Added check for keycloak26 client attributes. Rename exported realm f…

…older.
adorsys · Nov 5, 2024 · a403ca0 · a403ca0
1 parent 0031aa1
commit a403ca0
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java
@@ -1608,13 +1608,14 @@ void shouldAddAuthzPoliciesForRealmManagement() throws IOException {
         assertThat(client.getAuthorizationServicesEnabled(), is(true));
         assertThat(client.isFrontchannelLogout(), is(false));
         assertThat(client.getProtocol(), is("openid-connect"));
-        assertThat(client.getAttributes(), anEmptyMap());
         assertThat(client.getAuthenticationFlowBindingOverrides(), anEmptyMap());
         assertThat(client.isFullScopeAllowed(), is(false));
         assertThat(client.getNodeReRegistrationTimeout(), is(0));
         assertThat(client.getDefaultClientScopes(), containsInAnyOrder("web-origins", "profile", "roles", "email"));
         assertThat(client.getOptionalClientScopes(), containsInAnyOrder("address", "phone", "offline_access", "microprofile-jwt"));
 
+        checkClientAttributes(client);
+
         String[] clientsIds = new String[]{clientFineGrainedPermissionId};
         String[] scopeNames = new String[]{
                 "manage",
@@ -1750,13 +1751,14 @@ void shouldUpdateAuthzPoliciesForRealmManagement() throws IOException {
         assertThat(client.getAuthorizationServicesEnabled(), is(true));
         assertThat(client.isFrontchannelLogout(), is(false));
         assertThat(client.getProtocol(), is("openid-connect"));
-        assertThat(client.getAttributes(), anEmptyMap());
         assertThat(client.getAuthenticationFlowBindingOverrides(), anEmptyMap());
         assertThat(client.isFullScopeAllowed(), is(false));
         assertThat(client.getNodeReRegistrationTimeout(), is(0));
         assertThat(client.getDefaultClientScopes(), containsInAnyOrder("web-origins", "profile", "roles", "email"));
         assertThat(client.getOptionalClientScopes(), containsInAnyOrder("address", "phone", "offline_access", "microprofile-jwt"));
 
+        checkClientAttributes(client);
+
         String[] clientsIds = new String[]{clientFineGrainedPermissionId, clientZFineGrainedPermissionWithoutIdId};
         String[] scopeNames = new String[]{
                 "manage",
@@ -1876,13 +1878,14 @@ void shouldRemoveClientAndAuthzPoliciesForRealmManagement() throws IOException {
         assertThat(client.getAuthorizationServicesEnabled(), is(true));
         assertThat(client.isFrontchannelLogout(), is(false));
         assertThat(client.getProtocol(), is("openid-connect"));
-        assertThat(client.getAttributes(), anEmptyMap());
         assertThat(client.getAuthenticationFlowBindingOverrides(), anEmptyMap());
         assertThat(client.isFullScopeAllowed(), is(false));
         assertThat(client.getNodeReRegistrationTimeout(), is(0));
         assertThat(client.getDefaultClientScopes(), containsInAnyOrder("web-origins", "profile", "roles", "email"));
         assertThat(client.getOptionalClientScopes(), containsInAnyOrder("address", "phone", "offline_access", "microprofile-jwt"));
 
+        checkClientAttributes(client);
+
         String[] clientsIds = new String[]{clientZFineGrainedPermissionWithoutIdId};
         String[] scopeNames = new String[]{
                 "manage",
@@ -1985,13 +1988,14 @@ void shouldRemoveAuthzPoliciesForRealmManagement() throws IOException {
         assertThat(client.getAuthorizationServicesEnabled(), is(true));
         assertThat(client.isFrontchannelLogout(), is(false));
         assertThat(client.getProtocol(), is("openid-connect"));
-        assertThat(client.getAttributes(), anEmptyMap());
         assertThat(client.getAuthenticationFlowBindingOverrides(), anEmptyMap());
         assertThat(client.isFullScopeAllowed(), is(false));
         assertThat(client.getNodeReRegistrationTimeout(), is(0));
         assertThat(client.getDefaultClientScopes(), containsInAnyOrder("web-origins", "profile", "roles", "email"));
         assertThat(client.getOptionalClientScopes(), containsInAnyOrder("address", "phone", "offline_access", "microprofile-jwt"));
 
+        checkClientAttributes(client);
+
         ResourceServerRepresentation authorizationSettings = client.getAuthorizationSettings();
         assertThat(authorizationSettings.isAllowRemoteResourceManagement(), is(false));
         assertThat(authorizationSettings.getPolicyEnforcementMode(), is(PolicyEnforcementMode.ENFORCING));
@@ -2679,4 +2683,13 @@ private void createRemoteManagedClientResource(String realm, String clientId, St
 
         authzClient.protection().resource().create(resource);
     }
+
+    private void checkClientAttributes(ClientRepresentation client) {
+        if (VersionUtil.lt(KEYCLOAK_VERSION, "26")) {
+            assertThat(client.getAttributes(), anEmptyMap());
+        } else {
+            // https://github.com/keycloak/keycloak/pull/30433 Added attribute to recognize realm client
+            assertThat(client.getAttributes(), hasEntry("realm_client", "true"));
+        }
+    }
 }
diff --git a/...s/exported-realm/26.0.1/master-realm.json → ...s/exported-realm/26.0.5/master-realm.json b/...s/exported-realm/26.0.1/master-realm.json → ...s/exported-realm/26.0.5/master-realm.json