Keycloak

Форк
0
227 строк · 6.2 Кб
1
// tslint:disable:no-unused-expression
2
import * as chai from "chai";
3
import { KeycloakAdminClient } from "../src/client.js";
4
import type ClientRepresentation from "../src/defs/clientRepresentation.js";
5
import type RoleRepresentation from "../src/defs/roleRepresentation.js";
6
import { credentials } from "./constants.js";
7

8
const expect = chai.expect;
9

10
describe("Roles", () => {
11
  let client: KeycloakAdminClient;
12
  let currentRole: RoleRepresentation;
13

14
  before(async () => {
15
    client = new KeycloakAdminClient();
16
    await client.auth(credentials);
17
  });
18

19
  after(async () => {
20
    // delete the currentRole with id
21
    await client.roles.delById({
22
      id: currentRole.id!,
23
    });
24
  });
25

26
  it("list roles", async () => {
27
    const roles = await client.roles.find();
28
    expect(roles).to.be.ok;
29
  });
30

31
  it("create roles and get by name", async () => {
32
    const roleName = "cool-role";
33
    const createdRole = await client.roles.create({
34
      name: roleName,
35
    });
36

37
    expect(createdRole.roleName).to.be.equal(roleName);
38
    const role = await client.roles.findOneByName({ name: roleName });
39
    expect(role).to.be.ok;
40
    currentRole = role!;
41
  });
42

43
  it("get single roles by id", async () => {
44
    const roleId = currentRole.id;
45
    const role = await client.roles.findOneById({
46
      id: roleId!,
47
    });
48
    expect(role).to.deep.include(currentRole);
49
  });
50

51
  it("update single role by name & by id", async () => {
52
    await client.roles.updateByName(
53
      { name: currentRole.name! },
54
      {
55
        // dont know why if role name not exist in payload, role name will be overriden with empty string
56
        // todo: open an issue on keycloak
57
        name: "cool-role",
58
        description: "cool",
59
      },
60
    );
61

62
    const role = await client.roles.findOneByName({
63
      name: currentRole.name!,
64
    });
65
    expect(role).to.include({
66
      description: "cool",
67
    });
68

69
    await client.roles.updateById(
70
      { id: currentRole.id! },
71
      {
72
        description: "another description",
73
      },
74
    );
75

76
    const roleById = await client.roles.findOneById({
77
      id: currentRole.id!,
78
    });
79
    expect(roleById).to.include({
80
      description: "another description",
81
    });
82
  });
83

84
  it("delete single roles by id", async () => {
85
    await client.roles.create({
86
      name: "for-delete",
87
    });
88

89
    await client.roles.delByName({
90
      name: "for-delete",
91
    });
92

93
    const roleDelByName = await client.roles.findOneByName({
94
      name: "for-delete",
95
    });
96
    expect(roleDelByName).to.be.null;
97
  });
98

99
  it("get users with role by name in realm", async () => {
100
    const users = await client.roles.findUsersWithRole({
101
      name: "admin",
102
    });
103
    expect(users).to.be.ok;
104
    expect(users).to.be.an("array");
105
  });
106

107
  it.skip("Enable fine grained permissions", async () => {
108
    const permission = await client.roles.updatePermission(
109
      { id: currentRole.id! },
110
      { enabled: true },
111
    );
112
    expect(permission).to.include({
113
      enabled: true,
114
    });
115
  });
116

117
  it.skip("List fine grained permissions for this role", async () => {
118
    const permissions = (await client.roles.listPermissions({
119
      id: currentRole.id!,
120
    }))!;
121

122
    expect(permissions.scopePermissions).to.be.an("object");
123
  });
124

125
  describe("Composite roles", () => {
126
    const compositeRoleName = "compositeRole";
127
    let compositeRole: RoleRepresentation;
128

129
    beforeEach(async () => {
130
      await client.roles.create({
131
        name: compositeRoleName,
132
      });
133
      compositeRole = (await client.roles.findOneByName({
134
        name: compositeRoleName,
135
      }))!;
136
      await client.roles.createComposite({ roleId: currentRole.id! }, [
137
        compositeRole,
138
      ]);
139
    });
140

141
    afterEach(async () => {
142
      await client.roles.delByName({
143
        name: compositeRoleName,
144
      });
145
    });
146

147
    it("make the role a composite role by associating some child roles", async () => {
148
      const children = await client.roles.getCompositeRoles({
149
        id: currentRole.id!,
150
      });
151

152
      // attributes on the composite role are empty and when fetched not there.
153
      // eslint-disable-next-line @typescript-eslint/no-unused-vars
154
      const { attributes, ...rest } = compositeRole;
155
      expect(children).to.be.eql([rest]);
156
    });
157

158
    it("search for composite roles", async () => {
159
      const children = await client.roles.getCompositeRoles({
160
        id: currentRole.id!,
161
        search: "not",
162
      });
163

164
      expect(children).to.be.an("array").that.is.length(0);
165
    });
166

167
    it("delete composite roles", async () => {
168
      await client.roles.delCompositeRoles({ id: currentRole.id! }, [
169
        compositeRole,
170
      ]);
171
      const children = await client.roles.getCompositeRoles({
172
        id: currentRole.id!,
173
      });
174

175
      expect(children).to.be.an("array").that.is.empty;
176
    });
177

178
    describe("Get composite roles for client and realm", () => {
179
      let createdClient: ClientRepresentation;
180
      let clientRole: RoleRepresentation;
181
      before(async () => {
182
        createdClient = await client.clients.create({ clientId: "test" });
183
        const clientRoleName = "clientRole";
184
        await client.clients.createRole({
185
          id: createdClient.id,
186
          name: clientRoleName,
187
        });
188
        clientRole = await client.clients.findRole({
189
          id: createdClient.id!,
190
          roleName: clientRoleName,
191
        });
192

193
        await client.roles.createComposite({ roleId: currentRole.id! }, [
194
          clientRole,
195
        ]);
196
      });
197

198
      after(async () => {
199
        await client.clients.del({ id: createdClient.id! });
200
      });
201

202
      it("get composite role for the realm", async () => {
203
        const realmChildren = await client.roles.getCompositeRolesForRealm({
204
          id: currentRole.id!,
205
        });
206
        const children = await client.roles.getCompositeRoles({
207
          id: currentRole.id!,
208
        });
209

210
        delete compositeRole.attributes;
211
        expect(realmChildren).to.be.eql([compositeRole]);
212

213
        expect(children).to.be.an("array").that.is.length(2);
214
      });
215

216
      it("get composite for the client", async () => {
217
        const clientChildren = await client.roles.getCompositeRolesForClient({
218
          id: currentRole.id!,
219
          clientId: createdClient.id!,
220
        });
221

222
        delete clientRole.attributes;
223
        expect(clientChildren).to.be.eql([clientRole]);
224
      });
225
    });
226
  });
227
});
228

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.