* Require clientId in the payload
Closes#47524
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Require 'protocol' field to be specified
Closes#47579
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Client API v2 CLI Client: Jakarta validation errors are not handled
Closes#47574
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Use getRequest() for POST in test
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Create more validation tests for PUT/PATCH logic
Closes#47058
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Test for trying to change the protocol for existing client
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* PATCH tests do not extend PUT tests
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Introduce the ProtocolUnmofidiedValidator
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Accomodate changes for the protocol unmodified validator
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Closes: https://github.com/keycloak/keycloak/issues/47166
* Closes: https://github.com/keycloak/keycloak/issues/47311
Provides basic Client API v2 CLI client.
Supports:
- client operations: create, patch, list, delete, get, update
- authetication options matching those of v1 CLI
Omitted changes:
- documentation, we do not advertise this new client and it is hidden behind `--v2` flag that is not mentioned anywhere in doc or help, hence invisible; until we implement remaining https://github.com/keycloak/keycloak/issues/45366 tasks
- "config" subcommand is shared between v1 and v2, hence its printed "help" follows the v1 style to keep status quo
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* Closes: https://github.com/keycloak/keycloak/issues/47299
We propagate Java representation properties description placed in `JsonPropertyDescription` to the schema property description.
This will enable CLI client to show correct description for CLI command arguments.
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* UUIDs and update validations for Client v2
Closes#46531Closes#47034
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
* Expand on comments, simplify validation
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
* Relax the UUID validation so it passes if UUID is unchanged
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
* Additional validation for PUT create
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
* Validate full rep when doing PATCH
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
* added test that verifies that Clients are created/updated with v1 are read correctly with v2
fixes: #46541
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* moved cleanup to finally block and removed debug statements
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* refactored to make it more simple
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Update rest/admin-v2/tests/src/test/java/org/keycloak/tests/admin/client/v2/InteropTest.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update rest/admin-v2/tests/src/test/java/org/keycloak/tests/admin/client/v2/InteropTest.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update rest/admin-v2/tests/src/test/java/org/keycloak/tests/admin/mapper/ClientRepresentationComparator.java
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* add saml tests
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* refactored and PR comments
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* use constants instead of strings
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added roles test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* copilot review
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
* added validation context that holds session and realm
relates: #43296
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added static method to unwarp so that one can use it more easy
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* New client service - DELETE - delete individual client
Closes#46783
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Propagate the error message + add test
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* More fine-grained handling of createOrUpdate in client service
Closes#46806
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Add comment to the PATCH strategy
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Add v2 admin event support to Client Admin API
Introduce AdminEventV2Builder to fire admin events with apiVersion=v2
detail marker, allowing consumers to distinguish v2 API events from v1.
- Add AdminEventV2Builder class for creating v2 admin events
- Modify DefaultClientService to fire v2 events on client create/update
- Pass AdminAuth through API chain for proper event authentication context
- Add tests verifying v2 events contain correct operation type and format
Closes#46123
Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added github comments
Extended AdminEventBuilder, now accepts AdimPermissionEvaluator instead
of AdminAuth
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Refactor admin builder v2, mask sensitive info, improve tests
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Apply suggestions from code review
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Apply suggestion from @mabartos
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed imports
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed merge error
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Polish constructors, disable events by default
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Public visibility for detail key, add test case for PATCH
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* Handle patch logic in the service + ServiceExceptionMapper
Closes#46328Closes#46329
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Revert back the consumes of the Patch
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Be more defensive for the JSON Merge Patch
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* [admin-v2] Enable client generators to create proper class hierarchies with inheritance
Closes: #46158
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
* Addressing reviews
* add additionalFileds to base representation
Closes: #46158
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
---------
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
* Added typescript based module for the client admin v2
Based on the new openapi client admin api this module can be generated
based on the defenition.
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* now uses openapitools to generate and moved it into the existing module for better adoption
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed back to use kiota as it offers a nicer fluent api
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed build
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* better api
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* removed base representation filter
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added flag to explicited enable v2
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* re-run generation
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* enable client-admin-api:v2 in PR CI tests
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* fix JS OpenAPI generation on Windows
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* remove unnecessary statement from generate.ts
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* Fix Windows line endings in JS OpenAPI post-processing
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added better validation and more validation tests
fixes: #46271
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Use getClientsApiUrl() in tests
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* refactored removed duplication
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added test for update
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* Missing anti-ID phishing check for getting client
Closes#46010
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Avoid any other phishing based on error message, for PATCH + improve service exceptions
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Ensure no ID phishing for DELETE
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* added validation tests for client v2
releates: #43296
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added specific error messeages to check
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* initial version of the policy v2 policy test
fixes: #46074
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Extract client profile/policy to dedicated method
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* removed test method prefix
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Closes#45838
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Closes#45727
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
* Add tests for mappers and representation for the admin v2
Fixes: #45277
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed OIDCClientModelMapper into an integration test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* PR review comments
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Update rest/admin-v2/tests/pom.xml
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update rest/admin-v2/tests/pom.xml
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update rest/admin-v2/tests/pom.xml
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update rest/admin-v2/tests/pom.xml
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* Add SAML client model mapper for admin-v2 API
Implements mapper and factory for converting between SAMLClientModel
and SAMLClientRepresentation, including support for SAML-specific
attributes like signature algorithms, name ID formats, and certificates.
Fixes#44853
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* updated test to test specific Saml and Oidc fields
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fix test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* [admin-api-v2] Incorrect DTO/DAO mapping
Closes#44586
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Handle roles and service account operations, cleanup service contract
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* task: use client v1 logic for v2 impl
closes: #43733
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing the provider module
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Closes#43224
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>
