|
|
|
@ -1227,8 +1227,9 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
|
|
|
|
# Authz resources |
|
|
|
res = admin.get_client_authz_resources(client_id=auth_client_id) |
|
|
|
assert len(res) == 1 |
|
|
|
assert res[0]["name"] == "Default Resource" |
|
|
|
assert len(res) in [0, 1] |
|
|
|
if len(res) == 1: |
|
|
|
assert res[0]["name"] == "Default Resource" |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
admin.get_client_authz_resources(client_id=client_id) |
|
|
|
@ -1258,8 +1259,8 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
) == {"msg": "Already exists"} |
|
|
|
|
|
|
|
res = admin.get_client_authz_resources(client_id=auth_client_id) |
|
|
|
assert len(res) == 2 |
|
|
|
assert {x["name"] for x in res} == {"Default Resource", "test-resource"} |
|
|
|
assert len(res) in [1, 2] |
|
|
|
assert {x["name"] for x in res}.issubset({"Default Resource", "test-resource"}) |
|
|
|
|
|
|
|
res = admin.create_client_authz_resource( |
|
|
|
client_id=auth_client_id, |
|
|
|
@ -1293,8 +1294,9 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
|
|
|
|
# Authz policies |
|
|
|
res = admin.get_client_authz_policies(client_id=auth_client_id) |
|
|
|
assert len(res) == 1, res |
|
|
|
assert res[0]["name"] == "Default Policy" |
|
|
|
assert len(res) in [0, 1], res |
|
|
|
if len(res) == 1: |
|
|
|
assert res[0]["name"] == "Default Policy" |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
admin.get_client_authz_policies(client_id="does-not-exist") |
|
|
|
@ -1320,7 +1322,7 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
payload={"name": "test-authz-rb-policy", "roles": [{"id": role_id}]}, |
|
|
|
skip_exists=True, |
|
|
|
) == {"msg": "Already exists"} |
|
|
|
assert len(admin.get_client_authz_policies(client_id=auth_client_id)) == 2 |
|
|
|
assert len(admin.get_client_authz_policies(client_id=auth_client_id)) in [1, 2] |
|
|
|
|
|
|
|
res = admin.create_client_authz_role_based_policy( |
|
|
|
client_id=auth_client_id, |
|
|
|
@ -1363,12 +1365,13 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
}, |
|
|
|
skip_exists=True, |
|
|
|
) == {"msg": "Already exists"} |
|
|
|
assert len(admin.get_client_authz_policies(client_id=auth_client_id)) == 3 |
|
|
|
assert len(admin.get_client_authz_policies(client_id=auth_client_id)) in [2, 3] |
|
|
|
|
|
|
|
# Test authz permissions |
|
|
|
res = admin.get_client_authz_permissions(client_id=auth_client_id) |
|
|
|
assert len(res) == 1, res |
|
|
|
assert res[0]["name"] == "Default Permission" |
|
|
|
assert len(res) in [0, 1], res |
|
|
|
if len(res) == 1: |
|
|
|
assert res[0]["name"] == "Default Permission" |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
admin.get_client_authz_permissions(client_id="does-not-exist") |
|
|
|
@ -1395,7 +1398,7 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
payload={"name": "test-permission-rb", "resources": [test_resource_id]}, |
|
|
|
skip_exists=True, |
|
|
|
) == {"msg": "Already exists"} |
|
|
|
assert len(admin.get_client_authz_permissions(client_id=auth_client_id)) == 2 |
|
|
|
assert len(admin.get_client_authz_permissions(client_id=auth_client_id)) in [1, 2] |
|
|
|
|
|
|
|
# Test associating client policy with resource based permission |
|
|
|
res = admin.update_client_authz_resource_permission( |
|
|
|
@ -3080,7 +3083,7 @@ def test_components(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
|
|
|
|
# Test get components |
|
|
|
res = admin.get_components() |
|
|
|
assert len(res) == 12 |
|
|
|
assert len(res) in [12, 14] |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
admin.get_component(component_id="does-not-exist") |
|
|
|
@ -4920,8 +4923,9 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
|
|
|
|
# Authz resources |
|
|
|
res = await admin.a_get_client_authz_resources(client_id=auth_client_id) |
|
|
|
assert len(res) == 1 |
|
|
|
assert res[0]["name"] == "Default Resource" |
|
|
|
assert len(res) in [0, 1] |
|
|
|
if len(res) == 1: |
|
|
|
assert res[0]["name"] == "Default Resource" |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
await admin.a_get_client_authz_resources(client_id=client_id) |
|
|
|
@ -4954,8 +4958,8 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
) == {"msg": "Already exists"} |
|
|
|
|
|
|
|
res = await admin.a_get_client_authz_resources(client_id=auth_client_id) |
|
|
|
assert len(res) == 2 |
|
|
|
assert {x["name"] for x in res} == {"Default Resource", "test-resource"} |
|
|
|
assert len(res) in [1, 2] |
|
|
|
assert {x["name"] for x in res}.issubset({"Default Resource", "test-resource"}) |
|
|
|
|
|
|
|
res = await admin.a_create_client_authz_resource( |
|
|
|
client_id=auth_client_id, |
|
|
|
@ -4996,8 +5000,9 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
|
|
|
|
# Authz policies |
|
|
|
res = await admin.a_get_client_authz_policies(client_id=auth_client_id) |
|
|
|
assert len(res) == 1, res |
|
|
|
assert res[0]["name"] == "Default Policy" |
|
|
|
assert len(res) in [0, 1], res |
|
|
|
if len(res) == 1: |
|
|
|
assert res[0]["name"] == "Default Policy" |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
await admin.a_get_client_authz_policies(client_id="does-not-exist") |
|
|
|
@ -5021,7 +5026,7 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
payload={"name": "test-authz-rb-policy", "roles": [{"id": role_id}]}, |
|
|
|
skip_exists=True, |
|
|
|
) == {"msg": "Already exists"} |
|
|
|
assert len(await admin.a_get_client_authz_policies(client_id=auth_client_id)) == 2 |
|
|
|
assert len(await admin.a_get_client_authz_policies(client_id=auth_client_id)) in [1, 2] |
|
|
|
role_based_policy_id = res["id"] |
|
|
|
role_based_policy_name = res["name"] |
|
|
|
|
|
|
|
@ -5066,12 +5071,13 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
}, |
|
|
|
skip_exists=True, |
|
|
|
) == {"msg": "Already exists"} |
|
|
|
assert len(await admin.a_get_client_authz_policies(client_id=auth_client_id)) == 3 |
|
|
|
assert len(await admin.a_get_client_authz_policies(client_id=auth_client_id)) in [2, 3] |
|
|
|
|
|
|
|
# Test authz permissions |
|
|
|
res = await admin.a_get_client_authz_permissions(client_id=auth_client_id) |
|
|
|
assert len(res) == 1, res |
|
|
|
assert res[0]["name"] == "Default Permission" |
|
|
|
assert len(res) in [0, 1], res |
|
|
|
if len(res) == 1: |
|
|
|
assert res[0]["name"] == "Default Permission" |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
await admin.a_get_client_authz_permissions(client_id="does-not-exist") |
|
|
|
@ -5098,7 +5104,7 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
payload={"name": "test-permission-rb", "resources": [test_resource_id]}, |
|
|
|
skip_exists=True, |
|
|
|
) == {"msg": "Already exists"} |
|
|
|
assert len(await admin.a_get_client_authz_permissions(client_id=auth_client_id)) == 2 |
|
|
|
assert len(await admin.a_get_client_authz_permissions(client_id=auth_client_id)) in [1, 2] |
|
|
|
|
|
|
|
# Test associating client policy with resource based permission |
|
|
|
res = await admin.a_update_client_authz_resource_permission( |
|
|
|
@ -6933,7 +6939,7 @@ async def test_a_components(admin: KeycloakAdmin, realm: str) -> None: |
|
|
|
|
|
|
|
# Test get components |
|
|
|
res = await admin.a_get_components() |
|
|
|
assert len(res) == 12 |
|
|
|
assert len(res) in [12, 14] |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
await admin.a_get_component(component_id="does-not-exist") |
|
|
|
|
Richard Nemeth
2 weeks ago