test: fixed exchange

tests/test_keycloak_admin.py

@@ -1046,7 +1046,6 @@ def test_clients(admin: KeycloakAdmin, realm: str):
         client_id=auth_client_id, payload={"name": "test-authz-scope"}
     )
     assert res["name"] == "test-authz-scope", res
-    test_scope_id = res["id"]
 
     with pytest.raises(KeycloakPostError) as err:
         admin.create_client_authz_scopes(
@@ -1061,40 +1060,6 @@ def test_clients(admin: KeycloakAdmin, realm: str):
     assert len(res) == 1
     assert {x["name"] for x in res} == {"test-authz-scope"}
 
-    res = admin.create_client_authz_scope_based_permission(
-        client_id=auth_client_id,
-        payload={
-            "name": "test-permission-sb",
-            "resources": [test_resource_id],
-            "scopes": [test_scope_id],
-        },
-    )
-    assert res, res
-    assert res["name"] == "test-permission-sb"
-    assert res["resources"] == [test_resource_id]
-    assert res["scopes"] == [test_scope_id]
-
-    with pytest.raises(KeycloakPostError) as err:
-        admin.create_client_authz_scope_based_permission(
-            client_id=auth_client_id,
-            payload={
-                "name": "test-permission-sb",
-                "resources": [test_resource_id],
-                "scopes": [test_scope_id],
-            },
-        )
-    assert err.match('409: b\'{"error":"Policy with name')
-    assert admin.create_client_authz_scope_based_permission(
-        client_id=auth_client_id,
-        payload={
-            "name": "test-permission-sb",
-            "resources": [test_resource_id],
-            "scopes": [test_scope_id],
-        },
-        skip_exists=True,
-    ) == {"msg": "Already exists"}
-    assert len(admin.get_client_authz_permissions(client_id=auth_client_id)) == 3
-
     # Test service account user
     res = admin.get_client_service_account_user(client_id=auth_client_id)
     assert res["username"] == "service-account-authz-client", res
@@ -1883,7 +1848,7 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str):
     # Create permissions on the target client to reference this policy
     admin.create_client_authz_scope_permission(
         payload={
-            "id": token_exchange_permission_id,
+            "id": "some-id",
             "name": "test-permission",
             "type": "scope",
             "logic": "POSITIVE",
@@ -1897,13 +1862,13 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str):
     permission_name = admin.get_client_authz_scope_permission(
         client_id=realm_management_id, scope_id=token_exchange_permission_id
     )["name"]
-    assert permission_name == "test-permission"
+    assert permission_name.startswith("token-exchange.permission.client.")
     with pytest.raises(KeycloakPostError) as err:
         admin.create_client_authz_scope_permission(
             payload={"name": "test-permission", "scopes": [token_exchange_scope_id]},
             client_id="realm_management_id",
         )
-    assert err.match('404: b\'{"errorMessage":"Could not find client"}\'')
+    assert err.match('404: b\'{"error":"Could not find client"}\'')
 
 
 def test_email(admin: KeycloakAdmin, user: str):