From ab295582790ca77105ab9c116be3d914edc1d9d9 Mon Sep 17 00:00:00 2001 From: Richard Nemeth Date: Mon, 13 Nov 2023 14:41:24 +0000 Subject: [PATCH] feat: realm changing helpers --- README.md | 3 +- src/keycloak/keycloak_admin.py | 16 +++++++ tests/conftest.py | 16 +++---- tests/test_keycloak_admin.py | 87 +++++++++++++++++++--------------- tests/test_keycloak_openid.py | 2 +- 5 files changed, 77 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index 4121e90..ecc3e2c 100644 --- a/README.md +++ b/README.md @@ -352,7 +352,8 @@ keycloak_admin.create_realm(payload={"realm": "demo"}, skip_exists=False) # Changing Realm keycloak_admin = KeycloakAdmin(realm_name="main", ...) keycloak_admin.get_users() # Get user in main realm -keycloak_admin.realm_name = "demo" # Change realm to 'demo' +keycloak_admin.change_current_realm("demo") # Change realm to 'demo' +keycloak_admin.get_current_realm() # Gives 'demo' keycloak_admin.get_users() # Get users in realm 'demo' keycloak_admin.create_user(...) # Creates a new user in 'demo' diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py index 88637d2..87ad78f 100644 --- a/src/keycloak/keycloak_admin.py +++ b/src/keycloak/keycloak_admin.py @@ -516,6 +516,22 @@ class KeycloakAdmin: query = query or {} return raise_error_from_response(self.connection.raw_get(url, **query), KeycloakGetError) + def get_current_realm(self) -> str: + """Return the currently configured realm. + + :returns: Currently configured realm name + :rtype: str + """ + return self.connection.realm_name + + def change_current_realm(self, realm_name: str) -> None: + """Change the current realm. + + :param realm_name: The name of the realm to be configured as current + :type realm_name: str + """ + self.connection.realm_name = realm_name + def import_realm(self, payload): """Import a new realm from a RealmRepresentation. diff --git a/tests/conftest.py b/tests/conftest.py index fcfdb4f..04449dd 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -183,7 +183,7 @@ def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin): :rtype: KeycloakOpenID """ # Set the realm - admin.realm_name = realm + admin.change_current_realm(realm) # Create client client = str(uuid.uuid4()) client_id = admin.create_client( @@ -219,7 +219,7 @@ def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin) :rtype: Tuple[KeycloakOpenID, str, str] """ # Set the realm - admin.realm_name = realm + admin.change_current_realm(realm) # Create client client = str(uuid.uuid4()) secret = str(uuid.uuid4()) @@ -276,7 +276,7 @@ def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: Keycloak :rtype: Tuple[KeycloakOpenID, str, str] """ # Set the realm - admin.realm_name = realm + admin.change_current_realm(realm) # Create client client = str(uuid.uuid4()) secret = str(uuid.uuid4()) @@ -354,7 +354,7 @@ def user(admin: KeycloakAdmin, realm: str) -> str: :yields: Keycloak user :rtype: str """ - admin.realm_name = realm + admin.change_current_realm(realm) username = str(uuid.uuid4()) user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"}) yield user_id @@ -372,7 +372,7 @@ def group(admin: KeycloakAdmin, realm: str) -> str: :yields: Keycloak group :rtype: str """ - admin.realm_name = realm + admin.change_current_realm(realm) group_name = str(uuid.uuid4()) group_id = admin.create_group(payload={"name": group_name}) yield group_id @@ -390,7 +390,7 @@ def client(admin: KeycloakAdmin, realm: str) -> str: :yields: Keycloak client id :rtype: str """ - admin.realm_name = realm + admin.change_current_realm(realm) client = str(uuid.uuid4()) client_id = admin.create_client(payload={"name": client, "clientId": client}) yield client_id @@ -410,7 +410,7 @@ def client_role(admin: KeycloakAdmin, realm: str, client: str) -> str: :yields: Keycloak client role :rtype: str """ - admin.realm_name = realm + admin.change_current_realm(realm) role = str(uuid.uuid4()) admin.create_client_role(client, {"name": role, "composite": False}) yield role @@ -432,7 +432,7 @@ def composite_client_role(admin: KeycloakAdmin, realm: str, client: str, client_ :yields: Composite client role :rtype: str """ - admin.realm_name = realm + admin.change_current_realm(realm) role = str(uuid.uuid4()) admin.create_client_role(client, {"name": role, "composite": True}) role_repr = admin.get_client_role(client, client_role) diff --git a/tests/test_keycloak_admin.py b/tests/test_keycloak_admin.py index e2925aa..c5aa6ff 100644 --- a/tests/test_keycloak_admin.py +++ b/tests/test_keycloak_admin.py @@ -192,6 +192,19 @@ def test_realms(admin: KeycloakAdmin): assert err.match('404: b\'{"error":"Realm not found."}\'') +def test_changing_of_realms(admin: KeycloakAdmin, realm: str): + """Test changing of realms. + + :param admin: Keycloak Admin client + :type admin: KeycloakAdmin + :param realm: Keycloak realm + :type realm: str + """ + assert admin.get_current_realm() == "master" + admin.change_current_realm(realm) + assert admin.get_current_realm() == realm + + def test_import_export_realms(admin: KeycloakAdmin, realm: str): """Test import and export of realms. @@ -200,7 +213,7 @@ def test_import_export_realms(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) realm_export = admin.export_realm(export_clients=True, export_groups_and_role=True) assert realm_export != dict(), realm_export @@ -228,7 +241,7 @@ def test_partial_import_realm(admin: KeycloakAdmin, realm: str): test_user = str(uuid.uuid4()) test_client = str(uuid.uuid4()) - admin.realm_name = realm + admin.change_current_realm(realm) client_id = admin.create_client(payload={"name": test_client, "clientId": test_client}) realm_export = admin.export_realm(export_clients=True, export_groups_and_role=False) @@ -271,7 +284,7 @@ def test_users(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Check no users present users = admin.get_users() @@ -369,7 +382,7 @@ def test_users_pagination(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) for ind in range(admin.PAGE_SIZE + 50): username = f"user_{ind}" @@ -393,7 +406,7 @@ def test_user_groups_pagination(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) user_id = admin.create_user( payload={"username": "username_1", "email": "username_1@test.test"} @@ -422,7 +435,7 @@ def test_idps(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Create IDP res = admin.create_idp( @@ -765,7 +778,7 @@ def test_clients(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Test get clients clients = admin.get_clients() @@ -1120,7 +1133,7 @@ def test_realm_roles(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Test get realm roles roles = admin.get_realm_roles() @@ -1369,7 +1382,7 @@ def test_client_scope_realm_roles(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Test get realm roles roles = admin.get_realm_roles() @@ -1435,7 +1448,7 @@ def test_client_scope_client_roles(admin: KeycloakAdmin, realm: str, client: str :param client: Keycloak client :type client: str """ - admin.realm_name = realm + admin.change_current_realm(realm) client_id = admin.create_client( payload={"name": "role-testing-client", "clientId": "role-testing-client"} @@ -1499,7 +1512,7 @@ def test_client_default_client_scopes(admin: KeycloakAdmin, realm: str, client: :param client: Keycloak client :type client: str """ - admin.realm_name = realm + admin.change_current_realm(realm) client_id = admin.create_client( payload={"name": "role-testing-client", "clientId": "role-testing-client"} @@ -1545,7 +1558,7 @@ def test_client_optional_client_scopes(admin: KeycloakAdmin, realm: str, client: :param client: Keycloak client :type client: str """ - admin.realm_name = realm + admin.change_current_realm(realm) client_id = admin.create_client( payload={"name": "role-testing-client", "clientId": "role-testing-client"} @@ -1760,7 +1773,7 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str): :raises AssertionError: In case of bad configuration """ # Test enabling token exchange between two confidential clients - admin.realm_name = realm + admin.change_current_realm(realm) # Create test clients source_client_id = admin.create_client( @@ -1936,7 +1949,7 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) res = admin.get_authentication_flows() assert len(res) <= 8, res @@ -2104,7 +2117,7 @@ def test_authentication_configs(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Test list of auth providers res = admin.get_authenticator_providers() @@ -2142,7 +2155,7 @@ def test_sync_users(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Only testing the error message with pytest.raises(KeycloakPostError) as err: @@ -2158,7 +2171,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Test get client scopes res = admin.get_client_scopes() @@ -2302,7 +2315,7 @@ def test_components(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) # Test get components res = admin.get_components() @@ -2359,7 +2372,7 @@ def test_keys(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) assert set(admin.get_keys()["active"].keys()) == {"AES", "HS256", "RS256", "RSA-OAEP"} assert {k["algorithm"] for k in admin.get_keys()["keys"]} == { "HS256", @@ -2377,7 +2390,7 @@ def test_admin_events(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) admin.create_client(payload={"name": "test", "clientId": "test"}) @@ -2393,7 +2406,7 @@ def test_user_events(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) events = admin.get_events() assert events == list() @@ -2481,7 +2494,7 @@ def test_get_required_actions(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) ractions = admin.get_required_actions() assert isinstance(ractions, list) for ra in ractions: @@ -2505,7 +2518,7 @@ def test_get_required_action_by_alias(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) ractions = admin.get_required_actions() ra = admin.get_required_action_by_alias("UPDATE_PASSWORD") assert ra in ractions @@ -2521,7 +2534,7 @@ def test_update_required_action(admin: KeycloakAdmin, realm: str): :param realm: Keycloak realm :type realm: str """ - admin.realm_name = realm + admin.change_current_realm(realm) ra = admin.get_required_action_by_alias("UPDATE_PASSWORD") old = copy.deepcopy(ra) ra["enabled"] = False @@ -2547,7 +2560,7 @@ def test_get_composite_client_roles_of_group( :param composite_client_role: Composite client role :type composite_client_role: str """ - admin.realm_name = realm + admin.change_current_realm(realm) role = admin.get_client_role(client, composite_client_role) admin.assign_group_client_roles(group_id=group, client_id=client, roles=[role]) result = admin.get_composite_client_roles_of_group(client, group) @@ -2570,7 +2583,7 @@ def test_get_role_client_level_children( :param client_role: Client role :type client_role: str """ - admin.realm_name = realm + admin.change_current_realm(realm) child = admin.get_client_role(client, client_role) parent = admin.get_client_role(client, composite_client_role) res = admin.get_role_client_level_children(client, parent["id"]) @@ -2589,7 +2602,7 @@ def test_upload_certificate(admin: KeycloakAdmin, realm: str, client: str, selfs :param selfsigned_cert: Selfsigned certificates :type selfsigned_cert: tuple """ - admin.realm_name = realm + admin.change_current_realm(realm) cert, _ = selfsigned_cert cert = cert.decode("utf-8").strip() admin.upload_certificate(client, cert) @@ -2610,7 +2623,7 @@ def test_get_bruteforce_status_for_user( :type realm: str """ oid, username, password = oid_with_credentials - admin.realm_name = realm + admin.change_current_realm(realm) # Turn on bruteforce protection res = admin.update_realm(realm_name=realm, payload={"bruteForceProtected": True}) @@ -2647,7 +2660,7 @@ def test_clear_bruteforce_attempts_for_user( :type realm: str """ oid, username, password = oid_with_credentials - admin.realm_name = realm + admin.change_current_realm(realm) # Turn on bruteforce protection res = admin.update_realm(realm_name=realm, payload={"bruteForceProtected": True}) @@ -2687,7 +2700,7 @@ def test_clear_bruteforce_attempts_for_all_users( :type realm: str """ oid, username, password = oid_with_credentials - admin.realm_name = realm + admin.change_current_realm(realm) # Turn on bruteforce protection res = admin.update_realm(realm_name=realm, payload={"bruteForceProtected": True}) @@ -2722,7 +2735,7 @@ def test_default_realm_role_present(realm: str, admin: KeycloakAdmin) -> None: :param admin: Keycloak admin :type admin: KeycloakAdmin """ - admin.realm_name = realm + admin.change_current_realm(realm) assert f"default-roles-{realm}" in [x["name"] for x in admin.get_realm_roles()] assert ( len([x["name"] for x in admin.get_realm_roles() if x["name"] == f"default-roles-{realm}"]) @@ -2738,7 +2751,7 @@ def test_get_default_realm_role_id(realm: str, admin: KeycloakAdmin) -> None: :param admin: Keycloak admin :type admin: KeycloakAdmin """ - admin.realm_name = realm + admin.change_current_realm(realm) assert ( admin.get_default_realm_role_id() == [x["id"] for x in admin.get_realm_roles() if x["name"] == f"default-roles-{realm}"][0] @@ -2753,7 +2766,7 @@ def test_realm_default_roles(admin: KeycloakAdmin, realm: str) -> None: :param admin: Keycloak admin :type admin: KeycloakAdmin """ - admin.realm_name = realm + admin.change_current_realm(realm) # Test listing all default realm roles roles = admin.get_realm_default_roles() @@ -2764,7 +2777,7 @@ def test_realm_default_roles(admin: KeycloakAdmin, realm: str) -> None: admin.realm_name = "doesnotexist" admin.get_realm_default_roles() assert err.match('404: b\'{"error":"Realm not found."}\'') - admin.realm_name = realm + admin.change_current_realm(realm) # Test removing a default realm role res = admin.remove_realm_default_roles(payload=[roles[0]]) @@ -2795,7 +2808,7 @@ def test_clear_keys_cache(realm: str, admin: KeycloakAdmin) -> None: :param admin: Keycloak admin :type admin: KeycloakAdmin """ - admin.realm_name = realm + admin.change_current_realm(realm) res = admin.clear_keys_cache() assert res == {} @@ -2808,7 +2821,7 @@ def test_clear_realm_cache(realm: str, admin: KeycloakAdmin) -> None: :param admin: Keycloak admin :type admin: KeycloakAdmin """ - admin.realm_name = realm + admin.change_current_realm(realm) res = admin.clear_realm_cache() assert res == {} @@ -2821,7 +2834,7 @@ def test_clear_user_cache(realm: str, admin: KeycloakAdmin) -> None: :param admin: Keycloak admin :type admin: KeycloakAdmin """ - admin.realm_name = realm + admin.change_current_realm(realm) res = admin.clear_user_cache() assert res == {} diff --git a/tests/test_keycloak_openid.py b/tests/test_keycloak_openid.py index 6ab9a8f..171d70d 100644 --- a/tests/test_keycloak_openid.py +++ b/tests/test_keycloak_openid.py @@ -186,7 +186,7 @@ def test_exchange_token( oid, username, password = oid_with_credentials # Allow impersonation - admin.realm_name = oid.realm_name + admin.change_current_realm(oid.realm_name) admin.assign_client_role( user_id=admin.get_user_id(username=username), client_id=admin.get_client_id(client_id="realm-management"),