org.keycloak.representations.idm.RealmRepresentation Java Examples

@Test
public void testAddUsersWithDuplicateEmailsAllowed() {
    
    RealmRepresentation realmRep = testRealmResource().toRepresentation();
    realmRep.setDuplicateEmailsAllowed(true);
    testRealmResource().update(realmRep);
            
    assertAdminEvents.clear();

    setFail();
    addUsers();
    doImport();
    
    UserRepresentation user = createUserRepresentation(USER_PREFIX + 999, USER_PREFIX + 1 + "@foo.com", "foo", "bar", true);
    piRep.setUsers(Arrays.asList(user));
    
    PartialImportResults results = doImport();
    assertEquals(1, results.getAdded());
}
 

@Test
@Order(0)
void shouldCreateRealmWithUser() {
    doImport("00_create_realm_with_user.json");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();

    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));

    UserRepresentation createdUser = keycloakRepository.getUser(REALM_NAME, "myuser");
    assertThat(createdUser.getUsername(), is("myuser"));
    assertThat(createdUser.getEmail(), is("[email protected]"));
    assertThat(createdUser.isEnabled(), is(true));
    assertThat(createdUser.getFirstName(), is("My firstname"));
    assertThat(createdUser.getLastName(), is("My lastname"));

    Map<String, List<String>> createdUserAttributes = createdUser.getAttributes();
    assertThat(createdUserAttributes, notNullValue());
    assertThat(createdUserAttributes.get("locale"), contains("de"));
}
 

@Test
@Order(11)
void shouldUpdateRealmUpdateGroupAddClientRole() {
    doImport("11_update_realm_update_group_add_client_role.json");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();
    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));

    GroupRepresentation updatedGroup = loadGroup("/My Group");
    assertThat("name not equal", updatedGroup.getName(), is("My Group"));
    assertThat("path not equal", updatedGroup.getPath(), is("/My Group"))
    ;
    assertThat("attributes is null", updatedGroup.getAttributes(), aMapWithSize(1));
    assertThat("attributes is null", updatedGroup.getAttributes(), hasEntry(is("my added attribute"), containsInAnyOrder("my added attribute value")));

    assertThat("realm roles is null", updatedGroup.getRealmRoles(), contains("my_realm_role"));
    assertThat("client roles is null", updatedGroup.getClientRoles(), aMapWithSize(1));
    assertThat("client roles is null", updatedGroup.getClientRoles(), hasEntry(is("moped-client"), containsInAnyOrder("my_client_role")));
    assertThat("subgroups not empty", updatedGroup.getSubGroups(), hasSize(0));
}
 

@Test
@Order(1)
void shouldCreateRealmWithComponent() {
    doImport("00_create_realm_with_component.json");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();

    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));

    ComponentRepresentation rsaComponent = getComponent(
            "org.keycloak.keys.KeyProvider",
            "rsa-generated"
    );

    assertThat(rsaComponent.getName(), is("rsa-generated"));
    assertThat(rsaComponent.getProviderId(), is("rsa-generated"));
    MultivaluedHashMap<String, String> componentConfig = rsaComponent.getConfig();

    List<String> keySize = componentConfig.get("keySize");
    assertThat(keySize, hasSize(1));
    assertThat(keySize.get(0), is("4096"));
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmBuilder realm = RealmBuilder.create().name("test").testEventListener();
    client1Uuid = KeycloakModelUtils.generateId();
    realm.client(ClientBuilder.create().id(client1Uuid).clientId("client1").publicClient().directAccessGrants());

    admin1Id =  KeycloakModelUtils.generateId();
    realm.user(UserBuilder.create().id(admin1Id).username("admin1").password("password").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN));

    admin2Id =  KeycloakModelUtils.generateId();
    realm.user(UserBuilder.create().id(admin2Id).username("admin2").password("password").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN));

    appUserId =  KeycloakModelUtils.generateId();
    realm.user(UserBuilder.create().id(appUserId).username("app-user").password("password"));

    testRealms.add(realm.build());
}
 

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testAuthEnabledAndSavedCredentials() throws Exception {
    RealmRepresentation realmRep = realm.toRepresentation();
    Map<String, String> oldSmtp = realmRep.getSmtpServer();
    try {
        realmRep.setSmtpServer(smtpMap("127.0.0.1", "3025", "[email protected]", "true", null, null,
                "admin@localhost", SMTP_PASSWORD, null, null));
        realm.update(realmRep);

        greenMailRule.credentials("admin@localhost", "admin");
        Response response = realm.testSMTPConnection(settings("127.0.0.1", "3025", "[email protected]", "true", null, null,
                "admin@localhost", SECRET_VALUE));
        assertStatus(response, 204);
    } finally {
        // Revert SMTP back
        realmRep.setSmtpServer(oldSmtp);
        realm.update(realmRep);
    }
}
 

@Test
@Order(9)
void shouldUpdateRealmUpdateGroupAddAttribute() {
    doImport("09_update_realm_update_group_add_attribute.json");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();
    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));

    GroupRepresentation updatedGroup = loadGroup("/My Group");
    assertThat("name not equal", updatedGroup.getName(), is("My Group"));
    assertThat("path not equal", updatedGroup.getPath(), is("/My Group"));

    assertThat("attributes is null", updatedGroup.getAttributes(), aMapWithSize(1));
    assertThat("attributes is null", updatedGroup.getAttributes(), hasEntry(is("my added attribute"), containsInAnyOrder("my added attribute value")));

    assertThat("realm roles is null", updatedGroup.getRealmRoles(), hasSize(0));
    assertThat("client roles is null", updatedGroup.getClientRoles(), aMapWithSize(0));
    assertThat("subgroups not empty", updatedGroup.getSubGroups(), hasSize(0));
}
 

private void createBaeldungRealm() {
    KeycloakSession session = getSessionFactory().create();

    try {
        session.getTransactionManager()
            .begin();

        RealmManager manager = new RealmManager(session);
        Resource lessonRealmImportFile = new ClassPathResource(keycloakServerProperties.getRealmImportFile());

        manager.importRealm(JsonSerialization.readValue(lessonRealmImportFile.getInputStream(), RealmRepresentation.class));

        session.getTransactionManager()
            .commit();
    } catch (Exception ex) {
        LOG.warn("Failed to import Realm json file: {}", ex.getMessage());
        session.getTransactionManager()
            .rollback();
    }

    session.close();
}
 

@Test
@Order(16)
void shouldAddClientRoleWithRealmRoleComposite() {
    doImport("16_update_realm__add_client_role_with_realm_role_composite.json");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();

    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));

    RoleRepresentation realmRole = keycloakRepository.getClientRole(
            REALM_NAME,
            "moped-client",
            "my_composite_moped_client_role"
    );

    assertThat(realmRole.getName(), is("my_composite_moped_client_role"));
    assertThat(realmRole.isComposite(), is(true));
    assertThat(realmRole.getClientRole(), is(true));
    assertThat(realmRole.getDescription(), is("My composite moped-client role"));

    RoleRepresentation.Composites composites = realmRole.getComposites();
    assertThat(composites, notNullValue());
    assertThat(composites.getRealm(), contains("my_realm_role"));
    assertThat(composites.getClient(), is(nullValue()));
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    super.addTestRealms(testRealms);
    testRealm = testRealms.get(0);
    testRealm.setUserManagedAccessAllowed(true);

    testRealm.setUsers(Lists.asList("admin", userNames).stream().map(this::createUser).collect(Collectors.toList()));

    ClientRepresentation client = ClientBuilder.create()
            .clientId("my-resource-server")
            .authorizationServicesEnabled(true)
            .serviceAccountsEnabled(true)
            .secret("secret")
            .name("My Resource Server")
            .baseUrl("http://resourceserver.com")
            .directAccessGrants().build();

    testRealm.setClients(singletonList(client));
}
 

@Test
// KEYCLOAK-2700
public void deleteRealmWithDefaultGroups() throws IOException {
    RealmRepresentation rep = new RealmRepresentation();
    rep.setRealm("foo");

    GroupRepresentation group = new GroupRepresentation();
    group.setName("default1");
    group.setPath("/default1");

    rep.setGroups(Collections.singletonList(group));
    rep.setDefaultGroups(Collections.singletonList("/default1"));

    adminClient.realms().create(rep);

    adminClient.realm(rep.getRealm()).remove();
}
 

@Test
@Order(24)
void shouldUpdateRealmUpdateGroupAddSecondClientRole() {
    doImport("24_update_realm_update_group_delete_add_second_client_role.json");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();
    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));

    GroupRepresentation updatedGroup = loadGroup("/My Group");
    assertThat("name not equal", updatedGroup.getName(), is("My Group"));
    assertThat("path not equal", updatedGroup.getPath(), is("/My Group"));

    assertThat("attributes roles is null", updatedGroup.getAttributes(), aMapWithSize(1));
    assertThat("attributes roles is null", updatedGroup.getAttributes(),
            hasEntry(is("my changed attribute"), containsInAnyOrder("my changed attribute value")));
    assertThat("realm roles is null", updatedGroup.getRealmRoles(), hasSize(0));

    assertThat("client roles is null", updatedGroup.getClientRoles(), aMapWithSize(1));
    assertThat("client roles is null", updatedGroup.getClientRoles(), hasEntry(is("moped-client"), containsInAnyOrder("my_client_role", "my_second_client_role")));

    List<GroupRepresentation> subGroups = updatedGroup.getSubGroups();
    assertThat("subgroups is empty", subGroups, hasSize(1));

    GroupRepresentation subGroup = subGroups.get(0);
    assertThat("subgroup is null", subGroup, notNullValue());
    assertThat("subgroup's name not equal", subGroup.getName(), is("My SubGroup"));
    assertThat("subgroup's path not equal", subGroup.getPath(), is("/My Group/My SubGroup"));
    assertThat("subgroup's attributes is null", subGroup.getAttributes(), aMapWithSize(0));
    assertThat("subgroup's realm roles is null", subGroup.getRealmRoles(), hasSize(0));
    assertThat("subgroup's client roles is null", subGroup.getClientRoles(), aMapWithSize(0));
    assertThat("subgroup's subgroups is null", subGroup.getSubGroups(), hasSize(0));
}
 

private void createOrUpdateScopeMappings(RealmImport realmImport) {
    List<ScopeMappingRepresentation> scopeMappingsToImport = realmImport.getScopeMappings();
    if (scopeMappingsToImport == null) return;

    String realm = realmImport.getRealm();
    RealmRepresentation existingRealm = realmRepository.partialExport(realm, true, true);
    List<ScopeMappingRepresentation> existingScopeMappings = existingRealm.getScopeMappings();

    createOrUpdateRolesInScopeMappings(realm, scopeMappingsToImport, existingScopeMappings);

    if (importConfigProperties.getManaged().getScopeMapping() == ImportManagedPropertiesValues.FULL) {
        cleanupRolesInScopeMappingsIfNecessary(realm, scopeMappingsToImport, existingScopeMappings);
    }
}
 

private boolean hasRealmRole(RealmRepresentation rep, String roleName) {
    if (rep.getRoles() == null || rep.getRoles().getRealm() == null) {
        return false;
    }

    for (RoleRepresentation role : rep.getRoles().getRealm()) {
        if (roleName.equals(role.getName())) {
            return true;
        }
    }

    return false;
}
 

@Test
@Order(15)
void shouldChangeResetCredentialsFlow() {
    doImport("10_update_realm__change_custom_reset-credentials-flow.json");

    RealmRepresentation updatedRealm = keycloakProvider.get().realm(REALM_NAME).partialExport(true, true);

    assertThat(updatedRealm.getRealm(), is(REALM_NAME));
    assertThat(updatedRealm.isEnabled(), is(true));

    assertThat(updatedRealm.getResetCredentialsFlow(), is("my reset credentials"));

    AuthenticationFlowRepresentation topLevelFlow = getAuthenticationFlow(updatedRealm, "my reset credentials");
    assertThat(topLevelFlow.getDescription(), is("My changed reset credentials for a user if they forgot their password or something"));
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    super.addTestRealms(testRealms);
    RealmRepresentation testRealmRep = testRealms.get(0);
    testRealmRep.setDisplayNameHtml("Test realm <b>HTML</b>");
    testRealmRep.setRememberMe(true);
    testRealmRep.setResetPasswordAllowed(true);
    testRealmRep.setRegistrationAllowed(true);
}
 

protected void removeAllRealmsDespiteMaster() {
    // remove all realms (accidentally left by other tests) except for master
    adminClient.realms().findAll().stream()
            .map(RealmRepresentation::getRealm)
            .filter(realmName -> ! realmName.equals("master"))
            .forEach(this::removeRealm);
    assertThat(adminClient.realms().findAll().size(), is(equalTo(1)));
}
 

@Test
@Order(24)
void shouldAddTopLevelFlowWithExecutionFlow() {
    doImport("19_update_realm__add-top-level-flow-with-execution-flow.json");

    RealmRepresentation updatedRealm = keycloakProvider.get().realm(REALM_NAME).partialExport(true, true);

    assertThat(updatedRealm.getRealm(), is(REALM_NAME));
    assertThat(updatedRealm.isEnabled(), is(true));

    AuthenticationFlowRepresentation topLevelFlow = getAuthenticationFlow(updatedRealm, "my auth flow with execution-flows");
    assertThat(topLevelFlow.getDescription(), is("My authentication flow with authentication executions"));
    assertThat(topLevelFlow.getProviderId(), is("basic-flow"));
    assertThat(topLevelFlow.isBuiltIn(), is(false));
    assertThat(topLevelFlow.isTopLevel(), is(true));

    AuthenticationFlowRepresentation nonTopLevelFlow = getAuthenticationFlow(updatedRealm, "my execution-flow");

    List<AuthenticationExecutionExportRepresentation> nonTopLevelFlowExecutions = nonTopLevelFlow.getAuthenticationExecutions();
    assertThat(nonTopLevelFlowExecutions, hasSize(2));

    AuthenticationExecutionExportRepresentation execution = getExecutionFromFlow(nonTopLevelFlow, "auth-username-password-form");
    assertThat(execution.getAuthenticator(), is("auth-username-password-form"));
    assertThat(execution.getRequirement(), is("REQUIRED"));
    assertThat(execution.getPriority(), is(0));
    assertThat(execution.isAutheticatorFlow(), is(false));

    execution = getExecutionFromFlow(nonTopLevelFlow, "auth-otp-form");
    assertThat(execution.getAuthenticator(), is("auth-otp-form"));
    assertThat(execution.getRequirement(), is("CONDITIONAL"));
    assertThat(execution.getPriority(), is(1));
    assertThat(execution.isAutheticatorFlow(), is(false));
}
 

@Test
@Order(2)
void shouldUpdateSimpleRealm() {
    doImport("1_update_login-theme_to_simple-realm.json");

    RealmRepresentation updatedRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();

    assertThat(updatedRealm.getRealm(), is(REALM_NAME));
    assertThat(updatedRealm.isEnabled(), is(true));
    assertThat(updatedRealm.getLoginTheme(), is("moped"));
    assertThat(
            updatedRealm.getAttributes().get("de.adorsys.keycloak.config.import-checksum-default"),
            is("4ac94d3adb91122979e80816a8a355a01f9c7c90a25b6b529bf2a572e1158b1c")
    );
}
 

@Before
public void initAdminEvents() {
    RealmRepresentation realmRep = RealmBuilder.edit(testRealmResource().toRepresentation()).testEventListener().build();
    realmId = realmRep.getId();
    realmRep.setDuplicateEmailsAllowed(false);
    adminClient.realm(realmRep.getRealm()).update(realmRep);

    piRep = new PartialImportRepresentation();
}
 

@Test
@Order(25)
void shouldUpdateRealmUpdateGroupRemoveClientRole() {
    doImport("25_update_realm_update_group_delete_remove_client_role.json");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();
    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));

    GroupRepresentation updatedGroup = loadGroup("/My Group");
    assertThat("name not equal", updatedGroup.getName(), is("My Group"));
    assertThat("path not equal", updatedGroup.getPath(), is("/My Group"));

    assertThat("attributes roles is null", updatedGroup.getAttributes(), aMapWithSize(1));
    assertThat("attributes roles is null", updatedGroup.getAttributes(),
            hasEntry(is("my changed attribute"), containsInAnyOrder("my changed attribute value")));
    assertThat("realm roles is null", updatedGroup.getRealmRoles(), hasSize(0));
    assertThat("client roles is null", updatedGroup.getClientRoles(), aMapWithSize(1));
    assertThat("client roles is null", updatedGroup.getClientRoles(), hasEntry(is("moped-client"), containsInAnyOrder("my_second_client_role")));

    List<GroupRepresentation> subGroups = updatedGroup.getSubGroups();
    assertThat("subgroups is empty", subGroups, hasSize(1));

    GroupRepresentation subGroup = subGroups.get(0);
    assertThat("subgroup is null", subGroup, notNullValue());
    assertThat("subgroup's name not equal", subGroup.getName(), is("My SubGroup"));
    assertThat("subgroup's path not equal", subGroup.getPath(), is("/My Group/My SubGroup"));
    assertThat("subgroup's attributes is null", subGroup.getAttributes(), aMapWithSize(0));
    assertThat("subgroup's realm roles is null", subGroup.getRealmRoles(), hasSize(0));
    assertThat("subgroup's client roles is null", subGroup.getClientRoles(), aMapWithSize(0));
    assertThat("subgroup's subgroups is null", subGroup.getSubGroups(), hasSize(0));
}
 

/**
 * Refers to in old test suite: org.keycloak.testsuite.broker.AbstractKeycloakIdentityProviderTest#testSuccessfulAuthenticationWithoutUpdateProfile_emailProvided_emailVerifyEnabled_emailTrustEnabled
 */
@Test
public void testVerifyEmailNotRequiredActionWhenEmailIsTrustedByProvider() {
    RealmResource realm = adminClient.realm(bc.consumerRealmName());
    RealmRepresentation realmRep = realm.toRepresentation();

    realmRep.setVerifyEmail(true);

    realm.update(realmRep);

    IdentityProviderRepresentation idpRep = identityProviderResource.toRepresentation();

    idpRep.setTrustEmail(true);

    identityProviderResource.update(idpRep);

    driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
    logInWithBroker(bc);

    waitForPage(driver, "update account information", false);
    updateAccountInformationPage.assertCurrent();
    updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");

    waitForAccountManagementTitle();
    accountUpdateProfilePage.assertCurrent();

    List<UserRepresentation> users = realm.users().search(bc.getUserLogin());
    assertEquals(1, users.size());
    List<String> requiredActions = users.get(0).getRequiredActions();
    assertEquals(0, requiredActions.size());
}
 

@Test
@Order(0)
void shouldCreateSimpleRealm() {
    doImport("0_create_simple-realm.yaml");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();

    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));
    assertThat(createdRealm.getLoginTheme(), is(nullValue()));
    assertThat(
            createdRealm.getAttributes().get("de.adorsys.keycloak.config.import-checksum-default"),
            is("de0fd72cce66f641973bde5a13b648582eb2a0718d2cdcd1075bb2ec464d3eb6")
    );
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation testRealmRep = new RealmRepresentation();
    testRealmRep.setId(TEST);
    testRealmRep.setRealm(TEST);
    testRealmRep.setEnabled(true);
    testRealms.add(testRealmRep);
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    super.addTestRealms(testRealms);
    RealmRepresentation realm1 = testRealms.get(0);

    realm1.addIdentityProvider(createIdentityProviderRepresentation(SOCIAL_IDP_ALIAS,
            GoogleIdentityProviderFactory.PROVIDER_ID));

    String oidcRoot = getAuthServerRoot() + "realms/" + REALM2_NAME + "/protocol/openid-connect/";

    IdentityProviderRepresentation systemIdp = createIdentityProviderRepresentation(SYSTEM_IDP_ALIAS,
            OIDCIdentityProviderFactory.PROVIDER_ID);
    systemIdp.getConfig().put("clientId", CLIENT_ID);
    systemIdp.getConfig().put("clientSecret", CLIENT_SECRET);
    systemIdp.getConfig().put("clientAuthMethod", OIDCLoginProtocol.CLIENT_SECRET_POST);
    systemIdp.getConfig().put("authorizationUrl", oidcRoot + "auth");
    systemIdp.getConfig().put("tokenUrl", oidcRoot + "token");
    realm1.addIdentityProvider(systemIdp);

    ClientRepresentation client = ClientBuilder.create()
            .clientId(CLIENT_ID)
            .secret(CLIENT_SECRET)
            .redirectUris(getAuthServerRoot() + "realms/" + TEST + "/broker/" + SYSTEM_IDP_ALIAS + "/endpoint")
            .build();

    // using REALM2 as an identity provider
    RealmRepresentation realm2 = new RealmRepresentation();
    realm2.setId(REALM2_NAME);
    realm2.setRealm(REALM2_NAME);
    realm2.setEnabled(true);
    realm2.setClients(Collections.singletonList(client));
    realm2.setUsers(Collections.singletonList(homerUser));
    testRealms.add(realm2);
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    testRealms.add(RealmBuilder.create().name("authz-test")
            .user(UserBuilder.create().username("marta").password("password"))
            .user(UserBuilder.create().username("kolo").password("password"))
            .client(ClientBuilder.create().clientId("resource-server-test")
                .secret("secret")
                .authorizationServicesEnabled(true)
                .redirectUris("http://localhost/resource-server-test")
                .defaultRoles("uma_protection")
                .directAccessGrants())
            .build());
}
 

@Test
@Order(0)
void shouldCreateSimpleRealm() {
    doImport("0_create_simple-realm.json");

    RealmRepresentation createdRealm = keycloakProvider.get().realm(REALM_NAME).toRepresentation();

    assertThat(createdRealm.getRealm(), is(REALM_NAME));
    assertThat(createdRealm.isEnabled(), is(true));
    assertThat(createdRealm.getLoginTheme(), is(nullValue()));
    assertThat(
            createdRealm.getAttributes().get("de.adorsys.keycloak.config.import-checksum-custom"),
            is("f1fa7181b84f808b5402f47c1b875195dc9b6d8a1c1f9e22227985ac63eb2ada")
    );
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmBuilder realm = RealmBuilder.create().name("test").testEventListener();

    realm.client(ClientBuilder.create().clientId("myclient").publicClient().directAccessGrants());

    impersonatedUserId = KeycloakModelUtils.generateId();

    realm.user(UserBuilder.create().id(impersonatedUserId).username("test-user@localhost"));
    realm.user(UserBuilder.create().username("realm-admin").password("password").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN));
    realm.user(UserBuilder.create().username("impersonator").password("password").role(Constants.REALM_MANAGEMENT_CLIENT_ID, ImpersonationConstants.IMPERSONATION_ROLE).role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.VIEW_USERS));
    realm.user(UserBuilder.create().username("bad-impersonator").password("password").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.MANAGE_USERS));

    testRealms.add(realm.build());
}
 

@Test
@Order(1)
void shouldAddExecutionToFlow() {
    doImport("01_update_realm__add_execution_to_flow.json");

    RealmRepresentation updatedRealm = keycloakProvider.get().realm(REALM_NAME).partialExport(true, true);

    assertThat(updatedRealm.getRealm(), is(REALM_NAME));
    assertThat(updatedRealm.isEnabled(), is(true));

    AuthenticationFlowRepresentation unchangedFlow = getAuthenticationFlow(updatedRealm, "my auth flow");
    assertThat(unchangedFlow.getDescription(), is("My auth flow for testing"));
    assertThat(unchangedFlow.getProviderId(), is("basic-flow"));
    assertThat(unchangedFlow.isBuiltIn(), is(false));
    assertThat(unchangedFlow.isTopLevel(), is(true));

    List<AuthenticationExecutionExportRepresentation> importedExecutions = unchangedFlow.getAuthenticationExecutions();
    assertThat(importedExecutions, hasSize(2));

    AuthenticationExecutionExportRepresentation importedExecution = getExecutionFromFlow(unchangedFlow, "docker-http-basic-authenticator");
    assertThat(importedExecution.getAuthenticator(), is("docker-http-basic-authenticator"));
    assertThat(importedExecution.getRequirement(), is("DISABLED"));
    assertThat(importedExecution.getPriority(), is(0));
    assertThat(importedExecution.isAutheticatorFlow(), is(false));
    importedExecution = getExecutionFromFlow(unchangedFlow, "http-basic-authenticator");
    assertThat(importedExecution.getAuthenticator(), is("http-basic-authenticator"));
    assertThat(importedExecution.getRequirement(), is("DISABLED"));
    assertThat(importedExecution.getPriority(), is(1));
    assertThat(importedExecution.isAutheticatorFlow(), is(false));
}
 

@Test
@Order(2)
void shouldChangeExecutionRequirement() {
    doImport("02_update_realm__change_execution_requirement.json");

    RealmRepresentation updatedRealm = keycloakProvider.get().realm(REALM_NAME).partialExport(true, true);

    assertThat(updatedRealm.getRealm(), is(REALM_NAME));
    assertThat(updatedRealm.isEnabled(), is(true));

    AuthenticationFlowRepresentation unchangedFlow = getAuthenticationFlow(updatedRealm, "my auth flow");
    assertThat(unchangedFlow.getDescription(), is("My auth flow for testing"));
    assertThat(unchangedFlow.getProviderId(), is("basic-flow"));
    assertThat(unchangedFlow.isBuiltIn(), is(false));
    assertThat(unchangedFlow.isTopLevel(), is(true));

    List<AuthenticationExecutionExportRepresentation> importedExecutions = unchangedFlow.getAuthenticationExecutions();
    assertThat(importedExecutions, hasSize(2));

    AuthenticationExecutionExportRepresentation importedExecution = getExecutionFromFlow(unchangedFlow, "docker-http-basic-authenticator");
    assertThat(importedExecution.getAuthenticator(), is("docker-http-basic-authenticator"));
    assertThat(importedExecution.getRequirement(), is("REQUIRED"));
    assertThat(importedExecution.getPriority(), is(0));
    assertThat(importedExecution.isAutheticatorFlow(), is(false));
    importedExecution = getExecutionFromFlow(unchangedFlow, "http-basic-authenticator");
    assertThat(importedExecution.getAuthenticator(), is("http-basic-authenticator"));
    assertThat(importedExecution.getRequirement(), is("DISABLED"));
    assertThat(importedExecution.getPriority(), is(1));
    assertThat(importedExecution.isAutheticatorFlow(), is(false));
}