libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

[KEYCLOAK-8694] - Mark Drools policy as tech preview

Browse source
This commit is contained in:
Pedro Igor 2018-11-09 08:31:16 -02:00
parent 1ee6fd7130
commit cd96d6cc35
9 changed files with 38 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
View file

@ -11,18 +11,19 @@ import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
import org.kie.api.KieServices;
import org.kie.api.KieServices.Factory;
import org.kie.api.runtime.KieContainer;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePolicyRepresentation> {
public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePolicyRepresentation>, EnvironmentDependentProviderFactory {
private KieServices ks;
private final Map<String, DroolsPolicy> containers = Collections.synchronizedMap(new HashMap<>());
@ -123,7 +124,6 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
}
private void updateConfig(Policy policy, RulePolicyRepresentation representation) {
policy.putConfig("mavenArtifactGroupId", representation.getArtifactGroupId());
policy.putConfig("mavenArtifactId", representation.getArtifactId());
policy.putConfig("mavenArtifactVersion", representation.getArtifactVersion());
@ -131,7 +131,6 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
policy.putConfig("scannerPeriodUnit", representation.getScannerPeriodUnit());
policy.putConfig("sessionName", representation.getSessionName());
policy.putConfig("moduleName", representation.getModuleName());
}
void update(Policy policy) {
@ -150,4 +149,9 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
KieContainer getKieContainer(String groupId, String artifactId, String version) {
return this.ks.newKieContainer(this.ks.newReleaseId(groupId, artifactId, version));
}
@Override
public boolean isSupported() {
return Profile.isFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
}
}

3
common/src/main/java/org/keycloak/common/Profile.java
View file

@ -49,7 +49,8 @@ public class Profile {
IMPERSONATION(Type.DEFAULT),
OPENSHIFT_INTEGRATION(Type.DEFAULT),
SCRIPTS(Type.PREVIEW),
TOKEN_EXCHANGE(Type.PREVIEW);
TOKEN_EXCHANGE(Type.PREVIEW),
AUTHZ_DROOLS_POLICY(Type.PREVIEW);;
private Type type;

4
common/src/test/java/org/keycloak/common/ProfileTest.java
View file

@ -22,8 +22,8 @@ public class ProfileTest {
@Test
public void checkDefaults() {
Assert.assertEquals("community", Profile.getName());
assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE);
assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE);
assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY);
assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY);
assertEquals(Profile.getExperimentalFeatures(), Profile.Feature.ACCOUNT2);
}

7
services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
View file

@ -319,13 +319,6 @@ public class PolicyService {
return authorization.getProviderFactory(policyType);
}
private void findAssociatedPolicies(Policy policy, List<Policy> policies) {
policy.getAssociatedPolicies().forEach(associated -> {
policies.add(associated);
findAssociatedPolicies(associated, policies);
});
}
private void audit(AbstractPolicyRepresentation resource, String id, OperationType operation, KeycloakSession session) {
if (authorization.getRealm().isAdminEventsEnabled()) {
if (id != null) {

11
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
View file

@ -55,18 +55,11 @@
{
"name": "Only Owner Policy",
"description": "Defines that only the resource owner is allowed to do something",
"type": "rules",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"mavenArtifactVersion": "2.5.0.Final-SNAPSHOT",
"mavenArtifactId": "photoz-authz-policy",
"sessionName": "MainOwnerSession",
"mavenArtifactGroupId": "org.keycloak.testsuite",
"moduleName": "PhotozAuthzOwnerPolicy",
"applyPolicies": "[]",
"scannerPeriod": "1",
"scannerPeriodUnit": "Hours"
"code": "var permission = $evaluation.getPermission();\nvar identity = $evaluation.getContext().getIdentity();\nvar resource = permission.getResource();\nif (resource) {\nif (resource.getOwner().equals(identity.getId())) {\n$evaluation.grant();\n}}"
}
},
{

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
View file

@ -26,6 +26,7 @@ import org.keycloak.admin.client.resource.ResourceResource;
import org.keycloak.admin.client.resource.ResourceScopeResource;
import org.keycloak.admin.client.resource.ResourceScopesResource;
import org.keycloak.admin.client.resource.ResourcesResource;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
@ -34,6 +35,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import javax.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
@ -142,7 +144,13 @@ public class GenericPolicyManagementTest extends AbstractAuthorizationTest {
.policyProviders().stream().map(PolicyProviderRepresentation::getType).collect(Collectors.toList());
assertFalse(providers.isEmpty());
assertTrue(providers.containsAll(Arrays.asList(EXPECTED_BUILTIN_POLICY_PROVIDERS)));
List expected = new ArrayList(Arrays.asList(EXPECTED_BUILTIN_POLICY_PROVIDERS));
if (!Profile.isFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY)) {
expected.remove("rules");
}
assertTrue(providers.containsAll(expected));
}
private PolicyResource createTestingPolicy() {

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
View file

@ -28,10 +28,11 @@ import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.RulePoliciesResource;
import org.keycloak.admin.client.resource.RulePolicyResource;
import org.keycloak.common.Version;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
import org.keycloak.testsuite.ProfileAssume;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -40,11 +41,13 @@ public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
@Test
public void testCreate() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
assertCreated(getClient().authorization(), createDefaultRepresentation("Rule Policy"));
}
@Test
public void testUpdate() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
AuthorizationResource authorization = getClient().authorization();
RulePolicyRepresentation representation = createDefaultRepresentation("Update Rule Policy");
@ -69,6 +72,7 @@ public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
@Test
public void testDelete() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
AuthorizationResource authorization = getClient().authorization();
RulePolicyRepresentation representation = createDefaultRepresentation("Delete Rule Policy");

10
testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
View file

@ -54,17 +54,11 @@
{
"name": "Only Owner Policy",
"description": "Defines that only the resource owner is allowed to do something",
"type": "rules",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"mavenArtifactVersion": "${project.version}",
"mavenArtifactId": "photoz-authz-policy",
"sessionName": "MainOwnerSession",
"mavenArtifactGroupId": "org.keycloak.testsuite",
"moduleName": "PhotozAuthzOwnerPolicy",
"scannerPeriod": "1",
"scannerPeriodUnit": "Hours"
"code": "var permission = $evaluation.getPermission();\nvar identity = $evaluation.getContext().getIdentity();\nvar resource = permission.getResource();\nif (resource) {\nif (resource.getOwner().equals(identity.getId())) {\n$evaluation.grant();\n}}"
}
},
{

11
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RulePolicyManagementTest.java
View file

@ -20,9 +20,11 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.common.Version;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.console.page.clients.authorization.policy.RulePolicy;
/**
@ -31,7 +33,8 @@ import org.keycloak.testsuite.console.page.clients.authorization.policy.RulePoli
public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest {
@Test
public void testUpdate() throws InterruptedException {
public void testUpdate() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
authorizationPage.navigateTo();
RulePolicyRepresentation expected = createDefaultRepresentation("Test Rule Policy");
@ -59,7 +62,8 @@ public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest
}
@Test
public void testDelete() throws InterruptedException {
public void testDelete() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
authorizationPage.navigateTo();
RulePolicyRepresentation expected =createDefaultRepresentation("Delete Rule Policy");
@ -72,7 +76,8 @@ public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest
}
@Test
public void testDeleteFromList() throws InterruptedException {
public void testDeleteFromList() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
authorizationPage.navigateTo();
RulePolicyRepresentation expected =createDefaultRepresentation("Delete Rule Policy");