* Add v2 admin event support to Client Admin API
Introduce AdminEventV2Builder to fire admin events with apiVersion=v2
detail marker, allowing consumers to distinguish v2 API events from v1.
- Add AdminEventV2Builder class for creating v2 admin events
- Modify DefaultClientService to fire v2 events on client create/update
- Pass AdminAuth through API chain for proper event authentication context
- Add tests verifying v2 events contain correct operation type and format
Closes#46123
Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added github comments
Extended AdminEventBuilder, now accepts AdimPermissionEvaluator instead
of AdminAuth
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Refactor admin builder v2, mask sensitive info, improve tests
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Apply suggestions from code review
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Apply suggestion from @mabartos
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed imports
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed merge error
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Polish constructors, disable events by default
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Public visibility for detail key, add test case for PATCH
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* Handle patch logic in the service + ServiceExceptionMapper
Closes#46328Closes#46329
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Revert back the consumes of the Patch
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Be more defensive for the JSON Merge Patch
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* [admin-v2] Enable client generators to create proper class hierarchies with inheritance
Closes: #46158
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
* Addressing reviews
* add additionalFileds to base representation
Closes: #46158
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
---------
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
* Added typescript based module for the client admin v2
Based on the new openapi client admin api this module can be generated
based on the defenition.
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* now uses openapitools to generate and moved it into the existing module for better adoption
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed back to use kiota as it offers a nicer fluent api
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fixed build
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* better api
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* removed base representation filter
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added flag to explicited enable v2
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* re-run generation
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* enable client-admin-api:v2 in PR CI tests
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* fix JS OpenAPI generation on Windows
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* remove unnecessary statement from generate.ts
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* Fix Windows line endings in JS OpenAPI post-processing
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added better validation and more validation tests
fixes: #46271
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Use getClientsApiUrl() in tests
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* refactored removed duplication
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added test for update
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* Missing anti-ID phishing check for getting client
Closes#46010
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Avoid any other phishing based on error message, for PATCH + improve service exceptions
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Ensure no ID phishing for DELETE
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* added validation tests for client v2
releates: #43296
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* added specific error messeages to check
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* initial version of the policy v2 policy test
fixes: #46074
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Extract client profile/policy to dedicated method
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* removed test method prefix
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Closes#45838
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Closes#45727
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
* Add tests for mappers and representation for the admin v2
Fixes: #45277
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* changed OIDCClientModelMapper into an integration test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* PR review comments
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Update rest/admin-v2/tests/pom.xml
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update rest/admin-v2/tests/pom.xml
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update rest/admin-v2/tests/pom.xml
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
* Update rest/admin-v2/tests/pom.xml
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* Add SAML client model mapper for admin-v2 API
Implements mapper and factory for converting between SAMLClientModel
and SAMLClientRepresentation, including support for SAML-specific
attributes like signature algorithms, name ID formats, and certificates.
Fixes#44853
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* updated test to test specific Saml and Oidc fields
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* fix test
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* [admin-api-v2] Incorrect DTO/DAO mapping
Closes#44586
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Handle roles and service account operations, cleanup service contract
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* task: use client v1 logic for v2 impl
closes: #43733
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing the provider module
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Closes#43224
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>
- UIRealmResource: add "info" sub-resource to get realm-related information, which is visible for ALL admins (users having any realm-management role); for now, only provide the information whether any user profile provider is enabled
- UIRealmResourceTest: test the new endpoint, including permissions check
- UserDataTable.tsx: use this resource to get the info whether user profile providers are enabled, instead of using the realm components resource (which requires "view-realm" permissions)
- .../cypress/e2e/users_attribute_search_test.spec.ts: add cypress test to test the attribute search with minimum access rights
- further small changes for reuse of components, test-code etc
Closes#27536
Signed-off-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.com>
