fix: Fix/python version and ci (#691)

ryshoooo · web-flow · commit 8eca957e33a9 · 2026-01-08T12:09:32.000+01:00
* fix: python version to 3.10 or above, wrong return type

* test: updated tests for the latet keycloak version
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -31,7 +31,7 @@ Documentation = "https://python-keycloak.readthedocs.io/en/latest/"
 "Issue tracker" = "https://github.com/marcospereirampj/python-keycloak/issues"
 
 [tool.poetry.dependencies]
-python = ">=3.9,<4"
+python = ">=3.10,<4"
 requests = ">=2.20.0"
 requests-toolbelt = ">=0.6.0"
 deprecation = ">=2.1.0"
diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py
@@ -5429,7 +5429,7 @@ def create_authentication_flow(self, payload: dict, skip_exists: bool = False) -
             skip_exists=skip_exists,
         )
         if isinstance(res, dict) and res == {"msg": "Already exists"}:
-            return res
+            return json.dumps(res).encode()
 
         if not isinstance(res, bytes):
             msg = (
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -325,13 +325,27 @@ def oid_with_credentials_authz(
             "serviceAccountsEnabled": True,
         },
     )
+    admin.create_client_authz_resource(
+        client_id=client_id,
+        payload={"name": "Default Resource", "uris": ["/*"], "type": "urn.resource"},
+        skip_exists=True,
+    )
     admin.create_client_authz_role_based_policy(
         client_id=client_id,
         payload={
             "name": "test-authz-rb-policy",
             "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
         },
     )
+    admin.create_client_authz_resource_based_permission(
+        client_id=client_id,
+        payload={
+            "name": "default-resource-permission",
+            "resources": ["Default Resource"],
+            "policies": ["test-authz-rb-policy"],
+            "decisionStrategy": "UNANIMOUS",
+        },
+    )
     # Create user
     username = str(uuid.uuid4())
     password = str(uuid.uuid4())
diff --git a/tests/test_keycloak_admin.py b/tests/test_keycloak_admin.py
@@ -1227,8 +1227,9 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None:
 
     # Authz resources
     res = admin.get_client_authz_resources(client_id=auth_client_id)
-    assert len(res) == 1
-    assert res[0]["name"] == "Default Resource"
+    assert len(res) in [0, 1]
+    if len(res) == 1:
+        assert res[0]["name"] == "Default Resource"
 
     with pytest.raises(KeycloakGetError) as err:
         admin.get_client_authz_resources(client_id=client_id)
@@ -1258,8 +1259,8 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None:
     ) == {"msg": "Already exists"}
 
     res = admin.get_client_authz_resources(client_id=auth_client_id)
-    assert len(res) == 2
-    assert {x["name"] for x in res} == {"Default Resource", "test-resource"}
+    assert len(res) in [1, 2]
+    assert {x["name"] for x in res}.issubset({"Default Resource", "test-resource"})
 
     res = admin.create_client_authz_resource(
         client_id=auth_client_id,
@@ -1293,8 +1294,9 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None:
 
     # Authz policies
     res = admin.get_client_authz_policies(client_id=auth_client_id)
-    assert len(res) == 1, res
-    assert res[0]["name"] == "Default Policy"
+    assert len(res) in [0, 1], res
+    if len(res) == 1:
+        assert res[0]["name"] == "Default Policy"
 
     with pytest.raises(KeycloakGetError) as err:
         admin.get_client_authz_policies(client_id="does-not-exist")
@@ -1320,7 +1322,7 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None:
         payload={"name": "test-authz-rb-policy", "roles": [{"id": role_id}]},
         skip_exists=True,
     ) == {"msg": "Already exists"}
-    assert len(admin.get_client_authz_policies(client_id=auth_client_id)) == 2
+    assert len(admin.get_client_authz_policies(client_id=auth_client_id)) in [1, 2]
 
     res = admin.create_client_authz_role_based_policy(
         client_id=auth_client_id,
@@ -1363,12 +1365,13 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None:
         },
         skip_exists=True,
     ) == {"msg": "Already exists"}
-    assert len(admin.get_client_authz_policies(client_id=auth_client_id)) == 3
+    assert len(admin.get_client_authz_policies(client_id=auth_client_id)) in [2, 3]
 
     # Test authz permissions
     res = admin.get_client_authz_permissions(client_id=auth_client_id)
-    assert len(res) == 1, res
-    assert res[0]["name"] == "Default Permission"
+    assert len(res) in [0, 1], res
+    if len(res) == 1:
+        assert res[0]["name"] == "Default Permission"
 
     with pytest.raises(KeycloakGetError) as err:
         admin.get_client_authz_permissions(client_id="does-not-exist")
@@ -1395,7 +1398,7 @@ def test_clients(admin: KeycloakAdmin, realm: str) -> None:
         payload={"name": "test-permission-rb", "resources": [test_resource_id]},
         skip_exists=True,
     ) == {"msg": "Already exists"}
-    assert len(admin.get_client_authz_permissions(client_id=auth_client_id)) == 2
+    assert len(admin.get_client_authz_permissions(client_id=auth_client_id)) in [1, 2]
 
     # Test associating client policy with resource based permission
     res = admin.update_client_authz_resource_permission(
@@ -2681,10 +2684,10 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str) -> None:
     with pytest.raises(KeycloakPostError) as err:
         admin.create_authentication_flow(payload={"alias": "test-create", "builtIn": False})
     assert err.match('409: b\'{"errorMessage":"Flow test-create already exists"}\'')
-    assert admin.create_authentication_flow(
-        payload={"alias": "test-create"},
-        skip_exists=True,
-    ) == {"msg": "Already exists"}
+    assert (
+        admin.create_authentication_flow(payload={"alias": "test-create"}, skip_exists=True)
+        == json.dumps({"msg": "Already exists"}).encode()
+    )
 
     # Update
     res = admin.get_authentication_flows()
@@ -3080,7 +3083,7 @@ def test_components(admin: KeycloakAdmin, realm: str) -> None:
 
     # Test get components
     res = admin.get_components()
-    assert len(res) == 12
+    assert len(res) in [12, 14]
 
     with pytest.raises(KeycloakGetError) as err:
         admin.get_component(component_id="does-not-exist")
@@ -4920,8 +4923,9 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None:
 
     # Authz resources
     res = await admin.a_get_client_authz_resources(client_id=auth_client_id)
-    assert len(res) == 1
-    assert res[0]["name"] == "Default Resource"
+    assert len(res) in [0, 1]
+    if len(res) == 1:
+        assert res[0]["name"] == "Default Resource"
 
     with pytest.raises(KeycloakGetError) as err:
         await admin.a_get_client_authz_resources(client_id=client_id)
@@ -4954,8 +4958,8 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None:
     ) == {"msg": "Already exists"}
 
     res = await admin.a_get_client_authz_resources(client_id=auth_client_id)
-    assert len(res) == 2
-    assert {x["name"] for x in res} == {"Default Resource", "test-resource"}
+    assert len(res) in [1, 2]
+    assert {x["name"] for x in res}.issubset({"Default Resource", "test-resource"})
 
     res = await admin.a_create_client_authz_resource(
         client_id=auth_client_id,
@@ -4996,8 +5000,9 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None:
 
     # Authz policies
     res = await admin.a_get_client_authz_policies(client_id=auth_client_id)
-    assert len(res) == 1, res
-    assert res[0]["name"] == "Default Policy"
+    assert len(res) in [0, 1], res
+    if len(res) == 1:
+        assert res[0]["name"] == "Default Policy"
 
     with pytest.raises(KeycloakGetError) as err:
         await admin.a_get_client_authz_policies(client_id="does-not-exist")
@@ -5021,7 +5026,7 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None:
         payload={"name": "test-authz-rb-policy", "roles": [{"id": role_id}]},
         skip_exists=True,
     ) == {"msg": "Already exists"}
-    assert len(await admin.a_get_client_authz_policies(client_id=auth_client_id)) == 2
+    assert len(await admin.a_get_client_authz_policies(client_id=auth_client_id)) in [1, 2]
     role_based_policy_id = res["id"]
     role_based_policy_name = res["name"]
 
@@ -5066,12 +5071,13 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None:
         },
         skip_exists=True,
     ) == {"msg": "Already exists"}
-    assert len(await admin.a_get_client_authz_policies(client_id=auth_client_id)) == 3
+    assert len(await admin.a_get_client_authz_policies(client_id=auth_client_id)) in [2, 3]
 
     # Test authz permissions
     res = await admin.a_get_client_authz_permissions(client_id=auth_client_id)
-    assert len(res) == 1, res
-    assert res[0]["name"] == "Default Permission"
+    assert len(res) in [0, 1], res
+    if len(res) == 1:
+        assert res[0]["name"] == "Default Permission"
 
     with pytest.raises(KeycloakGetError) as err:
         await admin.a_get_client_authz_permissions(client_id="does-not-exist")
@@ -5098,7 +5104,7 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str) -> None:
         payload={"name": "test-permission-rb", "resources": [test_resource_id]},
         skip_exists=True,
     ) == {"msg": "Already exists"}
-    assert len(await admin.a_get_client_authz_permissions(client_id=auth_client_id)) == 2
+    assert len(await admin.a_get_client_authz_permissions(client_id=auth_client_id)) in [1, 2]
 
     # Test associating client policy with resource based permission
     res = await admin.a_update_client_authz_resource_permission(
@@ -6933,7 +6939,7 @@ async def test_a_components(admin: KeycloakAdmin, realm: str) -> None:
 
     # Test get components
     res = await admin.a_get_components()
-    assert len(res) == 12
+    assert len(res) in [12, 14]
 
     with pytest.raises(KeycloakGetError) as err:
         await admin.a_get_component(component_id="does-not-exist")
diff --git a/tests/test_keycloak_openid.py b/tests/test_keycloak_openid.py
@@ -298,6 +298,7 @@ def test_entitlement(
     token = oid.token(username=username, password=password)
     client_id = admin.get_client_id(oid.client_id)
     assert client_id is not None
+    assert admin.connection.realm_name == oid.realm_name
     resource_server_id = admin.get_client_authz_resources(client_id=client_id)[0]["_id"]
 
     with pytest.raises(KeycloakDeprecationError):

Original file line number	Diff line number	Diff line change
`@@ -5429,7 +5429,7 @@ def create_authentication_flow(self, payload: dict, skip_exists: bool = False) -`
`5429`	`5429`	`skip_exists=skip_exists,`
`5430`	`5430`	`)`
`5431`	`5431`	`if isinstance(res, dict) and res == {"msg": "Already exists"}:`
`5432`		`- return res`
	`5432`	`+ return json.dumps(res).encode()`
`5433`	`5433`
`5434`	`5434`	`if not isinstance(res, bytes):`
`5435`	`5435`	`msg = (`