From e49afb2d839f494a4700a77755296ffe7e12db54 Mon Sep 17 00:00:00 2001 From: Thomas Darimont Date: Thu, 4 Aug 2016 21:21:30 +0200 Subject: [PATCH] KEYCLOAK-3142 - Revised according to codereview Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0 to jpa-changelog-2.2.0. Corrected wrong ResourceType references in tests. Adapted AdminEvents copy-routines to be aware of resourceType attribute. Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource. Signed-off-by: Thomas Darimont --- .../META-INF/jpa-changelog-2.1.0.xml | 6 ----- .../META-INF/jpa-changelog-2.2.0.xml | 27 +++++++++++++++++++ .../META-INF/jpa-changelog-master.xml | 1 + .../events/mongo/MongoEventStoreProvider.java | 4 +++ .../admin/IdentityProvidersResource.java | 3 ++- .../admin/RoleContainerResource.java | 1 - .../admin/info/ServerInfoAdminResource.java | 3 ++- .../events/EventsListenerProvider.java | 1 + .../rest/TestingResourceProvider.java | 4 +++ .../admin/AttackDetectionResourceTest.java | 4 +-- .../keycloak/testsuite/admin/ClientTest.java | 6 ++--- .../admin/UserFederationMapperTest.java | 4 +-- .../testsuite/admin/UserFederationTest.java | 4 +-- .../keycloak/testsuite/admin/UserTest.java | 4 +-- .../admin/authentication/ExecutionTest.java | 2 +- .../admin/authentication/FlowTest.java | 2 +- .../authentication/RegistrationFlowTest.java | 2 +- .../admin/client/ClientTemplateTest.java | 10 +++---- .../event/AdminEventAuthDetailsTest.java | 2 ++ .../testsuite/admin/group/GroupTest.java | 18 ++++++------- .../testsuite/util/AssertAdminEvents.java | 4 +-- 21 files changed, 73 insertions(+), 39 deletions(-) create mode 100755 model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-2.1.0.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-2.1.0.xml index 777a36e6d8..eb4dd1f3b1 100755 --- a/model/jpa/src/main/resources/META-INF/jpa-changelog-2.1.0.xml +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-2.1.0.xml @@ -196,10 +196,4 @@ - - - - - - \ No newline at end of file diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml new file mode 100755 index 0000000000..63afbb2dcf --- /dev/null +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml @@ -0,0 +1,27 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml index 333ab762ef..55a52b60cb 100755 --- a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml @@ -35,4 +35,5 @@ + diff --git a/model/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java b/model/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java index 3e5c768cd4..e0f8512a5e 100755 --- a/model/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java +++ b/model/mongo/src/main/java/org/keycloak/events/mongo/MongoEventStoreProvider.java @@ -29,6 +29,7 @@ import org.keycloak.events.Event; import org.keycloak.events.EventQuery; import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventType; +import org.keycloak.events.admin.ResourceType; import java.util.HashMap; import java.util.Map; @@ -172,6 +173,9 @@ public class MongoEventStoreProvider implements EventStoreProvider { adminEvent.setTime(o.getLong("time")); adminEvent.setRealmId(o.getString("realmId")); adminEvent.setOperationType(OperationType.valueOf(o.getString("operationType"))); + if (o.getString("resourceType") != null) { + adminEvent.setResourceType(ResourceType.valueOf(o.getString("resourceType"))); + } setAuthDetails(adminEvent, o); adminEvent.setResourcePath(o.getString("resourcePath")); adminEvent.setError(o.getString("error")); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java index 953cb38712..958a8494e0 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java @@ -25,6 +25,7 @@ import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.connections.httpclient.HttpClientProvider; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; @@ -71,7 +72,7 @@ public class IdentityProvidersResource { this.session = session; this.auth = auth; this.auth.init(RealmAuth.Resource.IDENTITY_PROVIDER); - this.adminEvent = adminEvent; + this.adminEvent = adminEvent.resource(ResourceType.IDENTITY_PROVIDER); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java index 788921fac3..15e163dcad 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java @@ -172,7 +172,6 @@ public class RoleContainerResource extends RoleResource { throw new NotFoundException("Could not find client"); } - RoleRepresentation rep = getRole(roleName); RoleModel role = roleContainer.getRole(roleName); if (role == null) { throw new NotFoundException("Could not find role"); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java index d4312c8d44..a7195e12c7 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java @@ -36,6 +36,7 @@ import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.events.EventType; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.PasswordPolicy; import org.keycloak.policy.PasswordPolicyProvider; import org.keycloak.policy.PasswordPolicyProviderFactory; @@ -68,7 +69,7 @@ import org.keycloak.representations.info.ThemeInfoRepresentation; */ public class ServerInfoAdminResource { - private static final Map> ENUMS = createEnumsMap(EventType.class, OperationType.class); + private static final Map> ENUMS = createEnumsMap(EventType.class, OperationType.class, ResourceType.class); @Context private KeycloakSession session; diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/EventsListenerProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/EventsListenerProvider.java index 87606ca984..b0ea56af8d 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/EventsListenerProvider.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/events/EventsListenerProvider.java @@ -69,6 +69,7 @@ public class EventsListenerProvider implements EventListenerProvider { newEvent.setAuthDetails(adminEvent.getAuthDetails()); newEvent.setError(adminEvent.getError()); newEvent.setOperationType(adminEvent.getOperationType()); + newEvent.setResourceType(adminEvent.getResourceType()); newEvent.setRealmId(adminEvent.getRealmId()); newEvent.setRepresentation(adminEvent.getRepresentation()); newEvent.setResourcePath(adminEvent.getResourcePath()); diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java index bbc9f276ae..c65e85cb27 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java @@ -26,6 +26,7 @@ import org.keycloak.common.util.Time; import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.events.Event; import org.keycloak.events.admin.AdminEvent; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserSessionModel; @@ -492,6 +493,9 @@ public class TestingResourceProvider implements RealmResourceProvider { event.setAuthDetails(repToModel(rep.getAuthDetails())); event.setError(rep.getError()); event.setOperationType(OperationType.valueOf(rep.getOperationType())); + if (rep.getResourceType() != null) { + event.setResourceType(ResourceType.valueOf(rep.getResourceType())); + } event.setRealmId(rep.getRealmId()); event.setRepresentation(rep.getRepresentation()); event.setResourcePath(rep.getResourcePath()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java index edcaecbb86..531b55696c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java @@ -68,13 +68,13 @@ public class AttackDetectionResourceTest extends AbstractAdminTest { assertBruteForce(detection.bruteForceUserStatus("nosuchuser"), 0, false, false); detection.clearBruteForceForUser(findUser("test-user@localhost").getId()); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearBruteForceForUserPath(findUser("test-user@localhost").getId()), ResourceType.USER); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearBruteForceForUserPath(findUser("test-user@localhost").getId()), ResourceType.USER_LOGIN_FAILURE); assertBruteForce(detection.bruteForceUserStatus(findUser("test-user@localhost").getId()), 0, false, false); assertBruteForce(detection.bruteForceUserStatus(findUser("test-user2").getId()), 2, true, true); detection.clearAllBruteForce(); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearAllBruteForcePath(), ResourceType.USER); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearAllBruteForcePath(), ResourceType.USER_LOGIN_FAILURE); assertBruteForce(detection.bruteForceUserStatus(findUser("test-user@localhost").getId()), 0, false, false); assertBruteForce(detection.bruteForceUserStatus(findUser("test-user2").getId()), 0, false, false); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java index 1b7df9465c..4e2bdd94f5 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java @@ -158,7 +158,7 @@ public class ClientTest extends AbstractAdminTest { foundClientRep.setDefaultRoles(new String[]{"test"}); realm.clients().get(id).update(foundClientRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT_ROLE); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT); assertArrayEquals(new String[]{"test"}, realm.clients().get(id).toRepresentation().getDefaultRoles()); @@ -339,8 +339,8 @@ public class ClientTest extends AbstractAdminTest { realm.roles().create(roleRep1); realm.roles().create(roleRep2); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role1"), roleRep1, ResourceType.CLIENT_ROLE); - assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role2"), roleRep2, ResourceType.CLIENT_ROLE); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role1"), roleRep1, ResourceType.REALM_ROLE); + assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role2"), roleRep2, ResourceType.REALM_ROLE); roleRep1 = realm.roles().get("role1").toRepresentation(); roleRep2 = realm.roles().get("role2").toRepresentation(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java index 2ad95a80e8..6ee35a76c2 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java @@ -258,14 +258,14 @@ public class UserFederationMapperTest extends AbstractAdminTest { Map eventRep = new HashMap<>(); eventRep.put("action", "fedToKeycloak"); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", eventRep, ResourceType.USER_FEDERATION_MAPPER); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", eventRep, ResourceType.USER_FEDERATION_PROVIDER); // Try keycloak to fed result = ldapProviderResource().syncMapperData(mapperId, "keycloakToFed"); Assert.assertEquals("dummyKeycloakToFedSuccess mapper=some-dummy", result.getStatus()); eventRep.put("action", "keycloakToFed"); - assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", ResourceType.USER_FEDERATION_MAPPER); + assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", ResourceType.USER_FEDERATION_PROVIDER); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java index ef3544f3cb..8cef8a1bbc 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java @@ -296,7 +296,7 @@ public class UserFederationTest extends AbstractAdminTest { // update LDAP provider with kerberos ldapRep = userFederation().get(id).toRepresentation(); userFederation().get(id).update(ldapRep); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.REALM); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER); // Assert kerberos authenticator still REQUIRED kerberosExecution = findKerberosExecution(); @@ -305,7 +305,7 @@ public class UserFederationTest extends AbstractAdminTest { // Cleanup kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString()); realm.flows().updateExecutions("browser", kerberosExecution); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.REALM); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION); removeUserFederationProvider(id); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java index 58b66174db..dd5729a8a0 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java @@ -747,7 +747,7 @@ public class UserTest extends AbstractAdminTest { RequiredActionProviderRepresentation updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString()); updatePasswordReqAction.setDefaultAction(true); realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.USER); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.REQUIRED_ACTION); // Create user String userId = createUser("user1", "user1@localhost"); @@ -760,7 +760,7 @@ public class UserTest extends AbstractAdminTest { updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString()); updatePasswordReqAction.setDefaultAction(true); realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction); - assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.USER); + assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.REQUIRED_ACTION); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ExecutionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ExecutionTest.java index 35b06d603e..42015edce0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ExecutionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/ExecutionTest.java @@ -84,7 +84,7 @@ public class ExecutionTest extends AbstractAuthenticationTest { // add execution - should succeed params.put("provider", "idp-review-profile"); authMgmtResource.addExecution("Copy-of-browser", params); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params, ResourceType.AUTH_EXECUTION_FLOW); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params, ResourceType.AUTH_EXECUTION); // check execution was added List executionReps = authMgmtResource.getExecutions("Copy-of-browser"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java index de87a7a5a5..fc50bc6916 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java @@ -142,7 +142,7 @@ public class FlowTest extends AbstractAuthenticationTest { // delete non-built-in flow authMgmtResource.deleteFlow(found.getId()); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(found.getId()), ResourceType.AUTH_EXECUTION_FLOW); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(found.getId()), ResourceType.AUTH_FLOW); // check the deleted flow is no longer returned flows = authMgmtResource.getFlows(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RegistrationFlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RegistrationFlowTest.java index 30d6916b17..c38086ba01 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RegistrationFlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RegistrationFlowTest.java @@ -63,7 +63,7 @@ public class RegistrationFlowTest extends AbstractAuthenticationTest { // Should success to add execution under form flow authMgmtResource.addExecution("registrationForm2", data2); - assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("registrationForm2"), data2, ResourceType.AUTH_EXECUTION_FLOW); + assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("registrationForm2"), data2, ResourceType.AUTH_EXECUTION); } // TODO: More type-safety instead of passing generic maps diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java index 33cf14b115..113630a828 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java @@ -176,10 +176,10 @@ public class ClientTemplateTest extends AbstractClientTest { RoleMappingResource scopesResource = clientTemplates().get(templateId).getScopeMappings(); scopesResource.realmLevel().add(Collections.singletonList(roleRep1)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1), ResourceType.CLIENT_TEMPLATE); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING); scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_TEMPLATE); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING); // test that scopes are available (also through composite role) List allRealm = scopesResource.realmLevel().listAll(); @@ -198,10 +198,10 @@ public class ClientTemplateTest extends AbstractClientTest { // remove scopes scopesResource.realmLevel().remove(Collections.singletonList(roleRep1)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1), ResourceType.CLIENT_TEMPLATE); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING); scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_TEMPLATE); + assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING); // assert scopes are removed allRealm = scopesResource.realmLevel().listAll(); @@ -256,7 +256,7 @@ public class ClientTemplateTest extends AbstractClientTest { // Add realm role to scopes of clientTemplate clientTemplates().get(templateId).getScopeMappings().realmLevel().add(Collections.singletonList(roleRep)); - assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep), ResourceType.CLIENT_TEMPLATE); + assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep), ResourceType.REALM_SCOPE_MAPPING); List roleReps = clientTemplates().get(templateId).getScopeMappings().realmLevel().listAll(); Assert.assertEquals(1, roleReps.size()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java index 9413836c85..195f733665 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java @@ -27,6 +27,7 @@ import org.junit.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.events.admin.OperationType; +import org.keycloak.events.admin.ResourceType; import org.keycloak.models.AdminRoles; import org.keycloak.models.Constants; import org.keycloak.models.utils.KeycloakModelUtils; @@ -136,6 +137,7 @@ public class AdminEventAuthDetailsTest extends AbstractAuthTest { .realmId(realmUuid) .operationType(OperationType.UPDATE) .resourcePath(AdminEventPaths.userResourcePath(appUserId)) + .resourceType(ResourceType.USER) .representation(rep) .authDetails(expectedRealmId, expectedClientUuid, expectedUserId) .assertEvent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java index d8e13c89b4..f4553031c9 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java @@ -122,7 +122,7 @@ public class GroupTest extends AbstractGroupTest { List list = new LinkedList<>(); list.add(role); realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid), list, ResourceType.CLIENT_ROLE); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid), list, ResourceType.CLIENT_ROLE_MAPPING); realm.clients().get(client.getId()).remove(); assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.clientResourcePath(clientUuid), ResourceType.CLIENT); @@ -172,7 +172,7 @@ public class GroupTest extends AbstractGroupTest { List roles = new LinkedList<>(); roles.add(topRole); realm.groups().group(topGroup.getId()).roles().realmLevel().add(roles); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId()), roles, ResourceType.GROUP); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId()), roles, ResourceType.REALM_ROLE_MAPPING); GroupRepresentation level2Group = new GroupRepresentation(); level2Group.setName("level2"); @@ -199,7 +199,7 @@ public class GroupTest extends AbstractGroupTest { roles.clear(); roles.add(level2Role); realm.groups().group(level2Group.getId()).roles().realmLevel().add(roles); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId()), roles, ResourceType.REALM_ROLE); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId()), roles, ResourceType.REALM_ROLE_MAPPING); GroupRepresentation level3Group = new GroupRepresentation(); level3Group.setName("level3"); @@ -212,7 +212,7 @@ public class GroupTest extends AbstractGroupTest { roles.clear(); roles.add(level3Role); realm.groups().group(level3Group.getId()).roles().realmLevel().add(roles); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId()), roles, ResourceType.REALM_ROLE); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId()), roles, ResourceType.REALM_ROLE_MAPPING); topGroup = realm.getGroupByPath("/top"); assertEquals(1, topGroup.getRealmRoles().size()); @@ -420,15 +420,15 @@ public class GroupTest extends AbstractGroupTest { l.add(realm.roles().get("realm-role").toRepresentation()); l.add(realm.roles().get("realm-composite").toRepresentation()); roles.realmLevel().add(l); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l, ResourceType.REALM_ROLE); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l, ResourceType.REALM_ROLE_MAPPING); // Add client roles RoleRepresentation clientRole = realm.clients().get(clientId).roles().get("client-role").toRepresentation(); RoleRepresentation clientComposite = realm.clients().get(clientId).roles().get("client-composite").toRepresentation(); roles.clientLevel(clientId).add(Collections.singletonList(clientRole)); roles.clientLevel(clientId).add(Collections.singletonList(clientComposite)); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole), ResourceType.CLIENT_ROLE); - assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite), ResourceType.CLIENT_ROLE); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole), ResourceType.CLIENT_ROLE_MAPPING); + assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite), ResourceType.CLIENT_ROLE_MAPPING); // List realm roles assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite"); @@ -449,13 +449,13 @@ public class GroupTest extends AbstractGroupTest { // Remove realm role RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation(); roles.realmLevel().remove(Collections.singletonList(realmRoleRep)); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE_MAPPING); assertNames(roles.realmLevel().listAll(), "realm-composite"); // Remove client role RoleRepresentation clientRoleRep = realm.clients().get(clientId).roles().get("client-role").toRepresentation(); roles.clientLevel(clientId).remove(Collections.singletonList(clientRoleRep)); - assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE); + assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE_MAPPING); assertNames(roles.clientLevel(clientId).listAll(), "client-composite"); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java index 8813f707b4..c50c022837 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java @@ -162,7 +162,7 @@ public class AssertAdminEvents implements TestRule { } public ExpectedAdminEvent resourceType(ResourceType resourceType){ - this.resourceType = resourceType; + expected.setResourceType(resourceType.toString()); return this; } @@ -199,7 +199,7 @@ public class AssertAdminEvents implements TestRule { public AdminEventRepresentation assertEvent(AdminEventRepresentation actual) { Assert.assertEquals(expected.getRealmId(), actual.getRealmId()); Assert.assertThat(actual.getResourcePath(), resourcePath); - Assert.assertEquals(actual.getResourceType(), resourceType); + Assert.assertEquals(expected.getResourceType(), actual.getResourceType()); Assert.assertEquals(expected.getOperationType(), actual.getOperationType()); Assert.assertTrue(ObjectUtil.isEqualOrBothNull(expected.getError(), actual.getError()));