From a403ca0cf8d8eec99c7e05f31e0cbfdaa2d10e0c Mon Sep 17 00:00:00 2001 From: Tolya Date: Tue, 5 Nov 2024 21:42:18 +0300 Subject: [PATCH] Added check for keycloak26 client attributes. Rename exported realm folder. --- .../config/service/ImportClientsIT.java | 21 +++++++++++++++---- .../{26.0.1 => 26.0.5}/master-realm.json | 0 2 files changed, 17 insertions(+), 4 deletions(-) rename src/test/resources/import-files/exported-realm/{26.0.1 => 26.0.5}/master-realm.json (100%) diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java index c6e92dfae..c3e839c29 100644 --- a/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java +++ b/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java @@ -1608,13 +1608,14 @@ void shouldAddAuthzPoliciesForRealmManagement() throws IOException { assertThat(client.getAuthorizationServicesEnabled(), is(true)); assertThat(client.isFrontchannelLogout(), is(false)); assertThat(client.getProtocol(), is("openid-connect")); - assertThat(client.getAttributes(), anEmptyMap()); assertThat(client.getAuthenticationFlowBindingOverrides(), anEmptyMap()); assertThat(client.isFullScopeAllowed(), is(false)); assertThat(client.getNodeReRegistrationTimeout(), is(0)); assertThat(client.getDefaultClientScopes(), containsInAnyOrder("web-origins", "profile", "roles", "email")); assertThat(client.getOptionalClientScopes(), containsInAnyOrder("address", "phone", "offline_access", "microprofile-jwt")); + checkClientAttributes(client); + String[] clientsIds = new String[]{clientFineGrainedPermissionId}; String[] scopeNames = new String[]{ "manage", @@ -1750,13 +1751,14 @@ void shouldUpdateAuthzPoliciesForRealmManagement() throws IOException { assertThat(client.getAuthorizationServicesEnabled(), is(true)); assertThat(client.isFrontchannelLogout(), is(false)); assertThat(client.getProtocol(), is("openid-connect")); - assertThat(client.getAttributes(), anEmptyMap()); assertThat(client.getAuthenticationFlowBindingOverrides(), anEmptyMap()); assertThat(client.isFullScopeAllowed(), is(false)); assertThat(client.getNodeReRegistrationTimeout(), is(0)); assertThat(client.getDefaultClientScopes(), containsInAnyOrder("web-origins", "profile", "roles", "email")); assertThat(client.getOptionalClientScopes(), containsInAnyOrder("address", "phone", "offline_access", "microprofile-jwt")); + checkClientAttributes(client); + String[] clientsIds = new String[]{clientFineGrainedPermissionId, clientZFineGrainedPermissionWithoutIdId}; String[] scopeNames = new String[]{ "manage", @@ -1876,13 +1878,14 @@ void shouldRemoveClientAndAuthzPoliciesForRealmManagement() throws IOException { assertThat(client.getAuthorizationServicesEnabled(), is(true)); assertThat(client.isFrontchannelLogout(), is(false)); assertThat(client.getProtocol(), is("openid-connect")); - assertThat(client.getAttributes(), anEmptyMap()); assertThat(client.getAuthenticationFlowBindingOverrides(), anEmptyMap()); assertThat(client.isFullScopeAllowed(), is(false)); assertThat(client.getNodeReRegistrationTimeout(), is(0)); assertThat(client.getDefaultClientScopes(), containsInAnyOrder("web-origins", "profile", "roles", "email")); assertThat(client.getOptionalClientScopes(), containsInAnyOrder("address", "phone", "offline_access", "microprofile-jwt")); + checkClientAttributes(client); + String[] clientsIds = new String[]{clientZFineGrainedPermissionWithoutIdId}; String[] scopeNames = new String[]{ "manage", @@ -1985,13 +1988,14 @@ void shouldRemoveAuthzPoliciesForRealmManagement() throws IOException { assertThat(client.getAuthorizationServicesEnabled(), is(true)); assertThat(client.isFrontchannelLogout(), is(false)); assertThat(client.getProtocol(), is("openid-connect")); - assertThat(client.getAttributes(), anEmptyMap()); assertThat(client.getAuthenticationFlowBindingOverrides(), anEmptyMap()); assertThat(client.isFullScopeAllowed(), is(false)); assertThat(client.getNodeReRegistrationTimeout(), is(0)); assertThat(client.getDefaultClientScopes(), containsInAnyOrder("web-origins", "profile", "roles", "email")); assertThat(client.getOptionalClientScopes(), containsInAnyOrder("address", "phone", "offline_access", "microprofile-jwt")); + checkClientAttributes(client); + ResourceServerRepresentation authorizationSettings = client.getAuthorizationSettings(); assertThat(authorizationSettings.isAllowRemoteResourceManagement(), is(false)); assertThat(authorizationSettings.getPolicyEnforcementMode(), is(PolicyEnforcementMode.ENFORCING)); @@ -2679,4 +2683,13 @@ private void createRemoteManagedClientResource(String realm, String clientId, St authzClient.protection().resource().create(resource); } + + private void checkClientAttributes(ClientRepresentation client) { + if (VersionUtil.lt(KEYCLOAK_VERSION, "26")) { + assertThat(client.getAttributes(), anEmptyMap()); + } else { + // https://github.com/keycloak/keycloak/pull/30433 Added attribute to recognize realm client + assertThat(client.getAttributes(), hasEntry("realm_client", "true")); + } + } } diff --git a/src/test/resources/import-files/exported-realm/26.0.1/master-realm.json b/src/test/resources/import-files/exported-realm/26.0.5/master-realm.json similarity index 100% rename from src/test/resources/import-files/exported-realm/26.0.1/master-realm.json rename to src/test/resources/import-files/exported-realm/26.0.5/master-realm.json