Keycloak
227 строк · 6.2 Кб
1// tslint:disable:no-unused-expression
2import * as chai from "chai";
3import { KeycloakAdminClient } from "../src/client.js";
4import type ClientRepresentation from "../src/defs/clientRepresentation.js";
5import type RoleRepresentation from "../src/defs/roleRepresentation.js";
6import { credentials } from "./constants.js";
7
8const expect = chai.expect;
9
10describe("Roles", () => {
11let client: KeycloakAdminClient;
12let currentRole: RoleRepresentation;
13
14before(async () => {
15client = new KeycloakAdminClient();
16await client.auth(credentials);
17});
18
19after(async () => {
20// delete the currentRole with id
21await client.roles.delById({
22id: currentRole.id!,
23});
24});
25
26it("list roles", async () => {
27const roles = await client.roles.find();
28expect(roles).to.be.ok;
29});
30
31it("create roles and get by name", async () => {
32const roleName = "cool-role";
33const createdRole = await client.roles.create({
34name: roleName,
35});
36
37expect(createdRole.roleName).to.be.equal(roleName);
38const role = await client.roles.findOneByName({ name: roleName });
39expect(role).to.be.ok;
40currentRole = role!;
41});
42
43it("get single roles by id", async () => {
44const roleId = currentRole.id;
45const role = await client.roles.findOneById({
46id: roleId!,
47});
48expect(role).to.deep.include(currentRole);
49});
50
51it("update single role by name & by id", async () => {
52await client.roles.updateByName(
53{ name: currentRole.name! },
54{
55// dont know why if role name not exist in payload, role name will be overriden with empty string
56// todo: open an issue on keycloak
57name: "cool-role",
58description: "cool",
59},
60);
61
62const role = await client.roles.findOneByName({
63name: currentRole.name!,
64});
65expect(role).to.include({
66description: "cool",
67});
68
69await client.roles.updateById(
70{ id: currentRole.id! },
71{
72description: "another description",
73},
74);
75
76const roleById = await client.roles.findOneById({
77id: currentRole.id!,
78});
79expect(roleById).to.include({
80description: "another description",
81});
82});
83
84it("delete single roles by id", async () => {
85await client.roles.create({
86name: "for-delete",
87});
88
89await client.roles.delByName({
90name: "for-delete",
91});
92
93const roleDelByName = await client.roles.findOneByName({
94name: "for-delete",
95});
96expect(roleDelByName).to.be.null;
97});
98
99it("get users with role by name in realm", async () => {
100const users = await client.roles.findUsersWithRole({
101name: "admin",
102});
103expect(users).to.be.ok;
104expect(users).to.be.an("array");
105});
106
107it.skip("Enable fine grained permissions", async () => {
108const permission = await client.roles.updatePermission(
109{ id: currentRole.id! },
110{ enabled: true },
111);
112expect(permission).to.include({
113enabled: true,
114});
115});
116
117it.skip("List fine grained permissions for this role", async () => {
118const permissions = (await client.roles.listPermissions({
119id: currentRole.id!,
120}))!;
121
122expect(permissions.scopePermissions).to.be.an("object");
123});
124
125describe("Composite roles", () => {
126const compositeRoleName = "compositeRole";
127let compositeRole: RoleRepresentation;
128
129beforeEach(async () => {
130await client.roles.create({
131name: compositeRoleName,
132});
133compositeRole = (await client.roles.findOneByName({
134name: compositeRoleName,
135}))!;
136await client.roles.createComposite({ roleId: currentRole.id! }, [
137compositeRole,
138]);
139});
140
141afterEach(async () => {
142await client.roles.delByName({
143name: compositeRoleName,
144});
145});
146
147it("make the role a composite role by associating some child roles", async () => {
148const children = await client.roles.getCompositeRoles({
149id: currentRole.id!,
150});
151
152// attributes on the composite role are empty and when fetched not there.
153// eslint-disable-next-line @typescript-eslint/no-unused-vars
154const { attributes, ...rest } = compositeRole;
155expect(children).to.be.eql([rest]);
156});
157
158it("search for composite roles", async () => {
159const children = await client.roles.getCompositeRoles({
160id: currentRole.id!,
161search: "not",
162});
163
164expect(children).to.be.an("array").that.is.length(0);
165});
166
167it("delete composite roles", async () => {
168await client.roles.delCompositeRoles({ id: currentRole.id! }, [
169compositeRole,
170]);
171const children = await client.roles.getCompositeRoles({
172id: currentRole.id!,
173});
174
175expect(children).to.be.an("array").that.is.empty;
176});
177
178describe("Get composite roles for client and realm", () => {
179let createdClient: ClientRepresentation;
180let clientRole: RoleRepresentation;
181before(async () => {
182createdClient = await client.clients.create({ clientId: "test" });
183const clientRoleName = "clientRole";
184await client.clients.createRole({
185id: createdClient.id,
186name: clientRoleName,
187});
188clientRole = await client.clients.findRole({
189id: createdClient.id!,
190roleName: clientRoleName,
191});
192
193await client.roles.createComposite({ roleId: currentRole.id! }, [
194clientRole,
195]);
196});
197
198after(async () => {
199await client.clients.del({ id: createdClient.id! });
200});
201
202it("get composite role for the realm", async () => {
203const realmChildren = await client.roles.getCompositeRolesForRealm({
204id: currentRole.id!,
205});
206const children = await client.roles.getCompositeRoles({
207id: currentRole.id!,
208});
209
210delete compositeRole.attributes;
211expect(realmChildren).to.be.eql([compositeRole]);
212
213expect(children).to.be.an("array").that.is.length(2);
214});
215
216it("get composite for the client", async () => {
217const clientChildren = await client.roles.getCompositeRolesForClient({
218id: currentRole.id!,
219clientId: createdClient.id!,
220});
221
222delete clientRole.attributes;
223expect(clientChildren).to.be.eql([clientRole]);
224});
225});
226});
227});
228