feat: Add policy delete method

1 year ago · 341c8bd112
3 changed files with 60 additions and 21 deletions
--- a/src/keycloak/keycloak_admin.py
+++ b/src/keycloak/keycloak_admin.py
@ -1661,6 +1661,42 @@ class KeycloakAdmin:
        )
        return raise_error_from_response(data_raw, KeycloakGetError)

+    def delete_client_authz_policy(self, client_id, policy_id):
+        """Delete a policy from client.
+
+        :param client_id: id in ClientRepresentation
+            https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
+        :type client_id: str
+        :param policy_id: id in PolicyRepresentation
+            https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_policyrepresentation
+        :type policy_id: str
+        :return: Keycloak server response
+        :rtype: dict
+        """
+        params_path = {"realm-name": self.realm_name, "id": client_id, "policy-id": policy_id}
+        data_raw = self.connection.raw_delete(
+            urls_patterns.URL_ADMIN_CLIENT_AUTHZ_POLICY.format(**params_path)
+        )
+        return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204])
+
+    def get_client_authz_policy(self, client_id, policy_id):
+        """Get a policy from client.
+
+        :param client_id: id in ClientRepresentation
+            https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
+        :type client_id: str
+        :param policy_id: id in PolicyRepresentation
+            https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_policyrepresentation
+        :type policy_id: str
+        :return: Keycloak server response
+        :rtype: dict
+        """
+        params_path = {"realm-name": self.realm_name, "id": client_id, "policy-id": policy_id}
+        data_raw = self.connection.raw_get(
+            urls_patterns.URL_ADMIN_CLIENT_AUTHZ_POLICY.format(**params_path)
+        )
+        return raise_error_from_response(data_raw, KeycloakGetError)
+
    def get_client_service_account_user(self, client_id):
        """Get service account user from client.

--- a/src/keycloak/urls_patterns.py
+++ b/src/keycloak/urls_patterns.py
@ -106,29 +106,21 @@ URL_ADMIN_CLIENT_DEFAULT_CLIENT_SCOPE = (
    URL_ADMIN_CLIENT_DEFAULT_CLIENT_SCOPES + "/{client_scope_id}"
 )

-URL_ADMIN_CLIENT_AUTHZ_SETTINGS = URL_ADMIN_CLIENT + "/authz/resource-server/settings"
-URL_ADMIN_CLIENT_AUTHZ_RESOURCES = URL_ADMIN_CLIENT + "/authz/resource-server/resource?max=-1"
-URL_ADMIN_CLIENT_AUTHZ_SCOPES = URL_ADMIN_CLIENT + "/authz/resource-server/scope?max=-1"
-URL_ADMIN_CLIENT_AUTHZ_PERMISSIONS = URL_ADMIN_CLIENT + "/authz/resource-server/permission?max=-1"
-URL_ADMIN_CLIENT_AUTHZ_POLICIES = (
-    URL_ADMIN_CLIENT + "/authz/resource-server/policy?max=-1&permission=false"
-)
-URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY = (
-    URL_ADMIN_CLIENT + "/authz/resource-server/policy/role?max=-1"
-)
+URL_ADMIN_CLIENT_AUTHZ = URL_ADMIN_CLIENT + "/authz/resource-server"
+URL_ADMIN_CLIENT_AUTHZ_SETTINGS = URL_ADMIN_CLIENT_AUTHZ + "/settings"
+URL_ADMIN_CLIENT_AUTHZ_RESOURCES = URL_ADMIN_CLIENT_AUTHZ + "/resource?max=-1"
+URL_ADMIN_CLIENT_AUTHZ_SCOPES = URL_ADMIN_CLIENT_AUTHZ + "/scope?max=-1"
+URL_ADMIN_CLIENT_AUTHZ_PERMISSIONS = URL_ADMIN_CLIENT_AUTHZ + "/permission?max=-1"
+URL_ADMIN_CLIENT_AUTHZ_POLICIES = URL_ADMIN_CLIENT_AUTHZ + "/policy?max=-1&permission=false"
+URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/role?max=-1"
 URL_ADMIN_CLIENT_AUTHZ_RESOURCE_BASED_PERMISSION = (
-    URL_ADMIN_CLIENT + "/authz/resource-server/permission/resource?max=-1"
-)
-URL_ADMIN_CLIENT_AUTHZ_POLICY_SCOPES = (
-    URL_ADMIN_CLIENT + "/authz/resource-server/policy/{policy-id}/scopes"
-)
-URL_ADMIN_CLIENT_AUTHZ_POLICY_RESOURCES = (
-    URL_ADMIN_CLIENT + "/authz/resource-server/policy/{policy-id}/resources"
-)
-URL_ADMIN_CLIENT_AUTHZ_SCOPE_PERMISSION = (
-    URL_ADMIN_CLIENT + "/authz/resource-server/permission/scope/{scope-id}"
+    URL_ADMIN_CLIENT_AUTHZ + "/permission/resource?max=-1"
 )
-URL_ADMIN_CLIENT_AUTHZ_CLIENT_POLICY = URL_ADMIN_CLIENT + "/authz/resource-server/policy/client"
+URL_ADMIN_CLIENT_AUTHZ_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/{policy-id}"
+URL_ADMIN_CLIENT_AUTHZ_POLICY_SCOPES = URL_ADMIN_CLIENT_AUTHZ_POLICY + "/scopes"
+URL_ADMIN_CLIENT_AUTHZ_POLICY_RESOURCES = URL_ADMIN_CLIENT_AUTHZ_POLICY + "/resources"
+URL_ADMIN_CLIENT_AUTHZ_SCOPE_PERMISSION = URL_ADMIN_CLIENT_AUTHZ + "/permission/scope/{scope-id}"
+URL_ADMIN_CLIENT_AUTHZ_CLIENT_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/client"

 URL_ADMIN_CLIENT_SERVICE_ACCOUNT_USER = URL_ADMIN_CLIENT + "/service-account-user"
 URL_ADMIN_CLIENT_CERTS = URL_ADMIN_CLIENT + "/certificates/{attr}"
--- a/tests/test_keycloak_admin.py
+++ b/tests/test_keycloak_admin.py
@ -832,6 +832,17 @@ def test_clients(admin: KeycloakAdmin, realm: str):
    ) == {"msg": "Already exists"}
    assert len(admin.get_client_authz_policies(client_id=auth_client_id)) == 2

+    res = admin.create_client_authz_role_based_policy(
+        client_id=auth_client_id,
+        payload={"name": "test-authz-rb-policy-delete", "roles": [{"id": role_id}]},
+    )
+    res2 = admin.get_client_authz_policy(client_id=auth_client_id, policy_id=res["id"])
+    assert res["id"] == res2["id"]
+    admin.delete_client_authz_policy(client_id=auth_client_id, policy_id=res["id"])
+    with pytest.raises(KeycloakGetError) as err:
+        admin.get_client_authz_policy(client_id=auth_client_id, policy_id=res["id"])
+    assert err.match("404: b''")
+
    # Test authz permissions
    res = admin.get_client_authz_permissions(client_id=auth_client_id)
    assert len(res) == 1, res