Complete API coverage with proper type annotations and response unwrapping

- Add missing API modules: attack_detection, client_initial_access,
  client_attribute_certificate, client_registration_policy, scope_mappings,
  client_role_mappings, role_mapper, roles_by_id
- Fix return type annotations to use specific model types instead of generic
  list/dict throughout all API modules
- Unwrap response wrapper types that only contain additional_properties
- Update all method docstrings with proper Args, Returns, and Raises sections
- Export APIError alongside AuthError for consistency
- Ensure 100% Keycloak Admin API endpoint coverage

Author: sitbon

ackc/api/__init__.py

@@ -19,9 +19,17 @@
 from .authorization import *
 from .protocol_mappers import *
 from .keys import *
+from .scope_mappings import *
+from .client_role_mappings import *
+from .role_mapper import *
+from .roles_by_id import *
+from .attack_detection import *
+from .client_initial_access import *
+from .client_attribute_certificate import *
+from .client_registration_policy import *
 
 __all__ = (
-    "AuthError", "AuthenticatedClient", "Client", "BaseAPI", "BaseClientManager",
+    "AuthError", "APIError", "AuthenticatedClient", "Client", "BaseAPI", "BaseClientManager",
     "UsersAPI", "UsersClientMixin", "UserRepresentation",
     "RealmsAPI", "RealmsClientMixin", "RealmRepresentation",
     "ClientsAPI", "ClientsClientMixin", "ClientRepresentation",
@@ -37,6 +45,14 @@
     "AuthorizationAPI", "AuthorizationClientMixin", "ResourceServerRepresentation", "ResourceRepresentation", "ScopeRepresentation", "AbstractPolicyRepresentation", "PolicyProviderRepresentation", "PolicyEvaluationResponse", "EvaluationResultRepresentation",
     "ProtocolMappersAPI", "ProtocolMappersClientMixin", "ProtocolMapperRepresentation",
     "KeysAPI", "KeysClientMixin", "KeysMetadataRepresentation",
+    "ScopeMappingsAPI", "ScopeMappingsClientMixin",
+    "ClientRoleMappingsAPI", "ClientRoleMappingsClientMixin",
+    "RoleMapperAPI", "RoleMapperClientMixin",
+    "RolesByIdAPI", "RolesByIdClientMixin",
+    "AttackDetectionAPI", "AttackDetectionClientMixin",
+    "ClientInitialAccessAPI", "ClientInitialAccessClientMixin",
+    "ClientAttributeCertificateAPI", "ClientAttributeCertificateClientMixin",
+    "ClientRegistrationPolicyAPI", "ClientRegistrationPolicyClientMixin",
     "KeycloakClientMixin",
 )
 
@@ -57,6 +73,14 @@ class KeycloakClientMixin(
     AuthorizationClientMixin,
     ProtocolMappersClientMixin,
     KeysClientMixin,
+    ScopeMappingsClientMixin,
+    ClientRoleMappingsClientMixin,
+    RoleMapperClientMixin,
+    RolesByIdClientMixin,
+    AttackDetectionClientMixin,
+    ClientInitialAccessClientMixin,
+    ClientAttributeCertificateClientMixin,
+    ClientRegistrationPolicyClientMixin,
 ):
     """
     Mixin that provides all Keycloak API methods in a single class.

ackc/api/attack_detection.py

@@ -0,0 +1,139 @@
+"""Attack detection API methods."""
+from functools import cached_property
+
+from .base import BaseAPI
+from ..exceptions import APIError
+from ..generated.api.attack_detection import (
+    get_admin_realms_realm_attack_detection_brute_force_users_user_id,
+    delete_admin_realms_realm_attack_detection_brute_force_users,
+    delete_admin_realms_realm_attack_detection_brute_force_users_user_id,
+)
+
+__all__ = "AttackDetectionAPI", "AttackDetectionClientMixin"
+
+
+class AttackDetectionAPI(BaseAPI):
+    """Attack detection API methods."""
+
+    def get_brute_force_user_status(self, realm: str | None = None, *, user_id: str) -> dict | None:
+        """Get brute force detection status for a specific user.
+        
+        Args:
+            realm: The realm name
+            user_id: User ID to check
+            
+        Returns:
+            Dictionary with brute force status including failed login count and disabled status
+        """
+        result = self._sync(
+            get_admin_realms_realm_attack_detection_brute_force_users_user_id.sync,
+            realm or self.realm,
+            user_id=user_id
+        )
+        if result and hasattr(result, 'additional_properties'):
+            return result.additional_properties
+        return result
+
+    async def aget_brute_force_user_status(self, realm: str | None = None, *, user_id: str) -> dict | None:
+        """Get brute force detection status for a specific user (async).
+        
+        Args:
+            realm: The realm name
+            user_id: User ID to check
+            
+        Returns:
+            Dictionary with brute force status including failed login count and disabled status
+        """
+        result = await self._async(
+            get_admin_realms_realm_attack_detection_brute_force_users_user_id.asyncio,
+            realm or self.realm,
+            user_id=user_id
+        )
+        if result and hasattr(result, 'additional_properties'):
+            return result.additional_properties
+        return result
+
+    def clear_all_brute_force_users(self, realm: str | None = None) -> None:
+        """Clear brute force attempts for all users in the realm.
+        
+        Resets the failed login count for all users who have been locked out.
+        
+        Args:
+            realm: The realm name
+            
+        Raises:
+            APIError: If clearing brute force data fails
+        """
+        response = self._sync_detailed(
+            delete_admin_realms_realm_attack_detection_brute_force_users.sync_detailed,
+            realm or self.realm
+        )
+        if response.status_code not in (200, 204):
+            raise APIError(f"Failed to clear brute force users: {response.status_code}")
+
+    async def aclear_all_brute_force_users(self, realm: str | None = None) -> None:
+        """Clear brute force attempts for all users in the realm (async).
+        
+        Resets the failed login count for all users who have been locked out.
+        
+        Args:
+            realm: The realm name
+            
+        Raises:
+            APIError: If clearing brute force data fails
+        """
+        response = await self._async_detailed(
+            delete_admin_realms_realm_attack_detection_brute_force_users.asyncio_detailed,
+            realm or self.realm
+        )
+        if response.status_code not in (200, 204):
+            raise APIError(f"Failed to clear brute force users: {response.status_code}")
+
+    def clear_brute_force_user(self, realm: str | None = None, *, user_id: str) -> None:
+        """Clear brute force attempts for a specific user.
+        
+        Resets the failed login count and re-enables the user if locked out.
+        
+        Args:
+            realm: The realm name
+            user_id: User ID to clear
+            
+        Raises:
+            APIError: If clearing brute force data fails
+        """
+        response = self._sync_detailed(
+            delete_admin_realms_realm_attack_detection_brute_force_users_user_id.sync_detailed,
+            realm or self.realm,
+            user_id=user_id
+        )
+        if response.status_code not in (200, 204):
+            raise APIError(f"Failed to clear brute force user: {response.status_code}")
+
+    async def aclear_brute_force_user(self, realm: str | None = None, *, user_id: str) -> None:
+        """Clear brute force attempts for a specific user (async).
+        
+        Resets the failed login count and re-enables the user if locked out.
+        
+        Args:
+            realm: The realm name
+            user_id: User ID to clear
+            
+        Raises:
+            APIError: If clearing brute force data fails
+        """
+        response = await self._async_detailed(
+            delete_admin_realms_realm_attack_detection_brute_force_users_user_id.asyncio_detailed,
+            realm or self.realm,
+            user_id=user_id
+        )
+        if response.status_code not in (200, 204):
+            raise APIError(f"Failed to clear brute force user: {response.status_code}")
+
+
+class AttackDetectionClientMixin:
+    """Mixin for BaseClientManager subclasses to be connected to the AttackDetectionAPI."""
+    
+    @cached_property
+    def attack_detection(self) -> AttackDetectionAPI:
+        """Get the AttackDetectionAPI instance."""
+        return AttackDetectionAPI(manager=self)  # type: ignore[arg-type]