KEYCLOAK-3006 Fix admin event inconsistencies related to roles (points 1,3,4,15,16 from JIRA)
This commit is contained in:
parent
022be3aee5
commit
882dbc3f25
17 changed files with 142 additions and 105 deletions
|
@ -43,6 +43,7 @@ import javax.ws.rs.core.UriInfo;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
@ -196,12 +197,15 @@ public class ClientRoleMappingsResource {
|
||||||
|
|
||||||
if (roles == null) {
|
if (roles == null) {
|
||||||
Set<RoleModel> roleModels = user.getClientRoleMappings(client);
|
Set<RoleModel> roleModels = user.getClientRoleMappings(client);
|
||||||
|
roles = new LinkedList<>();
|
||||||
|
|
||||||
for (RoleModel roleModel : roleModels) {
|
for (RoleModel roleModel : roleModels) {
|
||||||
if (!(roleModel.getContainer() instanceof ClientModel)) {
|
if (roleModel.getContainer() instanceof ClientModel) {
|
||||||
ClientModel client = (ClientModel) roleModel.getContainer();
|
ClientModel client = (ClientModel) roleModel.getContainer();
|
||||||
if (!client.getId().equals(this.client.getId())) continue;
|
if (!client.getId().equals(this.client.getId())) continue;
|
||||||
}
|
}
|
||||||
user.deleteRoleMapping(roleModel);
|
user.deleteRoleMapping(roleModel);
|
||||||
|
roles.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
@ -220,6 +224,7 @@ public class ClientRoleMappingsResource {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -226,9 +226,7 @@ public class RoleByIdResource extends RoleResource {
|
||||||
auth.requireManage();
|
auth.requireManage();
|
||||||
|
|
||||||
RoleModel role = getRoleModel(id);
|
RoleModel role = getRoleModel(id);
|
||||||
deleteComposites(roles, role);
|
deleteComposites(adminEvent, uriInfo, roles, role);
|
||||||
|
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -115,7 +115,8 @@ public class RoleContainerResource extends RoleResource {
|
||||||
boolean scopeParamRequired = rep.isScopeParamRequired()==null ? false : rep.isScopeParamRequired();
|
boolean scopeParamRequired = rep.isScopeParamRequired()==null ? false : rep.isScopeParamRequired();
|
||||||
role.setScopeParamRequired(scopeParamRequired);
|
role.setScopeParamRequired(scopeParamRequired);
|
||||||
|
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getId()).representation(rep).success();
|
rep.setId(role.getId());
|
||||||
|
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getName()).representation(rep).success();
|
||||||
|
|
||||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
|
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
|
||||||
} catch (ModelDuplicateException e) {
|
} catch (ModelDuplicateException e) {
|
||||||
|
@ -332,8 +333,7 @@ public class RoleContainerResource extends RoleResource {
|
||||||
if (role == null) {
|
if (role == null) {
|
||||||
throw new NotFoundException("Could not find role");
|
throw new NotFoundException("Could not find role");
|
||||||
}
|
}
|
||||||
deleteComposites(roles, role);
|
deleteComposites(adminEvent, uriInfo, roles, role);
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,6 +50,7 @@ import javax.ws.rs.core.UriInfo;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
@ -236,8 +237,9 @@ public class RoleMapperResource {
|
||||||
throw new NotFoundException("Role not found");
|
throw new NotFoundException("Role not found");
|
||||||
}
|
}
|
||||||
roleMapper.grantRole(roleModel);
|
roleMapper.grantRole(roleModel);
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getId()).representation(roles).success();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -258,10 +260,13 @@ public class RoleMapperResource {
|
||||||
logger.debug("deleteRealmRoleMappings");
|
logger.debug("deleteRealmRoleMappings");
|
||||||
if (roles == null) {
|
if (roles == null) {
|
||||||
Set<RoleModel> roleModels = roleMapper.getRealmRoleMappings();
|
Set<RoleModel> roleModels = roleMapper.getRealmRoleMappings();
|
||||||
|
roles = new LinkedList<>();
|
||||||
|
|
||||||
for (RoleModel roleModel : roleModels) {
|
for (RoleModel roleModel : roleModels) {
|
||||||
roleMapper.deleteRoleMapping(roleModel);
|
roleMapper.deleteRoleMapping(roleModel);
|
||||||
|
roles.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||||
}
|
}
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
|
|
||||||
} else {
|
} else {
|
||||||
for (RoleRepresentation role : roles) {
|
for (RoleRepresentation role : roles) {
|
||||||
RoleModel roleModel = realm.getRole(role.getName());
|
RoleModel roleModel = realm.getRole(role.getName());
|
||||||
|
@ -276,11 +281,12 @@ public class RoleMapperResource {
|
||||||
throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()),
|
throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()),
|
||||||
Response.Status.BAD_REQUEST);
|
Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, role.getId()).representation(roles).success();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("clients/{client}")
|
@Path("clients/{client}")
|
||||||
|
|
|
@ -65,9 +65,9 @@ public abstract class RoleResource {
|
||||||
throw new NotFoundException("Could not find composite role");
|
throw new NotFoundException("Could not find composite role");
|
||||||
}
|
}
|
||||||
role.addCompositeRole(composite);
|
role.addCompositeRole(composite);
|
||||||
|
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, rep.getId()).representation(roles).success();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Set<RoleRepresentation> getRoleComposites(RoleModel role) {
|
protected Set<RoleRepresentation> getRoleComposites(RoleModel role) {
|
||||||
|
@ -102,7 +102,7 @@ public abstract class RoleResource {
|
||||||
return composites;
|
return composites;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void deleteComposites(List<RoleRepresentation> roles, RoleModel role) {
|
protected void deleteComposites(AdminEventBuilder adminEvent, UriInfo uriInfo, List<RoleRepresentation> roles, RoleModel role) {
|
||||||
for (RoleRepresentation rep : roles) {
|
for (RoleRepresentation rep : roles) {
|
||||||
RoleModel composite = realm.getRoleById(rep.getId());
|
RoleModel composite = realm.getRoleById(rep.getId());
|
||||||
if (composite == null) {
|
if (composite == null) {
|
||||||
|
@ -110,5 +110,7 @@ public abstract class RoleResource {
|
||||||
}
|
}
|
||||||
role.removeCompositeRole(composite);
|
role.removeCompositeRole(composite);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,6 +38,7 @@ import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
@ -151,8 +152,9 @@ public class ScopeMappedClientResource {
|
||||||
throw new NotFoundException("Role not found");
|
throw new NotFoundException("Role not found");
|
||||||
}
|
}
|
||||||
scopeContainer.addScopeMapping(roleModel);
|
scopeContainer.addScopeMapping(roleModel);
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), roleModel.getId()).representation(roles).success();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -171,10 +173,13 @@ public class ScopeMappedClientResource {
|
||||||
|
|
||||||
if (roles == null) {
|
if (roles == null) {
|
||||||
Set<RoleModel> roleModels = KeycloakModelUtils.getClientScopeMappings(scopedClient, scopeContainer);//scopedClient.getClientScopeMappings(client);
|
Set<RoleModel> roleModels = KeycloakModelUtils.getClientScopeMappings(scopedClient, scopeContainer);//scopedClient.getClientScopeMappings(client);
|
||||||
|
roles = new LinkedList<>();
|
||||||
|
|
||||||
for (RoleModel roleModel : roleModels) {
|
for (RoleModel roleModel : roleModels) {
|
||||||
scopeContainer.deleteScopeMapping(roleModel);
|
scopeContainer.deleteScopeMapping(roleModel);
|
||||||
|
roles.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||||
}
|
}
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
|
|
||||||
} else {
|
} else {
|
||||||
for (RoleRepresentation role : roles) {
|
for (RoleRepresentation role : roles) {
|
||||||
RoleModel roleModel = scopedClient.getRole(role.getName());
|
RoleModel roleModel = scopedClient.getRole(role.getName());
|
||||||
|
@ -182,8 +187,9 @@ public class ScopeMappedClientResource {
|
||||||
throw new NotFoundException("Role not found");
|
throw new NotFoundException("Role not found");
|
||||||
}
|
}
|
||||||
scopeContainer.deleteScopeMapping(roleModel);
|
scopeContainer.deleteScopeMapping(roleModel);
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri(), roleModel.getId()).representation(roles).success();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,6 +42,7 @@ import javax.ws.rs.core.MediaType;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
@ -220,8 +221,9 @@ public class ScopeMappedResource {
|
||||||
throw new NotFoundException("Role not found");
|
throw new NotFoundException("Role not found");
|
||||||
}
|
}
|
||||||
scopeContainer.addScopeMapping(roleModel);
|
scopeContainer.addScopeMapping(roleModel);
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), role.getId()).representation(roles).success();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -241,10 +243,13 @@ public class ScopeMappedResource {
|
||||||
|
|
||||||
if (roles == null) {
|
if (roles == null) {
|
||||||
Set<RoleModel> roleModels = scopeContainer.getRealmScopeMappings();
|
Set<RoleModel> roleModels = scopeContainer.getRealmScopeMappings();
|
||||||
|
roles = new LinkedList<>();
|
||||||
|
|
||||||
for (RoleModel roleModel : roleModels) {
|
for (RoleModel roleModel : roleModels) {
|
||||||
scopeContainer.deleteScopeMapping(roleModel);
|
scopeContainer.deleteScopeMapping(roleModel);
|
||||||
|
roles.add(ModelToRepresentation.toRepresentation(roleModel));
|
||||||
}
|
}
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
|
|
||||||
} else {
|
} else {
|
||||||
for (RoleRepresentation role : roles) {
|
for (RoleRepresentation role : roles) {
|
||||||
RoleModel roleModel = realm.getRoleById(role.getId());
|
RoleModel roleModel = realm.getRoleById(role.getId());
|
||||||
|
@ -252,10 +257,11 @@ public class ScopeMappedResource {
|
||||||
throw new NotFoundException("Client not found");
|
throw new NotFoundException("Client not found");
|
||||||
}
|
}
|
||||||
scopeContainer.deleteScopeMapping(roleModel);
|
scopeContainer.deleteScopeMapping(roleModel);
|
||||||
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri(), roleModel.getId()).representation(roles).success();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("clients/{client}")
|
@Path("clients/{client}")
|
||||||
|
|
|
@ -17,7 +17,6 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.admin;
|
package org.keycloak.testsuite.admin;
|
||||||
|
|
||||||
import org.hamcrest.Matchers;
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.admin.client.resource.ClientResource;
|
import org.keycloak.admin.client.resource.ClientResource;
|
||||||
|
@ -43,10 +42,8 @@ import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.keycloak.services.resources.admin.ScopeMappedResource;
|
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||||
import org.keycloak.testsuite.util.AssertAdminEvents;
|
|
||||||
import org.keycloak.testsuite.util.ClientBuilder;
|
import org.keycloak.testsuite.util.ClientBuilder;
|
||||||
import org.keycloak.testsuite.util.CredentialBuilder;
|
import org.keycloak.testsuite.util.CredentialBuilder;
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
|
@ -154,7 +151,7 @@ public class ClientTest extends AbstractAdminTest {
|
||||||
RoleRepresentation role = new RoleRepresentation("test", "test", false);
|
RoleRepresentation role = new RoleRepresentation("test", "test", false);
|
||||||
realm.clients().get(id).roles().create(role);
|
realm.clients().get(id).roles().create(role);
|
||||||
|
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, Matchers.startsWith(AdminEventPaths.clientRolesResourcePath(id)), role);
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(id, "test"), role);
|
||||||
|
|
||||||
ClientRepresentation foundClientRep = realm.clients().get(id).toRepresentation();
|
ClientRepresentation foundClientRep = realm.clients().get(id).toRepresentation();
|
||||||
foundClientRep.setDefaultRoles(new String[]{"test"});
|
foundClientRep.setDefaultRoles(new String[]{"test"});
|
||||||
|
@ -327,28 +324,24 @@ public class ClientTest extends AbstractAdminTest {
|
||||||
realm.roles().create(roleRep1);
|
realm.roles().create(roleRep1);
|
||||||
realm.roles().create(roleRep2);
|
realm.roles().create(roleRep2);
|
||||||
|
|
||||||
AssertAdminEvents.ExpectedAdminEvent adminEvent = assertAdminEvents.expect()
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role1"), roleRep1);
|
||||||
.realmId(realmId)
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role2"), roleRep2);
|
||||||
.operationType(OperationType.CREATE)
|
|
||||||
.resourcePath(Matchers.startsWith(AdminEventPaths.rolesResourcePath()));
|
|
||||||
adminEvent.representation(roleRep1).assertEvent();
|
|
||||||
adminEvent.representation(roleRep2).assertEvent();
|
|
||||||
|
|
||||||
roleRep1 = realm.roles().get("role1").toRepresentation();
|
roleRep1 = realm.roles().get("role1").toRepresentation();
|
||||||
roleRep2 = realm.roles().get("role2").toRepresentation();
|
roleRep2 = realm.roles().get("role2").toRepresentation();
|
||||||
|
|
||||||
realm.roles().get("role1").addComposites(Collections.singletonList(roleRep2));
|
realm.roles().get("role1").addComposites(Collections.singletonList(roleRep2));
|
||||||
|
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, Matchers.startsWith(AdminEventPaths.roleResourceCompositesPath("role1")));
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2));
|
||||||
|
|
||||||
String accountMgmtId = realm.clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId();
|
String accountMgmtId = realm.clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId();
|
||||||
RoleRepresentation viewAccountRoleRep = realm.clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation();
|
RoleRepresentation viewAccountRoleRep = realm.clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation();
|
||||||
|
|
||||||
scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
|
scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id) + "/" + roleRep1.getId());
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1));
|
||||||
|
|
||||||
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
|
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId) + "/" + viewAccountRoleRep.getId());
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep));
|
||||||
|
|
||||||
Assert.assertNames(scopesResource.realmLevel().listAll(), "role1");
|
Assert.assertNames(scopesResource.realmLevel().listAll(), "role1");
|
||||||
Assert.assertNames(scopesResource.realmLevel().listEffective(), "role1", "role2");
|
Assert.assertNames(scopesResource.realmLevel().listEffective(), "role1", "role2");
|
||||||
|
@ -362,10 +355,10 @@ public class ClientTest extends AbstractAdminTest {
|
||||||
Assert.assertNames(scopesResource.getAll().getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE);
|
Assert.assertNames(scopesResource.getAll().getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE);
|
||||||
|
|
||||||
scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
|
scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id) + "/" + roleRep1.getId());
|
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1));
|
||||||
|
|
||||||
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
|
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId) + "/" + viewAccountRoleRep.getId());
|
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep));
|
||||||
|
|
||||||
Assert.assertNames(scopesResource.realmLevel().listAll());
|
Assert.assertNames(scopesResource.realmLevel().listAll());
|
||||||
Assert.assertNames(scopesResource.realmLevel().listEffective());
|
Assert.assertNames(scopesResource.realmLevel().listEffective());
|
||||||
|
|
|
@ -17,7 +17,6 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.admin;
|
package org.keycloak.testsuite.admin;
|
||||||
|
|
||||||
import org.hamcrest.Matchers;
|
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.admin.client.resource.RoleByIdResource;
|
import org.keycloak.admin.client.resource.RoleByIdResource;
|
||||||
|
@ -120,9 +119,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
|
||||||
l.add(RoleBuilder.create().id(ids.get("role-c")).build());
|
l.add(RoleBuilder.create().id(ids.get("role-c")).build());
|
||||||
resource.addComposites(ids.get("role-a"), l);
|
resource.addComposites(ids.get("role-a"), l);
|
||||||
|
|
||||||
// TODO adminEvents: Fix once composite roles events will be fixed...
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l);
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, Matchers.startsWith(AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a"))));
|
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, Matchers.startsWith(AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a"))));
|
|
||||||
|
|
||||||
Set<RoleRepresentation> composites = resource.getRoleComposites(ids.get("role-a"));
|
Set<RoleRepresentation> composites = resource.getRoleComposites(ids.get("role-a"));
|
||||||
|
|
||||||
|
@ -136,7 +133,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
|
||||||
Assert.assertNames(clientComposites, "role-c");
|
Assert.assertNames(clientComposites, "role-c");
|
||||||
|
|
||||||
resource.deleteComposites(ids.get("role-a"), l);
|
resource.deleteComposites(ids.get("role-a"), l);
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")));
|
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l);
|
||||||
|
|
||||||
assertFalse(resource.getRole(ids.get("role-a")).isComposite());
|
assertFalse(resource.getRole(ids.get("role-a")).isComposite());
|
||||||
assertEquals(0, resource.getRoleComposites(ids.get("role-a")).size());
|
assertEquals(0, resource.getRoleComposites(ids.get("role-a")).size());
|
||||||
|
|
|
@ -796,14 +796,16 @@ public class UserTest extends AbstractAdminTest {
|
||||||
l.add(realm.roles().get("realm-role").toRepresentation());
|
l.add(realm.roles().get("realm-role").toRepresentation());
|
||||||
l.add(realm.roles().get("realm-composite").toRepresentation());
|
l.add(realm.roles().get("realm-composite").toRepresentation());
|
||||||
roles.realmLevel().add(l);
|
roles.realmLevel().add(l);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.userRealmRoleMappingsPath(userId)));
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userRealmRoleMappingsPath(userId), l);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.userRealmRoleMappingsPath(userId)));
|
|
||||||
|
|
||||||
// Add client roles
|
// Add client roles
|
||||||
roles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role").toRepresentation()));
|
List<RoleRepresentation> list = Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role").toRepresentation());
|
||||||
roles.clientLevel(clientUuid).add(Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-composite").toRepresentation()));
|
roles.clientLevel(clientUuid).add(list);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid)));
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), list);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid)));
|
|
||||||
|
list = Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-composite").toRepresentation());
|
||||||
|
roles.clientLevel(clientUuid).add(list);
|
||||||
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), list);
|
||||||
|
|
||||||
// List realm roles
|
// List realm roles
|
||||||
assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite", "user", "offline_access");
|
assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite", "user", "offline_access");
|
||||||
|
@ -825,16 +827,14 @@ public class UserTest extends AbstractAdminTest {
|
||||||
// Remove realm role
|
// Remove realm role
|
||||||
RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
|
RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
|
||||||
roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
|
roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
|
||||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userRealmRoleMappingsPath(userId) + "/" + realmRoleRep.getId());
|
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userRealmRoleMappingsPath(userId), Collections.singletonList(realmRoleRep));
|
||||||
|
|
||||||
assertNames(roles.realmLevel().listAll(), "realm-composite", "user", "offline_access");
|
assertNames(roles.realmLevel().listAll(), "realm-composite", "user", "offline_access");
|
||||||
|
|
||||||
// Remove client role
|
// Remove client role
|
||||||
RoleRepresentation clientRoleRep = realm.clients().get(clientUuid).roles().get("client-role").toRepresentation();
|
RoleRepresentation clientRoleRep = realm.clients().get(clientUuid).roles().get("client-role").toRepresentation();
|
||||||
roles.clientLevel(clientUuid).remove(Collections.singletonList(clientRoleRep));
|
roles.clientLevel(clientUuid).remove(Collections.singletonList(clientRoleRep));
|
||||||
|
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), Collections.singletonList(clientRoleRep));
|
||||||
// TODO: Inconsistency between event for delete realm role mapping and client role mapping (the latter doesn't have roleRep.getId() in the path)
|
|
||||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid));
|
|
||||||
|
|
||||||
assertNames(roles.clientLevel(clientUuid).listAll(), "client-composite");
|
assertNames(roles.clientLevel(clientUuid).listAll(), "client-composite");
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,6 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.admin.client;
|
package org.keycloak.testsuite.admin.client;
|
||||||
|
|
||||||
import org.hamcrest.Matchers;
|
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -27,7 +26,6 @@ import org.keycloak.events.admin.OperationType;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||||
import org.keycloak.testsuite.util.RoleBuilder;
|
|
||||||
|
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -75,15 +73,17 @@ public class ClientRolesTest extends AbstractClientTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAddRole() {
|
public void testAddRole() {
|
||||||
rolesRsc.create(makeRole("role1"));
|
RoleRepresentation role1 = makeRole("role1");
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.clientRolesResourcePath(clientDbId)));
|
rolesRsc.create(role1);
|
||||||
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role1"), role1);
|
||||||
assertTrue(hasRole(rolesRsc, "role1"));
|
assertTrue(hasRole(rolesRsc, "role1"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRemoveRole() {
|
public void testRemoveRole() {
|
||||||
rolesRsc.create(makeRole("role2"));
|
RoleRepresentation role2 = makeRole("role2");
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.clientRolesResourcePath(clientDbId)));
|
rolesRsc.create(role2);
|
||||||
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"), role2);
|
||||||
|
|
||||||
rolesRsc.deleteRole("role2");
|
rolesRsc.deleteRole("role2");
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"));
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"));
|
||||||
|
@ -93,25 +93,26 @@ public class ClientRolesTest extends AbstractClientTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testComposites() {
|
public void testComposites() {
|
||||||
rolesRsc.create(makeRole("role-a"));
|
RoleRepresentation roleA = makeRole("role-a");
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.clientRolesResourcePath(clientDbId)));
|
rolesRsc.create(roleA);
|
||||||
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-a"), roleA);
|
||||||
|
|
||||||
assertFalse(rolesRsc.get("role-a").toRepresentation().isComposite());
|
assertFalse(rolesRsc.get("role-a").toRepresentation().isComposite());
|
||||||
assertEquals(0, rolesRsc.get("role-a").getRoleComposites().size());
|
assertEquals(0, rolesRsc.get("role-a").getRoleComposites().size());
|
||||||
|
|
||||||
rolesRsc.create(makeRole("role-b"));
|
RoleRepresentation roleB = makeRole("role-b");
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.clientRolesResourcePath(clientDbId)));
|
rolesRsc.create(roleB);
|
||||||
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-b"), roleB);
|
||||||
|
|
||||||
testRealmResource().roles().create(makeRole("role-c"));
|
RoleRepresentation roleC = makeRole("role-c");
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.rolesResourcePath()));
|
testRealmResource().roles().create(roleC);
|
||||||
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath("role-c"), roleC);
|
||||||
|
|
||||||
List<RoleRepresentation> l = new LinkedList<>();
|
List<RoleRepresentation> l = new LinkedList<>();
|
||||||
l.add(rolesRsc.get("role-b").toRepresentation());
|
l.add(rolesRsc.get("role-b").toRepresentation());
|
||||||
l.add(testRealmResource().roles().get("role-c").toRepresentation());
|
l.add(testRealmResource().roles().get("role-c").toRepresentation());
|
||||||
rolesRsc.get("role-a").addComposites(l);
|
rolesRsc.get("role-a").addComposites(l);
|
||||||
// TODO adminEvents: Fix once composite roles events will be fixed...
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l);
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a")));
|
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a")));
|
|
||||||
|
|
||||||
Set<RoleRepresentation> composites = rolesRsc.get("role-a").getRoleComposites();
|
Set<RoleRepresentation> composites = rolesRsc.get("role-a").getRoleComposites();
|
||||||
|
|
||||||
|
@ -125,7 +126,7 @@ public class ClientRolesTest extends AbstractClientTest {
|
||||||
Assert.assertNames(clientComposites, "role-b");
|
Assert.assertNames(clientComposites, "role-b");
|
||||||
|
|
||||||
rolesRsc.get("role-a").deleteComposites(l);
|
rolesRsc.get("role-a").deleteComposites(l);
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"));
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l);
|
||||||
|
|
||||||
assertFalse(rolesRsc.get("role-a").toRepresentation().isComposite());
|
assertFalse(rolesRsc.get("role-a").toRepresentation().isComposite());
|
||||||
assertEquals(0, rolesRsc.get("role-a").getRoleComposites().size());
|
assertEquals(0, rolesRsc.get("role-a").getRoleComposites().size());
|
||||||
|
|
|
@ -26,7 +26,6 @@ import org.junit.Before;
|
||||||
import org.junit.FixMethodOrder;
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.runners.MethodSorters;
|
import org.junit.runners.MethodSorters;
|
||||||
import org.keycloak.admin.client.resource.ClientTemplateResource;
|
|
||||||
import org.keycloak.admin.client.resource.ClientTemplatesResource;
|
import org.keycloak.admin.client.resource.ClientTemplatesResource;
|
||||||
import org.keycloak.admin.client.resource.ProtocolMappersResource;
|
import org.keycloak.admin.client.resource.ProtocolMappersResource;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
|
|
|
@ -27,7 +27,6 @@ import javax.ws.rs.BadRequestException;
|
||||||
import javax.ws.rs.NotFoundException;
|
import javax.ws.rs.NotFoundException;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
import org.hamcrest.Matchers;
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.admin.client.resource.ClientTemplatesResource;
|
import org.keycloak.admin.client.resource.ClientTemplatesResource;
|
||||||
|
@ -162,7 +161,7 @@ public class ClientTemplateTest extends AbstractClientTest {
|
||||||
|
|
||||||
// Add role2 as composite to role1
|
// Add role2 as composite to role1
|
||||||
testRealmResource().roles().get("role1").addComposites(Collections.singletonList(roleRep2));
|
testRealmResource().roles().get("role1").addComposites(Collections.singletonList(roleRep2));
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.roleResourceCompositesPath("role1")));
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2));
|
||||||
|
|
||||||
// create client template
|
// create client template
|
||||||
ClientTemplateRepresentation templateRep = new ClientTemplateRepresentation();
|
ClientTemplateRepresentation templateRep = new ClientTemplateRepresentation();
|
||||||
|
@ -176,10 +175,10 @@ public class ClientTemplateTest extends AbstractClientTest {
|
||||||
RoleMappingResource scopesResource = clientTemplates().get(templateId).getScopeMappings();
|
RoleMappingResource scopesResource = clientTemplates().get(templateId).getScopeMappings();
|
||||||
|
|
||||||
scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
|
scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId) + "/" + roleRep1.getId());
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1));
|
||||||
|
|
||||||
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
|
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId) + "/" + viewAccountRoleRep.getId());
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep));
|
||||||
|
|
||||||
// test that scopes are available (also through composite role)
|
// test that scopes are available (also through composite role)
|
||||||
List<RoleRepresentation> allRealm = scopesResource.realmLevel().listAll();
|
List<RoleRepresentation> allRealm = scopesResource.realmLevel().listAll();
|
||||||
|
@ -198,10 +197,10 @@ public class ClientTemplateTest extends AbstractClientTest {
|
||||||
|
|
||||||
// remove scopes
|
// remove scopes
|
||||||
scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
|
scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId) + "/" + roleRep1.getId());
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1));
|
||||||
|
|
||||||
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
|
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId) + "/" + viewAccountRoleRep.getId());
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep));
|
||||||
|
|
||||||
// assert scopes are removed
|
// assert scopes are removed
|
||||||
allRealm = scopesResource.realmLevel().listAll();
|
allRealm = scopesResource.realmLevel().listAll();
|
||||||
|
@ -256,7 +255,7 @@ public class ClientTemplateTest extends AbstractClientTest {
|
||||||
|
|
||||||
// Add realm role to scopes of clientTemplate
|
// Add realm role to scopes of clientTemplate
|
||||||
clientTemplates().get(templateId).getScopeMappings().realmLevel().add(Collections.singletonList(roleRep));
|
clientTemplates().get(templateId).getScopeMappings().realmLevel().add(Collections.singletonList(roleRep));
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId) + "/" + roleRep.getId());
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep));
|
||||||
|
|
||||||
List<RoleRepresentation> roleReps = clientTemplates().get(templateId).getScopeMappings().realmLevel().listAll();
|
List<RoleRepresentation> roleReps = clientTemplates().get(templateId).getScopeMappings().realmLevel().listAll();
|
||||||
Assert.assertEquals(1, roleReps.size());
|
Assert.assertEquals(1, roleReps.size());
|
||||||
|
@ -279,7 +278,7 @@ public class ClientTemplateTest extends AbstractClientTest {
|
||||||
roleRep.setName(roleName);
|
roleRep.setName(roleName);
|
||||||
testRealmResource().roles().create(roleRep);
|
testRealmResource().roles().create(roleRep);
|
||||||
|
|
||||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, Matchers.startsWith(AdminEventPaths.rolesResourcePath()));
|
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), roleRep);
|
||||||
|
|
||||||
return testRealmResource().roles().get(roleName).toRepresentation();
|
return testRealmResource().roles().get(roleName).toRepresentation();
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@ import org.junit.Test;
|
||||||
import org.keycloak.admin.client.resource.RealmResource;
|
import org.keycloak.admin.client.resource.RealmResource;
|
||||||
import org.keycloak.admin.client.resource.RoleMappingResource;
|
import org.keycloak.admin.client.resource.RoleMappingResource;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
|
@ -109,7 +110,7 @@ public class GroupTest extends AbstractGroupTest {
|
||||||
RoleRepresentation role = new RoleRepresentation();
|
RoleRepresentation role = new RoleRepresentation();
|
||||||
role.setName("foo-role");
|
role.setName("foo-role");
|
||||||
realm.clients().get(client.getId()).roles().create(role);
|
realm.clients().get(client.getId()).roles().create(role);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.clientRolesResourcePath(clientUuid)), role);
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "foo-role"), role);
|
||||||
role = realm.clients().get(client.getId()).roles().get("foo-role").toRepresentation();
|
role = realm.clients().get(client.getId()).roles().get("foo-role").toRepresentation();
|
||||||
|
|
||||||
GroupRepresentation group = new GroupRepresentation();
|
GroupRepresentation group = new GroupRepresentation();
|
||||||
|
@ -119,7 +120,7 @@ public class GroupTest extends AbstractGroupTest {
|
||||||
List<RoleRepresentation> list = new LinkedList<>();
|
List<RoleRepresentation> list = new LinkedList<>();
|
||||||
list.add(role);
|
list.add(role);
|
||||||
realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list);
|
realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid));
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid), list);
|
||||||
|
|
||||||
realm.clients().get(client.getId()).remove();
|
realm.clients().get(client.getId()).remove();
|
||||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.clientResourcePath(clientUuid));
|
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.clientResourcePath(clientUuid));
|
||||||
|
@ -169,7 +170,7 @@ public class GroupTest extends AbstractGroupTest {
|
||||||
List<RoleRepresentation> roles = new LinkedList<>();
|
List<RoleRepresentation> roles = new LinkedList<>();
|
||||||
roles.add(topRole);
|
roles.add(topRole);
|
||||||
realm.groups().group(topGroup.getId()).roles().realmLevel().add(roles);
|
realm.groups().group(topGroup.getId()).roles().realmLevel().add(roles);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId())));
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId()), roles);
|
||||||
|
|
||||||
GroupRepresentation level2Group = new GroupRepresentation();
|
GroupRepresentation level2Group = new GroupRepresentation();
|
||||||
level2Group.setName("level2");
|
level2Group.setName("level2");
|
||||||
|
@ -196,7 +197,7 @@ public class GroupTest extends AbstractGroupTest {
|
||||||
roles.clear();
|
roles.clear();
|
||||||
roles.add(level2Role);
|
roles.add(level2Role);
|
||||||
realm.groups().group(level2Group.getId()).roles().realmLevel().add(roles);
|
realm.groups().group(level2Group.getId()).roles().realmLevel().add(roles);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId())));
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId()), roles);
|
||||||
|
|
||||||
GroupRepresentation level3Group = new GroupRepresentation();
|
GroupRepresentation level3Group = new GroupRepresentation();
|
||||||
level3Group.setName("level3");
|
level3Group.setName("level3");
|
||||||
|
@ -209,7 +210,7 @@ public class GroupTest extends AbstractGroupTest {
|
||||||
roles.clear();
|
roles.clear();
|
||||||
roles.add(level3Role);
|
roles.add(level3Role);
|
||||||
realm.groups().group(level3Group.getId()).roles().realmLevel().add(roles);
|
realm.groups().group(level3Group.getId()).roles().realmLevel().add(roles);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId())));
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId()), roles);
|
||||||
|
|
||||||
topGroup = realm.getGroupByPath("/top");
|
topGroup = realm.getGroupByPath("/top");
|
||||||
assertEquals(1, topGroup.getRealmRoles().size());
|
assertEquals(1, topGroup.getRealmRoles().size());
|
||||||
|
@ -417,14 +418,15 @@ public class GroupTest extends AbstractGroupTest {
|
||||||
l.add(realm.roles().get("realm-role").toRepresentation());
|
l.add(realm.roles().get("realm-role").toRepresentation());
|
||||||
l.add(realm.roles().get("realm-composite").toRepresentation());
|
l.add(realm.roles().get("realm-composite").toRepresentation());
|
||||||
roles.realmLevel().add(l);
|
roles.realmLevel().add(l);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.groupRolesRealmRolesPath(group.getId())));
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l);
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, Matchers.startsWith(AdminEventPaths.groupRolesRealmRolesPath(group.getId())));
|
|
||||||
|
|
||||||
// Add client roles
|
// Add client roles
|
||||||
roles.clientLevel(clientId).add(Collections.singletonList(realm.clients().get(clientId).roles().get("client-role").toRepresentation()));
|
RoleRepresentation clientRole = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
|
||||||
roles.clientLevel(clientId).add(Collections.singletonList(realm.clients().get(clientId).roles().get("client-composite").toRepresentation()));
|
RoleRepresentation clientComposite = realm.clients().get(clientId).roles().get("client-composite").toRepresentation();
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId));
|
roles.clientLevel(clientId).add(Collections.singletonList(clientRole));
|
||||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId));
|
roles.clientLevel(clientId).add(Collections.singletonList(clientComposite));
|
||||||
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole));
|
||||||
|
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite));
|
||||||
|
|
||||||
// List realm roles
|
// List realm roles
|
||||||
assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite");
|
assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite");
|
||||||
|
@ -443,16 +445,15 @@ public class GroupTest extends AbstractGroupTest {
|
||||||
assertNames(all.getClientMappings().get("myclient").getMappings(), "client-role", "client-composite");
|
assertNames(all.getClientMappings().get("myclient").getMappings(), "client-role", "client-composite");
|
||||||
|
|
||||||
// Remove realm role
|
// Remove realm role
|
||||||
// TODO adminEvents: DEleting group realmRole mapping has ID in the end. For deleting clientRole not.
|
|
||||||
RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
|
RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
|
||||||
roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
|
roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
|
||||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()) + "/" + realmRoleRep.getId());
|
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep));
|
||||||
assertNames(roles.realmLevel().listAll(), "realm-composite");
|
assertNames(roles.realmLevel().listAll(), "realm-composite");
|
||||||
|
|
||||||
// Remove client role
|
// Remove client role
|
||||||
RoleRepresentation clientRoleRep = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
|
RoleRepresentation clientRoleRep = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
|
||||||
roles.clientLevel(clientId).remove(Collections.singletonList(clientRoleRep));
|
roles.clientLevel(clientId).remove(Collections.singletonList(clientRoleRep));
|
||||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId));
|
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep));
|
||||||
assertNames(roles.clientLevel(clientId).listAll(), "client-composite");
|
assertNames(roles.clientLevel(clientId).listAll(), "client-composite");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,10 +17,8 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.admin.realm;
|
package org.keycloak.testsuite.admin.realm;
|
||||||
|
|
||||||
import org.hamcrest.Matchers;
|
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.admin.client.resource.RoleByIdResource;
|
|
||||||
import org.keycloak.admin.client.resource.RolesResource;
|
import org.keycloak.admin.client.resource.RolesResource;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
|
@ -80,12 +78,11 @@ public class RealmRolesTest extends AbstractAdminTest {
|
||||||
|
|
||||||
resource = adminClient.realm(REALM_NAME).roles();
|
resource = adminClient.realm(REALM_NAME).roles();
|
||||||
|
|
||||||
// ResourcePath for event for creating role contains roleID instead of roleName (looks like a bug...)
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA);
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(ids.get("role-a")), roleA);
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-b"), roleB);
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(ids.get("role-b")), roleB);
|
|
||||||
|
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), clientRep);
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), clientRep);
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, ids.get("role-c")), roleC);
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "role-c"), roleC);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -138,9 +135,8 @@ public class RealmRolesTest extends AbstractAdminTest {
|
||||||
l.add(RoleBuilder.create().id(ids.get("role-b")).build());
|
l.add(RoleBuilder.create().id(ids.get("role-b")).build());
|
||||||
l.add(RoleBuilder.create().id(ids.get("role-c")).build());
|
l.add(RoleBuilder.create().id(ids.get("role-c")).build());
|
||||||
resource.get("role-a").addComposites(l);
|
resource.get("role-a").addComposites(l);
|
||||||
// TODO adminEvents: Fix once composite roles events will be fixed...
|
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, Matchers.startsWith(AdminEventPaths.roleResourceCompositesPath("role-a")));
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role-a"), l);
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, Matchers.startsWith(AdminEventPaths.roleResourceCompositesPath("role-a")));
|
|
||||||
|
|
||||||
Set<RoleRepresentation> composites = resource.get("role-a").getRoleComposites();
|
Set<RoleRepresentation> composites = resource.get("role-a").getRoleComposites();
|
||||||
|
|
||||||
|
@ -154,7 +150,7 @@ public class RealmRolesTest extends AbstractAdminTest {
|
||||||
Assert.assertNames(clientComposites, "role-c");
|
Assert.assertNames(clientComposites, "role-c");
|
||||||
|
|
||||||
resource.get("role-a").deleteComposites(l);
|
resource.get("role-a").deleteComposites(l);
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"));
|
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"), l);
|
||||||
|
|
||||||
assertFalse(resource.get("role-a").toRepresentation().isComposite());
|
assertFalse(resource.get("role-a").toRepresentation().isComposite());
|
||||||
assertEquals(0, resource.get("role-a").getRoleComposites().size());
|
assertEquals(0, resource.get("role-a").getRoleComposites().size());
|
||||||
|
|
|
@ -282,7 +282,7 @@ public class RealmTest extends AbstractAdminTest {
|
||||||
public void deleteDefaultRole() {
|
public void deleteDefaultRole() {
|
||||||
RoleRepresentation role = new RoleRepresentation("test", "test", false);
|
RoleRepresentation role = new RoleRepresentation("test", "test", false);
|
||||||
realm.roles().create(role);
|
realm.roles().create(role);
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, Matchers.startsWith(AdminEventPaths.rolesResourcePath()));
|
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("test"), role);
|
||||||
|
|
||||||
assertNotNull(realm.roles().get("test").toRepresentation());
|
assertNotNull(realm.roles().get("test").toRepresentation());
|
||||||
|
|
||||||
|
|
|
@ -17,12 +17,18 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.util;
|
package org.keycloak.testsuite.util;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.core.type.TypeReference;
|
||||||
import org.hamcrest.Description;
|
import org.hamcrest.Description;
|
||||||
import org.hamcrest.Matcher;
|
import org.hamcrest.Matcher;
|
||||||
import org.hamcrest.Matchers;
|
import org.hamcrest.Matchers;
|
||||||
|
@ -37,7 +43,9 @@ import org.keycloak.jose.jws.JWSInputException;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.idm.AdminEventRepresentation;
|
import org.keycloak.representations.idm.AdminEventRepresentation;
|
||||||
import org.keycloak.representations.idm.AuthDetailsRepresentation;
|
import org.keycloak.representations.idm.AuthDetailsRepresentation;
|
||||||
|
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
@ -200,16 +208,34 @@ public class AssertAdminEvents implements TestRule {
|
||||||
Assert.assertEquals(expectedAuth.getClientId(), actualAuth.getClientId());
|
Assert.assertEquals(expectedAuth.getClientId(), actualAuth.getClientId());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Representation - compare the non-null fields of "expected" representation with the actual representation
|
// Representation comparison
|
||||||
if (expectedRep != null) {
|
if (expectedRep != null) {
|
||||||
if (actual.getRepresentation() == null) {
|
if (actual.getRepresentation() == null) {
|
||||||
Assert.fail("Expected representation " + expectedRep + " but no representation was available on actual event");
|
Assert.fail("Expected representation " + expectedRep + " but no representation was available on actual event");
|
||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
Object actualRep = JsonSerialization.readValue(actual.getRepresentation(), expectedRep.getClass());
|
|
||||||
|
|
||||||
if (expectedRep instanceof Map) {
|
if (expectedRep instanceof List) {
|
||||||
// Special comparing of representations of type map. All of "expected" must be available on "actual"
|
// List of roles. All must be available in actual representation
|
||||||
|
List<RoleRepresentation> expectedRoles = (List<RoleRepresentation>) expectedRep;
|
||||||
|
List<RoleRepresentation> actualRoles = JsonSerialization.readValue(new ByteArrayInputStream(actual.getRepresentation().getBytes()), new TypeReference<List<RoleRepresentation>>() {
|
||||||
|
});
|
||||||
|
|
||||||
|
Map<String, String> expectedRolesMap = new HashMap<>();
|
||||||
|
for (RoleRepresentation role : expectedRoles) {
|
||||||
|
expectedRolesMap.put(role.getId(), role.getName());
|
||||||
|
}
|
||||||
|
|
||||||
|
Map<String, String> actualRolesMap = new HashMap<>();
|
||||||
|
for (RoleRepresentation role : actualRoles) {
|
||||||
|
actualRolesMap.put(role.getId(), role.getName());
|
||||||
|
}
|
||||||
|
Assert.assertEquals(expectedRolesMap, actualRolesMap);
|
||||||
|
|
||||||
|
} else if (expectedRep instanceof Map) {
|
||||||
|
Object actualRep = JsonSerialization.readValue(actual.getRepresentation(), Map.class);
|
||||||
|
|
||||||
|
// Comparing of map representations. All of "expected" key-values must be available on "actual" map from the event
|
||||||
Map<?, ?> expectedRepMap = (Map) expectedRep;
|
Map<?, ?> expectedRepMap = (Map) expectedRep;
|
||||||
Map<?, ?> actualRepMap = (Map) actualRep;
|
Map<?, ?> actualRepMap = (Map) actualRep;
|
||||||
|
|
||||||
|
@ -221,7 +247,9 @@ public class AssertAdminEvents implements TestRule {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Reflection-baseed comparing for other types
|
Object actualRep = JsonSerialization.readValue(actual.getRepresentation(), expectedRep.getClass());
|
||||||
|
|
||||||
|
// Reflection-based comparing for other types - compare the non-null fields of "expected" representation with the "actual" representation from the event
|
||||||
for (Method method : Reflections.getAllDeclaredMethods(expectedRep.getClass())) {
|
for (Method method : Reflections.getAllDeclaredMethods(expectedRep.getClass())) {
|
||||||
if (method.getName().startsWith("get") || method.getName().startsWith("is")) {
|
if (method.getName().startsWith("get") || method.getName().startsWith("is")) {
|
||||||
Object expectedValue = Reflections.invokeMethod(method, expectedRep);
|
Object expectedValue = Reflections.invokeMethod(method, expectedRep);
|
||||||
|
|
Loading…
Reference in a new issue