Keycloak
1308 строк · 36.3 Кб
1// tslint:disable:no-unused-expression
2import { faker } from "@faker-js/faker";
3import * as chai from "chai";
4import { KeycloakAdminClient } from "../src/client.js";
5import type ClientRepresentation from "../src/defs/clientRepresentation.js";
6import type ClientScopeRepresentation from "../src/defs/clientScopeRepresentation.js";
7import type PolicyRepresentation from "../src/defs/policyRepresentation.js";
8import { Logic } from "../src/defs/policyRepresentation.js";
9import type ProtocolMapperRepresentation from "../src/defs/protocolMapperRepresentation.js";
10import type ResourceRepresentation from "../src/defs/resourceRepresentation.js";
11import type ScopeRepresentation from "../src/defs/scopeRepresentation.js";
12import type UserRepresentation from "../src/defs/userRepresentation.js";
13import { credentials } from "./constants.js";
14
15const expect = chai.expect;
16
17describe("Clients", () => {
18let kcAdminClient: KeycloakAdminClient;
19let currentClient: ClientRepresentation;
20let currentClientScope: ClientScopeRepresentation;
21let currentRoleName: string;
22
23before(async () => {
24kcAdminClient = new KeycloakAdminClient();
25await kcAdminClient.auth(credentials);
26
27// create client and also test it
28// NOTICE: to be clear, clientId stands for the property `clientId` of client
29// clientUniqueId stands for property `id` of client
30const clientId = faker.internet.userName();
31const createdClient = await kcAdminClient.clients.create({
32clientId,
33});
34expect(createdClient.id).to.be.ok;
35
36const client = await kcAdminClient.clients.findOne({
37id: createdClient.id,
38});
39expect(client).to.be.ok;
40currentClient = client!;
41});
42
43after(async () => {
44// delete the current one
45await kcAdminClient.clients.del({
46id: currentClient.id!,
47});
48});
49
50it("list clients", async () => {
51const clients = await kcAdminClient.clients.find();
52expect(clients).to.be.ok;
53});
54
55it("get single client", async () => {
56const clientUniqueId = currentClient.id!;
57const client = await kcAdminClient.clients.findOne({
58id: clientUniqueId,
59});
60// not sure why entity from list api will not have property: authorizationServicesEnabled
61expect(client).to.deep.include(currentClient);
62});
63
64it("update single client", async () => {
65const { clientId, id: clientUniqueId } = currentClient;
66await kcAdminClient.clients.update(
67{ id: clientUniqueId! },
68{
69// clientId is required in client update. no idea why...
70clientId,
71description: "test",
72},
73);
74
75const client = await kcAdminClient.clients.findOne({
76id: clientUniqueId!,
77});
78expect(client).to.include({
79description: "test",
80});
81});
82
83it("delete single client", async () => {
84// create another one for delete test
85const clientId = faker.internet.userName();
86const { id } = await kcAdminClient.clients.create({
87clientId,
88});
89
90// delete it
91await kcAdminClient.clients.del({
92id,
93});
94
95const delClient = await kcAdminClient.clients.findOne({
96id,
97});
98expect(delClient).to.be.null;
99});
100
101/**
102* client roles
103*/
104describe("client roles", () => {
105before(async () => {
106const roleName = faker.internet.userName();
107// create a client role
108const { roleName: createdRoleName } =
109await kcAdminClient.clients.createRole({
110id: currentClient.id,
111name: roleName,
112});
113
114expect(createdRoleName).to.be.equal(roleName);
115
116// assign currentClientRole
117currentRoleName = roleName;
118});
119
120after(async () => {
121// delete client role
122await kcAdminClient.clients.delRole({
123id: currentClient.id!,
124roleName: currentRoleName,
125});
126});
127
128it("list the client roles", async () => {
129const roles = await kcAdminClient.clients.listRoles({
130id: currentClient.id!,
131});
132
133expect(roles[0]).to.include({
134name: currentRoleName,
135});
136});
137
138it("find the client role", async () => {
139const role = await kcAdminClient.clients.findRole({
140id: currentClient.id!,
141roleName: currentRoleName,
142});
143
144expect(role).to.include({
145name: currentRoleName,
146clientRole: true,
147containerId: currentClient.id,
148});
149});
150
151it("update the client role", async () => {
152// NOTICE: roleName MUST be in the payload, no idea why...
153const delta = {
154name: currentRoleName,
155description: "test",
156};
157await kcAdminClient.clients.updateRole(
158{
159id: currentClient.id!,
160roleName: currentRoleName,
161},
162delta,
163);
164
165// check the change
166const role = await kcAdminClient.clients.findRole({
167id: currentClient.id!,
168roleName: currentRoleName,
169});
170
171expect(role).to.include(delta);
172});
173
174it("delete a client role", async () => {
175const roleName = faker.internet.userName();
176// create a client role
177await kcAdminClient.clients.createRole({
178id: currentClient.id,
179name: roleName,
180});
181
182// delete
183await kcAdminClient.clients.delRole({
184id: currentClient.id!,
185roleName,
186});
187
188// check it's null
189const role = await kcAdminClient.clients.findRole({
190id: currentClient.id!,
191roleName,
192});
193
194expect(role).to.be.null;
195});
196});
197
198describe("client secret", () => {
199before(async () => {
200const { clientId, id: clientUniqueId } = currentClient;
201// update with serviceAccountsEnabled: true
202await kcAdminClient.clients.update(
203{
204id: clientUniqueId!,
205},
206{
207clientId,
208serviceAccountsEnabled: true,
209},
210);
211});
212
213it("get client secret", async () => {
214const credential = await kcAdminClient.clients.getClientSecret({
215id: currentClient.id!,
216});
217
218expect(credential).to.have.all.keys("type", "value");
219});
220
221it("generate new client secret", async () => {
222const newCredential = await kcAdminClient.clients.generateNewClientSecret(
223{
224id: currentClient.id!,
225},
226);
227
228const credential = await kcAdminClient.clients.getClientSecret({
229id: currentClient.id!,
230});
231
232expect(newCredential).to.be.eql(credential);
233});
234
235it("generate new registration access token", async () => {
236const newRegistrationAccessToken =
237await kcAdminClient.clients.generateRegistrationAccessToken({
238id: currentClient.id!,
239});
240
241expect(newRegistrationAccessToken).to.be.ok;
242});
243
244it("invalidate rotation token", async () => {
245await kcAdminClient.clients.invalidateSecret({
246id: currentClient.id!,
247});
248});
249
250it("get installation providers", async () => {
251const installationProvider =
252await kcAdminClient.clients.getInstallationProviders({
253id: currentClient.id!,
254providerId: "keycloak-oidc-jboss-subsystem",
255});
256expect(installationProvider).to.be.ok;
257expect(typeof installationProvider).to.be.equal("string");
258});
259
260it("get service account user", async () => {
261const serviceAccountUser =
262await kcAdminClient.clients.getServiceAccountUser({
263id: currentClient.id!,
264});
265
266expect(serviceAccountUser).to.be.ok;
267});
268});
269
270describe("default client scopes", () => {
271let dummyClientScope: ClientScopeRepresentation;
272
273beforeEach(async () => {
274dummyClientScope = {
275name: "does-anyone-read-this",
276description: "Oh - seems like you are reading Hey there!",
277protocol: "openid-connect",
278};
279
280// setup dummy client scope
281await kcAdminClient.clientScopes.create(dummyClientScope);
282currentClientScope = (await kcAdminClient.clientScopes.findOneByName({
283name: dummyClientScope.name!,
284}))!;
285});
286
287afterEach(async () => {
288// cleanup default scopes
289try {
290const { id } = currentClient;
291const { id: clientScopeId } = currentClientScope;
292await kcAdminClient.clients.delDefaultClientScope({
293clientScopeId: clientScopeId!,
294id: id!,
295});
296} catch (e) {
297// ignore
298}
299
300// cleanup client scopes
301try {
302await kcAdminClient.clientScopes.delByName({
303name: dummyClientScope.name!,
304});
305} catch (e) {
306// ignore
307}
308});
309
310it("list default client scopes", async () => {
311const defaultClientScopes =
312await kcAdminClient.clients.listDefaultClientScopes({
313id: currentClient.id!,
314});
315
316expect(defaultClientScopes).to.be.ok;
317});
318
319it("add default client scope", async () => {
320const { id } = currentClient;
321const { id: clientScopeId } = currentClientScope;
322
323await kcAdminClient.clients.addDefaultClientScope({
324id: id!,
325clientScopeId: clientScopeId!,
326});
327
328const defaultScopes = await kcAdminClient.clients.listDefaultClientScopes(
329{ id: id! },
330);
331
332expect(defaultScopes).to.be.ok;
333
334const clientScope = defaultScopes.find(
335(scope) => scope.id === clientScopeId,
336);
337expect(clientScope).to.be.ok;
338});
339
340it("delete default client scope", async () => {
341const { id } = currentClient;
342const { id: clientScopeId } = currentClientScope;
343
344await kcAdminClient.clients.addDefaultClientScope({
345id: id!,
346clientScopeId: clientScopeId!,
347});
348
349await kcAdminClient.clients.delDefaultClientScope({
350id: id!,
351clientScopeId: clientScopeId!,
352});
353const defaultScopes = await kcAdminClient.clients.listDefaultClientScopes(
354{ id: id! },
355);
356
357const clientScope = defaultScopes.find(
358(scope) => scope.id === clientScopeId,
359);
360expect(clientScope).not.to.be.ok;
361});
362});
363
364describe("optional client scopes", () => {
365let dummyClientScope: ClientScopeRepresentation;
366
367beforeEach(async () => {
368dummyClientScope = {
369name: "i-hope-your-well",
370description: "Everyone has that one friend.",
371protocol: "openid-connect",
372};
373
374// setup dummy client scope
375await kcAdminClient.clientScopes.create(dummyClientScope);
376currentClientScope = (await kcAdminClient.clientScopes.findOneByName({
377name: dummyClientScope.name!,
378}))!;
379});
380
381afterEach(async () => {
382// cleanup optional scopes
383try {
384const { id } = currentClient;
385const { id: clientScopeId } = currentClientScope;
386await kcAdminClient.clients.delOptionalClientScope({
387clientScopeId: clientScopeId!,
388id: id!,
389});
390} catch (e) {
391// ignore
392}
393
394// cleanup client scopes
395try {
396await kcAdminClient.clientScopes.delByName({
397name: dummyClientScope.name!,
398});
399} catch (e) {
400// ignore
401}
402});
403
404it("list optional client scopes", async () => {
405const optionalClientScopes =
406await kcAdminClient.clients.listOptionalClientScopes({
407id: currentClient.id!,
408});
409
410expect(optionalClientScopes).to.be.ok;
411});
412
413it("add optional client scope", async () => {
414const { id } = currentClient;
415const { id: clientScopeId } = currentClientScope;
416
417await kcAdminClient.clients.addOptionalClientScope({
418id: id!,
419clientScopeId: clientScopeId!,
420});
421
422const optionalScopes =
423await kcAdminClient.clients.listOptionalClientScopes({ id: id! });
424
425expect(optionalScopes).to.be.ok;
426
427const clientScope = optionalScopes.find(
428(scope) => scope.id === clientScopeId,
429);
430expect(clientScope).to.be.ok;
431});
432
433it("delete optional client scope", async () => {
434const { id } = currentClient;
435const { id: clientScopeId } = currentClientScope;
436
437await kcAdminClient.clients.addOptionalClientScope({
438id: id!,
439clientScopeId: clientScopeId!,
440});
441
442await kcAdminClient.clients.delOptionalClientScope({
443id: id!,
444clientScopeId: clientScopeId!,
445});
446const optionalScopes =
447await kcAdminClient.clients.listOptionalClientScopes({ id: id! });
448
449const clientScope = optionalScopes.find(
450(scope) => scope.id === clientScopeId,
451);
452expect(clientScope).not.to.be.ok;
453});
454});
455
456describe("protocol mappers", () => {
457let dummyMapper: ProtocolMapperRepresentation;
458
459beforeEach(() => {
460dummyMapper = {
461name: "become-a-farmer",
462protocol: "openid-connect",
463protocolMapper: "oidc-role-name-mapper",
464config: {
465role: "admin",
466"new.role.name": "farmer",
467},
468};
469});
470
471afterEach(async () => {
472try {
473const { id: clientUniqueId } = currentClient;
474const { id: mapperId } =
475(await kcAdminClient.clients.findProtocolMapperByName({
476id: clientUniqueId!,
477name: dummyMapper.name!,
478}))!;
479await kcAdminClient.clients.delProtocolMapper({
480id: clientUniqueId!,
481mapperId: mapperId!,
482});
483} catch (e) {
484// ignore
485}
486});
487
488it("list protocol mappers", async () => {
489const { id } = currentClient;
490const mapperList = await kcAdminClient.clients.listProtocolMappers({
491id: id!,
492});
493expect(mapperList).to.be.ok;
494});
495
496it("add multiple protocol mappers", async () => {
497const { id } = currentClient;
498await kcAdminClient.clients.addMultipleProtocolMappers({ id: id! }, [
499dummyMapper,
500]);
501
502const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
503id: id!,
504name: dummyMapper.name!,
505}))!;
506expect(mapper).to.be.ok;
507expect(mapper.protocol).to.eq(dummyMapper.protocol);
508expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
509});
510
511it("add single protocol mapper", async () => {
512const { id } = currentClient;
513await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
514
515const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
516id: id!,
517name: dummyMapper.name!,
518}))!;
519expect(mapper).to.be.ok;
520expect(mapper.protocol).to.eq(dummyMapper.protocol);
521expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
522});
523
524it("find protocol mapper by id", async () => {
525const { id } = currentClient;
526await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
527
528const { id: mapperId } =
529(await kcAdminClient.clients.findProtocolMapperByName({
530id: id!,
531name: dummyMapper.name!,
532}))!;
533
534const mapper = await kcAdminClient.clients.findProtocolMapperById({
535mapperId: mapperId!,
536id: id!,
537});
538
539expect(mapper).to.be.ok;
540expect(mapper.id).to.eql(mapperId);
541});
542
543it("find protocol mapper by name", async () => {
544const { id } = currentClient;
545await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
546
547const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
548id: id!,
549name: dummyMapper.name!,
550}))!;
551
552expect(mapper).to.be.ok;
553expect(mapper.name).to.eql(dummyMapper.name);
554});
555
556it("find protocol mappers by protocol", async () => {
557const { id } = currentClient;
558await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
559
560const mapperList =
561await kcAdminClient.clients.findProtocolMappersByProtocol({
562id: id!,
563protocol: dummyMapper.protocol!,
564});
565
566expect(mapperList).to.be.ok;
567expect(mapperList.length).to.be.gte(1);
568
569const mapper = mapperList.find((item) => item.name === dummyMapper.name);
570expect(mapper).to.be.ok;
571});
572
573it("update protocol mapper", async () => {
574const { id } = currentClient;
575
576dummyMapper.config = { "access.token.claim": "true" };
577await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
578const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
579id: id!,
580name: dummyMapper.name!,
581}))!;
582
583expect(mapper.config!["access.token.claim"]).to.eq("true");
584
585mapper.config = { "access.token.claim": "false" };
586
587await kcAdminClient.clients.updateProtocolMapper(
588{ id: id!, mapperId: mapper.id! },
589mapper,
590);
591
592const updatedMapper =
593(await kcAdminClient.clients.findProtocolMapperByName({
594id: id!,
595name: dummyMapper.name!,
596}))!;
597
598expect(updatedMapper.config!["access.token.claim"]).to.eq("false");
599});
600
601it("delete protocol mapper", async () => {
602const { id } = currentClient;
603await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
604
605const { id: mapperId } =
606(await kcAdminClient.clients.findProtocolMapperByName({
607id: id!,
608name: dummyMapper.name!,
609}))!;
610
611await kcAdminClient.clients.delProtocolMapper({
612id: id!,
613mapperId: mapperId!,
614});
615
616const mapper = await kcAdminClient.clients.findProtocolMapperByName({
617id: id!,
618name: dummyMapper.name!,
619});
620
621expect(mapper).not.to.be.ok;
622});
623});
624
625describe("scope mappings", () => {
626it("list client and realm scope mappings", async () => {
627const { id } = currentClient;
628const scopes = await kcAdminClient.clients.listScopeMappings({
629id: id!,
630});
631expect(scopes).to.be.ok;
632});
633
634describe("client", () => {
635const dummyRoleName = "clientScopeMappingsRole-dummy";
636
637beforeEach(async () => {
638const { id } = currentClient;
639await kcAdminClient.clients.createRole({
640id,
641name: dummyRoleName,
642});
643});
644
645afterEach(async () => {
646try {
647const { id } = currentClient;
648await kcAdminClient.clients.delRole({
649id: id!,
650roleName: dummyRoleName,
651});
652} catch (e) {
653// ignore
654}
655});
656
657it("add scope mappings", async () => {
658const { id: clientUniqueId } = currentClient;
659
660const availableRoles =
661await kcAdminClient.clients.listAvailableClientScopeMappings({
662id: clientUniqueId!,
663client: clientUniqueId!,
664});
665
666await kcAdminClient.clients.addClientScopeMappings(
667{
668id: clientUniqueId!,
669client: clientUniqueId!,
670},
671availableRoles,
672);
673
674const roles = await kcAdminClient.clients.listClientScopeMappings({
675id: clientUniqueId!,
676client: clientUniqueId!,
677});
678
679expect(roles).to.be.ok;
680expect(roles).to.be.eql(availableRoles);
681});
682
683it("list scope mappings", async () => {
684const { id: clientUniqueId } = currentClient;
685const roles = await kcAdminClient.clients.listClientScopeMappings({
686id: clientUniqueId!,
687client: clientUniqueId!,
688});
689expect(roles).to.be.ok;
690});
691
692it("list available scope mappings", async () => {
693const { id: clientUniqueId } = currentClient;
694const roles =
695await kcAdminClient.clients.listAvailableClientScopeMappings({
696id: clientUniqueId!,
697client: clientUniqueId!,
698});
699expect(roles).to.be.ok;
700});
701
702it("list composite scope mappings", async () => {
703const { id: clientUniqueId } = currentClient;
704const roles =
705await kcAdminClient.clients.listCompositeClientScopeMappings({
706id: clientUniqueId!,
707client: clientUniqueId!,
708});
709expect(roles).to.be.ok;
710});
711
712it("delete scope mappings", async () => {
713const { id: clientUniqueId } = currentClient;
714
715const rolesBefore = await kcAdminClient.clients.listClientScopeMappings(
716{
717id: clientUniqueId!,
718client: clientUniqueId!,
719},
720);
721
722await kcAdminClient.clients.delClientScopeMappings(
723{
724id: clientUniqueId!,
725client: clientUniqueId!,
726},
727rolesBefore,
728);
729
730const rolesAfter = await kcAdminClient.clients.listClientScopeMappings({
731id: clientUniqueId!,
732client: clientUniqueId!,
733});
734
735expect(rolesAfter).to.be.ok;
736expect(rolesAfter).to.eql([]);
737});
738
739it("get effective scope mapping of all roles for a specific container", async () => {
740const { id: clientUniqueId } = currentClient;
741const roles = await kcAdminClient.clients.evaluatePermission({
742id: clientUniqueId!,
743roleContainer: "master",
744type: "granted",
745scope: "openid",
746});
747
748expect(roles).to.be.ok;
749expect(roles.length).to.be.eq(5);
750});
751
752it("get list of all protocol mappers", async () => {
753const { id: clientUniqueId } = currentClient;
754const protocolMappers =
755await kcAdminClient.clients.evaluateListProtocolMapper({
756id: clientUniqueId!,
757scope: "openid",
758});
759expect(protocolMappers).to.be.ok;
760expect(protocolMappers.length).to.be.gt(10);
761});
762
763it("get JSON with payload of examples", async () => {
764const { id: clientUniqueId } = currentClient;
765const username = faker.internet.userName();
766const user = await kcAdminClient.users.create({
767username,
768});
769const accessToken =
770await kcAdminClient.clients.evaluateGenerateAccessToken({
771id: clientUniqueId!,
772userId: user.id,
773scope: "openid",
774});
775const idToken = await kcAdminClient.clients.evaluateGenerateIdToken({
776id: clientUniqueId!,
777userId: user.id,
778scope: "openid",
779});
780const userInfo = await kcAdminClient.clients.evaluateGenerateUserInfo({
781id: clientUniqueId!,
782userId: user.id,
783scope: "openid",
784});
785
786expect(accessToken).to.be.ok;
787expect(idToken).to.be.ok;
788expect(userInfo).to.be.ok;
789await kcAdminClient.users.del({ id: user.id });
790});
791});
792
793describe("realm", () => {
794const dummyRoleName = "realmScopeMappingsRole-dummy";
795
796beforeEach(async () => {
797await kcAdminClient.roles.create({
798name: dummyRoleName,
799});
800});
801
802afterEach(async () => {
803try {
804await kcAdminClient.roles.delByName({
805name: dummyRoleName,
806});
807} catch (e) {
808// ignore
809}
810});
811
812it("add scope mappings", async () => {
813const { id } = currentClient;
814
815const availableRoles =
816await kcAdminClient.clients.listAvailableRealmScopeMappings({
817id: id!,
818});
819
820await kcAdminClient.clients.addRealmScopeMappings(
821{ id: id! },
822availableRoles,
823);
824
825const roles = await kcAdminClient.clients.listRealmScopeMappings({
826id: id!,
827});
828
829expect(roles).to.be.ok;
830expect(roles).to.deep.members(availableRoles);
831});
832
833it("list scope mappings", async () => {
834const { id } = currentClient;
835const roles = await kcAdminClient.clients.listRealmScopeMappings({
836id: id!,
837});
838expect(roles).to.be.ok;
839});
840
841it("list available scope mappings", async () => {
842const { id } = currentClient;
843const roles =
844await kcAdminClient.clients.listAvailableRealmScopeMappings({
845id: id!,
846});
847expect(roles).to.be.ok;
848});
849
850it("list composite scope mappings", async () => {
851const { id } = currentClient;
852const roles =
853await kcAdminClient.clients.listCompositeRealmScopeMappings({
854id: id!,
855});
856expect(roles).to.be.ok;
857});
858
859it("delete scope mappings", async () => {
860const { id } = currentClient;
861
862const rolesBefore = await kcAdminClient.clients.listRealmScopeMappings({
863id: id!,
864});
865
866await kcAdminClient.clients.delRealmScopeMappings(
867{ id: id! },
868rolesBefore,
869);
870
871const rolesAfter = await kcAdminClient.clients.listRealmScopeMappings({
872id: id!,
873});
874
875expect(rolesAfter).to.be.ok;
876expect(rolesAfter).to.eql([]);
877});
878});
879});
880
881describe("sessions", () => {
882it("list clients user sessions", async () => {
883const clientUniqueId = currentClient.id;
884const userSessions = await kcAdminClient.clients.listSessions({
885id: clientUniqueId!,
886});
887expect(userSessions).to.be.ok;
888});
889
890it("list clients offline user sessions", async () => {
891const clientUniqueId = currentClient.id;
892const userSessions = await kcAdminClient.clients.listOfflineSessions({
893id: clientUniqueId!,
894});
895expect(userSessions).to.be.ok;
896});
897
898it("list clients user session count", async () => {
899const clientUniqueId = currentClient.id;
900const userSessions = await kcAdminClient.clients.getSessionCount({
901id: clientUniqueId!,
902});
903expect(userSessions).to.be.ok;
904});
905
906it("list clients offline user session count", async () => {
907const clientUniqueId = currentClient.id;
908const userSessions = await kcAdminClient.clients.getOfflineSessionCount({
909id: clientUniqueId!,
910});
911expect(userSessions).to.be.ok;
912});
913});
914
915describe("nodes", () => {
916const host = "127.0.0.1";
917it("register a node manually", async () => {
918await kcAdminClient.clients.addClusterNode({
919id: currentClient.id!,
920node: host,
921});
922const client = (await kcAdminClient.clients.findOne({
923id: currentClient.id!,
924}))!;
925
926expect(Object.keys(client.registeredNodes!)).to.be.eql([host]);
927});
928
929it("remove registered host", async () => {
930await kcAdminClient.clients.deleteClusterNode({
931id: currentClient.id!,
932node: host,
933});
934const client = (await kcAdminClient.clients.findOne({
935id: currentClient.id!,
936}))!;
937
938expect(client.registeredNodes).to.be.undefined;
939});
940});
941
942describe("client attribute certificate", () => {
943const keystoreConfig = {
944format: "JKS",
945keyAlias: "new",
946keyPassword: "password",
947realmAlias: "master",
948realmCertificate: false,
949storePassword: "password",
950};
951const attr = "jwt.credential";
952
953it("generate and download keys", async () => {
954const result = await kcAdminClient.clients.generateAndDownloadKey(
955{ id: currentClient.id!, attr },
956keystoreConfig,
957);
958
959expect(result).to.be.ok;
960});
961
962it("generate key and updated info", async () => {
963const certificate = await kcAdminClient.clients.generateKey({
964id: currentClient.id!,
965attr,
966});
967
968expect(certificate).to.be.ok;
969expect(certificate.certificate).to.be.ok;
970
971const info = await kcAdminClient.clients.getKeyInfo({
972id: currentClient.id!,
973attr,
974});
975expect(info).to.be.eql(certificate);
976});
977
978it("download key", async () => {
979const result = await kcAdminClient.clients.downloadKey(
980{ id: currentClient.id!, attr },
981keystoreConfig,
982);
983
984expect(result).to.be.ok;
985});
986});
987
988describe("authorization", async () => {
989const resourceConfig = {
990name: "testResourceName",
991type: "testResourceType",
992scopeNames: ["testScopeA", "testScopeB", "testScopeC"],
993};
994const policyConfig = {
995name: "testPolicyName",
996type: "user",
997logic: Logic.POSITIVE,
998};
999const permissionConfig = {
1000name: "testPermissionName",
1001type: "scope",
1002logic: Logic.POSITIVE,
1003};
1004let scopes: ScopeRepresentation[];
1005let resource: ResourceRepresentation;
1006let policy: PolicyRepresentation;
1007let permission: PolicyRepresentation;
1008let user: UserRepresentation;
1009
1010before("enable authorization services", async () => {
1011await kcAdminClient.clients.update(
1012{ id: currentClient.id! },
1013{
1014clientId: currentClient.clientId,
1015authorizationServicesEnabled: true,
1016serviceAccountsEnabled: true,
1017},
1018);
1019});
1020
1021before("create test user", async () => {
1022const username = faker.internet.userName();
1023user = await kcAdminClient.users.create({
1024username,
1025});
1026});
1027
1028after("delete test user", async () => {
1029await kcAdminClient.users.del({
1030id: user.id!,
1031});
1032});
1033
1034after("disable authorization services", async () => {
1035await kcAdminClient.clients.update(
1036{ id: currentClient.id! },
1037{
1038clientId: currentClient.clientId,
1039authorizationServicesEnabled: false,
1040serviceAccountsEnabled: false,
1041},
1042);
1043});
1044
1045it("create authorization scopes", async () => {
1046scopes = (
1047await Promise.all(
1048resourceConfig.scopeNames.map(async (name) => {
1049const result = await kcAdminClient.clients.createAuthorizationScope(
1050{ id: currentClient.id! },
1051{
1052name,
1053},
1054);
1055expect(result).to.be.ok;
1056return result;
1057}),
1058)
1059).sort((a, b) => (a.name < b.name ? -1 : 1));
1060});
1061
1062it("list all authorization scopes", async () => {
1063const result = await kcAdminClient.clients.listAllScopes({
1064id: currentClient.id!,
1065});
1066expect(result.sort((a, b) => (a.name! < b.name! ? -1 : 1))).to.deep.equal(
1067scopes,
1068);
1069});
1070
1071it("update authorization scope", async () => {
1072const updatedScope = { ...scopes[0], displayName: "Hello" };
1073await kcAdminClient.clients.updateAuthorizationScope(
1074{ id: currentClient.id!, scopeId: scopes[0].id! },
1075updatedScope,
1076);
1077
1078const fetchedScope = await kcAdminClient.clients.getAuthorizationScope({
1079id: currentClient.id!,
1080scopeId: scopes[0].id!,
1081});
1082
1083expect(fetchedScope).to.deep.equal(updatedScope);
1084});
1085
1086it("list all resources by scope", async () => {
1087const result = await kcAdminClient.clients.listAllResourcesByScope({
1088id: currentClient.id!,
1089scopeId: scopes[0].id!,
1090});
1091expect(result).to.deep.equal([]);
1092});
1093
1094it("list all permissions by scope", async () => {
1095const result = await kcAdminClient.clients.listAllPermissionsByScope({
1096id: currentClient.id!,
1097scopeId: scopes[0].id!,
1098});
1099expect(result).to.deep.equal([]);
1100});
1101
1102it("import resource", async () => {
1103await kcAdminClient.clients.importResource(
1104{ id: currentClient.id! },
1105{
1106allowRemoteResourceManagement: true,
1107policyEnforcementMode: "ENFORCING",
1108resources: [],
1109policies: [],
1110scopes: [],
1111decisionStrategy: "UNANIMOUS",
1112},
1113);
1114});
1115
1116it("export resource", async () => {
1117const result = await kcAdminClient.clients.exportResource({
1118id: currentClient.id!,
1119});
1120
1121expect(result.allowRemoteResourceManagement).to.be.equal(true);
1122expect(result.resources?.length).to.be.equal(1);
1123});
1124
1125it("create resource", async () => {
1126resource = await kcAdminClient.clients.createResource(
1127{ id: currentClient.id! },
1128{
1129name: resourceConfig.name,
1130type: resourceConfig.type,
1131scopes,
1132},
1133);
1134expect(resource).to.be.ok;
1135});
1136
1137it("get resource", async () => {
1138const r = await kcAdminClient.clients.getResource({
1139id: currentClient.id!,
1140resourceId: resource._id!,
1141});
1142expect(r).to.deep.equal(resource);
1143});
1144
1145it("get resource server", async () => {
1146const resourceServer = await kcAdminClient.clients.getResourceServer({
1147id: currentClient.id!,
1148});
1149expect(resourceServer).to.be.ok;
1150expect(resourceServer.clientId).to.be.equal(currentClient.id);
1151
1152resourceServer.decisionStrategy = "UNANIMOUS";
1153await kcAdminClient.clients.updateResourceServer(
1154{ id: currentClient.id! },
1155resourceServer,
1156);
1157});
1158
1159it("list permission by resource", async () => {
1160const result = await kcAdminClient.clients.listPermissionsByResource({
1161id: currentClient.id!,
1162resourceId: resource._id!,
1163});
1164
1165expect(result).to.be.ok;
1166});
1167
1168it("list scopes by resource", async () => {
1169const result = await kcAdminClient.clients.listScopesByResource({
1170id: currentClient.id!,
1171resourceName: resource._id!,
1172});
1173expect(result.sort((a, b) => (a.name < b.name ? -1 : 1))).to.deep.equal(
1174scopes,
1175);
1176});
1177
1178it("list resources", async () => {
1179const result = await kcAdminClient.clients.listResources({
1180id: currentClient.id!,
1181});
1182expect(result).to.deep.include(resource);
1183});
1184
1185it("update resource", async () => {
1186resource.name = "foo";
1187await kcAdminClient.clients.updateResource(
1188{
1189id: currentClient.id!,
1190resourceId: resource._id!,
1191},
1192resource,
1193);
1194const result = await kcAdminClient.clients.getResource({
1195id: currentClient.id!,
1196resourceId: resource._id!,
1197});
1198
1199expect(result.name).to.equal("foo");
1200});
1201
1202it("create policy", async () => {
1203policy = await kcAdminClient.clients.createPolicy(
1204{
1205id: currentClient.id!,
1206type: policyConfig.type,
1207},
1208{
1209name: policyConfig.name,
1210logic: policyConfig.logic,
1211users: [user.id!],
1212},
1213);
1214expect(policy).to.be.ok;
1215});
1216
1217it("policy list dependencies", async () => {
1218const dependencies = await kcAdminClient.clients.listDependentPolicies({
1219id: currentClient.id!,
1220policyId: policy.id!,
1221});
1222expect(dependencies).to.be.ok;
1223});
1224
1225it("create permission", async () => {
1226permission = await kcAdminClient.clients.createPermission(
1227{
1228id: currentClient.id!,
1229type: "scope",
1230},
1231{
1232name: permissionConfig.name,
1233logic: permissionConfig.logic,
1234// @ts-ignore
1235resources: [resource._id],
1236policies: [policy.id!],
1237scopes: scopes.map((scope) => scope.id!),
1238},
1239);
1240
1241const p = await kcAdminClient.clients.findPermissions({
1242id: currentClient.id!,
1243name: permissionConfig.name,
1244});
1245
1246expect(p.length).to.be.eq(1);
1247expect(p[0].logic).to.be.eq(permissionConfig.logic);
1248});
1249
1250it("get associated scopes for permission", async () => {
1251const result = await kcAdminClient.clients.getAssociatedScopes({
1252id: currentClient.id!,
1253permissionId: permission.id!,
1254});
1255expect(result.sort((a, b) => (a.name < b.name ? -1 : 1))).to.deep.equal(
1256scopes,
1257);
1258});
1259
1260it("get associated policies for permission", async () => {
1261const result = await kcAdminClient.clients.getAssociatedPolicies({
1262id: currentClient.id!,
1263permissionId: permission.id!,
1264});
1265
1266expect(result.length).to.be.eq(1);
1267expect(result[0].id).to.be.eq(policy.id);
1268});
1269
1270it("get associated resources for permission", async () => {
1271const result = await kcAdminClient.clients.getAssociatedResources({
1272id: currentClient.id!,
1273permissionId: permission.id!,
1274});
1275expect(result).to.deep.equal([
1276{
1277_id: resource._id,
1278name: resource.name,
1279},
1280]);
1281});
1282
1283it("list policy providers", async () => {
1284const result = await kcAdminClient.clients.listPolicyProviders({
1285id: currentClient.id!,
1286});
1287expect(result).to.be.ok;
1288});
1289
1290it.skip("Enable fine grained permissions", async () => {
1291const permission = await kcAdminClient.clients.updateFineGrainPermission(
1292{ id: currentClient.id! },
1293{ enabled: true },
1294);
1295expect(permission).to.include({
1296enabled: true,
1297});
1298});
1299
1300it.skip("List fine grained permissions for this client", async () => {
1301const permissions = (await kcAdminClient.clients.listFineGrainPermissions(
1302{ id: currentClient.id! },
1303))!;
1304
1305expect(permissions.scopePermissions).to.be.an("object");
1306});
1307});
1308});
1309