"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
managedRealm.admin().roles().create(role);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
String roleNameA = "abcdefg";
|
||||
RoleRepresentation roleA = makeRole(roleNameA);
|
||||
managedRealm.admin().roles().create(roleA);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleNameA), roleA, ResourceType.REALM_ROLE);
|
||||
|
||||
String roleNameB = "defghij";
|
||||
RoleRepresentation roleB = makeRole(roleNameB);
|
||||
managedRealm.admin().roles().create(roleB);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleNameB), roleB, ResourceType.REALM_ROLE);
|
||||
|
||||
List<RoleRepresentation> resultSearch = managedRealm.admin().roles().list("defg", -1, -1);
|
||||
assertEquals(2,resultSearch.size());
|
||||
|
||||
List<RoleRepresentation> resultSearch2 = managedRealm.admin().roles().list("testrole", -1, -1);
|
||||
assertEquals(15,resultSearch2.size());
|
||||
|
||||
List<RoleRepresentation> resultSearchPagination = managedRealm.admin().roles().list("testrole", 1, 5);
|
||||
assertEquals(5,resultSearchPagination.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPaginationRoles() {
|
||||
|
||||
for(int i = 0; i<15; i++) {
|
||||
String roleName = "role"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
managedRealm.admin().roles().create(role);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
List<RoleRepresentation> resultSearchPagination = managedRealm.admin().roles().list(1, 5);
|
||||
assertEquals(5,resultSearchPagination.size());
|
||||
|
||||
List<RoleRepresentation> resultSearchPagination2 = managedRealm.admin().roles().list(5, 5);
|
||||
assertEquals(5,resultSearchPagination2.size());
|
||||
|
||||
List<RoleRepresentation> resultSearchPagination3 = managedRealm.admin().roles().list(1, 5);
|
||||
assertEquals(5,resultSearchPagination3.size());
|
||||
|
||||
List<RoleRepresentation> resultSearchPaginationIncoherentParams = managedRealm.admin().roles().list(1, null);
|
||||
assertTrue(resultSearchPaginationIncoherentParams.size() > 15);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPaginationRolesCache() {
|
||||
|
||||
for(int i = 0; i<5; i++) {
|
||||
String roleName = "paginaterole"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
managedRealm.admin().roles().create(role);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
List<RoleRepresentation> resultBeforeAddingRoleToTestCache = managedRealm.admin().roles().list(1, 1000);
|
||||
|
||||
// after a first call which init the cache, we add a new role to see if the result change
|
||||
|
||||
RoleRepresentation role = makeRole("anewrole");
|
||||
managedRealm.admin().roles().create(role);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath("anewrole"), role, ResourceType.REALM_ROLE);
|
||||
|
||||
List<RoleRepresentation> resultafterAddingRoleToTestCache = managedRealm.admin().roles().list(1, 1000);
|
||||
|
||||
assertEquals(resultBeforeAddingRoleToTestCache.size()+1, resultafterAddingRoleToTestCache.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getRolesWithFullRepresentation() {
|
||||
for(int i = 0; i<5; i++) {
|
||||
String roleName = "attributesrole"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
|
||||
Map<String, List<String>> attributes = new HashMap<>();
|
||||
attributes.put("attribute1", Arrays.asList("value1","value2"));
|
||||
role.setAttributes(attributes);
|
||||
|
||||
managedRealm.admin().roles().create(role);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
List<RoleRepresentation> roles = managedRealm.admin().roles().list("attributesrole", false);
|
||||
assertTrue(roles.get(0).getAttributes().containsKey("attribute1"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getRolesWithBriefRepresentation() {
|
||||
for(int i = 0; i<5; i++) {
|
||||
String roleName = "attributesrolebrief"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
|
||||
Map<String, List<String>> attributes = new HashMap<>();
|
||||
attributes.put("attribute1", Arrays.asList("value1","value2"));
|
||||
role.setAttributes(attributes);
|
||||
|
||||
managedRealm.admin().roles().create(role);
|
||||
AdminEventAssertion.assertEvent(adminEvents.poll(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
List<RoleRepresentation> roles = managedRealm.admin().roles().list("attributesrolebrief", true);
|
||||
assertNull(roles.get(0).getAttributes());
|
||||
}
|
||||
|
||||
private static RoleRepresentation makeRole(String name) {
|
||||
RoleRepresentation role = new RoleRepresentation();
|
||||
role.setName(name);
|
||||
return role;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,128 @@
|
||||
package org.keycloak.tests.admin.realm;
|
||||
|
||||
import org.junit.jupiter.api.Assertions;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
|
||||
import org.keycloak.testframework.realm.UserConfigBuilder;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.empty;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.collection.IsCollectionWithSize.hasSize;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
@KeycloakIntegrationTest
|
||||
public class RealmRolesUserTest extends AbstractRealmRolesTest {
|
||||
|
||||
/**
|
||||
* KEYCLOAK-2035 Verifies that Users assigned to Role are being properly retrieved as members in API endpoint for role membership
|
||||
*/
|
||||
@Test
|
||||
public void testUsersInRole() {
|
||||
RoleResource role = managedRealm.admin().roles().get("role-with-users");
|
||||
|
||||
List<UserRepresentation> users = managedRealm.admin().users().search("test-role-member");
|
||||
assertEquals(1, users.size());
|
||||
UserResource user = managedRealm.admin().users().get(users.get(0).getId());
|
||||
UserRepresentation userRep = user.toRepresentation();
|
||||
|
||||
RoleResource roleResource = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
List<RoleRepresentation> rolesToAdd = new LinkedList<>();
|
||||
rolesToAdd.add(roleResource.toRepresentation());
|
||||
managedRealm.admin().users().get(userRep.getId()).roles().realmLevel().add(rolesToAdd);
|
||||
|
||||
roleResource = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
assertEquals(Collections.singletonList("test-role-member"), extractUsernames(roleResource.getUserMembers()));
|
||||
}
|
||||
|
||||
/**
|
||||
* KEYCLOAK-2035 Verifies that Role with no users assigned is being properly retrieved without members in API endpoint for role membership
|
||||
*/
|
||||
@Test
|
||||
public void testUsersNotInRole() {
|
||||
RoleResource role = managedRealm.admin().roles().get("role-without-users");
|
||||
|
||||
role = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
assertThat(role.getUserMembers(), is(empty()));
|
||||
}
|
||||
|
||||
/**
|
||||
* KEYCLOAK-2035 Verifies that Role Membership is ok after user removal
|
||||
*/
|
||||
@Test
|
||||
public void roleMembershipAfterUserRemoval() {
|
||||
RoleResource role = managedRealm.admin().roles().get("role-with-users");
|
||||
|
||||
List<UserRepresentation> users = managedRealm.admin().users().search("test-role-member", null, null, null, null, null);
|
||||
assertEquals(1, users.size());
|
||||
UserResource user = managedRealm.admin().users().get(users.get(0).getId());
|
||||
UserRepresentation userRep = user.toRepresentation();
|
||||
|
||||
RoleResource roleResource = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
List<RoleRepresentation> rolesToAdd = new LinkedList<>();
|
||||
rolesToAdd.add(roleResource.toRepresentation());
|
||||
managedRealm.admin().users().get(userRep.getId()).roles().realmLevel().add(rolesToAdd);
|
||||
|
||||
roleResource = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
assertEquals(Collections.singletonList("test-role-member"), extractUsernames(roleResource.getUserMembers()));
|
||||
|
||||
managedRealm.admin().users().delete(userRep.getId());
|
||||
assertThat(roleResource.getUserMembers(), is(empty()));
|
||||
|
||||
managedRealm.cleanup().add(r -> r.users().create(UserConfigBuilder.create().username("test-role-member").name("Test", "Role User").
|
||||
email("test-role-member@test-role-member.com").roles("default-roles-default").emailVerified(true).requiredActions().build()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRoleMembershipWithPagination() {
|
||||
RoleResource role = managedRealm.admin().roles().get("role-with-users");
|
||||
|
||||
// Add a second user
|
||||
UserRepresentation userRep2 = new UserRepresentation();
|
||||
userRep2.setUsername("test-role-member2");
|
||||
userRep2.setEmail("test-role-member2@test-role-member.com");
|
||||
userRep2.setRequiredActions(Collections.<String>emptyList());
|
||||
userRep2.setEnabled(true);
|
||||
managedRealm.admin().users().create(userRep2);
|
||||
|
||||
List<UserRepresentation> users = managedRealm.admin().users().search("test-role-member", null, null, null, null, null);
|
||||
assertThat(users, hasSize(2));
|
||||
for (UserRepresentation userRepFromList : users) {
|
||||
UserResource user = managedRealm.admin().users().get(userRepFromList.getId());
|
||||
UserRepresentation userRep = user.toRepresentation();
|
||||
|
||||
RoleResource roleResource = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
List<RoleRepresentation> rolesToAdd = new LinkedList<>();
|
||||
rolesToAdd.add(roleResource.toRepresentation());
|
||||
managedRealm.admin().users().get(userRep.getId()).roles().realmLevel().add(rolesToAdd);
|
||||
}
|
||||
|
||||
RoleResource roleResource = managedRealm.admin().roles().get(role.toRepresentation().getName());
|
||||
|
||||
List<UserRepresentation> roleUserMembers = roleResource.getUserMembers(0, 1);
|
||||
assertEquals(Collections.singletonList("test-role-member"), extractUsernames(roleUserMembers));
|
||||
Assertions.assertNotNull(roleUserMembers.get(0).getNotBefore(), "Not in full representation");
|
||||
|
||||
roleUserMembers = roleResource.getUserMembers(true, 1, 1);
|
||||
assertThat(roleUserMembers, hasSize(1));
|
||||
assertEquals(Collections.singletonList("test-role-member2"), extractUsernames(roleUserMembers));
|
||||
Assertions.assertNull(roleUserMembers.get(0).getNotBefore(), "Not in brief representation");
|
||||
|
||||
roleUserMembers = roleResource.getUserMembers(true, 2, 1);
|
||||
assertThat(roleUserMembers, is(empty()));
|
||||
}
|
||||
|
||||
private static List<String> extractUsernames(Collection<UserRepresentation> users) {
|
||||
return users.stream().map(UserRepresentation::getUsername).collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
@ -41,7 +41,7 @@ import org.keycloak.tests.utils.Assert;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
import org.keycloak.tests.utils.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.federation.DummyUserFederationProviderFactory;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
||||
import java.io.IOException;
|
||||
@ -542,7 +542,7 @@ public class UserCreateTest extends AbstractUserTest {
|
||||
|
||||
@Test
|
||||
public void testCreateUserDoNotGrantRole() {
|
||||
managedRealm.admin().roles().create(RoleBuilder.create().name("realm-role").build());
|
||||
managedRealm.admin().roles().create(RoleConfigBuilder.create().name("realm-role").build());
|
||||
|
||||
try {
|
||||
UserRepresentation userRep = UserConfigBuilder.create().username("alice").password("password").roles("realm-role")
|
||||
|
||||
@ -20,7 +20,7 @@ import org.keycloak.testframework.realm.ManagedRealm;
|
||||
import org.keycloak.testframework.realm.UserConfigBuilder;
|
||||
import org.keycloak.tests.utils.admin.AdminEventPaths;
|
||||
import org.keycloak.tests.utils.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedList;
|
||||
@ -40,11 +40,11 @@ public class UserRoleTest extends AbstractUserTest {
|
||||
@Test
|
||||
public void roleMappings() {
|
||||
RealmResource realm = managedRealm.admin();
|
||||
RoleRepresentation realmCompositeRole = RoleBuilder.create().name("realm-composite").singleAttribute("attribute1", "value1").build();
|
||||
RoleRepresentation realmCompositeRole = RoleConfigBuilder.create().name("realm-composite").singleAttribute("attribute1", "value1").build();
|
||||
|
||||
realm.roles().create(RoleBuilder.create().name("realm-role").build());
|
||||
realm.roles().create(RoleConfigBuilder.create().name("realm-role").build());
|
||||
realm.roles().create(realmCompositeRole);
|
||||
realm.roles().create(RoleBuilder.create().name("realm-child").build());
|
||||
realm.roles().create(RoleConfigBuilder.create().name("realm-child").build());
|
||||
realm.roles().get("realm-composite").addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
|
||||
|
||||
final String clientUuid;
|
||||
@ -52,13 +52,13 @@ public class UserRoleTest extends AbstractUserTest {
|
||||
clientUuid = ApiUtil.getCreatedId(response);
|
||||
}
|
||||
|
||||
RoleRepresentation clientCompositeRole = RoleBuilder.create().name("client-composite").singleAttribute("attribute1", "value1").build();
|
||||
RoleRepresentation clientCompositeRole = RoleConfigBuilder.create().name("client-composite").singleAttribute("attribute1", "value1").build();
|
||||
|
||||
|
||||
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-role").build());
|
||||
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-role2").build());
|
||||
realm.clients().get(clientUuid).roles().create(RoleConfigBuilder.create().name("client-role").build());
|
||||
realm.clients().get(clientUuid).roles().create(RoleConfigBuilder.create().name("client-role2").build());
|
||||
realm.clients().get(clientUuid).roles().create(clientCompositeRole);
|
||||
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-child").build());
|
||||
realm.clients().get(clientUuid).roles().create(RoleConfigBuilder.create().name("client-child").build());
|
||||
realm.clients().get(clientUuid).roles().get("client-composite").addComposites(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));
|
||||
|
||||
final String userId;
|
||||
@ -139,23 +139,23 @@ public class UserRoleTest extends AbstractUserTest {
|
||||
public void rolesCanBeAssignedEvenWhenTheyAreAlreadyIndirectlyAssigned() {
|
||||
RealmResource realm = managedRealm.admin();
|
||||
|
||||
RoleRepresentation realmCompositeRole = RoleBuilder.create().name("realm-composite").build();
|
||||
RoleRepresentation realmCompositeRole = RoleConfigBuilder.create().name("realm-composite").build();
|
||||
realm.roles().create(realmCompositeRole);
|
||||
realm.roles().create(RoleBuilder.create().name("realm-child").build());
|
||||
realm.roles().create(RoleConfigBuilder.create().name("realm-child").build());
|
||||
realm.roles().get("realm-composite")
|
||||
.addComposites(Collections.singletonList(realm.roles().get("realm-child").toRepresentation()));
|
||||
realm.roles().create(RoleBuilder.create().name("realm-role-in-group").build());
|
||||
realm.roles().create(RoleConfigBuilder.create().name("realm-role-in-group").build());
|
||||
|
||||
Response response = realm.clients().create(ClientConfigBuilder.create().clientId("myclient").build());
|
||||
String clientUuid = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
|
||||
RoleRepresentation clientCompositeRole = RoleBuilder.create().name("client-composite").build();
|
||||
RoleRepresentation clientCompositeRole = RoleConfigBuilder.create().name("client-composite").build();
|
||||
realm.clients().get(clientUuid).roles().create(clientCompositeRole);
|
||||
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-child").build());
|
||||
realm.clients().get(clientUuid).roles().create(RoleConfigBuilder.create().name("client-child").build());
|
||||
realm.clients().get(clientUuid).roles().get("client-composite").addComposites(Collections
|
||||
.singletonList(realm.clients().get(clientUuid).roles().get("client-child").toRepresentation()));
|
||||
realm.clients().get(clientUuid).roles().create(RoleBuilder.create().name("client-role-in-group").build());
|
||||
realm.clients().get(clientUuid).roles().create(RoleConfigBuilder.create().name("client-role-in-group").build());
|
||||
|
||||
GroupRepresentation group = GroupConfigBuilder.create().name("mygroup").build();
|
||||
response = realm.groups().add(group);
|
||||
|
||||
@ -15,7 +15,7 @@ import org.keycloak.testframework.injection.LifeCycle;
|
||||
import org.keycloak.testframework.realm.ManagedClient;
|
||||
import org.keycloak.testframework.server.KeycloakServerConfig;
|
||||
import org.keycloak.testframework.server.KeycloakServerConfigBuilder;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testframework.realm.RoleConfigBuilder;
|
||||
|
||||
@KeycloakIntegrationTest(config = CaseSensitiveSchemaTest.KeycloakConfig.class)
|
||||
// MSSQL does not support setting the default schema per session
|
||||
@ -29,7 +29,7 @@ public class CaseSensitiveSchemaTest {
|
||||
|
||||
@Test
|
||||
public void testCaseSensitiveSchema() {
|
||||
RoleRepresentation role1 = RoleBuilder.create()
|
||||
RoleRepresentation role1 = RoleConfigBuilder.create()
|
||||
.name("role1")
|
||||
.description("role1-description")
|
||||
.singleAttribute("role1-attr-key", "role1-attr-val")
|
||||
|
||||
@ -1,533 +0,0 @@
|
||||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.admin.realm;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.admin.client.resource.RolesResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.GroupRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.admin.AbstractAdminTest;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
|
||||
import jakarta.ws.rs.NotFoundException;
|
||||
import jakarta.ws.rs.core.Response;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
import jakarta.ws.rs.BadRequestException;
|
||||
import jakarta.ws.rs.ClientErrorException;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.allOf;
|
||||
import static org.hamcrest.Matchers.empty;
|
||||
import static org.hamcrest.Matchers.hasItem;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.hamcrest.collection.IsCollectionWithSize.hasSize;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
import org.keycloak.models.Constants;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public class RealmRolesTest extends AbstractAdminTest {
|
||||
|
||||
private static final Map<String, List<String>> ROLE_A_ATTRIBUTES =
|
||||
Collections.singletonMap("role-a-attr-key1", Collections.singletonList("role-a-attr-val1"));
|
||||
|
||||
private RolesResource resource;
|
||||
|
||||
private Map<String, String> ids = new HashMap<>();
|
||||
private String clientUuid;
|
||||
|
||||
@Before
|
||||
public void before() {
|
||||
RoleRepresentation roleA = RoleBuilder.create().name("role-a").description("Role A").attributes(ROLE_A_ATTRIBUTES).build();
|
||||
RoleRepresentation roleB = RoleBuilder.create().name("role-b").description("Role B").build();
|
||||
//KEYCLOAK-2035
|
||||
RoleRepresentation roleWithUsers = RoleBuilder.create().name("role-with-users").description("Role with users").build();
|
||||
RoleRepresentation roleWithoutUsers = RoleBuilder.create().name("role-without-users").description("role-without-users").build();
|
||||
adminClient.realm(REALM_NAME).roles().create(roleA);
|
||||
adminClient.realm(REALM_NAME).roles().create(roleB);
|
||||
adminClient.realm(REALM_NAME).roles().create(roleWithUsers);
|
||||
adminClient.realm(REALM_NAME).roles().create(roleWithoutUsers);
|
||||
|
||||
|
||||
ClientRepresentation clientRep = ClientBuilder.create().clientId("client-a").build();
|
||||
try (Response response = adminClient.realm(REALM_NAME).clients().create(clientRep)) {
|
||||
clientUuid = ApiUtil.getCreatedId(response);
|
||||
getCleanup().addClientUuid(clientUuid);
|
||||
}
|
||||
|
||||
RoleRepresentation roleC = RoleBuilder.create().name("role-c").description("Role C").build();
|
||||
adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(roleC);
|
||||
|
||||
for (RoleRepresentation r : adminClient.realm(REALM_NAME).roles().list()) {
|
||||
ids.put(r.getName(), r.getId());
|
||||
}
|
||||
|
||||
for (RoleRepresentation r : adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().list()) {
|
||||
ids.put(r.getName(), r.getId());
|
||||
}
|
||||
|
||||
UserRepresentation userRep = new UserRepresentation();
|
||||
userRep.setUsername("test-role-member");
|
||||
userRep.setEmail("test-role-member@test-role-member.com");
|
||||
userRep.setRequiredActions(Collections.<String>emptyList());
|
||||
userRep.setEnabled(true);
|
||||
adminClient.realm(REALM_NAME).users().create(userRep);
|
||||
|
||||
getCleanup().addRoleId(ids.get("role-a"));
|
||||
getCleanup().addRoleId(ids.get("role-b"));
|
||||
getCleanup().addRoleId(ids.get("role-c"));
|
||||
getCleanup().addRoleId(ids.get("role-with-users"));
|
||||
getCleanup().addRoleId(ids.get("role-without-users"));
|
||||
getCleanup().addUserId(adminClient.realm(REALM_NAME).users().search(userRep.getUsername()).get(0).getId());
|
||||
|
||||
GroupRepresentation groupRep = new GroupRepresentation();
|
||||
groupRep.setName("test-role-group");
|
||||
groupRep.setPath("/test-role-group");
|
||||
adminClient.realm(REALM_NAME).groups().add(groupRep);
|
||||
getCleanup().addGroupId(adminClient.realm(REALM_NAME).groups().groups().get(0).getId());
|
||||
|
||||
resource = adminClient.realm(REALM_NAME).roles();
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA, ResourceType.REALM_ROLE);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-b"), roleB, ResourceType.REALM_ROLE);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-with-users"), roleWithUsers, ResourceType.REALM_ROLE);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-without-users"), roleWithoutUsers, ResourceType.REALM_ROLE);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), clientRep, ResourceType.CLIENT);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "role-c"), roleC, ResourceType.CLIENT_ROLE);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(adminClient.realm(REALM_NAME).users().search(userRep.getUsername()).get(0).getId()), userRep, ResourceType.USER);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.groupPath(adminClient.realm(REALM_NAME).groups().groups().get(0).getId()), groupRep, ResourceType.GROUP);
|
||||
|
||||
}
|
||||
|
||||
private RoleRepresentation makeRole(String name) {
|
||||
RoleRepresentation role = new RoleRepresentation();
|
||||
role.setName(name);
|
||||
return role;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getRole() {
|
||||
RoleRepresentation role = resource.get("role-a").toRepresentation();
|
||||
assertNotNull(role);
|
||||
assertEquals("role-a", role.getName());
|
||||
assertEquals("Role A", role.getDescription());
|
||||
assertEquals(ROLE_A_ATTRIBUTES, role.getAttributes());
|
||||
assertFalse(role.isComposite());
|
||||
}
|
||||
|
||||
@Test(expected = ClientErrorException.class)
|
||||
public void createRoleWithSameName() {
|
||||
resource.create(RoleBuilder.create().name("role-a").build());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void updateRole() {
|
||||
RoleRepresentation role = resource.get("role-a").toRepresentation();
|
||||
|
||||
role.setName("role-a-new");
|
||||
role.setDescription("Role A New");
|
||||
Map<String, List<String>> newAttributes = Collections.singletonMap("attrKeyNew", Collections.singletonList("attrValueNew"));
|
||||
role.setAttributes(newAttributes);
|
||||
|
||||
resource.get("role-a").update(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath("role-a"), role, ResourceType.REALM_ROLE);
|
||||
|
||||
role = resource.get("role-a-new").toRepresentation();
|
||||
|
||||
assertNotNull(role);
|
||||
assertEquals("role-a-new", role.getName());
|
||||
assertEquals("Role A New", role.getDescription());
|
||||
assertEquals(newAttributes, role.getAttributes());
|
||||
assertFalse(role.isComposite());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void deleteRole() {
|
||||
assertNotNull(resource.get("role-a"));
|
||||
resource.deleteRole("role-a");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("role-a"), ResourceType.REALM_ROLE);
|
||||
|
||||
try {
|
||||
resource.get("role-a").toRepresentation();
|
||||
fail("Expected 404");
|
||||
} catch (NotFoundException e) {
|
||||
// expected
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void composites() {
|
||||
assertFalse(resource.get("role-a").toRepresentation().isComposite());
|
||||
assertEquals(0, resource.get("role-a").getRoleComposites().size());
|
||||
|
||||
List<RoleRepresentation> l = new LinkedList<>();
|
||||
l.add(RoleBuilder.create().id(ids.get("role-b")).build());
|
||||
l.add(RoleBuilder.create().id(ids.get("role-c")).build());
|
||||
resource.get("role-a").addComposites(l);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role-a"), l, ResourceType.REALM_ROLE);
|
||||
|
||||
Set<RoleRepresentation> composites = resource.get("role-a").getRoleComposites();
|
||||
|
||||
assertTrue(resource.get("role-a").toRepresentation().isComposite());
|
||||
Assert.assertNames(composites, "role-b", "role-c");
|
||||
|
||||
Set<RoleRepresentation> realmComposites = resource.get("role-a").getRealmRoleComposites();
|
||||
Assert.assertNames(realmComposites, "role-b");
|
||||
|
||||
Set<RoleRepresentation> clientComposites = resource.get("role-a").getClientRoleComposites(clientUuid);
|
||||
Assert.assertNames(clientComposites, "role-c");
|
||||
|
||||
resource.get("role-a").deleteComposites(l);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"), l, ResourceType.REALM_ROLE);
|
||||
|
||||
assertFalse(resource.get("role-a").toRepresentation().isComposite());
|
||||
assertEquals(0, resource.get("role-a").getRoleComposites().size());
|
||||
}
|
||||
|
||||
/**
|
||||
* KEYCLOAK-2035 Verifies that Users assigned to Role are being properly retrieved as members in API endpoint for role membership
|
||||
*/
|
||||
@Test
|
||||
public void testUsersInRole() {
|
||||
RoleResource role = resource.get("role-with-users");
|
||||
|
||||
List<UserRepresentation> users = adminClient.realm(REALM_NAME).users().search("test-role-member");
|
||||
assertEquals(1, users.size());
|
||||
UserResource user = adminClient.realm(REALM_NAME).users().get(users.get(0).getId());
|
||||
UserRepresentation userRep = user.toRepresentation();
|
||||
|
||||
RoleResource roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
List<RoleRepresentation> rolesToAdd = new LinkedList<>();
|
||||
rolesToAdd.add(roleResource.toRepresentation());
|
||||
adminClient.realm(REALM_NAME).users().get(userRep.getId()).roles().realmLevel().add(rolesToAdd);
|
||||
|
||||
roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
assertEquals(Collections.singletonList("test-role-member"), extractUsernames(roleResource.getUserMembers()));
|
||||
}
|
||||
|
||||
private static List<String> extractUsernames(Collection<UserRepresentation> users) {
|
||||
return users.stream().map(UserRepresentation::getUsername).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
/**
|
||||
* KEYCLOAK-2035 Verifies that Role with no users assigned is being properly retrieved without members in API endpoint for role membership
|
||||
*/
|
||||
@Test
|
||||
public void testUsersNotInRole() {
|
||||
RoleResource role = resource.get("role-without-users");
|
||||
|
||||
role = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
assertThat(role.getUserMembers(), is(empty()));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* KEYCLOAK-4978 Verifies that Groups assigned to Role are being properly retrieved as members in API endpoint for role membership
|
||||
*/
|
||||
@Test
|
||||
public void testGroupsInRole() {
|
||||
RoleResource role = resource.get("role-with-users");
|
||||
|
||||
List<GroupRepresentation> groups = adminClient.realm(REALM_NAME).groups().groups();
|
||||
GroupRepresentation groupRep = groups.stream().filter(g -> g.getPath().equals("/test-role-group")).findFirst().get();
|
||||
|
||||
RoleResource roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
List<RoleRepresentation> rolesToAdd = new LinkedList<>();
|
||||
rolesToAdd.add(roleResource.toRepresentation());
|
||||
adminClient.realm(REALM_NAME).groups().group(groupRep.getId()).roles().realmLevel().add(rolesToAdd);
|
||||
|
||||
roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
|
||||
Set<GroupRepresentation> groupsInRole = roleResource.getRoleGroupMembers();
|
||||
assertTrue(groupsInRole.stream().filter(g -> g.getPath().equals("/test-role-group")).findFirst().isPresent());
|
||||
}
|
||||
|
||||
/**
|
||||
* KEYCLOAK-4978 Verifies that Role with no users assigned is being properly retrieved without groups in API endpoint for role membership
|
||||
*/
|
||||
@Test
|
||||
public void testGroupsNotInRole() {
|
||||
RoleResource role = resource.get("role-without-users");
|
||||
|
||||
role = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
|
||||
Set<GroupRepresentation> groupsInRole = role.getRoleGroupMembers();
|
||||
assertTrue(groupsInRole.isEmpty());
|
||||
}
|
||||
|
||||
/**
|
||||
* KEYCLOAK-2035 Verifies that Role Membership is ok after user removal
|
||||
*/
|
||||
@Test
|
||||
public void roleMembershipAfterUserRemoval() {
|
||||
RoleResource role = resource.get("role-with-users");
|
||||
|
||||
List<UserRepresentation> users = adminClient.realm(REALM_NAME).users().search("test-role-member", null, null, null, null, null);
|
||||
assertEquals(1, users.size());
|
||||
UserResource user = adminClient.realm(REALM_NAME).users().get(users.get(0).getId());
|
||||
UserRepresentation userRep = user.toRepresentation();
|
||||
|
||||
RoleResource roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
List<RoleRepresentation> rolesToAdd = new LinkedList<>();
|
||||
rolesToAdd.add(roleResource.toRepresentation());
|
||||
adminClient.realm(REALM_NAME).users().get(userRep.getId()).roles().realmLevel().add(rolesToAdd);
|
||||
|
||||
roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
assertEquals(Collections.singletonList("test-role-member"), extractUsernames(roleResource.getUserMembers()));
|
||||
|
||||
adminClient.realm(REALM_NAME).users().delete(userRep.getId());
|
||||
assertThat(roleResource.getUserMembers(), is(empty()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRoleMembershipWithPagination() {
|
||||
RoleResource role = resource.get("role-with-users");
|
||||
|
||||
// Add a second user
|
||||
UserRepresentation userRep2 = new UserRepresentation();
|
||||
userRep2.setUsername("test-role-member2");
|
||||
userRep2.setEmail("test-role-member2@test-role-member.com");
|
||||
userRep2.setRequiredActions(Collections.<String>emptyList());
|
||||
userRep2.setEnabled(true);
|
||||
adminClient.realm(REALM_NAME).users().create(userRep2);
|
||||
|
||||
List<UserRepresentation> users = adminClient.realm(REALM_NAME).users().search("test-role-member", null, null, null, null, null);
|
||||
assertThat(users, hasSize(2));
|
||||
for (UserRepresentation userRepFromList : users) {
|
||||
UserResource user = adminClient.realm(REALM_NAME).users().get(userRepFromList.getId());
|
||||
UserRepresentation userRep = user.toRepresentation();
|
||||
|
||||
RoleResource roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
List<RoleRepresentation> rolesToAdd = new LinkedList<>();
|
||||
rolesToAdd.add(roleResource.toRepresentation());
|
||||
adminClient.realm(REALM_NAME).users().get(userRep.getId()).roles().realmLevel().add(rolesToAdd);
|
||||
}
|
||||
|
||||
RoleResource roleResource = adminClient.realm(REALM_NAME).roles().get(role.toRepresentation().getName());
|
||||
|
||||
List<UserRepresentation> roleUserMembers = roleResource.getUserMembers(0, 1);
|
||||
assertEquals(Collections.singletonList("test-role-member"), extractUsernames(roleUserMembers));
|
||||
Assert.assertNotNull("Not in full representation", roleUserMembers.get(0).getNotBefore());
|
||||
|
||||
roleUserMembers = roleResource.getUserMembers(true, 1, 1);
|
||||
assertThat(roleUserMembers, hasSize(1));
|
||||
assertEquals(Collections.singletonList("test-role-member2"), extractUsernames(roleUserMembers));
|
||||
Assert.assertNull("Not in brief representation", roleUserMembers.get(0).getNotBefore());
|
||||
|
||||
roleUserMembers = roleResource.getUserMembers(true, 2, 1);
|
||||
assertThat(roleUserMembers, is(empty()));
|
||||
}
|
||||
|
||||
// issue #9587
|
||||
@Test
|
||||
public void testSearchForRealmRoles() {
|
||||
resource.list("role-", true).stream().forEach(role -> assertThat("There is client role '" + role.getName() + "' among realm roles.", role.getClientRole(), is(false)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSearchForRoles() {
|
||||
|
||||
for(int i = 0; i<15; i++) {
|
||||
String roleName = "testrole"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
resource.create(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
String roleNameA = "abcdefg";
|
||||
RoleRepresentation roleA = makeRole(roleNameA);
|
||||
resource.create(roleA);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleNameA), roleA, ResourceType.REALM_ROLE);
|
||||
|
||||
String roleNameB = "defghij";
|
||||
RoleRepresentation roleB = makeRole(roleNameB);
|
||||
resource.create(roleB);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleNameB), roleB, ResourceType.REALM_ROLE);
|
||||
|
||||
List<RoleRepresentation> resultSearch = resource.list("defg", -1, -1);
|
||||
assertEquals(2,resultSearch.size());
|
||||
|
||||
List<RoleRepresentation> resultSearch2 = resource.list("testrole", -1, -1);
|
||||
assertEquals(15,resultSearch2.size());
|
||||
|
||||
List<RoleRepresentation> resultSearchPagination = resource.list("testrole", 1, 5);
|
||||
assertEquals(5,resultSearchPagination.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPaginationRoles() {
|
||||
|
||||
for(int i = 0; i<15; i++) {
|
||||
String roleName = "role"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
resource.create(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
List<RoleRepresentation> resultSearchPagination = resource.list(1, 5);
|
||||
assertEquals(5,resultSearchPagination.size());
|
||||
|
||||
List<RoleRepresentation> resultSearchPagination2 = resource.list(5, 5);
|
||||
assertEquals(5,resultSearchPagination2.size());
|
||||
|
||||
List<RoleRepresentation> resultSearchPagination3 = resource.list(1, 5);
|
||||
assertEquals(5,resultSearchPagination3.size());
|
||||
|
||||
List<RoleRepresentation> resultSearchPaginationIncoherentParams = resource.list(1, null);
|
||||
assertTrue(resultSearchPaginationIncoherentParams.size() > 15);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPaginationRolesCache() {
|
||||
|
||||
for(int i = 0; i<5; i++) {
|
||||
String roleName = "paginaterole"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
resource.create(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
List<RoleRepresentation> resultBeforeAddingRoleToTestCache = resource.list(1, 1000);
|
||||
|
||||
// after a first call which init the cache, we add a new role to see if the result change
|
||||
|
||||
RoleRepresentation role = makeRole("anewrole");
|
||||
resource.create(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("anewrole"), role, ResourceType.REALM_ROLE);
|
||||
|
||||
List<RoleRepresentation> resultafterAddingRoleToTestCache = resource.list(1, 1000);
|
||||
|
||||
assertEquals(resultBeforeAddingRoleToTestCache.size()+1, resultafterAddingRoleToTestCache.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getRolesWithFullRepresentation() {
|
||||
for(int i = 0; i<5; i++) {
|
||||
String roleName = "attributesrole"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
|
||||
Map<String, List<String>> attributes = new HashMap<>();
|
||||
attributes.put("attribute1", Arrays.asList("value1","value2"));
|
||||
role.setAttributes(attributes);
|
||||
|
||||
resource.create(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
List<RoleRepresentation> roles = resource.list("attributesrole", false);
|
||||
assertTrue(roles.get(0).getAttributes().containsKey("attribute1"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getRolesWithBriefRepresentation() {
|
||||
for(int i = 0; i<5; i++) {
|
||||
String roleName = "attributesrolebrief"+i;
|
||||
RoleRepresentation role = makeRole(roleName);
|
||||
|
||||
Map<String, List<String>> attributes = new HashMap<>();
|
||||
attributes.put("attribute1", Arrays.asList("value1","value2"));
|
||||
role.setAttributes(attributes);
|
||||
|
||||
resource.create(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), role, ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
List<RoleRepresentation> roles = resource.list("attributesrolebrief", true);
|
||||
assertNull(roles.get(0).getAttributes());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultRoles() {
|
||||
RoleResource defaultRole = adminClient.realm(REALM_NAME).roles().get(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + REALM_NAME);
|
||||
|
||||
UserRepresentation user = adminClient.realm(REALM_NAME).users().search("test-role-member").get(0);
|
||||
|
||||
UserResource userResource = adminClient.realm(REALM_NAME).users().get(user.getId());
|
||||
assertThat(convertRolesToNames(userResource.roles().realmLevel().listAll()), hasItem(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + REALM_NAME));
|
||||
assertThat(convertRolesToNames(userResource.roles().realmLevel().listEffective()), allOf(
|
||||
hasItem(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + REALM_NAME),
|
||||
hasItem(Constants.OFFLINE_ACCESS_ROLE),
|
||||
hasItem(Constants.AUTHZ_UMA_AUTHORIZATION)
|
||||
));
|
||||
|
||||
defaultRole.addComposites(Collections.singletonList(resource.get("role-a").toRepresentation()));
|
||||
|
||||
userResource = adminClient.realm(REALM_NAME).users().get(user.getId());
|
||||
assertThat(convertRolesToNames(userResource.roles().realmLevel().listAll()), allOf(
|
||||
hasItem(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + REALM_NAME),
|
||||
not(hasItem("role-a"))
|
||||
));
|
||||
assertThat(convertRolesToNames(userResource.roles().realmLevel().listEffective()), allOf(
|
||||
hasItem(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + REALM_NAME),
|
||||
hasItem(Constants.OFFLINE_ACCESS_ROLE),
|
||||
hasItem(Constants.AUTHZ_UMA_AUTHORIZATION),
|
||||
hasItem("role-a")
|
||||
));
|
||||
|
||||
assertThat(userResource.roles().clientLevel(clientUuid).listAll(), empty());
|
||||
assertThat(userResource.roles().clientLevel(clientUuid).listEffective(), empty());
|
||||
|
||||
defaultRole.addComposites(Collections.singletonList(adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().get("role-c").toRepresentation()));
|
||||
|
||||
userResource = adminClient.realm(REALM_NAME).users().get(user.getId());
|
||||
|
||||
assertThat(userResource.roles().clientLevel(clientUuid).listAll(), empty());
|
||||
assertThat(convertRolesToNames(userResource.roles().clientLevel(clientUuid).listEffective()),
|
||||
hasItem("role-c")
|
||||
);
|
||||
}
|
||||
|
||||
@Test(expected = BadRequestException.class)
|
||||
public void testDeleteDefaultRole() {
|
||||
adminClient.realm(REALM_NAME).roles().deleteRole(Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + REALM_NAME);
|
||||
}
|
||||
|
||||
private List<String> convertRolesToNames(List<RoleRepresentation> roles) {
|
||||
return roles.stream().map(RoleRepresentation::getName).collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user