keycloak-nodejs-admin-client icon indicating copy to clipboard operation
keycloak-nodejs-admin-client copied to clipboard

Published 20 hours ago verified publisher icon keycloak

PolicyRepresentation should have specific extended interface for Role Policies

Open harrylepotter-win opened this issue 3 years ago • 4 comments

Is your feature request related to a problem? Please describe. Attempting to create a role-based policy by putting the role requirements in the config object defined in PolicyRepresentation causes an unknown error response from keycloak.

Example code:

          await this.kcAdminClient.clients.createPolicy({
            id: 'e7232c1b-c8bb-4ead-bdac-53522d49dfc1',
            type: 'role',
            realm: this.realm
          }, {
            name: 'prpfoobar',
            description: 'created by aphex',
            type: 'role',
            logic: Logic.POSITIVE,
            decisionStrategy: DecisionStrategy.UNANIMOUS,
            config:{
                roles: [{id: "49d3724c-1e52-41cd-8479-78d2e46995a8", required: true}]
            }
          });

However, if you put this at a root level object, everything works fine:

          await this.kcAdminClient.clients.createPolicy({
            id: 'e7232c1b-c8bb-4ead-bdac-53522d49dfc1',
            type: 'role',
            realm: this.realm
          }, {
            name: 'prpfoobar',
            description: 'created by aphex',
            type: 'role',
            logic: Logic.POSITIVE,
            decisionStrategy: DecisionStrategy.UNANIMOUS,
            //@ts-expect-error
            roles: [{id: "49d3724c-1e52-41cd-8479-78d2e46995a8", required: true}]
          });

Describe the solution you'd like Ideally there would be <T extends PolicyRepresentation> for Role, Group, User, JS policies

Describe alternatives you've considered Loading up the object works fine, but we need to use @ts-expect-error or create our own internal interface to deal with this

Additional context None

harrylepotter-win avatar May 31 '21 03:05 harrylepotter-win

when you put it at the root level isn't it then ignored by the server?

edewit avatar Jun 10 '21 06:06 edewit

nope.. that seems to work fine.

harrylepotter-win avatar Jun 10 '21 06:06 harrylepotter-win

right I see there is also the type: RolePolicyRepresentation that it should use here instead, guess it's hard to use types here there are 12 different policy implementations

edewit avatar Jun 10 '21 06:06 edewit

I just had the same problem and I found #483, which should solve this issue.

ninogresenz avatar Jun 17 '22 15:06 ninogresenz