From 2f212c1350b0e87d34ae3bdd80be599327abb154 Mon Sep 17 00:00:00 2001 From: Erik Cederstrand Date: Thu, 16 Jun 2022 10:43:55 +0200 Subject: [PATCH] feat: Allow fetching existing policies before calling create_client_authz_client_policy() --- src/keycloak/keycloak_admin.py | 14 ++++++++++++++ tests/test_keycloak_admin.py | 10 +++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py index 942edc9..099f9fc 100644 --- a/src/keycloak/keycloak_admin.py +++ b/src/keycloak/keycloak_admin.py @@ -2891,6 +2891,20 @@ class KeycloakAdmin: ) return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[201]) + def get_client_authz_client_policies(self, client_id): + """ + Get policies for a given client. + + :param client_id: id in ClientRepresentation + https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation + :return: Keycloak server response (RoleRepresentation) + """ + params_path = {"realm-name": self.realm_name, "id": client_id} + data_raw = self.raw_get( + urls_patterns.URL_ADMIN_CLIENT_AUTHZ_CLIENT_POLICY.format(**params_path), + ) + return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200]) + def create_client_authz_client_policy(self, payload, client_id): """ Create a new policy for a given client. diff --git a/tests/test_keycloak_admin.py b/tests/test_keycloak_admin.py index 74cdc14..6f33e03 100644 --- a/tests/test_keycloak_admin.py +++ b/tests/test_keycloak_admin.py @@ -1225,16 +1225,24 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str): raise AssertionError("Missing client resource") # Create a client policy for source client + policy_name = "Exchange source client token with target client token" client_policy_id = admin.create_client_authz_client_policy( payload={ "type": "client", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", - "name": "Exchange source client token with target client token", + "name": policy_name, "clients": [source_client_id], }, client_id=realm_management_id, )["id"] + policies = admin.get_client_authz_client_policies(client_id=realm_management_id) + for policy in policies: + if policy["name"] == policy_name: + assert policy["clients"] == [source_client_id] + break + else: + raise AssertionError("Missing client policy") # Update permissions on the target client to reference this policy permission_name = admin.get_client_authz_scope_permission(