Merge pull request #3413 from mstruk/KEYCLOAK-3801
KEYCLOAK-3801 Remove --unsafe from 'kcreg update'
This commit is contained in:
commit
7e6c49fc74
3 changed files with 30 additions and 34 deletions
|
@ -85,9 +85,6 @@ public class UpdateCmd extends AbstractAuthOptionsCmd {
|
||||||
@Option(shortName = 'm', name = "merge", description = "Merge new values with existing configuration on the server", hasValue = false)
|
@Option(shortName = 'm', name = "merge", description = "Merge new values with existing configuration on the server", hasValue = false)
|
||||||
private boolean mergeMode = true;
|
private boolean mergeMode = true;
|
||||||
|
|
||||||
@Option(shortName = 'u', name = "unsafe", description = "Allow updating without registration access token - no optimistic locking", hasValue = false)
|
|
||||||
private boolean allowUnsafe = true;
|
|
||||||
|
|
||||||
@Option(shortName = 'o', name = "output", description = "After update output the new client configuration", hasValue = false)
|
@Option(shortName = 'o', name = "output", description = "After update output the new client configuration", hasValue = false)
|
||||||
private boolean outputClient = false;
|
private boolean outputClient = false;
|
||||||
|
|
||||||
|
@ -280,8 +277,6 @@ public class UpdateCmd extends AbstractAuthOptionsCmd {
|
||||||
saveMergeConfig(cfg -> {
|
saveMergeConfig(cfg -> {
|
||||||
setRegistrationToken(cfg.ensureRealmConfigData(server, realm), clientToUpdate, newToken);
|
setRegistrationToken(cfg.ensureRealmConfigData(server, realm), clientToUpdate, newToken);
|
||||||
});
|
});
|
||||||
} else if (!allowUnsafe) {
|
|
||||||
throw new RuntimeException("No Registration Access Token found for client: " + clientId + ". Provide one or use --unsafe.");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// merge local representation over remote one
|
// merge local representation over remote one
|
||||||
|
@ -373,7 +368,6 @@ public class UpdateCmd extends AbstractAuthOptionsCmd {
|
||||||
out.println(" -f, --file FILENAME Use the file or standard input if '-' is specified");
|
out.println(" -f, --file FILENAME Use the file or standard input if '-' is specified");
|
||||||
out.println(" -m, --merge Merge new values with existing configuration on the server");
|
out.println(" -m, --merge Merge new values with existing configuration on the server");
|
||||||
out.println(" Merge is automatically enabled unless --file is specified");
|
out.println(" Merge is automatically enabled unless --file is specified");
|
||||||
out.println(" -u, --unsafe Allow updating without registration access token - no optimistic locking");
|
|
||||||
out.println(" -o, --output After update output the new client configuration");
|
out.println(" -o, --output After update output the new client configuration");
|
||||||
out.println(" -c, --compressed Don't pretty print the output");
|
out.println(" -c, --compressed Don't pretty print the output");
|
||||||
out.println();
|
out.println();
|
||||||
|
@ -389,9 +383,9 @@ public class UpdateCmd extends AbstractAuthOptionsCmd {
|
||||||
out.println("and the following items are shifted.");
|
out.println("and the following items are shifted.");
|
||||||
out.println();
|
out.println();
|
||||||
out.println("Merged mode fetches current configuration from the server, applies attribute changes to it, and sends it");
|
out.println("Merged mode fetches current configuration from the server, applies attribute changes to it, and sends it");
|
||||||
out.println("back to the server, overwriting existing configuration there. To ensure there are no unexpected changes");
|
out.println("back to the server, overwriting existing configuration there. If available, Registration Access Token is used ");
|
||||||
out.println("Registration Access Token is used for authorization when doing changes. Alternatively, one can specify to use");
|
out.println("for authorization when doing changes. Otherwise current session's authorization is used in which case user needs");
|
||||||
out.println("unsafe mode in which case login session's authorization is used - user requires manage-clients permission.");
|
out.println("manage-clients permission for update to work.");
|
||||||
out.println();
|
out.println();
|
||||||
out.println();
|
out.println();
|
||||||
out.println("Examples:");
|
out.println("Examples:");
|
||||||
|
|
|
@ -430,7 +430,7 @@ public abstract class AbstractCliTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
exe = execute("get test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions);
|
exe = execute("get test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions);
|
||||||
|
|
||||||
Assert.assertEquals("exitCode == 0", 0, exe.exitCode());
|
assertExitCodeAndStdErrSize(exe, 0, 1);
|
||||||
|
|
||||||
ClientRepresentation client2 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
|
ClientRepresentation client2 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
|
||||||
Assert.assertEquals("clientId", "test-client", client2.getClientId());
|
Assert.assertEquals("clientId", "test-client", client2.getClientId());
|
||||||
|
@ -449,7 +449,7 @@ public abstract class AbstractCliTest extends AbstractKeycloakTest {
|
||||||
// because the previous invocation didn't use a registration access token
|
// because the previous invocation didn't use a registration access token
|
||||||
exe = execute("get test-client --no-config --server " + serverUrl + " --realm test " + extraOptions + " -t " + client.getRegistrationAccessToken());
|
exe = execute("get test-client --no-config --server " + serverUrl + " --realm test " + extraOptions + " -t " + client.getRegistrationAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals("exitCode == 0", 0, exe.exitCode());
|
assertExitCodeAndStdErrSize(exe, 0, 0);
|
||||||
|
|
||||||
ClientRepresentation client3 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
|
ClientRepresentation client3 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
|
||||||
Assert.assertEquals("clientId", "test-client", client3.getClientId());
|
Assert.assertEquals("clientId", "test-client", client3.getClientId());
|
||||||
|
@ -466,9 +466,9 @@ public abstract class AbstractCliTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
|
|
||||||
exe = execute("update test-client --no-config --server " + serverUrl + " --realm test " +
|
exe = execute("update test-client --no-config --server " + serverUrl + " --realm test " +
|
||||||
credentials + " " + extraOptions + " -s enabled=false -o --unsafe");
|
credentials + " " + extraOptions + " -s enabled=false -o");
|
||||||
|
|
||||||
Assert.assertEquals("exitCode == 0", 0, exe.exitCode());
|
assertExitCodeAndStdErrSize(exe, 0, 1);
|
||||||
|
|
||||||
ClientRepresentation client4 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
|
ClientRepresentation client4 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
|
||||||
Assert.assertEquals("clientId", "test-client", client4.getClientId());
|
Assert.assertEquals("clientId", "test-client", client4.getClientId());
|
||||||
|
@ -488,7 +488,7 @@ public abstract class AbstractCliTest extends AbstractKeycloakTest {
|
||||||
exe = execute("update test-client --no-config --server " + serverUrl + " --realm test " + extraOptions +
|
exe = execute("update test-client --no-config --server " + serverUrl + " --realm test " + extraOptions +
|
||||||
" -s enabled=true -o -t " + client3.getRegistrationAccessToken());
|
" -s enabled=true -o -t " + client3.getRegistrationAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals("exitCode == 0", 0, exe.exitCode());
|
assertExitCodeAndStdErrSize(exe, 0, 0);
|
||||||
|
|
||||||
ClientRepresentation client5 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
|
ClientRepresentation client5 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
|
||||||
Assert.assertEquals("clientId", "test-client", client5.getClientId());
|
Assert.assertEquals("clientId", "test-client", client5.getClientId());
|
||||||
|
@ -527,10 +527,29 @@ public abstract class AbstractCliTest extends AbstractKeycloakTest {
|
||||||
Assert.assertEquals("config file not modified", lastModified, lastModified2);
|
Assert.assertEquals("config file not modified", lastModified, lastModified2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void assertExitCodeAndStdOutSize(KcRegExec exe, int exitCode, int stdOutLineCount) {
|
||||||
|
assertExitCodeAndStreamSizes(exe, exitCode, stdOutLineCount, -1);
|
||||||
|
}
|
||||||
|
|
||||||
|
void assertExitCodeAndStdErrSize(KcRegExec exe, int exitCode, int stdErrLineCount) {
|
||||||
|
assertExitCodeAndStreamSizes(exe, exitCode, -1, stdErrLineCount);
|
||||||
|
}
|
||||||
|
|
||||||
void assertExitCodeAndStreamSizes(KcRegExec exe, int exitCode, int stdOutLineCount, int stdErrLineCount) {
|
void assertExitCodeAndStreamSizes(KcRegExec exe, int exitCode, int stdOutLineCount, int stdErrLineCount) {
|
||||||
Assert.assertEquals("exitCode == " + exitCode, exitCode, exe.exitCode());
|
Assert.assertEquals("exitCode == " + exitCode, exitCode, exe.exitCode());
|
||||||
Assert.assertTrue("stdout output has " + stdOutLineCount + " lines", exe.stdoutLines().size() == stdOutLineCount);
|
if (stdOutLineCount != -1) {
|
||||||
Assert.assertTrue("stderr output has " + stdErrLineCount + " lines", exe.stderrLines().size() == stdErrLineCount);
|
try {
|
||||||
|
Assert.assertTrue("stdout output has " + stdOutLineCount + " lines", exe.stdoutLines().size() == stdOutLineCount);
|
||||||
|
} catch (Throwable e) {
|
||||||
|
throw new AssertionError("STDOUT: " + exe.stdoutString(), e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (stdErrLineCount != -1) {
|
||||||
|
try {
|
||||||
|
Assert.assertTrue("stderr output has " + stdErrLineCount + " lines", exe.stderrLines().size() == stdErrLineCount);
|
||||||
|
} catch (Throwable e) {
|
||||||
|
throw new AssertionError("STDERR: " + exe.stderrString(), e);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -148,23 +148,6 @@ public class KcRegUpdateTest extends AbstractCliTest {
|
||||||
Assert.assertTrue("stderr is empty", exe.stderrLines().isEmpty());
|
Assert.assertTrue("stderr is empty", exe.stderrLines().isEmpty());
|
||||||
|
|
||||||
Assert.assertNull("my_client registration token", handler.loadConfig().ensureRealmConfigData(serverUrl, realm).getClients().get("my_client"));
|
Assert.assertNull("my_client registration token", handler.loadConfig().ensureRealmConfigData(serverUrl, realm).getClients().get("my_client"));
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// test update without registration access token to produce 'unsafe' error
|
|
||||||
exe = execute("update my_client --config '" + configFile.getName() + "' -o -s bearerOnly=true");
|
|
||||||
|
|
||||||
Assert.assertEquals("exitCode == 1", 1, exe.exitCode());
|
|
||||||
Assert.assertFalse("stderr is not empty", exe.stderrLines().isEmpty());
|
|
||||||
Assert.assertEquals("error message", "No Registration Access Token found for client: my_client. Provide one or use --unsafe.", exe.stderrLines().get(0));
|
|
||||||
|
|
||||||
|
|
||||||
// test using unsafe to perform update
|
|
||||||
exe = execute("update my_client --config '" + configFile.getName() + "' -o -s bearerOnly=true --unsafe");
|
|
||||||
|
|
||||||
Assert.assertEquals("exitCode == 0", 0, exe.exitCode());
|
|
||||||
Assert.assertTrue("stderr is empty", exe.stderrLines().isEmpty());
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue