test: added load authorization config test

3 years ago · 3a697caaef
5 changed files with 110 additions and 13 deletions
--- a/src/keycloak/authorization/permission.py
+++ b/src/keycloak/authorization/permission.py
@ -49,12 +49,12 @@ class Permission:
    def __init__(self, name, type, logic, decision_strategy):
        """Init method."""
        self._name = name
        self._type = type
        self._logic = logic
        self._decision_strategy = decision_strategy
        self._resources = []
        self._scopes = []
        self.name = name
        self.type = type
        self.logic = logic
        self.decision_strategy = decision_strategy
        self.resources = []
        self.scopes = []
    def __repr__(self):
        """Repr method."""
--- a/src/keycloak/authorization/policy.py
+++ b/src/keycloak/authorization/policy.py
@ -43,12 +43,12 @@ class Policy:
    def __init__(self, name, type, logic, decision_strategy):
        """Init method."""
        self._name = name
        self._type = type
        self._logic = logic
        self._decision_strategy = decision_strategy
        self._roles = []
        self._permissions = []
        self.name = name
        self.type = type
        self.logic = logic
        self.decision_strategy = decision_strategy
        self.roles = []
        self.permissions = []
    def __repr__(self):
        """Repr method."""
@ -99,11 +99,19 @@ class Policy:
        """Get roles."""
        return self._roles
    @roles.setter
    def roles(self, value):
        self._roles = value
    @property
    def permissions(self):
        """Get permissions."""
        return self._permissions
    @permissions.setter
    def permissions(self, value):
        self._permissions = value
    def add_role(self, role):
        """Add keycloak role in policy.
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -185,6 +185,14 @@ def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: Keycloak
            "serviceAccountsEnabled": True,
        }
    )
    admin.create_client_authz_role_based_policy(
        client_id=client_id,
        payload={
            "name": "test-authz-rb-policy",
            "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
        },
    )
    admin.create_client_authz_resource
    # Create user
    username = str(uuid.uuid4())
    password = str(uuid.uuid4())
--- a/tests/data/authz_settings.json
+++ b/tests/data/authz_settings.json
@ -0,0 +1,45 @@
 {
    "allowRemoteResourceManagement": true,
    "policyEnforcementMode": "ENFORCING",
    "policies": [
        {
            "name": "Default Policy",
            "type": "js",
            "logic": "POSITIVE",
            "decisionStrategy": "AFFIRMATIVE",
            "config": {
                "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
            }
        },
        {
            "name": "test-authz-rb-policy",
            "type": "role",
            "logic": "POSITIVE",
            "decisionStrategy": "UNANIMOUS",
            "config": {
                "roles": "[{\"id\":\"offline_access\",\"required\":false}]"
            }
        },
        {
            "name": "Default Permission",
            "type": "resource",
            "logic": "POSITIVE",
            "decisionStrategy": "UNANIMOUS",
            "config": {
                "applyPolicies": "[\"test-authz-rb-policy\"]"
            }
        },
        {
            "name": "Test scope",
            "type": "scope",
            "logic": "POSITIVE",
            "decisionStrategy": "UNANIMOUS",
            "config": {
                "scopes": "[]",
                "applyPolicies": "[\"test-authz-rb-policy\"]"
            }
        }
    ],
    "scopes": [],
    "decisionStrategy": "UNANIMOUS"
 }
--- a/tests/test_keycloak_openid.py
+++ b/tests/test_keycloak_openid.py
@ -4,8 +4,15 @@ from unittest import mock
 import pytest
 from keycloak.authorization import Authorization
 from keycloak.authorization.permission import Permission
 from keycloak.authorization.policy import Policy
 from keycloak.authorization.role import Role
 from keycloak.connection import ConnectionManager
 from keycloak.exceptions import KeycloakDeprecationError, KeycloakRPTNotFound
 from keycloak.exceptions import (
    KeycloakAuthenticationError,
    KeycloakDeprecationError,
    KeycloakRPTNotFound,
 )
 from keycloak.keycloak_admin import KeycloakAdmin
 from keycloak.keycloak_openid import KeycloakOpenID
@ -185,6 +192,18 @@ def test_exchange_token(
    assert token != new_token
 def test_logout(oid_with_credentials):
    """Test logout."""
    oid, username, password = oid_with_credentials
    token = oid.token(username=username, password=password)
    assert oid.userinfo(token=token["access_token"]) != dict()
    assert oid.logout(refresh_token=token["refresh_token"]) == dict()
    with pytest.raises(KeycloakAuthenticationError):
        oid.userinfo(token=token["access_token"])
 def test_certs(oid: KeycloakOpenID):
    """Test certificates."""
    assert len(oid.certs()["keys"]) == 2
@ -236,3 +255,20 @@ def test_decode_token(oid_with_credentials: tuple[KeycloakOpenID, str, str]):
        )["preferred_username"]
        == username
    )
 def test_load_authorization_config(
    oid_with_credentials_authz: tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
 ):
    """Test load authorization config."""
    oid, username, password = oid_with_credentials_authz
    oid.load_authorization_config(path="tests/data/authz_settings.json")
    assert "test-authz-rb-policy" in oid.authorization.policies
    assert isinstance(oid.authorization.policies["test-authz-rb-policy"], Policy)
    assert len(oid.authorization.policies["test-authz-rb-policy"].roles) == 1
    assert isinstance(oid.authorization.policies["test-authz-rb-policy"].roles[0], Role)
    assert len(oid.authorization.policies["test-authz-rb-policy"].permissions) == 2
    assert isinstance(
        oid.authorization.policies["test-authz-rb-policy"].permissions[0], Permission
    )