Commit Graph

95 Commits

Author SHA1 Message Date
Martin Bartoš
83001e4024 OTelHttpClientFactory not configured properly when tracing enabled
Closes #38740

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2025-04-08 17:04:23 +00:00
vramik
602258d935 [FGAP] Switch the feature from Experimental to Supported
Closes #38651

Signed-off-by: vramik <vramik@redhat.com>
2025-04-08 13:00:47 -03:00
Pedro Igor
79b533ee02 Allow managing client authorization settings is manage scope is granted for clients
Closes #38726

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-08 13:07:48 +02:00
Pedro Igor
be880ae204 Do not cache partial results when FGAP is enabled
Closes #38705

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-08 08:22:22 +02:00
Pedro Igor
87430fc181 Add impersonate-members scope to group resource type
Closes #38566

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-07 14:56:27 +00:00
Pedro Igor
d98ca0a2a2 Make sure searches by identifiers are filtered
Closes #38679

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-07 14:59:43 +02:00
Lukas Hanusovsky
f5323fec24 [Test framework] AdminConsoleWhoAmILocaleTest migration (#38158)
* Moving files to the new test suite

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Move AdminConsoleWhoAmILocaleTest.java, DeclarativeUserTest.java to the new testsuite

Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2025-04-07 12:45:52 +02:00
Šimon Vacek
2f852b4b9a Move ClientRolesTest to the new testsuite (#38505)
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-04-07 12:34:49 +02:00
vramik
6488890585 [FGAP:V2] remove configure scope from Client resource type
Closes #38567

Signed-off-by: vramik <vramik@redhat.com>
2025-04-07 07:05:02 -03:00
Pedro Igor
e5ff19b327 Adding missing fgap filtering to user count methods
Closes #38510

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-04 14:21:57 +02:00
Pedro Igor
9f079f7874 Permission checks that do not check a specific client should check the permissions granted to the client resource type
Closes #38653

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-03 17:00:47 +00:00
vramik
8127a9da60 [FGAP] Allow user creation when the admin has permission to manage-members and manage-membership for all existing groups defined in UserRepresentation
Closes #38269

Signed-off-by: vramik <vramik@redhat.com>
2025-04-03 12:08:46 -03:00
Pedro Igor
dbb0179a93 Aligning partial evaluation with the outcome from regular evaluations
Closes #38626

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-03 12:07:30 -03:00
Pedro Igor
29d3dcb49a Do not allow delete the FGAP client
Closes #38644

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-03 14:57:06 +02:00
vramik
f12fa0b5bb [FGAP] remove transitiveness from auth scopes
Closes #38557

Signed-off-by: vramik <vramik@redhat.com>
2025-04-02 16:56:25 -03:00
Pedro Igor
61cb0acbc4 Fixing inconsistencies when evaluating permission in the evaluation tab
Closes #38498

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-01 11:40:27 -03:00
Václav Muzikář
2a0ce46471 Prevent frontend endpoint redirect to admin endpoint (#38464)
Closes #38463

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2025-03-28 18:44:43 +01:00
Pedro Igor
78aa8b486f User not visible when permission with different scope exists
Closes #38369

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-03-27 08:01:04 -03:00
Pedro Igor
75651ff5c0 Partial evaluation processing only permissions with scope view
Closes #38436

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-03-27 08:01:04 -03:00
Pedro Igor
26c90f369f Support for partial evaluation for clients
Closes #38393

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-03-25 09:04:12 -03:00
Pedro Igor
1c57035d41 Support partial evaluation for the group resource type
Closes #38273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-03-24 11:49:53 -03:00
vramik
a72d15b857 PartialEvaluator ignores view-* and manage-* roles
Closes #38284

Signed-off-by: vramik <vramik@redhat.com>
2025-03-24 08:30:59 -03:00
Sebastian Rose
4fb1c41155 Sending Mails via SMTP and XOAUTH2 authentication mechanism
Closes #17432

Signed-off-by: Sebastian Rose <sebastian.rose@gmail.com>
2025-03-21 10:12:18 +01:00
Pedro Igor
ed809d7884 Filtering not working when using view-member permission with a permission that denies access to a resource
Closes #38304

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-03-20 17:06:51 -03:00
Stian Thorgersen
d7e3d480fb Sort test classes by server config (#38215)
Signed-off-by: stianst <stianst@gmail.com>
2025-03-20 10:41:31 +01:00
Pedro Igor
a4000575a4 Initial support for partial evaluation
Closes #38085

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-03-19 13:30:52 -03:00
Stian Thorgersen
ccbc1fa9ab Simplify TimeOffsetTest to just check time is set, rather than using events which is expensive
Closes #38180

Signed-off-by: stianst <stianst@gmail.com>
2025-03-18 15:28:05 +00:00
Simon Vacek
546724ddf8 Move AdminEventTest.java, LoginEventsTest.java to the new testsuite
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>

# Conflicts:
#	test-framework/core/src/main/java/org/keycloak/testframework/realm/RealmConfigBuilder.java
2025-03-17 12:38:57 +01:00
Simon Vacek
d6561cff1b Moving files to the new test suite
Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-17 12:38:57 +01:00
Simon Vacek
723f191a86 Move InitialAccessTokenResourceTest.java, RoleByIdResourceTest.java, TimeOffsetTest.java to the new testsuite
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-14 10:26:58 +01:00
Simon Vacek
578a63ca03 Moving files to the new test suite
Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-14 10:26:58 +01:00
Simon Vacek
62cff80c5e Move CrossRealmPermissionsTest.java to the new testsuite
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-14 10:25:26 +01:00
Simon Vacek
6efccbffdc Moving files to the new test suite
Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-14 10:25:26 +01:00
Simon Vacek
e1fdd1dab6 Move ServiceAccountClientTest.java to the new testsuite
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-14 10:21:02 +01:00
Simon Vacek
e8d3d142df Moving files to the new test suite
Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-14 10:21:02 +01:00
Pedro Igor
70114e249a Fix showing resource display name when listing permissions
Closes #38027

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-03-13 13:05:15 -03:00
Lukas Hanusovsky
8f0bc985f6 [Test framework] AttackDetectionResourceTest migration (#38010)
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2025-03-13 13:50:24 +01:00
vramik
872a691757 Remove permissions and resources when their corresponding objects are deleted
Closes #37242

Signed-off-by: vramik <vramik@redhat.com>
2025-03-11 14:58:03 -03:00
Lukas Hanusovsky
89980e0971 [Test framework] AdminEventAuthDetailsTest migration (#37910)
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2025-03-11 08:22:07 +01:00
Miquel Simon
7c0187cbc5 Migrate UserTests to the new framework (#37654)
* Move UsersTest to the new testsuite

Part of #34494

Signed-off-by: Miquel Simon <msimonma@redhat.com>

* Move UsersTest to the new testsuite

Part of #34494

Signed-off-by: Miquel Simon <msimonma@redhat.com>

---------

Signed-off-by: Miquel Simon <msimonma@redhat.com>
2025-03-10 09:25:21 +01:00
Martin Kanis
f41ee2fdc6 Add Role resource type and its scopes to authorization schema
Closes #35565

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2025-03-06 09:09:35 -03:00
Šimon Vacek
497a1141a7 Move GroupSearchTest.java to the new testsuite (#37836)
* Move GroupSearchTest.java to the new testsuite

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Move GroupSearchTest to the new testsuite

Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-06 06:49:04 +01:00
Šimon Vacek
ff2ce16d5f Move DeclarativeUserTest.java to the new testsuite (#37724)
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-03 09:42:24 +01:00
Lukas Hanusovsky
f6fc5b6258 [Test framework MVP] SMTPConnectionTest + SMTPConnectionVaultTest (#35230)
* [Test framework MVP] SMTPConnectionTest - mv

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* [Test framework MVP] SMTPConnectionTest + SMTPConnectionVaultTest

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2025-03-03 09:31:47 +01:00
Šimon Vacek
75b23a3450 Migrate ClientScopeTest (#37603)
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-03-03 08:59:11 +01:00
Lukas Hanusovsky
ac175f585b [Test framework] AuthzCleanupTest (#37632)
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2025-03-03 08:52:46 +01:00
Stian Thorgersen
c22f76867f Move doLogin to AbstractOAuthClient (#37638)
Closes #37637

Signed-off-by: stianst <stianst@gmail.com>
2025-02-26 12:34:03 +01:00
Agnieszka Gancarczyk
6587f5f76e Added UI support for Clients and Groups resource types (#37379)
* removed policyId from permission search form

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* Adding support for Clients and Groups resource types

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* Adding support for Clients and Groups resource types

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* Added support for clients resourceType

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* Added support for creating permission based on Clients and Groups resource types

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* updated messages

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* updated messages

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* Fixing the search by resource type and resource

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing changing permissions from specific to all resources

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* made groups policy default instead of aggregate and fixed ClientSelect

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* Added error handling for authorization scope field

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* Added error handling for authorization scope field

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* improved policy creation from create permission

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* improved policy creation from create permission

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* improved policy creation from create permission

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* Improved ClientScope

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

* updated GroupSelect

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>

---------

Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-02-24 08:12:09 -03:00
Šimon Vacek
d31f1ad3f4 Migrate ClientProtocolMapperTest, ClientScopeProtocolMapperTest (#37534)
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
2025-02-24 09:00:39 +01:00
Lukas Hanusovsky
4c172d99d2 [Test framework] Moving provider classes to specific package (#37484)
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2025-02-19 11:00:36 +00:00