diff --git a/core/src/main/java/org/keycloak/representations/idm/AdminEventRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/AdminEventRepresentation.java index f615cbd032..9aa1e16f8f 100644 --- a/core/src/main/java/org/keycloak/representations/idm/AdminEventRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/AdminEventRepresentation.java @@ -18,7 +18,6 @@ package org.keycloak.representations.idm; /** - * * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc. */ public class AdminEventRepresentation { @@ -27,6 +26,7 @@ public class AdminEventRepresentation { private String realmId; private AuthDetailsRepresentation authDetails; private String operationType; + private String resourceType; private String resourcePath; private String representation; private String error; @@ -63,6 +63,14 @@ public class AdminEventRepresentation { this.operationType = operationType; } + public String getResourceType() { + return resourceType; + } + + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + public String getResourcePath() { return resourcePath; } @@ -86,5 +94,4 @@ public class AdminEventRepresentation { public void setError(String error) { this.error = error; } - } diff --git a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java index bffc462e24..168c709ef1 100755 --- a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java +++ b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java @@ -26,6 +26,7 @@ import java.util.regex.Pattern; import org.keycloak.events.admin.AdminEvent; import org.keycloak.events.admin.AdminEventQuery; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; /** * @author Giriraj Sharma @@ -71,6 +72,27 @@ public class MemAdminEventQuery implements AdminEventQuery { } return this; } + + @Override + public AdminEventQuery resourceType(ResourceType... resourceTypes) { + + Iterator itr = this.adminEvents.iterator(); + while (itr.hasNext()) { + AdminEvent next = itr.next(); + boolean include = false; + for (ResourceType e : resourceTypes) { + if (next.getResourceType().equals(e)) { + include = true; + break; + } + } + if (!include) { + itr.remove(); + } + } + + return this; + } @Override public AdminEventQuery authRealm(String authRealmId) { diff --git a/model/jpa/src/main/java/org/keycloak/events/jpa/AdminEventEntity.java b/model/jpa/src/main/java/org/keycloak/events/jpa/AdminEventEntity.java index 6ecebf6164..e6cf93489e 100644 --- a/model/jpa/src/main/java/org/keycloak/events/jpa/AdminEventEntity.java +++ b/model/jpa/src/main/java/org/keycloak/events/jpa/AdminEventEntity.java @@ -17,8 +17,12 @@ package org.keycloak.events.jpa; +import org.keycloak.events.admin.ResourceType; + import javax.persistence.Column; import javax.persistence.Entity; +import javax.persistence.EnumType; +import javax.persistence.Enumerated; import javax.persistence.Id; import javax.persistence.Table; @@ -41,6 +45,9 @@ public class AdminEventEntity { @Column(name="OPERATION_TYPE") private String operationType; + + @Column(name="RESOURCE_TYPE", length = 64) + private String resourceType; @Column(name="AUTH_REALM_ID") private String authRealmId; @@ -151,4 +158,11 @@ public class AdminEventEntity { this.error = error; } + public String getResourceType() { + return resourceType; + } + + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } } diff --git a/model/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java b/model/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java index b26bef69fc..9cccd7d4d2 100755 --- a/model/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java +++ b/model/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java @@ -33,6 +33,7 @@ import javax.persistence.criteria.Root; import org.keycloak.events.admin.AdminEvent; import org.keycloak.events.admin.AdminEventQuery; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; /** * @author Giriraj Sharma @@ -71,7 +72,19 @@ public class JpaAdminEventQuery implements AdminEventQuery { predicates.add(root.get("operationType").in(operationStrings)); return this; } - + + @Override + public AdminEventQuery resourceType(ResourceType... resourceTypes) { + + List resourceTypeStrings = new LinkedList(); + for (ResourceType e : resourceTypes) { + resourceTypeStrings.add(e.toString()); + } + predicates.add(root.get("resourceType").in(resourceTypeStrings)); + + return this; + } + @Override public AdminEventQuery authRealm(String authRealmId) { predicates.add(cb.equal(root.get("authRealmId"), authRealmId)); diff --git a/model/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java b/model/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java index 017ba6cc5e..b86d83852c 100755 --- a/model/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java +++ b/model/jpa/src/main/java/org/keycloak/events/jpa/JpaEventStoreProvider.java @@ -28,6 +28,7 @@ import org.keycloak.events.Event; import org.keycloak.events.EventQuery; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; +import org.keycloak.events.admin.ResourceType; import javax.persistence.EntityManager; @@ -150,6 +151,11 @@ public class JpaEventStoreProvider implements EventStoreProvider { adminEventEntity.setRealmId(adminEvent.getRealmId()); setAuthDetails(adminEventEntity, adminEvent.getAuthDetails()); adminEventEntity.setOperationType(adminEvent.getOperationType().toString()); + + if (adminEvent.getResourceType() != null) { + adminEventEntity.setResourceType(adminEvent.getResourceType().toString()); + } + adminEventEntity.setResourcePath(adminEvent.getResourcePath()); adminEventEntity.setError(adminEvent.getError()); @@ -165,6 +171,11 @@ public class JpaEventStoreProvider implements EventStoreProvider { adminEvent.setRealmId(adminEventEntity.getRealmId()); setAuthDetails(adminEvent, adminEventEntity); adminEvent.setOperationType(OperationType.valueOf(adminEventEntity.getOperationType())); + + if (adminEventEntity.getResourceType() != null) { + adminEvent.setResourceType(ResourceType.valueOf(adminEventEntity.getResourceType())); + } + adminEvent.setResourcePath(adminEventEntity.getResourcePath()); adminEvent.setError(adminEventEntity.getError()); diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-2.1.0.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-2.1.0.xml index 1d118b285f..eb4dd1f3b1 100755 --- a/model/jpa/src/main/resources/META-INF/jpa-changelog-2.1.0.xml +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-2.1.0.xml @@ -195,4 +195,5 @@ + \ No newline at end of file diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml new file mode 100755 index 0000000000..63afbb2dcf --- /dev/null +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml @@ -0,0 +1,27 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml index 333ab762ef..55a52b60cb 100755 --- a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml @@ -35,4 +35,5 @@ + diff --git a/model/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java b/model/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java index b24db9eb7a..bf580823ee 100755 --- a/model/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java +++ b/model/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java @@ -29,6 +29,7 @@ import org.keycloak.events.admin.OperationType; import com.mongodb.BasicDBObject; import com.mongodb.DBCollection; import com.mongodb.DBCursor; +import org.keycloak.events.admin.ResourceType; public class MongoAdminEventQuery implements AdminEventQuery{ @@ -57,6 +58,18 @@ public class MongoAdminEventQuery implements AdminEventQuery{ query.put("operationType", new BasicDBObject("$in", operationStrings)); return this; } + + @Override + public AdminEventQuery resourceType(ResourceType... resourceTypes) { + + List resourceTypeStrings = new LinkedList(); + for (ResourceType e : resourceTypes) { + resourceTypeStrings.add(e.toString()); + } + query.put("resourceType", new BasicDBObject("$in", resourceTypeStrings)); + + return this; + } @Override public AdminEventQuery authRealm(String authRealmId) { diff --git a/model/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java b/model/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java index 3e5c768cd4..e0f8512a5e 100755 --- a/model/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java +++ b/model/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java @@ -29,6 +29,7 @@ import org.keycloak.events.Event; import org.keycloak.events.EventQuery; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; +import org.keycloak.events.admin.ResourceType; import java.util.HashMap; import java.util.Map; @@ -172,6 +173,9 @@ public class MongoEventStoreProvider implements EventStoreProvider { adminEvent.setTime(o.getLong("time")); adminEvent.setRealmId(o.getString("realmId")); adminEvent.setOperationType(OperationType.valueOf(o.getString("operationType"))); + if (o.getString("resourceType") != null) { + adminEvent.setResourceType(ResourceType.valueOf(o.getString("resourceType"))); + } setAuthDetails(adminEvent, o); adminEvent.setResourcePath(o.getString("resourcePath")); adminEvent.setError(o.getString("error")); diff --git a/server-spi/src/main/java/org/keycloak/events/admin/AdminEvent.java b/server-spi/src/main/java/org/keycloak/events/admin/AdminEvent.java index def6a2996d..24e070a133 100644 --- a/server-spi/src/main/java/org/keycloak/events/admin/AdminEvent.java +++ b/server-spi/src/main/java/org/keycloak/events/admin/AdminEvent.java @@ -28,6 +28,11 @@ public class AdminEvent { private AuthDetails authDetails; + /** + * The resource type an AdminEvent was triggered for. + */ + private ResourceType resourceType; + private OperationType operationType; private String resourcePath; @@ -133,4 +138,16 @@ public class AdminEvent { this.error = error; } + /** + * Returns the type of the affected {@link ResourceType} for this {@link AdminEvent}, e.g. {@link ResourceType#USER USER}, {@link ResourceType#GROUP GROUP} etc. + * + * @return + */ + public ResourceType getResourceType() { + return resourceType; + } + + public void setResourceType(ResourceType resourceType) { + this.resourceType = resourceType; + } } diff --git a/server-spi/src/main/java/org/keycloak/events/admin/AdminEventQuery.java b/server-spi/src/main/java/org/keycloak/events/admin/AdminEventQuery.java index d007171e34..8035a14c3b 100644 --- a/server-spi/src/main/java/org/keycloak/events/admin/AdminEventQuery.java +++ b/server-spi/src/main/java/org/keycloak/events/admin/AdminEventQuery.java @@ -73,6 +73,13 @@ public interface AdminEventQuery { */ AdminEventQuery operation(OperationType... operations); + /** + * Search by {@link ResourceType}. + * @param resourceTypes + * @return this for method chaining + */ + AdminEventQuery resourceType(ResourceType ... resourceTypes); + /** * Search by resource path. Supports wildcards * and **. For example: *
    @@ -124,5 +131,4 @@ public interface AdminEventQuery { * @return */ List getResultList(); - } diff --git a/server-spi/src/main/java/org/keycloak/events/admin/ResourceType.java b/server-spi/src/main/java/org/keycloak/events/admin/ResourceType.java new file mode 100644 index 0000000000..045258c08b --- /dev/null +++ b/server-spi/src/main/java/org/keycloak/events/admin/ResourceType.java @@ -0,0 +1,155 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.events.admin; + +/** + * Represents Keycloak resource types for which {@link AdminEvent AdminEvent's} can be triggered. + * + * @author Thomas Darimont + */ +public enum ResourceType { + + /** + * + */ + REALM + + /** + * + */ + , REALM_ROLE + + /** + * + */ + , REALM_ROLE_MAPPING + + /** + * + */ + , REALM_SCOPE_MAPPING + + /** + * + */ + , AUTH_FLOW + + /** + * + */ + , AUTH_EXECUTION_FLOW + + /** + * + */ + , AUTH_EXECUTION + + /** + * + */ + , AUTHENTICATOR_CONFIG + + /** + * + */ + , REQUIRED_ACTION + + /** + * + */ + , IDENTITY_PROVIDER + + /** + * + */ + , IDENTITY_PROVIDER_MAPPER + + /** + * + */ + , PROTOCOL_MAPPER + + /** + * + */ + , USER + + /** + * + */ + , USER_LOGIN_FAILURE + + /** + * + */ + , USER_SESSION + + /** + * + */ + , USER_FEDERATION_PROVIDER + + /** + * + */ + , USER_FEDERATION_MAPPER + + /** + * + */ + , GROUP + + /** + * + */ + , GROUP_MEMBERSHIP + + /** + * + */ + , CLIENT + + /** + * + */ + , CLIENT_INITIAL_ACCESS_MODEL + + /** + * + */ + , CLIENT_ROLE + + /** + * + */ + , CLIENT_ROLE_MAPPING + + /** + * + */ + , CLIENT_TEMPLATE + + /** + * + */ + , CLIENT_SCOPE_MAPPING + + /** + * + */ + , CLUSTER_NODE; +} diff --git a/server-spi/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index f0c75b7fa9..5afeb65b9c 100755 --- a/server-spi/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/server-spi/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -199,6 +199,9 @@ public class ModelToRepresentation { rep.setAuthDetails(toRepresentation(adminEvent.getAuthDetails())); } rep.setOperationType(adminEvent.getOperationType().toString()); + if (adminEvent.getResourceType() != null) { + rep.setResourceType(adminEvent.getResourceType().toString()); + } rep.setResourcePath(adminEvent.getResourcePath()); rep.setRepresentation(adminEvent.getRepresentation()); rep.setError(adminEvent.getError()); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java index 4a271b14b5..f72a3d9d73 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java @@ -26,6 +26,7 @@ import org.keycloak.events.EventStoreProvider; import org.keycloak.events.admin.AdminEvent; import org.keycloak.events.admin.AuthDetails; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -86,8 +87,13 @@ public class AdminEventBuilder { return this; } - public AdminEventBuilder operation(OperationType e) { - adminEvent.setOperationType(e); + public AdminEventBuilder operation(OperationType operationType) { + adminEvent.setOperationType(operationType); + return this; + } + + public AdminEventBuilder resource(ResourceType resourceType){ + adminEvent.setResourceType(resourceType); return this; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java index 18b6d43eb1..bf9252408c 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java @@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.keycloak.common.ClientConnection; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; @@ -65,7 +66,7 @@ public class AttackDetectionResource { public AttackDetectionResource(RealmAuth auth, RealmModel realm, AdminEventBuilder adminEvent) { this.auth = auth; this.realm = realm; - this.adminEvent = adminEvent.realm(realm); + this.adminEvent = adminEvent.realm(realm).resource(ResourceType.USER_LOGIN_FAILURE); auth.init(RealmAuth.Resource.USER); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java index 82e65fb623..4e1d7a4399 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java @@ -29,6 +29,7 @@ import org.keycloak.authentication.FormAuthenticator; import org.keycloak.authentication.RequiredActionFactory; import org.keycloak.authentication.RequiredActionProvider; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; import org.keycloak.models.AuthenticatorConfigModel; @@ -89,7 +90,7 @@ public class AuthenticationManagementResource { this.session = session; this.auth = auth; this.auth.init(RealmAuth.Resource.REALM); - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.AUTH_FLOW); } /** @@ -375,7 +376,7 @@ public class AuthenticationManagementResource { execution = realm.addAuthenticatorExecution(execution); data.put("id", execution.getId()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION_FLOW).resourcePath(uriInfo).representation(data).success(); } private int getNextPriority(AuthenticationFlowModel parentFlow) { @@ -428,7 +429,7 @@ public class AuthenticationManagementResource { execution = realm.addAuthenticatorExecution(execution); data.put("id", execution.getId()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(data).success(); } /** @@ -543,7 +544,7 @@ public class AuthenticationManagementResource { if (!model.getRequirement().name().equals(rep.getRequirement())) { model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement())); realm.updateAuthenticatorExecution(model); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(rep).success(); } } @@ -567,7 +568,7 @@ public class AuthenticationManagementResource { model.setPriority(getNextPriority(parentFlow)); model = realm.addAuthenticatorExecution(model); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()).representation(execution).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo, model.getId()).representation(execution).success(); return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build(); } @@ -620,7 +621,7 @@ public class AuthenticationManagementResource { model.setPriority(tmp); realm.updateAuthenticatorExecution(model); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success(); } public List getSortedExecutions(AuthenticationFlowModel parentFlow) { @@ -665,7 +666,7 @@ public class AuthenticationManagementResource { next.setPriority(tmp); realm.updateAuthenticatorExecution(next); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success(); } @@ -698,7 +699,7 @@ public class AuthenticationManagementResource { realm.removeAuthenticatorExecution(model); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success(); } @@ -728,7 +729,7 @@ public class AuthenticationManagementResource { realm.updateAuthenticatorExecution(model); json.setId(config.getId()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(json).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(json).success(); return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build(); } @@ -811,7 +812,7 @@ public class AuthenticationManagementResource { requiredAction = realm.addRequiredActionProvider(requiredAction); data.put("id", requiredAction.getId()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).representation(data).success(); } @@ -890,7 +891,7 @@ public class AuthenticationManagementResource { update.setConfig(rep.getConfig()); realm.updateRequiredActionProvider(update); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).representation(rep).success(); } /** @@ -908,7 +909,7 @@ public class AuthenticationManagementResource { } realm.removeRequiredActionProvider(model); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).success(); } /** @@ -990,7 +991,7 @@ public class AuthenticationManagementResource { auth.requireManage(); AuthenticatorConfigModel config = realm.addAuthenticatorConfig(RepresentationToModel.toModel(rep)); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, config.getId()).representation(rep).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo, config.getId()).representation(rep).success(); return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build(); } @@ -1040,7 +1041,7 @@ public class AuthenticationManagementResource { realm.removeAuthenticatorConfig(config); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo).success(); } /** @@ -1063,6 +1064,6 @@ public class AuthenticationManagementResource { exists.setAlias(rep.getAlias()); exists.setConfig(rep.getConfig()); realm.updateAuthenticatorConfig(exists); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo).representation(rep).success(); } } \ No newline at end of file diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java index 4f41596a1c..af0367a80d 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java @@ -24,6 +24,7 @@ import org.jboss.resteasy.spi.NotAcceptableException; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.common.util.StreamUtil; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -79,7 +80,7 @@ public class ClientAttributeCertificateResource { this.attributePrefix = attributePrefix; this.privateAttribute = attributePrefix + "." + PRIVATE_KEY; this.certificateAttribute = attributePrefix + "." + X509CERTIFICATE; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.CLIENT); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java index de4d49b8dc..696af1851f 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientInitialAccessResource.java @@ -18,6 +18,7 @@ package org.keycloak.services.resources.admin; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientInitialAccessModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -49,7 +50,7 @@ public class ClientInitialAccessResource { public ClientInitialAccessResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) { this.auth = auth; this.realm = realm; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.CLIENT_INITIAL_ACCESS_MODEL); auth.init(RealmAuth.Resource.CLIENT); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java index 94d4821504..fc5b3c9e93 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java @@ -22,6 +22,7 @@ import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.authorization.admin.AuthorizationService; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.KeycloakSession; @@ -99,7 +100,7 @@ public class ClientResource { this.auth = auth; this.client = clientModel; this.session = session; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.CLIENT); auth.init(RealmAuth.Resource.CLIENT); } @@ -343,7 +344,7 @@ public class ClientResource { throw new NotFoundException("Could not find client"); } - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).resource(ResourceType.CLIENT).success(); return new ResourceAdminManager(session).pushClientRevocationPolicy(uriInfo.getRequestUri(), realm, client); } @@ -496,7 +497,7 @@ public class ClientResource { } if (logger.isDebugEnabled()) logger.debug("Register node: " + node); client.registerNode(node, Time.currentTime()); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, node).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo, node).success(); } /** @@ -521,7 +522,7 @@ public class ClientResource { throw new NotFoundException("Client does not have node "); } client.unregisterNode(node); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo).success(); } /** @@ -544,7 +545,7 @@ public class ClientResource { logger.debug("Test availability of cluster nodes"); GlobalRequestResult result = new ResourceAdminManager(session).testNodesAvailability(uriInfo.getRequestUri(), realm, client); - adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(result).success(); + adminEvent.operation(OperationType.ACTION).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo).representation(result).success(); return result; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java index a1c0433201..11fe9ef3ac 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java @@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelException; @@ -70,7 +71,7 @@ public class ClientRoleMappingsResource { this.auth = auth; this.user = user; this.client = client; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.CLIENT_ROLE_MAPPING); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java index 94e2382377..baf9bb65f3 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplateResource.java @@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientTemplateModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; @@ -73,7 +74,7 @@ public class ClientTemplateResource { this.auth = auth; this.template = template; this.session = session; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.CLIENT_TEMPLATE); auth.init(RealmAuth.Resource.CLIENT); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java index 6015a3e212..46bcb5593a 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientTemplatesResource.java @@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientTemplateModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; @@ -61,7 +62,7 @@ public class ClientTemplatesResource { public ClientTemplatesResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) { this.realm = realm; this.auth = auth; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.CLIENT_TEMPLATE); auth.init(RealmAuth.Resource.CLIENT); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java index 8690862fae..207f8d1fb5 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java @@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; @@ -63,7 +64,7 @@ public class ClientsResource { public ClientsResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) { this.realm = realm; this.auth = auth; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.CLIENT); auth.init(RealmAuth.Resource.CLIENT); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java index a22002c4cd..e3cc87fb8b 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java @@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -62,7 +63,7 @@ public class GroupResource { this.realm = realm; this.session = session; this.auth = auth; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.GROUP); this.group = group; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java index 7b164a57d4..f670f57413 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java @@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -53,7 +54,7 @@ public class GroupsResource { this.realm = realm; this.session = session; this.auth = auth; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.GROUP); auth.init(RealmAuth.Resource.USER); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java index a664b75d16..d92bd46bf0 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java @@ -22,6 +22,7 @@ import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.broker.provider.IdentityProviderMapper; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderModel; @@ -82,7 +83,7 @@ public class IdentityProviderResource { this.session = session; this.identityProviderModel = identityProviderModel; this.auth = auth; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.IDENTITY_PROVIDER); } /** @@ -317,7 +318,7 @@ public class IdentityProviderResource { IdentityProviderMapperModel model = RepresentationToModel.toModel(mapper); model = realm.addIdentityProviderMapper(model); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()) + adminEvent.operation(OperationType.CREATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo, model.getId()) .representation(mapper).success(); return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build(); @@ -367,7 +368,7 @@ public class IdentityProviderResource { if (model == null) throw new NotFoundException("Model not found"); model = RepresentationToModel.toModel(rep); realm.updateIdentityProviderMapper(model); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo).representation(rep).success(); } @@ -389,7 +390,7 @@ public class IdentityProviderResource { IdentityProviderMapperModel model = realm.getIdentityProviderMapperById(id); if (model == null) throw new NotFoundException("Model not found"); realm.removeIdentityProviderMapper(model); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java index 953cb38712..958a8494e0 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java @@ -25,6 +25,7 @@ import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.connections.httpclient.HttpClientProvider; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; @@ -71,7 +72,7 @@ public class IdentityProvidersResource { this.session = session; this.auth = auth; this.auth.init(RealmAuth.Resource.IDENTITY_PROVIDER); - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.IDENTITY_PROVIDER); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java index bb3d325ea3..b9da2bf107 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java @@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.ProtocolMapperContainerModel; @@ -70,7 +71,7 @@ public class ProtocolMappersResource { public ProtocolMappersResource(ProtocolMapperContainerModel client, RealmAuth auth, AdminEventBuilder adminEvent) { this.auth = auth; this.client = client; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.PROTOCOL_MAPPER); auth.init(Resource.CLIENT); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java index b58fbe54ba..22441ad5e6 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java @@ -31,6 +31,7 @@ import org.keycloak.events.EventType; import org.keycloak.events.admin.AdminEvent; import org.keycloak.events.admin.AdminEventQuery; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.exportimport.ClientDescriptionConverter; import org.keycloak.exportimport.ClientDescriptionConverterFactory; import org.keycloak.jose.jws.JWSBuilder; @@ -127,7 +128,7 @@ public class RealmAdminResource { this.auth = auth; this.realm = realm; this.tokenManager = tokenManager; - this.adminEvent = adminEvent.realm(realm); + this.adminEvent = adminEvent.realm(realm).resource(ResourceType.REALM); auth.init(RealmAuth.Resource.REALM); auth.requireAny(); @@ -413,7 +414,7 @@ public class RealmAdminResource { UserSessionModel userSession = session.sessions().getUserSession(realm, sessionId); if (userSession == null) throw new NotFoundException("Sesssion not found"); AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, connection, headers, true); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_SESSION).resourcePath(uriInfo).success(); } @@ -600,7 +601,8 @@ public class RealmAdminResource { @QueryParam("authUser") String authUser, @QueryParam("authIpAddress") String authIpAddress, @QueryParam("resourcePath") String resourcePath, @QueryParam("dateFrom") String dateFrom, @QueryParam("dateTo") String dateTo, @QueryParam("first") Integer firstResult, - @QueryParam("max") Integer maxResults) { + @QueryParam("max") Integer maxResults, + @QueryParam("resourceTypes") List resourceTypes) { auth.init(RealmAuth.Resource.EVENTS).requireView(); EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class); @@ -634,6 +636,16 @@ public class RealmAdminResource { query.operation(t); } + if (resourceTypes != null && !resourceTypes.isEmpty()) { + ResourceType[] t = new ResourceType[resourceTypes.size()]; + for (int i = 0; i < t.length; i++) { + t[i] = ResourceType.valueOf(resourceTypes.get(i)); + } + query.resourceType(t); + } + + + if(dateFrom != null) { SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd"); Date from = null; @@ -757,7 +769,7 @@ public class RealmAdminResource { } realm.addDefaultGroup(group); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP).resourcePath(uriInfo).success(); } @DELETE @@ -772,7 +784,7 @@ public class RealmAdminResource { } realm.removeDefaultGroup(group); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP).resourcePath(uriInfo).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java index 99ec68a59c..8136db49d1 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java @@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -116,6 +117,13 @@ public class RoleByIdResource extends RoleResource { RoleModel role = getRoleModel(id); deleteRole(role); + + if (role.isClientRole()) { + adminEvent.resource(ResourceType.CLIENT_ROLE); + } else { + adminEvent.resource(ResourceType.REALM_ROLE); + } + adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); } @@ -133,6 +141,13 @@ public class RoleByIdResource extends RoleResource { RoleModel role = getRoleModel(id); updateRole(rep, role); + + if (role.isClientRole()) { + adminEvent.resource(ResourceType.CLIENT_ROLE); + } else { + adminEvent.resource(ResourceType.REALM_ROLE); + } + adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java index e116ca3974..15e163dcad 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java @@ -20,6 +20,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; @@ -116,6 +117,13 @@ public class RoleContainerResource extends RoleResource { role.setScopeParamRequired(scopeParamRequired); rep.setId(role.getId()); + + if (role.isClientRole()) { + adminEvent.resource(ResourceType.CLIENT_ROLE); + } else { + adminEvent.resource(ResourceType.REALM_ROLE); + } + adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getName()).representation(rep).success(); return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build(); @@ -164,13 +172,18 @@ public class RoleContainerResource extends RoleResource { throw new NotFoundException("Could not find client"); } - RoleRepresentation rep = getRole(roleName); RoleModel role = roleContainer.getRole(roleName); if (role == null) { throw new NotFoundException("Could not find role"); } deleteRole(role); + if (role.isClientRole()) { + adminEvent.resource(ResourceType.CLIENT_ROLE); + } else { + adminEvent.resource(ResourceType.REALM_ROLE); + } + adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); } @@ -199,6 +212,12 @@ public class RoleContainerResource extends RoleResource { try { updateRole(rep, role); + if (role.isClientRole()) { + adminEvent.resource(ResourceType.CLIENT_ROLE); + } else { + adminEvent.resource(ResourceType.REALM_ROLE); + } + adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); return Response.noContent().build(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java index 79ae4dca1c..ecaa4744df 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java @@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.common.ClientConnection; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelException; @@ -88,7 +89,7 @@ public class RoleMapperResource { public RoleMapperResource(RealmModel realm, RealmAuth auth, RoleMapperModel roleMapper, AdminEventBuilder adminEvent) { this.auth = auth; this.realm = realm; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.REALM_ROLE_MAPPING); this.roleMapper = roleMapper; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java index f05572e1e6..6e65c3346f 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java @@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; @@ -67,6 +68,12 @@ public abstract class RoleResource { role.addCompositeRole(composite); } + if (role.isClientRole()) { + adminEvent.resource(ResourceType.CLIENT_ROLE); + } else { + adminEvent.resource(ResourceType.REALM_ROLE); + } + adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success(); } @@ -111,6 +118,12 @@ public abstract class RoleResource { role.removeCompositeRole(composite); } + if (role.isClientRole()) { + adminEvent.resource(ResourceType.CLIENT_ROLE); + } else { + adminEvent.resource(ResourceType.REALM_ROLE); + } + adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success(); } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java index eb685e4dd0..903c2cea59 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java @@ -20,6 +20,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -60,7 +61,7 @@ public class ScopeMappedClientResource { this.scopeContainer = scopeContainer; this.session = session; this.scopedClient = scopedClient; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.CLIENT_SCOPE_MAPPING); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java index bf3cb88fa7..e4fe22fb4c 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java @@ -20,6 +20,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -65,7 +66,7 @@ public class ScopeMappedResource { this.auth = auth; this.scopeContainer = scopeContainer; this.session = session; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.REALM_SCOPE_MAPPING); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java index c8cf4fd5e9..dca3829fb0 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java @@ -42,6 +42,7 @@ import javax.ws.rs.core.UriInfo; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.mappers.FederationConfigValidationException; import org.keycloak.mappers.UserFederationMapper; import org.keycloak.mappers.UserFederationMapperFactory; @@ -87,7 +88,7 @@ public class UserFederationProviderResource { this.realm = realm; this.auth = auth; this.federationProviderModel = federationProviderModel; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.USER_FEDERATION_PROVIDER); } /** @@ -311,7 +312,7 @@ public class UserFederationProviderResource { model = realm.addUserFederationMapper(model); - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()) + adminEvent.operation(OperationType.CREATE).resource(ResourceType.USER_FEDERATION_MAPPER).resourcePath(uriInfo, model.getId()) .representation(mapper).success(); return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build(); @@ -364,7 +365,7 @@ public class UserFederationProviderResource { validateModel(model); realm.updateUserFederationMapper(model); - adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success(); + adminEvent.operation(OperationType.UPDATE).resource(ResourceType.USER_FEDERATION_MAPPER).resourcePath(uriInfo).representation(rep).success(); } @@ -386,7 +387,7 @@ public class UserFederationProviderResource { UserFederationMapperModel model = realm.getUserFederationMapperById(id); if (model == null) throw new NotFoundException("Model not found"); realm.removeUserFederationMapper(model); - adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_FEDERATION_MAPPER).resourcePath(uriInfo).success(); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java index 3afa1e99af..b782462121 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java @@ -21,6 +21,7 @@ import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.common.constants.KerberosConstants; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.mappers.FederationConfigValidationException; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.KeycloakSession; @@ -84,7 +85,7 @@ public class UserFederationProvidersResource { public UserFederationProvidersResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) { this.auth = auth; this.realm = realm; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.USER_FEDERATION_PROVIDER); auth.init(RealmAuth.Resource.USER); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index 367217c9a1..3986988f87 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -28,6 +28,7 @@ import org.keycloak.events.Details; import org.keycloak.events.EventBuilder; import org.keycloak.events.EventType; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.Constants; @@ -99,6 +100,8 @@ import org.keycloak.services.resources.AccountService; import org.keycloak.common.util.Time; import org.keycloak.services.validation.Validation; +import static org.keycloak.events.admin.ResourceType.GROUP_MEMBERSHIP; + /** * Base resource for managing users * @@ -129,7 +132,7 @@ public class UsersResource { public UsersResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) { this.auth = auth; this.realm = realm; - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.USER); auth.init(RealmAuth.Resource.USER); } @@ -961,7 +964,7 @@ public class UsersResource { try { if (user.isMemberOf(group)){ user.leaveGroup(group); - adminEvent.operation(OperationType.DELETE).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success(); } } catch (ModelException me) { Properties messages = AdminRoot.getMessages(session, realm, auth.getAuth().getToken().getLocale()); @@ -986,7 +989,7 @@ public class UsersResource { } if (!user.isMemberOf(group)){ user.joinGroup(group); - adminEvent.operation(OperationType.CREATE).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success(); + adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success(); } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java index e1c2363efe..a7195e12c7 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java @@ -25,6 +25,7 @@ import java.util.LinkedHashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.ServiceLoader; import javax.ws.rs.GET; import javax.ws.rs.WebApplicationException; @@ -35,6 +36,8 @@ import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.events.EventType; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; +import org.keycloak.models.PasswordPolicy; import org.keycloak.policy.PasswordPolicyProvider; import org.keycloak.policy.PasswordPolicyProviderFactory; import org.keycloak.provider.*; @@ -66,7 +69,7 @@ import org.keycloak.representations.info.ThemeInfoRepresentation; */ public class ServerInfoAdminResource { - private static final Map> ENUMS = createEnumsMap(EventType.class, OperationType.class); + private static final Map> ENUMS = createEnumsMap(EventType.class, OperationType.class, ResourceType.class); @Context private KeycloakSession session; diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/EventsListenerProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/EventsListenerProvider.java index 87606ca984..b0ea56af8d 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/EventsListenerProvider.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/EventsListenerProvider.java @@ -69,6 +69,7 @@ public class EventsListenerProvider implements EventListenerProvider { newEvent.setAuthDetails(adminEvent.getAuthDetails()); newEvent.setError(adminEvent.getError()); newEvent.setOperationType(adminEvent.getOperationType()); + newEvent.setResourceType(adminEvent.getResourceType()); newEvent.setRealmId(adminEvent.getRealmId()); newEvent.setRepresentation(adminEvent.getRepresentation()); newEvent.setResourcePath(adminEvent.getResourcePath()); diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java index bbc9f276ae..c65e85cb27 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java @@ -26,6 +26,7 @@ import org.keycloak.common.util.Time; import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.events.Event; import org.keycloak.events.admin.AdminEvent; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserSessionModel; @@ -492,6 +493,9 @@ public class TestingResourceProvider implements RealmResourceProvider { event.setAuthDetails(repToModel(rep.getAuthDetails())); event.setError(rep.getError()); event.setOperationType(OperationType.valueOf(rep.getOperationType())); + if (rep.getResourceType() != null) { + event.setResourceType(ResourceType.valueOf(rep.getResourceType())); + } event.setRealmId(rep.getRealmId()); event.setRepresentation(rep.getRepresentation()); event.setResourcePath(rep.getResourcePath()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java index 008919294f..531b55696c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java @@ -21,6 +21,7 @@ import org.jboss.arquillian.test.api.ArquillianResource; import org.junit.Test; import org.keycloak.admin.client.resource.AttackDetectionResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.util.AdminEventPaths; import org.keycloak.testsuite.util.OAuthClient; @@ -67,13 +68,13 @@ public class AttackDetectionResourceTest extends AbstractAdminTest { assertBruteForce(detection.bruteForceUserStatus("nosuchuser"), 0, false, false); detection.clearBruteForceForUser(findUser("test-user@localhost").getId()); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearBruteForceForUserPath(findUser("test-user@localhost").getId())); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearBruteForceForUserPath(findUser("test-user@localhost").getId()), ResourceType.USER_LOGIN_FAILURE); assertBruteForce(detection.bruteForceUserStatus(findUser("test-user@localhost").getId()), 0, false, false); assertBruteForce(detection.bruteForceUserStatus(findUser("test-user2").getId()), 2, true, true); detection.clearAllBruteForce(); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearAllBruteForcePath()); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearAllBruteForcePath(), ResourceType.USER_LOGIN_FAILURE); assertBruteForce(detection.bruteForceUserStatus(findUser("test-user@localhost").getId()), 0, false, false); assertBruteForce(detection.bruteForceUserStatus(findUser("test-user2").getId()), 0, false, false); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java index 2a9c643f3b..4e2bdd94f5 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java @@ -24,6 +24,7 @@ import org.keycloak.admin.client.resource.ProtocolMappersResource; import org.keycloak.admin.client.resource.RoleMappingResource; import org.keycloak.common.util.Time; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.AccountRoles; import org.keycloak.models.Constants; import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory; @@ -77,7 +78,7 @@ public class ClientTest extends AbstractAdminTest { response.close(); String id = ApiUtil.getCreatedId(response); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT); rep.setId(id); @@ -98,7 +99,7 @@ public class ClientTest extends AbstractAdminTest { realm.clients().get(id).remove(); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientResourcePath(id)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientResourcePath(id), ResourceType.CLIENT); } @Test @@ -151,19 +152,19 @@ public class ClientTest extends AbstractAdminTest { RoleRepresentation role = new RoleRepresentation("test", "test", false); realm.clients().get(id).roles().create(role); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(id, "test"), role); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(id, "test"), role, ResourceType.CLIENT_ROLE); ClientRepresentation foundClientRep = realm.clients().get(id).toRepresentation(); foundClientRep.setDefaultRoles(new String[]{"test"}); realm.clients().get(id).update(foundClientRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(id), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT); assertArrayEquals(new String[]{"test"}, realm.clients().get(id).toRepresentation().getDefaultRoles()); realm.clients().get(id).roles().deleteRole("test"); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(id, "test")); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(id, "test"), ResourceType.CLIENT_ROLE); assertNull(realm.clients().get(id).toRepresentation().getDefaultRoles()); } @@ -187,7 +188,7 @@ public class ClientTest extends AbstractAdminTest { realm.clients().get(client.getId()).update(newClient); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT); ClientRepresentation storedClient = realm.clients().get(client.getId()).toRepresentation(); @@ -197,7 +198,7 @@ public class ClientTest extends AbstractAdminTest { realm.clients().get(client.getId()).update(newClient); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT); storedClient = realm.clients().get(client.getId()).toRepresentation(); assertClient(client, storedClient); @@ -223,7 +224,7 @@ public class ClientTest extends AbstractAdminTest { PushNotBeforeAction pushNotBefore = testingClient.testApp().getAdminPushNotBefore(); assertEquals(client.getNotBefore().intValue(), pushNotBefore.getNotBefore()); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.clientPushRevocationPath(id)); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.clientPushRevocationPath(id), ResourceType.CLIENT); } private ClientRepresentation createAppClient() { @@ -242,7 +243,7 @@ public class ClientTest extends AbstractAdminTest { String id = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT); client.setId(id); return client; @@ -259,14 +260,14 @@ public class ClientTest extends AbstractAdminTest { realm.clients().get(id).registerNode(Collections.singletonMap("node", myhost)); realm.clients().get(id).registerNode(Collections.singletonMap("node", "invalid")); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, myhost)); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, "invalid")); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, myhost), ResourceType.CLUSTER_NODE); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, "invalid"), ResourceType.CLUSTER_NODE); GlobalRequestResult result = realm.clients().get(id).testNodesAvailable(); assertEquals(1, result.getSuccessRequests().size()); assertEquals(1, result.getFailedRequests().size()); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.clientTestNodesAvailablePath(id), result); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.clientTestNodesAvailablePath(id), result, ResourceType.CLUSTER_NODE); TestAvailabilityAction testAvailable = testingClient.testApp().getTestAvailable(); assertEquals("test-app", testAvailable.getResource()); @@ -275,7 +276,7 @@ public class ClientTest extends AbstractAdminTest { realm.clients().get(id).unregisterNode("invalid"); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientNodePath(id, "invalid")); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientNodePath(id, "invalid"), ResourceType.CLUSTER_NODE); assertEquals(1, realm.clients().get(id).toRepresentation().getRegisteredNodes().size()); } @@ -338,24 +339,24 @@ public class ClientTest extends AbstractAdminTest { realm.roles().create(roleRep1); realm.roles().create(roleRep2); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role1"), roleRep1); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role2"), roleRep2); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role1"), roleRep1, ResourceType.REALM_ROLE); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role2"), roleRep2, ResourceType.REALM_ROLE); roleRep1 = realm.roles().get("role1").toRepresentation(); roleRep2 = realm.roles().get("role2").toRepresentation(); realm.roles().get("role1").addComposites(Collections.singletonList(roleRep2)); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2)); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2), ResourceType.REALM_ROLE); String accountMgmtId = realm.clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId(); RoleRepresentation viewAccountRoleRep = realm.clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation(); scopesResource.realmLevel().add(Collections.singletonList(roleRep1)); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1)); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING); scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep)); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep)); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING); Assert.assertNames(scopesResource.realmLevel().listAll(), "role1"); Assert.assertNames(scopesResource.realmLevel().listEffective(), "role1", "role2"); @@ -369,10 +370,10 @@ public class ClientTest extends AbstractAdminTest { Assert.assertNames(scopesResource.getAll().getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE); scopesResource.realmLevel().remove(Collections.singletonList(roleRep1)); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING); scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep)); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING); Assert.assertNames(scopesResource.realmLevel().listAll()); Assert.assertNames(scopesResource.realmLevel().listEffective()); @@ -414,7 +415,7 @@ public class ClientTest extends AbstractAdminTest { fooMapperId = location.substring(location.lastIndexOf("/") + 1); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper, ResourceType.PROTOCOL_MAPPER); fooMapper = mappersResource.getMapperById(fooMapperId); assertEquals(fooMapper.getName(), "foo"); @@ -423,14 +424,14 @@ public class ClientTest extends AbstractAdminTest { fooMapper.setProtocolMapper("foo-mapper-updated"); mappersResource.update(fooMapperId, fooMapper); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper, ResourceType.PROTOCOL_MAPPER); fooMapper = mappersResource.getMapperById(fooMapperId); assertEquals(fooMapper.getProtocolMapper(), "foo-mapper-updated"); // Remove foo mapper mappersResource.delete(fooMapperId); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), ResourceType.PROTOCOL_MAPPER); try { mappersResource.getMapperById(fooMapperId); fail("Not expected to find deleted mapper"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java index a283cfce07..b9102e118a 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java @@ -26,6 +26,7 @@ import org.keycloak.dom.saml.v2.metadata.IndexedEndpointType; import org.keycloak.dom.saml.v2.metadata.KeyTypes; import org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.IdentityProviderMapperRepresentation; import org.keycloak.representations.idm.IdentityProviderMapperTypeRepresentation; import org.keycloak.representations.idm.IdentityProviderRepresentation; @@ -122,7 +123,7 @@ public class IdentityProviderTest extends AbstractAdminTest { representation.getConfig().put("clientId", "changedClientId"); identityProviderResource.update(representation); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.identityProviderPath("update-identity-provider"), representation); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.identityProviderPath("update-identity-provider"), representation, ResourceType.IDENTITY_PROVIDER); identityProviderResource = realm.identityProviders().get(representation.getInternalId()); @@ -150,7 +151,7 @@ public class IdentityProviderTest extends AbstractAdminTest { assertNotNull(representation); identityProviderResource.remove(); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("remove-identity-provider")); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("remove-identity-provider"), ResourceType.IDENTITY_PROVIDER); try { realm.identityProviders().get("remove-identity-provider").toRepresentation(); @@ -165,7 +166,7 @@ public class IdentityProviderTest extends AbstractAdminTest { Assert.assertNotNull(ApiUtil.getCreatedId(response)); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(idpRep.getAlias()), idpRep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(idpRep.getAlias()), idpRep, ResourceType.IDENTITY_PROVIDER); } private IdentityProviderRepresentation createRep(String id, String providerId) { @@ -320,7 +321,7 @@ public class IdentityProviderTest extends AbstractAdminTest { String id = ApiUtil.getCreatedId(response); Assert.assertNotNull(id); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderMapperPath("google", id), mapper); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderMapperPath("google", id), mapper, ResourceType.IDENTITY_PROVIDER_MAPPER); // list mappers List mappers = provider.getMappers(); @@ -337,7 +338,7 @@ public class IdentityProviderTest extends AbstractAdminTest { // update mapper mapper.getConfig().put("role", "master-realm.manage-realm"); provider.update(id, mapper); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.identityProviderMapperPath("google", id), mapper); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.identityProviderMapperPath("google", id), mapper, ResourceType.IDENTITY_PROVIDER_MAPPER); mapper = provider.getMapperById(id); Assert.assertNotNull("mapperById not null", mapper); @@ -345,7 +346,7 @@ public class IdentityProviderTest extends AbstractAdminTest { // delete mapper provider.delete(id); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderMapperPath("google", id)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderMapperPath("google", id), ResourceType.IDENTITY_PROVIDER_MAPPER); try { provider.getMapperById(id); Assert.fail("Should fail with NotFoundException"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/InitialAccessTokenResourceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/InitialAccessTokenResourceTest.java index 9f9538d46a..055bfa25ad 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/InitialAccessTokenResourceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/InitialAccessTokenResourceTest.java @@ -22,6 +22,7 @@ import org.junit.Test; import org.keycloak.admin.client.resource.ClientInitialAccessResource; import org.keycloak.common.util.Time; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation; import org.keycloak.representations.idm.ClientInitialAccessPresentation; import org.keycloak.testsuite.util.AdminEventPaths; @@ -54,7 +55,7 @@ public class InitialAccessTokenResourceTest extends AbstractAdminTest { int time = Time.currentTime(); ClientInitialAccessPresentation response = resource.create(rep); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL); assertNotNull(response.getId()); assertEquals(new Integer(2), response.getCount()); @@ -65,12 +66,12 @@ public class InitialAccessTokenResourceTest extends AbstractAdminTest { rep.setCount(3); response = resource.create(rep); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL); rep.setCount(4); response = resource.create(rep); String lastId = response.getId(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(lastId), rep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(lastId), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL); List list = resource.list(); assertEquals(3, list.size()); @@ -80,7 +81,7 @@ public class InitialAccessTokenResourceTest extends AbstractAdminTest { // Delete last and assert it was deleted resource.delete(lastId); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientInitialAccessPath(lastId)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientInitialAccessPath(lastId), ResourceType.CLIENT_INITIAL_ACCESS_MODEL); list = resource.list(); assertEquals(2, list.size()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java index 6db07e115e..9297b0fe4e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java @@ -21,6 +21,7 @@ import org.junit.Before; import org.junit.Test; import org.keycloak.admin.client.resource.RoleByIdResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.util.AdminEventPaths; @@ -86,7 +87,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest { role.setDescription("Role A New"); resource.updateRole(ids.get("role-a"), role); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleByIdResourcePath(ids.get("role-a")), role); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleByIdResourcePath(ids.get("role-a")), role, ResourceType.REALM_ROLE); role = resource.getRole(ids.get("role-a")); @@ -100,7 +101,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest { public void deleteRole() { assertNotNull(resource.getRole(ids.get("role-a"))); resource.deleteRole(ids.get("role-a")); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourcePath(ids.get("role-a"))); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourcePath(ids.get("role-a")), ResourceType.REALM_ROLE); try { resource.getRole(ids.get("role-a")); @@ -119,7 +120,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest { l.add(RoleBuilder.create().id(ids.get("role-c")).build()); resource.addComposites(ids.get("role-a"), l); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l, ResourceType.REALM_ROLE); Set composites = resource.getRoleComposites(ids.get("role-a")); @@ -133,7 +134,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest { Assert.assertNames(clientComposites, "role-c"); resource.deleteComposites(ids.get("role-a"), l); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l, ResourceType.REALM_ROLE); assertFalse(resource.getRole(ids.get("role-a")).isComposite()); assertEquals(0, resource.getRoleComposites(ids.get("role-a")).size()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java index 52e16997ff..6ee35a76c2 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java @@ -33,6 +33,7 @@ import org.junit.Before; import org.junit.Test; import org.keycloak.admin.client.resource.UserFederationProviderResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper; import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapperFactory; import org.keycloak.federation.ldap.mappers.membership.role.RoleLDAPFederationMapperFactory; @@ -65,7 +66,7 @@ public class UserFederationMapperTest extends AbstractAdminTest { Response resp = realm.userFederation().create(ldapRep); this.ldapProviderId = ApiUtil.getCreatedId(resp); resp.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(this.ldapProviderId), ldapRep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(this.ldapProviderId), ldapRep, ResourceType.USER_FEDERATION_PROVIDER); UserFederationProviderRepresentation dummyRep = UserFederationProviderBuilder.create() .displayName("dummy-1") @@ -75,16 +76,16 @@ public class UserFederationMapperTest extends AbstractAdminTest { resp = realm.userFederation().create(dummyRep); this.dummyProviderId = ApiUtil.getCreatedId(resp); resp.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(this.dummyProviderId), dummyRep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(this.dummyProviderId), dummyRep, ResourceType.USER_FEDERATION_PROVIDER); } @After public void cleanFederationProviders() { realm.userFederation().get(ldapProviderId).remove(); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(ldapProviderId)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(ldapProviderId), ResourceType.USER_FEDERATION_PROVIDER); realm.userFederation().get(dummyProviderId).remove(); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(dummyProviderId)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(dummyProviderId), ResourceType.USER_FEDERATION_PROVIDER); } @@ -169,14 +170,14 @@ public class UserFederationMapperTest extends AbstractAdminTest { mapperRep.getConfig().put(UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email-updated"); mapperRep.getConfig().put(UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail-updated"); ldapProviderResource().updateMapper(mapperId, mapperRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId), mapperRep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId), mapperRep, ResourceType.USER_FEDERATION_MAPPER); mapperRep = ldapProviderResource().getMapperById(mapperId); assertMapper(mapperRep, mapperId, "email-mapper", UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email-updated", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail-updated"); // Test removed successfully ldapProviderResource().removeMapper(mapperId); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId), ResourceType.USER_FEDERATION_MAPPER); try { ldapProviderResource().getMapperById(mapperId); @@ -192,7 +193,7 @@ public class UserFederationMapperTest extends AbstractAdminTest { response.close(); String mapperId = ApiUtil.getCreatedId(response); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationMapperResourcePath(userFederationProviderId , mapperId), mapper); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationMapperResourcePath(userFederationProviderId , mapperId), mapper, ResourceType.USER_FEDERATION_MAPPER); return mapperId; } @@ -227,7 +228,7 @@ public class UserFederationMapperTest extends AbstractAdminTest { // Remove role mapper and assert not found anymore ldapProviderResource().removeMapper(roleMapperId); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, roleMapperId)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, roleMapperId), ResourceType.USER_FEDERATION_MAPPER); mappers = ldapProviderResource().getMappers(); Assert.assertNull(findMapperByName(mappers, "role-mapper")); @@ -257,14 +258,14 @@ public class UserFederationMapperTest extends AbstractAdminTest { Map eventRep = new HashMap<>(); eventRep.put("action", "fedToKeycloak"); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", eventRep); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", eventRep, ResourceType.USER_FEDERATION_PROVIDER); // Try keycloak to fed result = ldapProviderResource().syncMapperData(mapperId, "keycloakToFed"); Assert.assertEquals("dummyKeycloakToFedSuccess mapper=some-dummy", result.getStatus()); eventRep.put("action", "keycloakToFed"); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync"); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", ResourceType.USER_FEDERATION_PROVIDER); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java index 2018e27ff5..8cef8a1bbc 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java @@ -30,6 +30,7 @@ import org.junit.Test; import org.keycloak.admin.client.resource.UserFederationProvidersResource; import org.keycloak.common.constants.KerberosConstants; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.LDAPConstants; import org.keycloak.provider.ProviderConfigProperty; @@ -209,7 +210,7 @@ public class UserFederationTest extends AbstractAdminTest { // Change filter to be valid ldapRep.getConfig().put(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2)"); userFederation().get(id).update(ldapRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER); // Assert updated successfully ldapRep = userFederation().get(id).toRepresentation(); @@ -219,7 +220,7 @@ public class UserFederationTest extends AbstractAdminTest { // Assert update displayName ldapRep.setDisplayName("ldap2"); userFederation().get(id).update(ldapRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER); assertFederationProvider(userFederation().get(id).toRepresentation(), id, "ldap2", "ldap", 2, -1, -1, -1, LDAPConstants.BIND_DN, "cn=manager-updated", LDAPConstants.BIND_CREDENTIAL, "password", LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2)"); @@ -253,12 +254,12 @@ public class UserFederationTest extends AbstractAdminTest { // Switch kerberos authenticator to DISABLED kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString()); realm.flows().updateExecutions("browser", kerberosExecution); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION); // update LDAP provider with kerberos ldapRep = userFederation().get(id).toRepresentation(); userFederation().get(id).update(ldapRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER); // Assert kerberos authenticator ALTERNATIVE kerberosExecution = findKerberosExecution(); @@ -267,7 +268,7 @@ public class UserFederationTest extends AbstractAdminTest { // Cleanup kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString()); realm.flows().updateExecutions("browser", kerberosExecution); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION); removeUserFederationProvider(id); } @@ -277,7 +278,7 @@ public class UserFederationTest extends AbstractAdminTest { AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution(); kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()); realm.flows().updateExecutions("browser", kerberosExecution); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION); // create LDAP provider with kerberos UserFederationProviderRepresentation ldapRep = UserFederationProviderBuilder.create() @@ -295,7 +296,7 @@ public class UserFederationTest extends AbstractAdminTest { // update LDAP provider with kerberos ldapRep = userFederation().get(id).toRepresentation(); userFederation().get(id).update(ldapRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER); // Assert kerberos authenticator still REQUIRED kerberosExecution = findKerberosExecution(); @@ -304,7 +305,7 @@ public class UserFederationTest extends AbstractAdminTest { // Cleanup kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString()); realm.flows().updateExecutions("browser", kerberosExecution); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION); removeUserFederationProvider(id); } @@ -342,7 +343,7 @@ public class UserFederationTest extends AbstractAdminTest { Map eventRep = new HashMap<>(); eventRep.put("action", "triggerFullSync"); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(id1) + "/sync", eventRep); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(id1) + "/sync", eventRep, ResourceType.USER_FEDERATION_PROVIDER); int fullSyncTime = userFederation().get(id1).toRepresentation().getLastSync(); Assert.assertTrue(fullSyncTime > 0); @@ -352,7 +353,7 @@ public class UserFederationTest extends AbstractAdminTest { syncResult = userFederation().get(id1).syncUsers("triggerChangedUsersSync"); eventRep.put("action", "triggerChangedUsersSync"); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(id1) + "/sync", eventRep); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(id1) + "/sync", eventRep, ResourceType.USER_FEDERATION_PROVIDER); Assert.assertEquals("0 imported users, 0 updated users", syncResult.getStatus()); int changedSyncTime = userFederation().get(id1).toRepresentation().getLastSync(); @@ -370,13 +371,13 @@ public class UserFederationTest extends AbstractAdminTest { resp.close(); String federationProviderId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(federationProviderId), rep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(federationProviderId), rep, ResourceType.USER_FEDERATION_PROVIDER); return federationProviderId; } private void removeUserFederationProvider(String id) { userFederation().get(id).remove(); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(id)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(id), ResourceType.USER_FEDERATION_PROVIDER); } private void assertFederationProvider(UserFederationProviderRepresentation rep, String id, String displayName, String providerName, diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java index f24caa8dd3..dd5729a8a0 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java @@ -29,6 +29,7 @@ import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RoleMappingResource; import org.keycloak.admin.client.resource.UserResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.Constants; import org.keycloak.models.UserModel; import org.keycloak.representations.idm.CredentialRepresentation; @@ -111,13 +112,13 @@ public class UserTest extends AbstractAdminTest { String createdId = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep, ResourceType.USER); return createdId; } private void updateUser(UserResource user, UserRepresentation userRep) { user.update(userRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(userRep.getId()), userRep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(userRep.getId()), userRep, ResourceType.USER); } @Test @@ -277,7 +278,7 @@ public class UserTest extends AbstractAdminTest { Response response = realm.users().delete( userId ); assertEquals(204, response.getStatus()); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId)); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId), ResourceType.USER); } @Test @@ -326,7 +327,7 @@ public class UserTest extends AbstractAdminTest { link.setUserName("social-username"); Response response = user.addFederatedIdentity("social-provider-id", link); assertEquals(204, response.getStatus()); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederatedIdentityLink(id, "social-provider-id"), link); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederatedIdentityLink(id, "social-provider-id"), link, ResourceType.USER); // Verify social link is here user = realm.users().get(id); @@ -339,7 +340,7 @@ public class UserTest extends AbstractAdminTest { // Remove social link now user.removeFederatedIdentity("social-provider-id"); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederatedIdentityLink(id, "social-provider-id")); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederatedIdentityLink(id, "social-provider-id"), ResourceType.USER); assertEquals(0, user.getFederatedIdentity().size()); removeSampleIdentityProvider(); @@ -354,14 +355,14 @@ public class UserTest extends AbstractAdminTest { rep.setProviderId("social-provider-type"); realm.identityProviders().create(rep); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(rep.getAlias()), rep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(rep.getAlias()), rep, ResourceType.IDENTITY_PROVIDER); } private void removeSampleIdentityProvider() { IdentityProviderResource resource = realm.identityProviders().get("social-provider-id"); Assert.assertNotNull(resource); resource.remove(); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("social-provider-id")); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("social-provider-id"), ResourceType.IDENTITY_PROVIDER); } @Test @@ -519,7 +520,7 @@ public class UserTest extends AbstractAdminTest { List actions = new LinkedList<>(); actions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name()); user.executeActionsEmail("account", actions); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email"); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email", ResourceType.USER); Assert.assertEquals(1, greenMail.getReceivedMessages().length); @@ -587,7 +588,7 @@ public class UserTest extends AbstractAdminTest { } user.sendVerifyEmail(); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/send-verify-email"); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/send-verify-email", ResourceType.USER); Assert.assertEquals(1, greenMail.getReceivedMessages().length); @@ -626,13 +627,13 @@ public class UserTest extends AbstractAdminTest { rep.setFirstName("Firstname"); user.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(id), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(id), rep, ResourceType.USER); rep = new UserRepresentation(); rep.setLastName("Lastname"); user.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(id), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(id), rep, ResourceType.USER); rep = realm.users().get(id).toRepresentation(); @@ -709,7 +710,7 @@ public class UserTest extends AbstractAdminTest { cred.setTemporary(false); realm.users().get(userId).resetPassword(cred); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId)); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER); String accountUrl = RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(REALM_NAME).toString(); @@ -746,7 +747,7 @@ public class UserTest extends AbstractAdminTest { RequiredActionProviderRepresentation updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString()); updatePasswordReqAction.setDefaultAction(true); realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.REQUIRED_ACTION); // Create user String userId = createUser("user1", "user1@localhost"); @@ -759,7 +760,7 @@ public class UserTest extends AbstractAdminTest { updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString()); updatePasswordReqAction.setDefaultAction(true); realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.REQUIRED_ACTION); } @Test @@ -800,16 +801,16 @@ public class UserTest extends AbstractAdminTest { l.add(realm.roles().get("realm-role").toRepresentation()); l.add(realm.roles().get("realm-composite").toRepresentation()); roles.realmLevel().add(l); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userRealmRoleMappingsPath(userId), l); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userRealmRoleMappingsPath(userId), l, ResourceType.REALM_ROLE_MAPPING); // Add client roles List list = Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role").toRepresentation()); roles.clientLevel(clientUuid).add(list); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), list); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), list, ResourceType.CLIENT_ROLE_MAPPING); list = Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-composite").toRepresentation()); roles.clientLevel(clientUuid).add(list); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), list); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), ResourceType.CLIENT_ROLE_MAPPING); // List realm roles assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION); @@ -831,14 +832,14 @@ public class UserTest extends AbstractAdminTest { // Remove realm role RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation(); roles.realmLevel().remove(Collections.singletonList(realmRoleRep)); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userRealmRoleMappingsPath(userId), Collections.singletonList(realmRoleRep)); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userRealmRoleMappingsPath(userId), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE_MAPPING); assertNames(roles.realmLevel().listAll(), "realm-composite", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION); // Remove client role RoleRepresentation clientRoleRep = realm.clients().get(clientUuid).roles().get("client-role").toRepresentation(); roles.clientLevel(clientUuid).remove(Collections.singletonList(clientRoleRep)); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), Collections.singletonList(clientRoleRep)); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE_MAPPING); assertNames(roles.clientLevel(clientUuid).listAll(), "client-composite"); } @@ -847,14 +848,14 @@ public class UserTest extends AbstractAdminTest { RealmRepresentation rep = realm.toRepresentation(); rep.setEditUsernameAllowed(true); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); } private void enableBruteForce() { RealmRepresentation rep = realm.toRepresentation(); rep.setBruteForceProtected(true); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java index d77c76ce96..f115c49326 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java @@ -23,6 +23,7 @@ import org.junit.Rule; import org.keycloak.admin.client.resource.AuthenticationManagementResource; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation; import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; @@ -196,6 +197,6 @@ public abstract class AbstractAuthenticationTest extends AbstractKeycloakTest { Response response = authMgmtResource.createFlow(flowRep); org.keycloak.testsuite.Assert.assertEquals(201, response.getStatus()); response.close(); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep, ResourceType.AUTH_FLOW); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AuthenticatorConfigTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AuthenticatorConfigTest.java index eb1cda5a5d..00c1943479 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AuthenticatorConfigTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AuthenticatorConfigTest.java @@ -29,6 +29,7 @@ import org.junit.Test; import org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator; import org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticatorFactory; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; import org.keycloak.representations.idm.AuthenticatorConfigRepresentation; @@ -52,7 +53,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest { HashMap params = new HashMap<>(); params.put("provider", IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID); authMgmtResource.addExecution("firstBrokerLogin2", params); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("firstBrokerLogin2"), params); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("firstBrokerLogin2"), params, ResourceType.AUTH_EXECUTION); List executionReps = authMgmtResource.getExecutions("firstBrokerLogin2"); AuthenticationExecutionInfoRepresentation exec = findExecutionByProvider(IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID, executionReps); @@ -79,7 +80,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest { // Cleanup authMgmtResource.removeAuthenticatorConfig(cfgId); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId)); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId), ResourceType.AUTHENTICATOR_CONFIG); } @@ -105,7 +106,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest { cfgRep.setAlias("foo2"); cfgRep.getConfig().put("configKey2", "configValue2"); authMgmtResource.updateAuthenticatorConfig(cfgRep.getId(), cfgRep); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authExecutionConfigPath(cfgId), cfgRep); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authExecutionConfigPath(cfgId), cfgRep, ResourceType.AUTHENTICATOR_CONFIG); // Assert updated cfgRep = authMgmtResource.getAuthenticatorConfig(cfgRep.getId()); @@ -137,7 +138,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest { // Test remove our config authMgmtResource.removeAuthenticatorConfig(cfgId); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId)); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId), ResourceType.AUTHENTICATOR_CONFIG); // Assert config not found try { @@ -159,7 +160,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest { Assert.assertEquals(201, resp.getStatus()); String cfgId = ApiUtil.getCreatedId(resp); Assert.assertNotNull(cfgId); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionConfigPath(executionId), cfg); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionConfigPath(executionId), cfg, ResourceType.AUTH_EXECUTION); return cfgId; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ExecutionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ExecutionTest.java index ae19ff6179..42015edce0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ExecutionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ExecutionTest.java @@ -22,6 +22,7 @@ import org.junit.Test; import org.keycloak.authentication.AuthenticationFlow; import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthenticator; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation; import org.keycloak.representations.idm.AuthenticationExecutionRepresentation; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; @@ -64,7 +65,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { // copy built-in flow so we get a new editable flow params.put("newName", "Copy-of-browser"); Response response = authMgmtResource.copy("browser", params); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW); try { Assert.assertEquals("Copy flow", 201, response.getStatus()); } finally { @@ -83,7 +84,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { // add execution - should succeed params.put("provider", "idp-review-profile"); authMgmtResource.addExecution("Copy-of-browser", params); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params, ResourceType.AUTH_EXECUTION); // check execution was added List executionReps = authMgmtResource.getExecutions("Copy-of-browser"); @@ -97,7 +98,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { // remove execution authMgmtResource.removeExecution(exec.getId()); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(exec.getId())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(exec.getId()), ResourceType.AUTH_EXECUTION); // check execution was removed executionReps = authMgmtResource.getExecutions("Copy-of-browser"); @@ -108,7 +109,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { // delete auth-cookie authMgmtResource.removeExecution(authCookieExec.getId()); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(authCookieExec.getId())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(authCookieExec.getId()), ResourceType.AUTH_EXECUTION); AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation(); rep.setPriority(10); @@ -149,7 +150,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { // add execution - should succeed response = authMgmtResource.addExecution(rep); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep, ResourceType.AUTH_EXECUTION); try { Assert.assertEquals("added execution", 201, response.getStatus()); } finally { @@ -178,7 +179,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { // switch from DISABLED to ALTERNATIVE exec.setRequirement(DISABLED); authMgmtResource.updateExecutions("browser", exec); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), exec); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), exec, ResourceType.AUTH_EXECUTION); // make sure the change is visible executionReps = authMgmtResource.getExecutions("browser"); @@ -198,7 +199,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { Map executionData = new HashMap<>(); executionData.put("provider", ClientIdAndSecretAuthenticator.PROVIDER_ID); authMgmtResource.addExecution("new-client-flow", executionData); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("new-client-flow"), executionData); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("new-client-flow"), executionData, ResourceType.AUTH_EXECUTION); // Check executions of not-existent flow - SHOULD FAIL try { @@ -234,7 +235,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { // Update success executionRep.setRequirement(ALTERNATIVE); authMgmtResource.updateExecutions("new-client-flow", executionRep); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("new-client-flow"), executionRep); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("new-client-flow"), executionRep, ResourceType.AUTH_EXECUTION); // Check updated executionRep = findExecutionByProvider(ClientIdAndSecretAuthenticator.PROVIDER_ID, authMgmtResource.getExecutions("new-client-flow")); @@ -250,10 +251,10 @@ public class ExecutionTest extends AbstractAuthenticationTest { // Successfuly remove execution and flow authMgmtResource.removeExecution(executionRep.getId()); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(executionRep.getId())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(executionRep.getId()), ResourceType.AUTH_EXECUTION); AuthenticationFlowRepresentation rep = findFlowByAlias("new-client-flow", authMgmtResource.getFlows()); authMgmtResource.deleteFlow(rep.getId()); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId()), ResourceType.AUTH_FLOW); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java index 7e2f4a8d17..fc50bc6916 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java @@ -20,6 +20,7 @@ package org.keycloak.testsuite.admin.authentication; import org.junit.Assert; import org.junit.Test; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; import org.keycloak.testsuite.util.AdminEventPaths; @@ -119,7 +120,7 @@ public class FlowTest extends AbstractAuthenticationTest { // Successfully add flow data.put("alias", "SomeFlow"); authMgmtResource.addExecutionFlow("browser-2", data); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("browser-2"), data); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("browser-2"), data, ResourceType.AUTH_EXECUTION_FLOW); // check that new flow is returned in a children list flows = authMgmtResource.getFlows(); @@ -141,7 +142,7 @@ public class FlowTest extends AbstractAuthenticationTest { // delete non-built-in flow authMgmtResource.deleteFlow(found.getId()); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(found.getId())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(found.getId()), ResourceType.AUTH_FLOW); // check the deleted flow is no longer returned flows = authMgmtResource.getFlows(); @@ -184,7 +185,7 @@ public class FlowTest extends AbstractAuthenticationTest { // copy that should succeed params.put("newName", "Copy of browser"); response = authMgmtResource.copy("browser", params); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW); try { Assert.assertEquals("Copy flow", 201, response.getStatus()); } finally { @@ -219,7 +220,7 @@ public class FlowTest extends AbstractAuthenticationTest { Response response = authMgmtResource.copy("browser", params); Assert.assertEquals(201, response.getStatus()); response.close(); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW); params = new HashMap<>(); params.put("alias", "child"); @@ -228,7 +229,7 @@ public class FlowTest extends AbstractAuthenticationTest { params.put("type", "basic-flow"); authMgmtResource.addExecutionFlow("parent", params); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("parent"), params); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("parent"), params, ResourceType.AUTH_EXECUTION_FLOW); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RegistrationFlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RegistrationFlowTest.java index d7e25b6401..c38086ba01 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RegistrationFlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RegistrationFlowTest.java @@ -26,6 +26,7 @@ import javax.ws.rs.core.Response; import org.junit.Assert; import org.junit.Test; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; import org.keycloak.testsuite.util.AdminEventPaths; @@ -47,7 +48,7 @@ public class RegistrationFlowTest extends AbstractAuthenticationTest { data.put("description", "registrationForm2 flow"); data.put("provider", "registration-page-form"); authMgmtResource.addExecutionFlow("registration2", data); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("registration2"), data); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("registration2"), data, ResourceType.AUTH_EXECUTION_FLOW); // Should fail to add execution under top level flow Map data2 = new HashMap<>(); @@ -62,7 +63,7 @@ public class RegistrationFlowTest extends AbstractAuthenticationTest { // Should success to add execution under form flow authMgmtResource.addExecution("registrationForm2", data2); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("registrationForm2"), data2); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("registrationForm2"), data2, ResourceType.AUTH_EXECUTION); } // TODO: More type-safety instead of passing generic maps diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java index 5354626b36..1b7f79f144 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java @@ -20,6 +20,7 @@ package org.keycloak.testsuite.admin.authentication; import org.junit.Assert; import org.junit.Test; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.RequiredActionProviderRepresentation; import org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation; import org.keycloak.testsuite.actions.DummyRequiredActionFactory; @@ -61,7 +62,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest { forUpdate.setConfig(Collections.emptyMap()); authMgmtResource.updateRequiredAction(forUpdate.getAlias(), forUpdate); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(forUpdate.getAlias())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(forUpdate.getAlias()), ResourceType.REQUIRED_ACTION); result = authMgmtResource.getRequiredActions(); RequiredActionProviderRepresentation updated = findRequiredActionByAlias(forUpdate.getAlias(), result); @@ -81,7 +82,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest { // Register it authMgmtResource.registerRequiredAction(action); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authMgmtBasePath() + "/register-required-action", action); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authMgmtBasePath() + "/register-required-action", action, ResourceType.REQUIRED_ACTION); // Try to find not-existent action - should fail try { @@ -107,7 +108,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest { // Update (set it as defaultAction) rep.setDefaultAction(true); authMgmtResource.updateRequiredAction(DummyRequiredActionFactory.PROVIDER_ID, rep); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(rep.getAlias()), rep); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(rep.getAlias()), rep, ResourceType.REQUIRED_ACTION); compareRequiredAction(rep, newRequiredAction(DummyRequiredActionFactory.PROVIDER_ID, "Dummy Action", true, true, Collections.emptyMap())); @@ -121,7 +122,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest { // Remove success authMgmtResource.removeRequiredAction(DummyRequiredActionFactory.PROVIDER_ID); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authRequiredActionPath(rep.getAlias())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authRequiredActionPath(rep.getAlias()), ResourceType.REQUIRED_ACTION); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ShiftExecutionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ShiftExecutionTest.java index ba8ae09197..ac2ab44366 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ShiftExecutionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ShiftExecutionTest.java @@ -20,6 +20,7 @@ package org.keycloak.testsuite.admin.authentication; import org.junit.Assert; import org.junit.Test; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation; import org.keycloak.testsuite.util.AdminEventPaths; @@ -41,7 +42,7 @@ public class ShiftExecutionTest extends AbstractAuthenticationTest { HashMap params = new HashMap<>(); params.put("newName", "Copy of browser"); Response response = authMgmtResource.copy("browser", params); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW); try { Assert.assertEquals("Copy flow", 201, response.getStatus()); } finally { @@ -64,7 +65,7 @@ public class ShiftExecutionTest extends AbstractAuthenticationTest { // shift last execution up authMgmtResource.raisePriority(last.getId()); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRaiseExecutionPath(last.getId())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRaiseExecutionPath(last.getId()), ResourceType.AUTH_EXECUTION); List executions2 = authMgmtResource.getExecutions("Copy of browser"); @@ -84,7 +85,7 @@ public class ShiftExecutionTest extends AbstractAuthenticationTest { // shift one before last down authMgmtResource.lowerPriority(oneButLast2.getId()); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authLowerExecutionPath(oneButLast2.getId())); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authLowerExecutionPath(oneButLast2.getId()), ResourceType.AUTH_EXECUTION); executions2 = authMgmtResource.getExecutions("Copy of browser"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java index 2fb5ccd411..813f0678b6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java @@ -25,6 +25,7 @@ import org.junit.Before; import org.junit.Rule; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; @@ -97,7 +98,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest { resp.close(); String id = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), clientRep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), clientRep, ResourceType.CLIENT); return id; } @@ -105,7 +106,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest { protected void removeClient(String clientDbId) { testRealmResource().clients().get(clientDbId).remove(); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientResourcePath(clientDbId)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientResourcePath(clientDbId), ResourceType.CLIENT); } protected ClientRepresentation findClientRepresentation(String name) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractProtocolMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractProtocolMapperTest.java index e245e428ef..af7cf3b517 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractProtocolMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractProtocolMapperTest.java @@ -27,6 +27,7 @@ import java.util.Map; import com.fasterxml.jackson.core.type.TypeReference; import org.keycloak.admin.client.resource.ProtocolMappersResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.AdminEventRepresentation; import org.keycloak.representations.idm.ProtocolMapperRepresentation; import org.keycloak.testsuite.Assert; @@ -109,7 +110,7 @@ public abstract class AbstractProtocolMapperTest extends AbstractClientTest { // This is used by admin console to add builtin mappers resource.createMapper(mappersToAdd); - AdminEventRepresentation adminEvent = assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, adminEventPath + "/add-models"); + AdminEventRepresentation adminEvent = assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, adminEventPath + "/add-models", ResourceType.PROTOCOL_MAPPER); try { List eventMappers = JsonSerialization.readValue(new ByteArrayInputStream(adminEvent.getRepresentation().getBytes()), new TypeReference>() { }); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientProtocolMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientProtocolMapperTest.java index 439c0df9d7..3f609b7477 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientProtocolMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientProtocolMapperTest.java @@ -25,6 +25,7 @@ import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ProtocolMappersResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.ProtocolMapperRepresentation; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.admin.ApiUtil; @@ -97,7 +98,7 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest { Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); assertEquals(totalMappers + 1, samlMappersRsc.getMappers().size()); assertEquals(totalSamlMappers + 1, samlMappersRsc.getMappersPerProtocol("saml").size()); @@ -121,7 +122,7 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest { Response resp = oidcMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); assertEquals(totalMappers + 1, oidcMappersRsc.getMappers().size()); assertEquals(totalOidcMappers + 1, oidcMappersRsc.getMappersPerProtocol("openid-connect").size()); @@ -138,13 +139,13 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest { Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); rep.getConfig().put("role", "account.manage-account"); rep.setId(createdId); rep.setConsentRequired(false); samlMappersRsc.update(createdId, rep); - assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); ProtocolMapperRepresentation updated = samlMappersRsc.getMapperById(createdId); assertEqualMappers(rep, updated); @@ -157,13 +158,13 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest { Response resp = oidcMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); rep.getConfig().put("role", "myotherrole"); rep.setId(createdId); rep.setConsentRequired(false); oidcMappersRsc.update(createdId, rep); - assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); ProtocolMapperRepresentation updated = oidcMappersRsc.getMapperById(createdId); assertEqualMappers(rep, updated); @@ -176,10 +177,10 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest { Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); samlMappersRsc.delete(createdId); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), ResourceType.PROTOCOL_MAPPER); try { samlMappersRsc.getMapperById(createdId); @@ -196,10 +197,10 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest { Response resp = oidcMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); oidcMappersRsc.delete(createdId); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), ResourceType.PROTOCOL_MAPPER); try { oidcMappersRsc.getMapperById(createdId); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientRolesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientRolesTest.java index aed3461aa4..2aa5933712 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientRolesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientRolesTest.java @@ -23,6 +23,7 @@ import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.RolesResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.util.AdminEventPaths; @@ -75,7 +76,7 @@ public class ClientRolesTest extends AbstractClientTest { public void testAddRole() { RoleRepresentation role1 = makeRole("role1"); rolesRsc.create(role1); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role1"), role1); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role1"), role1, ResourceType.CLIENT_ROLE); assertTrue(hasRole(rolesRsc, "role1")); } @@ -83,10 +84,10 @@ public class ClientRolesTest extends AbstractClientTest { public void testRemoveRole() { RoleRepresentation role2 = makeRole("role2"); rolesRsc.create(role2); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"), role2); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"), role2, ResourceType.CLIENT_ROLE); rolesRsc.deleteRole("role2"); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2")); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"), ResourceType.CLIENT_ROLE); assertFalse(hasRole(rolesRsc, "role2")); } @@ -95,24 +96,24 @@ public class ClientRolesTest extends AbstractClientTest { public void testComposites() { RoleRepresentation roleA = makeRole("role-a"); rolesRsc.create(roleA); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-a"), roleA); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-a"), roleA, ResourceType.CLIENT_ROLE); assertFalse(rolesRsc.get("role-a").toRepresentation().isComposite()); assertEquals(0, rolesRsc.get("role-a").getRoleComposites().size()); RoleRepresentation roleB = makeRole("role-b"); rolesRsc.create(roleB); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-b"), roleB); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-b"), roleB, ResourceType.CLIENT_ROLE); RoleRepresentation roleC = makeRole("role-c"); testRealmResource().roles().create(roleC); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath("role-c"), roleC); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath("role-c"), roleC, ResourceType.REALM_ROLE); List l = new LinkedList<>(); l.add(rolesRsc.get("role-b").toRepresentation()); l.add(testRealmResource().roles().get("role-c").toRepresentation()); rolesRsc.get("role-a").addComposites(l); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l, ResourceType.CLIENT_ROLE); Set composites = rolesRsc.get("role-a").getRoleComposites(); @@ -126,7 +127,7 @@ public class ClientRolesTest extends AbstractClientTest { Assert.assertNames(clientComposites, "role-b"); rolesRsc.get("role-a").deleteComposites(l); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l, ResourceType.CLIENT_ROLE); assertFalse(rolesRsc.get("role-a").toRepresentation().isComposite()); assertEquals(0, rolesRsc.get("role-a").getRoleComposites().size()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateProtocolMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateProtocolMapperTest.java index 1036005056..5a82f0d939 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateProtocolMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateProtocolMapperTest.java @@ -29,6 +29,7 @@ import org.junit.runners.MethodSorters; import org.keycloak.admin.client.resource.ClientTemplatesResource; import org.keycloak.admin.client.resource.ProtocolMappersResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.protocol.saml.SamlProtocol; import org.keycloak.representations.idm.ClientTemplateRepresentation; @@ -100,7 +101,7 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER); assertEquals(totalMappers + 1, samlMappersRsc.getMappers().size()); assertEquals(totalSamlMappers + 1, samlMappersRsc.getMappersPerProtocol("saml").size()); @@ -125,7 +126,7 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER); assertEquals(totalMappers + 1, oidcMappersRsc.getMappers().size()); assertEquals(totalOidcMappers + 1, oidcMappersRsc.getMappersPerProtocol("openid-connect").size()); @@ -141,13 +142,13 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER); rep.getConfig().put("role", "account.manage-account"); rep.setId(createdId); rep.setConsentRequired(false); samlMappersRsc.update(createdId, rep); - assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER); ProtocolMapperRepresentation updated = samlMappersRsc.getMapperById(createdId); assertEqualMappers(rep, updated); @@ -160,13 +161,13 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest Response resp = oidcMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER); rep.getConfig().put("role", "myotherrole"); rep.setId(createdId); rep.setConsentRequired(false); oidcMappersRsc.update(createdId, rep); - assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER); ProtocolMapperRepresentation updated = oidcMappersRsc.getMapperById(createdId); assertEqualMappers(rep, updated); @@ -179,10 +180,10 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER); samlMappersRsc.delete(createdId); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), ResourceType.PROTOCOL_MAPPER); try { samlMappersRsc.getMapperById(createdId); @@ -199,10 +200,10 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest Response resp = oidcMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER); oidcMappersRsc.delete(createdId); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), ResourceType.PROTOCOL_MAPPER); try { oidcMappersRsc.getMapperById(createdId); @@ -227,13 +228,13 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest resp.close(); String templateId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateResourcePath(templateId), rep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateResourcePath(templateId), rep, ResourceType.CLIENT_TEMPLATE); return templateId; } private void removeTemplate(String templateId) { clientTemplates().get(templateId).remove(); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateResourcePath(templateId)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateResourcePath(templateId), ResourceType.CLIENT_TEMPLATE); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java index 2b469a9b5f..113630a828 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java @@ -32,6 +32,7 @@ import org.junit.Test; import org.keycloak.admin.client.resource.ClientTemplatesResource; import org.keycloak.admin.client.resource.RoleMappingResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.AccountRoles; import org.keycloak.models.Constants; import org.keycloak.protocol.oidc.OIDCLoginProtocol; @@ -137,7 +138,7 @@ public class ClientTemplateTest extends AbstractClientTest { clientTemplates().get(template1Id).update(templateRep); - assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateResourcePath(template1Id), templateRep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateResourcePath(template1Id), templateRep, ResourceType.CLIENT_TEMPLATE); // Assert updated attributes templateRep = clientTemplates().get(template1Id).toRepresentation(); @@ -161,7 +162,7 @@ public class ClientTemplateTest extends AbstractClientTest { // Add role2 as composite to role1 testRealmResource().roles().get("role1").addComposites(Collections.singletonList(roleRep2)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2), ResourceType.REALM_ROLE); // create client template ClientTemplateRepresentation templateRep = new ClientTemplateRepresentation(); @@ -175,10 +176,10 @@ public class ClientTemplateTest extends AbstractClientTest { RoleMappingResource scopesResource = clientTemplates().get(templateId).getScopeMappings(); scopesResource.realmLevel().add(Collections.singletonList(roleRep1)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING); scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING); // test that scopes are available (also through composite role) List allRealm = scopesResource.realmLevel().listAll(); @@ -197,10 +198,10 @@ public class ClientTemplateTest extends AbstractClientTest { // remove scopes scopesResource.realmLevel().remove(Collections.singletonList(roleRep1)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING); scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING); // assert scopes are removed allRealm = scopesResource.realmLevel().listAll(); @@ -255,7 +256,7 @@ public class ClientTemplateTest extends AbstractClientTest { // Add realm role to scopes of clientTemplate clientTemplates().get(templateId).getScopeMappings().realmLevel().add(Collections.singletonList(roleRep)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep), ResourceType.REALM_SCOPE_MAPPING); List roleReps = clientTemplates().get(templateId).getScopeMappings().realmLevel().listAll(); Assert.assertEquals(1, roleReps.size()); @@ -263,7 +264,7 @@ public class ClientTemplateTest extends AbstractClientTest { // Remove realm role testRealmResource().roles().deleteRole("foo-role"); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.roleResourcePath("foo-role")); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.roleResourcePath("foo-role"), ResourceType.REALM_ROLE); // Get scope mappings roleReps = clientTemplates().get(templateId).getScopeMappings().realmLevel().listAll(); @@ -278,7 +279,7 @@ public class ClientTemplateTest extends AbstractClientTest { roleRep.setName(roleName); testRealmResource().roles().create(roleRep); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), roleRep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), roleRep, ResourceType.REALM_ROLE); return testRealmResource().roles().get(roleName).toRepresentation(); } @@ -329,14 +330,14 @@ public class ClientTemplateTest extends AbstractClientTest { resp.close(); String templateId = ApiUtil.getCreatedId(resp); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateResourcePath(templateId), templateRep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateResourcePath(templateId), templateRep, ResourceType.CLIENT_TEMPLATE); return templateId; } private void removeTemplate(String templateId) { clientTemplates().get(templateId).remove(); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateResourcePath(templateId)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateResourcePath(templateId), ResourceType.CLIENT_TEMPLATE); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java index 5216c3649e..5dddbc5126 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java @@ -19,13 +19,12 @@ package org.keycloak.testsuite.admin.client; import java.util.List; -import org.junit.Rule; import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.testsuite.util.AdminEventPaths; -import org.keycloak.testsuite.util.AssertAdminEvents; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; @@ -66,7 +65,7 @@ public class ClientTest extends AbstractClientTest { clientRsc.remove(); assertNull(findClientResource("deleteMe")); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientResourcePath(clientDbId)); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientResourcePath(clientDbId), ResourceType.CLIENT); } @Test @@ -87,7 +86,7 @@ public class ClientTest extends AbstractClientTest { ClientRepresentation expectedClientRep = new ClientRepresentation(); expectedClientRep.setClientId("updateMe"); expectedClientRep.setName("iWasUpdated"); - assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientResourcePath(clientRep.getId()), expectedClientRep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientResourcePath(clientRep.getId()), expectedClientRep, ResourceType.CLIENT); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/CredentialsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/CredentialsTest.java index 0b2ffafbf2..b76e6704a7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/CredentialsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/CredentialsTest.java @@ -22,6 +22,7 @@ import org.junit.Before; import org.junit.Test; import org.keycloak.admin.client.resource.ClientAttributeCertificateResource; import org.keycloak.admin.client.resource.ClientResource; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.KeyStoreConfig; import org.keycloak.events.admin.OperationType; @@ -70,7 +71,7 @@ public class CredentialsTest extends AbstractClientTest { CredentialRepresentation secretRep = new CredentialRepresentation(); secretRep.setType(CredentialRepresentation.SECRET); - assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientGenerateSecretPath(accountClientDbId), secretRep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientGenerateSecretPath(accountClientDbId), secretRep, ResourceType.CLIENT); assertNotNull(oldCredential); assertNotNull(newCredential); @@ -91,7 +92,7 @@ public class CredentialsTest extends AbstractClientTest { ClientRepresentation testedRep = new ClientRepresentation(); testedRep.setClientId(rep.getClientId()); testedRep.setRegistrationAccessToken(newToken); - assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientRegenerateRegistrationAccessTokenPath(accountClientDbId), testedRep); + assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientRegenerateRegistrationAccessTokenPath(accountClientDbId), testedRep, ResourceType.CLIENT); } @Test @@ -102,7 +103,7 @@ public class CredentialsTest extends AbstractClientTest { assertEquals(cert.getCertificate(), certFromGet.getCertificate()); assertEquals(cert.getPrivateKey(), certFromGet.getPrivateKey()); - assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientCertificateGenerateSecretPath(accountClientDbId, "jwt.credential"), cert); + assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientCertificateGenerateSecretPath(accountClientDbId, "jwt.credential"), cert, ResourceType.CLIENT); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java index 8685603452..0ba2a41ad8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java @@ -23,6 +23,7 @@ import org.junit.Before; import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserSessionRepresentation; import org.keycloak.testsuite.auth.page.account.AccountManagement; @@ -47,8 +48,8 @@ public class SessionTest extends AbstractClientTest { if (!testUserCreated) { createTestUserWithAdminClient(); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId())); - assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId())); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER); + assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER); } testUserCreated = true; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java index 9413836c85..195f733665 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java @@ -27,6 +27,7 @@ import org.junit.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.AdminRoles; import org.keycloak.models.Constants; import org.keycloak.models.utils.KeycloakModelUtils; @@ -136,6 +137,7 @@ public class AdminEventAuthDetailsTest extends AbstractAuthTest { .realmId(realmUuid) .operationType(OperationType.UPDATE) .resourcePath(AdminEventPaths.userResourcePath(appUserId)) + .resourceType(ResourceType.USER) .representation(rep) .authDetails(expectedRealmId, expectedClientUuid, expectedUserId) .assertEvent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java index 9ac45d0437..f4553031c9 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java @@ -23,6 +23,7 @@ import org.junit.Test; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RoleMappingResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.Constants; import org.keycloak.models.RoleModel; import org.keycloak.representations.AccessToken; @@ -105,13 +106,13 @@ public class GroupTest extends AbstractGroupTest { Response response = realm.clients().create(client); response.close(); String clientUuid = ApiUtil.getCreatedId(response); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), client); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), client, ResourceType.CLIENT); client = realm.clients().findByClientId("foo").get(0); RoleRepresentation role = new RoleRepresentation(); role.setName("foo-role"); realm.clients().get(client.getId()).roles().create(role); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "foo-role"), role); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "foo-role"), role, ResourceType.CLIENT_ROLE); role = realm.clients().get(client.getId()).roles().get("foo-role").toRepresentation(); GroupRepresentation group = new GroupRepresentation(); @@ -121,10 +122,10 @@ public class GroupTest extends AbstractGroupTest { List list = new LinkedList<>(); list.add(role); realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid), list); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid), list, ResourceType.CLIENT_ROLE_MAPPING); realm.clients().get(client.getId()).remove(); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.clientResourcePath(clientUuid)); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.clientResourcePath(clientUuid), ResourceType.CLIENT); } private GroupRepresentation createGroup(RealmResource realm, GroupRepresentation group) { @@ -132,7 +133,7 @@ public class GroupTest extends AbstractGroupTest { String groupId = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group, ResourceType.GROUP); // Set ID to the original rep group.setId(groupId); @@ -171,13 +172,13 @@ public class GroupTest extends AbstractGroupTest { List roles = new LinkedList<>(); roles.add(topRole); realm.groups().group(topGroup.getId()).roles().realmLevel().add(roles); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId()), roles); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId()), roles, ResourceType.REALM_ROLE_MAPPING); GroupRepresentation level2Group = new GroupRepresentation(); level2Group.setName("level2"); Response response = realm.groups().group(topGroup.getId()).subGroup(level2Group); response.close(); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(topGroup.getId()), level2Group); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(topGroup.getId()), level2Group, ResourceType.GROUP); URI location = response.getLocation(); final String level2Id = ApiUtil.getCreatedId(response); @@ -198,20 +199,20 @@ public class GroupTest extends AbstractGroupTest { roles.clear(); roles.add(level2Role); realm.groups().group(level2Group.getId()).roles().realmLevel().add(roles); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId()), roles); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId()), roles, ResourceType.REALM_ROLE_MAPPING); GroupRepresentation level3Group = new GroupRepresentation(); level3Group.setName("level3"); response = realm.groups().group(level2Group.getId()).subGroup(level3Group); response.close(); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(level2Group.getId()), level3Group); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(level2Group.getId()), level3Group, ResourceType.GROUP); level3Group = realm.getGroupByPath("/top/level2/level3"); Assert.assertNotNull(level3Group); roles.clear(); roles.add(level3Role); realm.groups().group(level3Group.getId()).roles().realmLevel().add(roles); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId()), roles); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId()), roles, ResourceType.REALM_ROLE_MAPPING); topGroup = realm.getGroupByPath("/top"); assertEquals(1, topGroup.getRealmRoles().size()); @@ -231,7 +232,7 @@ public class GroupTest extends AbstractGroupTest { UserRepresentation user = realm.users().search("direct-login", -1, -1).get(0); realm.users().get(user.getId()).joinGroup(level3Group.getId()); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(user.getId(), level3Group.getId())); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(user.getId(), level3Group.getId()), ResourceType.GROUP_MEMBERSHIP); List membership = realm.users().get(user.getId()).groups(); assertEquals(1, membership.size()); @@ -243,7 +244,7 @@ public class GroupTest extends AbstractGroupTest { assertTrue(token.getRealmAccess().getRoles().contains("level3Role")); realm.addDefaultGroup(level3Group.getId()); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.defaultGroupPath(level3Group.getId())); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.defaultGroupPath(level3Group.getId()), ResourceType.GROUP); List defaultGroups = realm.getDefaultGroups(); assertEquals(1, defaultGroups.size()); @@ -255,20 +256,20 @@ public class GroupTest extends AbstractGroupTest { response = realm.users().create(newUser); String userId = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userId), newUser); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userId), newUser, ResourceType.USER); membership = realm.users().get(userId).groups(); assertEquals(1, membership.size()); assertEquals("level3", membership.get(0).getName()); realm.removeDefaultGroup(level3Group.getId()); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.defaultGroupPath(level3Group.getId())); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.defaultGroupPath(level3Group.getId()), ResourceType.GROUP); defaultGroups = realm.getDefaultGroups(); assertEquals(0, defaultGroups.size()); realm.groups().group(topGroup.getId()).remove(); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupPath(topGroup.getId())); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupPath(topGroup.getId()), ResourceType.GROUP); try { realm.getGroupByPath("/top/level2/level3"); @@ -320,7 +321,7 @@ public class GroupTest extends AbstractGroupTest { group.getAttributes().put("attr3", Collections.singletonList("attrval2")); realm.groups().group(group.getId()).update(group); - assertAdminEvents.assertEvent("test", OperationType.UPDATE, AdminEventPaths.groupPath(group.getId()), group); + assertAdminEvents.assertEvent("test", OperationType.UPDATE, AdminEventPaths.groupPath(group.getId()), group, ResourceType.GROUP); group = realm.getGroupByPath("/group-new"); @@ -341,27 +342,27 @@ public class GroupTest extends AbstractGroupTest { Response response = realm.users().create(UserBuilder.create().username("user-a").build()); String userAId = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userAId)); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userAId), ResourceType.USER); response = realm.users().create(UserBuilder.create().username("user-b").build()); String userBId = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userBId)); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userBId), ResourceType.USER); realm.users().get(userAId).joinGroup(groupId); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(userAId, groupId), group); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(userAId, groupId), group, ResourceType.GROUP_MEMBERSHIP); List members = realm.groups().group(groupId).members(0, 10); assertNames(members, "user-a"); realm.users().get(userBId).joinGroup(groupId); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(userBId, groupId), group); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(userBId, groupId), group, ResourceType.GROUP_MEMBERSHIP); members = realm.groups().group(groupId).members(0, 10); assertNames(members, "user-a", "user-b"); realm.users().get(userAId).leaveGroup(groupId); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userGroupPath(userAId, groupId), group); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userGroupPath(userAId, groupId), group, ResourceType.GROUP_MEMBERSHIP); members = realm.groups().group(groupId).members(0, 10); assertNames(members, "user-b"); @@ -419,15 +420,15 @@ public class GroupTest extends AbstractGroupTest { l.add(realm.roles().get("realm-role").toRepresentation()); l.add(realm.roles().get("realm-composite").toRepresentation()); roles.realmLevel().add(l); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l, ResourceType.REALM_ROLE_MAPPING); // Add client roles RoleRepresentation clientRole = realm.clients().get(clientId).roles().get("client-role").toRepresentation(); RoleRepresentation clientComposite = realm.clients().get(clientId).roles().get("client-composite").toRepresentation(); roles.clientLevel(clientId).add(Collections.singletonList(clientRole)); roles.clientLevel(clientId).add(Collections.singletonList(clientComposite)); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole)); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite)); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole), ResourceType.CLIENT_ROLE_MAPPING); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite), ResourceType.CLIENT_ROLE_MAPPING); // List realm roles assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite"); @@ -448,13 +449,13 @@ public class GroupTest extends AbstractGroupTest { // Remove realm role RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation(); roles.realmLevel().remove(Collections.singletonList(realmRoleRep)); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep)); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE_MAPPING); assertNames(roles.realmLevel().listAll(), "realm-composite"); // Remove client role RoleRepresentation clientRoleRep = realm.clients().get(clientId).roles().get("client-role").toRepresentation(); roles.clientLevel(clientId).remove(Collections.singletonList(clientRoleRep)); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep)); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE_MAPPING); assertNames(roles.clientLevel(clientId).listAll(), "client-composite"); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java index 04221c022b..bf9c7947ff 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java @@ -21,6 +21,7 @@ import org.junit.Before; import org.junit.Test; import org.keycloak.admin.client.resource.RolesResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.testsuite.Assert; @@ -78,11 +79,11 @@ public class RealmRolesTest extends AbstractAdminTest { resource = adminClient.realm(REALM_NAME).roles(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-b"), roleB); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA, ResourceType.REALM_ROLE); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-b"), roleB, ResourceType.REALM_ROLE); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), clientRep); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "role-c"), roleC); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), clientRep, ResourceType.CLIENT); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "role-c"), roleC, ResourceType.CLIENT_ROLE); } @Test @@ -102,7 +103,7 @@ public class RealmRolesTest extends AbstractAdminTest { role.setDescription("Role A New"); resource.get("role-a").update(role); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath("role-a"), role); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath("role-a"), role, ResourceType.REALM_ROLE); role = resource.get("role-a-new").toRepresentation(); @@ -116,7 +117,7 @@ public class RealmRolesTest extends AbstractAdminTest { public void deleteRole() { assertNotNull(resource.get("role-a")); resource.deleteRole("role-a"); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("role-a")); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("role-a"), ResourceType.REALM_ROLE); try { resource.get("role-a").toRepresentation(); @@ -136,7 +137,7 @@ public class RealmRolesTest extends AbstractAdminTest { l.add(RoleBuilder.create().id(ids.get("role-c")).build()); resource.get("role-a").addComposites(l); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role-a"), l); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role-a"), l, ResourceType.REALM_ROLE); Set composites = resource.get("role-a").getRoleComposites(); @@ -150,7 +151,7 @@ public class RealmRolesTest extends AbstractAdminTest { Assert.assertNames(clientComposites, "role-c"); resource.get("role-a").deleteComposites(l); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"), l); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"), l, ResourceType.REALM_ROLE); assertFalse(resource.get("role-a").toRepresentation().isComposite()); assertEquals(0, resource.get("role-a").getRoleComposites().size()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java index d2e64283ff..f08f79059e 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java @@ -27,6 +27,7 @@ import org.keycloak.admin.client.resource.ServerInfoResource; import org.keycloak.common.util.StreamUtil; import org.keycloak.common.util.Time; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.Constants; import org.keycloak.representations.adapters.action.GlobalRequestResult; import org.keycloak.representations.adapters.action.PushNotBeforeAction; @@ -213,7 +214,7 @@ public class RealmTest extends AbstractAdminTest { rep.setEditUsernameAllowed(true); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); rep = realm.toRepresentation(); @@ -230,7 +231,7 @@ public class RealmTest extends AbstractAdminTest { rep.setEditUsernameAllowed(false); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); rep = realm.toRepresentation(); assertEquals(Boolean.FALSE, rep.isRegistrationAllowed()); @@ -246,7 +247,7 @@ public class RealmTest extends AbstractAdminTest { rep.setSupportedLocales(new HashSet<>(Arrays.asList("en", "de"))); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); rep = realm.toRepresentation(); @@ -258,7 +259,7 @@ public class RealmTest extends AbstractAdminTest { rep.setEditUsernameAllowed(false); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); rep = realm.toRepresentation(); assertEquals(Boolean.FALSE, rep.isEditUsernameAllowed()); @@ -282,7 +283,7 @@ public class RealmTest extends AbstractAdminTest { public void deleteDefaultRole() { RoleRepresentation role = new RoleRepresentation("test", "test", false); realm.roles().create(role); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("test"), role); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("test"), role, ResourceType.REALM_ROLE); assertNotNull(realm.roles().get("test").toRepresentation()); @@ -291,10 +292,10 @@ public class RealmTest extends AbstractAdminTest { rep.getDefaultRoles().add("test"); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); realm.roles().deleteRole("test"); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("test")); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("test"), ResourceType.REALM_ROLE); try { realm.roles().get("testsadfsadf").toRepresentation(); @@ -425,7 +426,7 @@ public class RealmTest extends AbstractAdminTest { rep.setPublicKey(PUBLIC_KEY); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); assertEquals(PUBLIC_KEY, rep.getPublicKey()); @@ -460,7 +461,7 @@ public class RealmTest extends AbstractAdminTest { rep.setPublicKey(publicKey2048); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); Assert.assertEquals(publicKey2048, realm.toRepresentation().getPublicKey()); @@ -470,7 +471,7 @@ public class RealmTest extends AbstractAdminTest { rep.setPublicKey(publicKey4096); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); Assert.assertEquals(publicKey4096, realm.toRepresentation().getPublicKey()); } @@ -481,7 +482,7 @@ public class RealmTest extends AbstractAdminTest { rep.setCertificate(CERTIFICATE); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); assertEquals(CERTIFICATE, rep.getCertificate()); @@ -489,7 +490,7 @@ public class RealmTest extends AbstractAdminTest { rep.setCertificate(certificate); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); assertEquals(certificate, realm.toRepresentation().getCertificate()); @@ -520,7 +521,7 @@ public class RealmTest extends AbstractAdminTest { assertTrue(testingClient.testing().isCached("realms", realmRep.getId())); realm.clearRealmCache(); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "clear-realm-cache"); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "clear-realm-cache", ResourceType.REALM); assertFalse(testingClient.testing().isCached("realms", realmRep.getId())); } @@ -532,14 +533,14 @@ public class RealmTest extends AbstractAdminTest { Response response = realm.users().create(user); String userId = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), user); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), user, ResourceType.USER); realm.users().get(userId).toRepresentation(); assertTrue(testingClient.testing().isCached("users", userId)); realm.clearUserCache(); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "clear-user-cache"); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "clear-user-cache", ResourceType.REALM); assertFalse(testingClient.testing().isCached("users", userId)); } @@ -553,10 +554,10 @@ public class RealmTest extends AbstractAdminTest { RealmRepresentation rep = realm.toRepresentation(); rep.setNotBefore(time); realm.update(rep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); GlobalRequestResult globalRequestResult = realm.pushRevocation(); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "push-revocation", globalRequestResult); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "push-revocation", globalRequestResult, ResourceType.REALM); assertEquals(1, globalRequestResult.getSuccessRequests().size()); assertEquals("http://localhost:8180/auth/realms/master/app/admin", globalRequestResult.getSuccessRequests().get(0)); @@ -573,15 +574,15 @@ public class RealmTest extends AbstractAdminTest { Response response = realm.users().create(UserBuilder.create().username("user").build()); String userId = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId)); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), ResourceType.USER); realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build()); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId)); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER); oauth.doLogin("user", "password"); GlobalRequestResult globalRequestResult = realm.logoutAll(); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "logout-all", globalRequestResult); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "logout-all", globalRequestResult, ResourceType.REALM); assertEquals(1, globalRequestResult.getSuccessRequests().size()); assertEquals("http://localhost:8180/auth/realms/master/app/admin", globalRequestResult.getSuccessRequests().get(0)); @@ -602,7 +603,7 @@ public class RealmTest extends AbstractAdminTest { assertNotNull(event); realm.deleteSession(event.getSessionId()); - assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.deleteSessionPath(event.getSessionId())); + assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.deleteSessionPath(event.getSessionId()), ResourceType.USER_SESSION); try { realm.deleteSession(event.getSessionId()); fail("Expected 404"); @@ -649,7 +650,7 @@ public class RealmTest extends AbstractAdminTest { Response resp = realm.clients().create(client); String clientDbId = ApiUtil.getCreatedId(resp); resp.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client, ResourceType.CLIENT); oauth.realm(REALM_NAME); oauth.redirectUri(redirectUri); @@ -658,10 +659,10 @@ public class RealmTest extends AbstractAdminTest { Response response = realm.users().create(userRep); String userId = ApiUtil.getCreatedId(response); response.close(); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep, ResourceType.USER); realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build()); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId)); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER); testingClient.testApp().clearAdminActions(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java index 58f8e9ab10..c50c022837 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java @@ -38,6 +38,7 @@ import org.junit.runners.model.Statement; import org.keycloak.common.util.ObjectUtil; import org.keycloak.common.util.reflections.Reflections; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.JWSInputException; import org.keycloak.representations.AccessToken; @@ -106,22 +107,23 @@ public class AssertAdminEvents implements TestRule { - public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, String resourcePath) { - return assertEvent(realmId, operationType, resourcePath, null); + public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, String resourcePath, ResourceType resourceType) { + return assertEvent(realmId, operationType, resourcePath, null, resourceType); } - public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, Matcher resourcePath) { - return assertEvent(realmId, operationType, resourcePath, null); + public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, Matcher resourcePath, ResourceType resourceType) { + return assertEvent(realmId, operationType, resourcePath, null, resourceType); } - public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, String resourcePath, Object representation) { - return assertEvent(realmId, operationType, Matchers.equalTo(resourcePath), representation); + public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, String resourcePath, Object representation, ResourceType resourceType) { + return assertEvent(realmId, operationType, Matchers.equalTo(resourcePath), representation, resourceType); } - public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, Matcher resourcePath, Object representation) { + public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, Matcher resourcePath, Object representation, ResourceType resourceType) { return expect().realmId(realmId) .operationType(operationType) .resourcePath(resourcePath) + .resourceType(resourceType) .representation(representation) .assertEvent(); } @@ -132,6 +134,7 @@ public class AssertAdminEvents implements TestRule { private AdminEventRepresentation expected = new AdminEventRepresentation(); private Matcher resourcePath; + private ResourceType resourceType; private Object expectedRep; public ExpectedAdminEvent realmId(String realmId) { @@ -158,6 +161,11 @@ public class AssertAdminEvents implements TestRule { return this; } + public ExpectedAdminEvent resourceType(ResourceType resourceType){ + expected.setResourceType(resourceType.toString()); + return this; + } + public ExpectedAdminEvent error(String error) { expected.setError(error); updateOperationTypeIfError(); @@ -191,6 +199,7 @@ public class AssertAdminEvents implements TestRule { public AdminEventRepresentation assertEvent(AdminEventRepresentation actual) { Assert.assertEquals(expected.getRealmId(), actual.getRealmId()); Assert.assertThat(actual.getResourcePath(), resourcePath); + Assert.assertEquals(expected.getResourceType(), actual.getResourceType()); Assert.assertEquals(expected.getOperationType(), actual.getOperationType()); Assert.assertTrue(ObjectUtil.isEqualOrBothNull(expected.getError(), actual.getError())); diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties index a867747016..26a11e00a1 100644 --- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties +++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties @@ -745,7 +745,9 @@ filter=Filter update=Update reset=Reset operation-types=Operation Types +resource-types=Resource Types select-operations.placeholder=Select operations... +select-resource-types.placeholder=Select resource types... resource-path=Resource Path resource-path.tooltip=Filter by resource path. Supports wildcards '*' to match a single part of the path and '**' matches multiple parts. For example 'realms/*/clients/asbc' matches client with id asbc in any realm, while or 'realms/master/**' matches anything in the master realm. date-(from)=Date (From) @@ -754,6 +756,7 @@ authentication-details=Authentication Details ip-address=IP Address time=Time operation-type=Operation Type +resource-type=Resource Type auth=Auth representation=Representation register=Register diff --git a/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js index 68a4049a9a..317b376477 100755 --- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js @@ -1482,13 +1482,19 @@ module.controller('RealmAdminEventsCtrl', function($scope, RealmAdminEvents, rea id : realm.realm, max : 5, first : 0 - } + }; $scope.adminEnabledEventOperationsOptions = { 'multiple': true, 'simple_tags': true, 'tags': serverInfo.enums['operationType'] }; + + $scope.adminEnabledEventResourceTypesOptions = { + 'multiple': true, + 'simple_tags': true, + 'tags': serverInfo.enums['resourceType'] + }; $scope.update = function() { $scope.query.first = 0; @@ -1498,12 +1504,13 @@ module.controller('RealmAdminEventsCtrl', function($scope, RealmAdminEvents, rea } } $scope.events = RealmAdminEvents.query($scope.query); - } + }; $scope.reset = function() { $scope.query.first = 0; $scope.query.max = 5; $scope.query.operationTypes = ''; + $scope.query.resourceTypes = ''; $scope.query.resourcePath = ''; $scope.query.authRealm = ''; $scope.query.authClient = ''; @@ -1513,7 +1520,7 @@ module.controller('RealmAdminEventsCtrl', function($scope, RealmAdminEvents, rea $scope.query.dateTo = ''; $scope.update(); - } + }; $scope.queryUpdate = function() { for (var i in $scope.query) { diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html index d380d11838..04a63111e8 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html @@ -33,11 +33,17 @@
    - -
    + +
    -
    -
    +
    + +
    + +
    + +
    +
    @@ -93,6 +99,7 @@ {{:: 'time' | translate}} {{:: 'operation-type' | translate}} + {{:: 'resource-type' | translate}} {{:: 'resource-path' | translate}} {{:: 'details' | translate}} @@ -110,6 +117,7 @@ {{event.time|date:'shortDate'}}
    {{event.time|date:'mediumTime'}} {{event.operationType}} + {{event.resourceType}} {{event.resourcePath}}