Browse Source
Merge pull request #342 from ecederstrand/feat-list-client-policies
Allow fetching existing policies
pull/346/head
v1.7.0
Richard Nemeth
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
23 additions and
1 deletions
-
src/keycloak/keycloak_admin.py
-
tests/test_keycloak_admin.py
|
|
@ -2891,6 +2891,20 @@ class KeycloakAdmin: |
|
|
|
) |
|
|
|
return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[201]) |
|
|
|
|
|
|
|
def get_client_authz_client_policies(self, client_id): |
|
|
|
""" |
|
|
|
Get policies for a given client. |
|
|
|
|
|
|
|
:param client_id: id in ClientRepresentation |
|
|
|
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation |
|
|
|
:return: Keycloak server response (RoleRepresentation) |
|
|
|
""" |
|
|
|
params_path = {"realm-name": self.realm_name, "id": client_id} |
|
|
|
data_raw = self.raw_get( |
|
|
|
urls_patterns.URL_ADMIN_CLIENT_AUTHZ_CLIENT_POLICY.format(**params_path), |
|
|
|
) |
|
|
|
return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200]) |
|
|
|
|
|
|
|
def create_client_authz_client_policy(self, payload, client_id): |
|
|
|
""" |
|
|
|
Create a new policy for a given client. |
|
|
|
|
|
@ -1225,16 +1225,24 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str): |
|
|
|
raise AssertionError("Missing client resource") |
|
|
|
|
|
|
|
# Create a client policy for source client |
|
|
|
policy_name = "Exchange source client token with target client token" |
|
|
|
client_policy_id = admin.create_client_authz_client_policy( |
|
|
|
payload={ |
|
|
|
"type": "client", |
|
|
|
"logic": "POSITIVE", |
|
|
|
"decisionStrategy": "UNANIMOUS", |
|
|
|
"name": "Exchange source client token with target client token", |
|
|
|
"name": policy_name, |
|
|
|
"clients": [source_client_id], |
|
|
|
}, |
|
|
|
client_id=realm_management_id, |
|
|
|
)["id"] |
|
|
|
policies = admin.get_client_authz_client_policies(client_id=realm_management_id) |
|
|
|
for policy in policies: |
|
|
|
if policy["name"] == policy_name: |
|
|
|
assert policy["clients"] == [source_client_id] |
|
|
|
break |
|
|
|
else: |
|
|
|
raise AssertionError("Missing client policy") |
|
|
|
|
|
|
|
# Update permissions on the target client to reference this policy |
|
|
|
permission_name = admin.get_client_authz_scope_permission( |
|
|
|