Browse Source

Merge pull request #342 from ecederstrand/feat-list-client-policies

Allow fetching existing policies
pull/346/head v1.7.0
Richard Nemeth 3 years ago
committed by GitHub
parent
commit
cedfe27447
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 14
      src/keycloak/keycloak_admin.py
  2. 10
      tests/test_keycloak_admin.py

14
src/keycloak/keycloak_admin.py

@ -2891,6 +2891,20 @@ class KeycloakAdmin:
) )
return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[201]) return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[201])
def get_client_authz_client_policies(self, client_id):
"""
Get policies for a given client.
:param client_id: id in ClientRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
:return: Keycloak server response (RoleRepresentation)
"""
params_path = {"realm-name": self.realm_name, "id": client_id}
data_raw = self.raw_get(
urls_patterns.URL_ADMIN_CLIENT_AUTHZ_CLIENT_POLICY.format(**params_path),
)
return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200])
def create_client_authz_client_policy(self, payload, client_id): def create_client_authz_client_policy(self, payload, client_id):
""" """
Create a new policy for a given client. Create a new policy for a given client.

10
tests/test_keycloak_admin.py

@ -1225,16 +1225,24 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str):
raise AssertionError("Missing client resource") raise AssertionError("Missing client resource")
# Create a client policy for source client # Create a client policy for source client
policy_name = "Exchange source client token with target client token"
client_policy_id = admin.create_client_authz_client_policy( client_policy_id = admin.create_client_authz_client_policy(
payload={ payload={
"type": "client", "type": "client",
"logic": "POSITIVE", "logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS", "decisionStrategy": "UNANIMOUS",
"name": "Exchange source client token with target client token",
"name": policy_name,
"clients": [source_client_id], "clients": [source_client_id],
}, },
client_id=realm_management_id, client_id=realm_management_id,
)["id"] )["id"]
policies = admin.get_client_authz_client_policies(client_id=realm_management_id)
for policy in policies:
if policy["name"] == policy_name:
assert policy["clients"] == [source_client_id]
break
else:
raise AssertionError("Missing client policy")
# Update permissions on the target client to reference this policy # Update permissions on the target client to reference this policy
permission_name = admin.get_client_authz_scope_permission( permission_name = admin.get_client_authz_scope_permission(

Loading…
Cancel
Save