From 2f212c1350b0e87d34ae3bdd80be599327abb154 Mon Sep 17 00:00:00 2001
From: Erik Cederstrand <erik@adamatics.com>
Date: Thu, 16 Jun 2022 10:43:55 +0200
Subject: [PATCH] feat: Allow fetching existing policies before calling
 create_client_authz_client_policy()

---
 src/keycloak/keycloak_admin.py | 14 ++++++++++++++
 tests/test_keycloak_admin.py   | 10 +++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py
index 942edc9..099f9fc 100644
--- a/src/keycloak/keycloak_admin.py
+++ b/src/keycloak/keycloak_admin.py
@@ -2891,6 +2891,20 @@ class KeycloakAdmin:
         )
         return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[201])
 
+    def get_client_authz_client_policies(self, client_id):
+        """
+        Get policies for a given client.
+
+        :param client_id: id in ClientRepresentation
+            https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
+        :return: Keycloak server response (RoleRepresentation)
+        """
+        params_path = {"realm-name": self.realm_name, "id": client_id}
+        data_raw = self.raw_get(
+            urls_patterns.URL_ADMIN_CLIENT_AUTHZ_CLIENT_POLICY.format(**params_path),
+        )
+        return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200])
+
     def create_client_authz_client_policy(self, payload, client_id):
         """
         Create a new policy for a given client.
diff --git a/tests/test_keycloak_admin.py b/tests/test_keycloak_admin.py
index 74cdc14..6f33e03 100644
--- a/tests/test_keycloak_admin.py
+++ b/tests/test_keycloak_admin.py
@@ -1225,16 +1225,24 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str):
         raise AssertionError("Missing client resource")
 
     # Create a client policy for source client
+    policy_name = "Exchange source client token with target client token"
     client_policy_id = admin.create_client_authz_client_policy(
         payload={
             "type": "client",
             "logic": "POSITIVE",
             "decisionStrategy": "UNANIMOUS",
-            "name": "Exchange source client token with target client token",
+            "name": policy_name,
             "clients": [source_client_id],
         },
         client_id=realm_management_id,
     )["id"]
+    policies = admin.get_client_authz_client_policies(client_id=realm_management_id)
+    for policy in policies:
+        if policy["name"] == policy_name:
+            assert policy["clients"] == [source_client_id]
+            break
+    else:
+        raise AssertionError("Missing client policy")
 
     # Update permissions on the target client to reference this policy
     permission_name = admin.get_client_authz_scope_permission(