Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
123 Commits
15 Branches
98 Tags
17 MiB
Tree: 3e42088a39
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3e42088a39'
${ noResults }
python-keycloak/keycloak/keycloak_admin.py

654 lines
24 KiB
Raw Normal View History

Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Fixed new features.
7 years ago
Merge develop
7 years ago
Fixed new features.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docks
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Methods: list users, get user, create user.
7 years ago
Initial commit
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Fixed new features.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add sync users function
7 years ago
Added groups functions and client functions. Added Changedlog
7 years ago
Add sync users function
7 years ago
Merge develop
7 years ago
Add sync users function
7 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. # Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the
  19. # internal Keycloak server ID, usually a uuid string
  20. from keycloak.urls_patterns import URL_ADMIN_CLIENT_ROLE
  21. from .urls_patterns import \
  22. URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
  23. URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
  24. URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \
  25. URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\
  26. URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE
  28. from .keycloak_openid import KeycloakOpenID
  30. from .exceptions import raise_error_from_response, KeycloakGetError
  32. from .urls_patterns import (
  33. URL_ADMIN_USERS,
  34. )
  36. from .connection import ConnectionManager
  37. import json
  40. class KeycloakAdmin:
  42. def __init__(self, server_url, username, password, realm_name='master', client_id='admin-cli', verify=True):
  43. """
  45. :param server_url: Keycloak server url
  46. :param username: admin username
  47. :param password: admin password
  48. :param realm_name: realm name
  49. :param client_id: client id
  50. :param verify: True if want check connection SSL
  51. """
  52. self._username = username
  53. self._password = password
  54. self._client_id = client_id
  55. self._realm_name = realm_name
  57. # Get token Admin
  58. keycloak_openid = KeycloakOpenID(server_url=server_url, client_id=client_id, realm_name=realm_name,
  59. verify=verify)
  60. self._token = keycloak_openid.token(username, password)
  62. self._connection = ConnectionManager(base_url=server_url,
  63. headers={'Authorization': 'Bearer ' + self.token.get('access_token'),
  64. 'Content-Type': 'application/json'},
  65. timeout=60,
  66. verify=verify)
  68. @property
  69. def realm_name(self):
  70. return self._realm_name
  72. @realm_name.setter
  73. def realm_name(self, value):
  74. self._realm_name = value
  76. @property
  77. def connection(self):
  78. return self._connection
  80. @connection.setter
  81. def connection(self, value):
  82. self._connection = value
  84. @property
  85. def client_id(self):
  86. return self._client_id
  88. @client_id.setter
  89. def client_id(self, value):
  90. self._client_id = value
  92. @property
  93. def username(self):
  94. return self._username
  96. @username.setter
  97. def username(self, value):
  98. self._username = value
  100. @property
  101. def password(self):
  102. return self._password
  104. @password.setter
  105. def password(self, value):
  106. self._password = value
  108. @property
  109. def token(self):
  110. return self._token
  112. @token.setter
  113. def token(self, value):
  114. self._token = value
  116. def get_users(self, query=None):
  117. """
  118. Get users Returns a list of users, filtered according to query parameters
  120. :return: users list
  121. """
  122. params_path = {"realm-name": self.realm_name}
  123. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query)
  124. return raise_error_from_response(data_raw, KeycloakGetError)
  126. def create_user(self, payload):
  127. """
  128. Create a new user Username must be unique
  130. UserRepresentation
  131. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  133. :param payload: UserRepresentation
  135. :return: UserRepresentation
  136. """
  137. params_path = {"realm-name": self.realm_name}
  138. data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path),
  139. data=json.dumps(payload))
  140. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  142. def users_count(self):
  143. """
  144. User counter
  146. :return: counter
  147. """
  148. params_path = {"realm-name": self.realm_name}
  149. data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path))
  150. return raise_error_from_response(data_raw, KeycloakGetError)
  152. def get_user_id(self, username):
  153. """
  154. Get internal keycloak user id from username
  155. This is required for further actions against this user.
  157. UserRepresentation
  158. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  160. :param username: id in UserRepresentation
  162. :return: user_id
  163. """
  164. params_path = {"realm-name": self.realm_name, "username": username}
  165. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path))
  166. data_content = raise_error_from_response(data_raw, KeycloakGetError)
  168. for user in data_content:
  169. this_use_rname = json.dumps(user["username"]).strip('"')
  170. if this_use_rname == username:
  171. return json.dumps(user["id"]).strip('"')
  173. return None
  175. def get_user(self, user_id):
  176. """
  177. Get representation of the user
  179. :param user_id: User id
  181. UserRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  183. :return: UserRepresentation
  184. """
  185. params_path = {"realm-name": self.realm_name, "id": user_id}
  186. data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path))
  187. return raise_error_from_response(data_raw, KeycloakGetError)
  189. def update_user(self, user_id, payload):
  190. """
  191. Update the user
  193. :param user_id: User id
  194. :param payload: UserRepresentation
  196. :return: Http response
  197. """
  198. params_path = {"realm-name": self.realm_name, "id": user_id}
  199. data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path),
  200. data=json.dumps(payload))
  201. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  203. def delete_user(self, user_id):
  204. """
  205. Delete the user
  207. :param user_id: User id
  209. :return: Http response
  210. """
  211. params_path = {"realm-name": self.realm_name, "id": user_id}
  212. data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path))
  213. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  215. def set_user_password(self, user_id, password, temporary=True):
  216. """
  217. Set up a password for the user. If temporary is True, the user will have to reset
  218. the temporary password next time they log in.
  220. http://www.keycloak.org/docs-api/3.2/rest-api/#_users_resource
  221. http://www.keycloak.org/docs-api/3.2/rest-api/#_credentialrepresentation
  223. :param user_id: User id
  224. :param password: New password
  225. :param temporary: True if password is temporary
  227. :return:
  228. """
  229. payload = {"type": "password", "temporary": temporary, "value": password}
  230. params_path = {"realm-name": self.realm_name, "id": user_id}
  231. data_raw = self.connection.raw_put(URL_ADMIN_RESET_PASSWORD.format(**params_path),
  232. data=json.dumps(payload))
  233. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  235. def consents_user(self, user_id):
  236. """
  237. Get consents granted by the user
  239. :param user_id: User id
  241. :return: consents
  242. """
  243. params_path = {"realm-name": self.realm_name, "id": user_id}
  244. data_raw = self.connection.raw_get(URL_ADMIN_USER_CONSENTS.format(**params_path))
  245. return raise_error_from_response(data_raw, KeycloakGetError)
  247. def send_update_account(self, user_id, payload, client_id=None, lifespan=None, redirect_uri=None):
  248. """
  249. Send a update account email to the user An email contains a
  250. link the user can click to perform a set of required actions.
  252. :param user_id:
  253. :param payload:
  254. :param client_id:
  255. :param lifespan:
  256. :param redirect_uri:
  258. :return:
  259. """
  260. params_path = {"realm-name": self.realm_name, "id": user_id}
  261. params_query = {"client_id": client_id, "lifespan": lifespan, "redirect_uri": redirect_uri}
  262. data_raw = self.connection.raw_put(URL_ADMIN_SEND_UPDATE_ACCOUNT.format(**params_path),
  263. data=payload, **params_query)
  264. return raise_error_from_response(data_raw, KeycloakGetError)
  266. def send_verify_email(self, user_id, client_id=None, redirect_uri=None):
  267. """
  268. Send a update account email to the user An email contains a
  269. link the user can click to perform a set of required actions.
  271. :param user_id: User id
  272. :param client_id: Client id
  273. :param redirect_uri: Redirect uri
  275. :return:
  276. """
  277. params_path = {"realm-name": self.realm_name, "id": user_id}
  278. params_query = {"client_id": client_id, "redirect_uri": redirect_uri}
  279. data_raw = self.connection.raw_put(URL_ADMIN_SEND_VERIFY_EMAIL.format(**params_path),
  280. data={}, **params_query)
  281. return raise_error_from_response(data_raw, KeycloakGetError)
  283. def get_sessions(self, user_id):
  284. """
  285. Get sessions associated with the user
  287. :param user_id: id of user
  289. UserSessionRepresentation
  290. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_usersessionrepresentation
  292. :return: UserSessionRepresentation
  293. """
  294. params_path = {"realm-name": self.realm_name, "id": user_id}
  295. data_raw = self.connection.raw_get(URL_ADMIN_GET_SESSIONS.format(**params_path))
  296. return raise_error_from_response(data_raw, KeycloakGetError)
  298. def get_server_info(self):
  299. """
  300. Get themes, social providers, auth providers, and event listeners available on this server
  302. ServerInfoRepresentation
  303. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_serverinforepresentation
  305. :return: ServerInfoRepresentation
  306. """
  307. data_raw = self.connection.raw_get(URL_ADMIN_SERVER_INFO)
  308. return raise_error_from_response(data_raw, KeycloakGetError)
  310. def get_groups(self):
  311. """
  312. Get groups belonging to the realm. Returns a list of groups belonging to the realm
  314. GroupRepresentation
  315. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  317. :return: array GroupRepresentation
  318. """
  319. params_path = {"realm-name": self.realm_name}
  320. data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
  321. return raise_error_from_response(data_raw, KeycloakGetError)
  323. def get_group(self, group_id):
  324. """
  325. Get group by id. Returns full group details
  327. GroupRepresentation
  328. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  330. :return: Keycloak server response (GroupRepresentation)
  331. """
  332. params_path = {"realm-name": self.realm_name, "id": group_id}
  333. data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
  334. return raise_error_from_response(data_raw, KeycloakGetError)
  336. def get_group_by_name(self, name_or_path, search_in_subgroups=False):
  337. """
  338. Get group id based on name or path.
  339. A straight name or path match with a top-level group will return first.
  340. Subgroups are traversed, the first to match path (or name with path) is returned.
  342. GroupRepresentation
  343. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  345. :param name: group name
  346. :param path: group path
  347. :param search_in_subgroups: True if want search in the subgroups
  348. :return: Keycloak server response (GroupRepresentation)
  349. """
  351. groups = self.get_groups()
  353. # TODO: Review this code is necessary
  354. for group in groups:
  355. if group['name'] == name_or_path or group['path'] == name_or_path:
  356. return group
  357. elif search_in_subgroups and group["subGroups"]:
  358. for subgroup in group["subGroups"]:
  359. if subgroup['name'] == name_or_path or subgroup['path'] == name_or_path:
  360. return subgroup
  362. return None
  364. def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None):
  365. """
  366. Create a group in the Realm
  368. GroupRepresentation
  369. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  371. :param name: group name
  372. :param client_roles: (Dict) Client roles to include in groupp # Not demonstrated to work
  373. :param realm_roles: (List) Realm roles to include in group # Not demonstrated to work
  374. :param sub_groups: (List) Subgroups to include in groupp # Not demonstrated to work
  375. :param path: group path
  376. :param parent: parent group's id. Required to create a sub-group.
  378. :return: Keycloak server response (GroupRepresentation)
  379. """
  381. data = {"name": name or path,
  382. "path": path,
  383. "clientRoles": client_roles,
  384. "realmRoles": realm_roles,
  385. "subGroups": sub_groups}
  387. if parent is None:
  388. params_path = {"realm-name": self.realm_name}
  389. data_raw = self.connection.raw_post(URL_ADMIN_GROUPS.format(**params_path),
  390. data=json.dumps(data))
  391. else:
  392. params_path = {"realm-name": self.realm_name, "id": parent}
  393. data_raw = self.connection.raw_post(URL_ADMIN_GROUP_CHILD.format(**params_path),
  394. data=json.dumps(data))
  396. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  398. def group_set_permissions(self, group_id, enabled=True):
  399. """
  400. Enable/Disable permissions for a group. Cannot delete group if disabled
  402. :param group_id: id of group
  403. :param enabled: boolean
  404. :return: Keycloak server response
  405. """
  407. params_path = {"realm-name": self.realm_name, "id": group_id}
  408. data_raw = self.connection.raw_put(URL_ADMIN_GROUP_PERMISSIONS.format(**params_path),
  409. data=json.dumps({"enabled": enabled}))
  410. return raise_error_from_response(data_raw, KeycloakGetError)
  412. def group_user_add(self, user_id, group_id):
  413. """
  414. Add user to group (user_id and group_id)
  416. :param group_id: id of group
  417. :param user_id: id of user
  418. :param group_id: id of group to add to
  419. :return: Keycloak server response
  420. """
  422. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  423. data_raw = self.connection.raw_put(URL_ADMIN_USER_GROUP.format(**params_path), data=None)
  424. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  426. def group_user_remove(self, user_id, group_id):
  427. """
  428. Remove user from group (user_id and group_id)
  430. :param group_id: id of group
  431. :param user_id: id of user
  432. :param group_id: id of group to add to
  433. :return: Keycloak server response
  434. """
  436. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  437. data_raw = self.connection.raw_delete(URL_ADMIN_USER_GROUP.format(**params_path))
  438. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  440. def delete_group(self, group_id):
  441. """
  442. Deletes a group in the Realm
  444. :param group_id: id of group to delete
  445. :return: Keycloak server response
  446. """
  448. params_path = {"realm-name": self.realm_name, "id": group_id}
  449. data_raw = self.connection.raw_delete(URL_ADMIN_GROUP.format(**params_path))
  450. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  452. def get_clients(self):
  453. """
  454. Get clients belonging to the realm Returns a list of clients belonging to the realm
  456. ClientRepresentation
  457. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  459. :return: Keycloak server response (ClientRepresentation)
  460. """
  462. params_path = {"realm-name": self.realm_name}
  463. data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path))
  464. return raise_error_from_response(data_raw, KeycloakGetError)
  466. def get_client(self, client_id):
  467. """
  468. Get representation of the client
  470. ClientRepresentation
  471. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  473. :param client_id: id of client (not client-id)
  474. :return: Keycloak server response (ClientRepresentation)
  475. """
  477. params_path = {"realm-name": self.realm_name, "id": client_id}
  478. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path))
  479. return raise_error_from_response(data_raw, KeycloakGetError)
  481. def get_client_id(self, client_name):
  482. """
  483. Get internal keycloak client id from client-id.
  484. This is required for further actions against this client.
  486. :param client_name: name in ClientRepresentation
  487. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  488. :return: client_id (uuid as string)
  489. """
  491. clients = self.get_clients()
  493. for client in clients:
  494. if client_name == client['name']:
  495. return client["id"]
  497. return None
  499. def create_client(self, payload):
  500. """
  501. Create a client
  503. ClientRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  505. :param payload: ClientRepresentation
  506. :return: Keycloak server response (UserRepresentation)
  507. """
  509. params_path = {"realm-name": self.realm_name}
  510. data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path),
  511. data=json.dumps(payload))
  512. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  514. def delete_client(self, client_id):
  515. """
  516. Get representation of the client
  518. ClientRepresentation
  519. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  521. :param client_id: keycloak client id (not oauth client-id)
  522. :return: Keycloak server response (ClientRepresentation)
  523. """
  525. params_path = {"realm-name": self.realm_name, "id": client_id}
  526. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT.format(**params_path))
  527. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  529. def get_realm_roles(self):
  530. """
  531. Get all roles for the realm or client
  533. RoleRepresentation
  534. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  536. :return: Keycloak server response (RoleRepresentation)
  537. """
  539. params_path = {"realm-name": self.realm_name}
  540. data_raw = self.connection.raw_get(URL_ADMIN_REALM_ROLES.format(**params_path))
  541. return raise_error_from_response(data_raw, KeycloakGetError)
  543. def get_client_roles(self, client_id):
  544. """
  545. Get all roles for the client
  547. :param client_id: id of client (not client-id)
  549. RoleRepresentation
  550. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  552. :return: Keycloak server response (RoleRepresentation)
  553. """
  555. params_path = {"realm-name": self.realm_name, "id": client_id}
  556. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path))
  557. return raise_error_from_response(data_raw, KeycloakGetError)
  559. def get_client_role(self, client_id, role_name):
  560. """
  561. Get client role id by name
  562. This is required for further actions with this role.
  564. :param client_id: id of client (not client-id)
  565. :param role_name: roles name (not id!)
  567. RoleRepresentation
  568. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  570. :return: role_id
  571. """
  572. params_path = {"realm-name": self.realm_name, "id": client_id, "role-name": role_name}
  573. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  574. return raise_error_from_response(data_raw, KeycloakGetError)
  576. def get_client_role_id(self, client_id, role_name):
  577. """
  578. Warning: Deprecated
  580. Get client role id by name
  581. This is required for further actions with this role.
  583. :param client_id: id of client (not client-id)
  584. :param role_name: roles name (not id!)
  586. RoleRepresentation
  587. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  589. :return: role_id
  590. """
  591. role = self.get_client_role(client_id, role_name)
  592. return role.get("id")
  594. def create_client_role(self, payload):
  595. """
  596. Create a client role
  598. RoleRepresentation
  599. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  601. :param payload: id of client (not client-id), role_name: name of role
  602. :return: Keycloak server response (RoleRepresentation)
  603. """
  605. params_path = {"realm-name": self.realm_name, "id": self.client_id}
  606. data_raw = self.connection.raw_post(URL_ADMIN_CLIENT_ROLES.format(**params_path),
  607. data=json.dumps(payload))
  608. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  610. def delete_client_role(self, role_name):
  611. """
  612. Create a client role
  614. RoleRepresentation
  615. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  617. :param role_name: roles name (not id!)
  618. """
  619. params_path = {"realm-name": self.realm_name, "id": self.client_id, "role-name": role_name}
  620. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  621. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  623. def assign_client_role(self, user_id, client_id, roles):
  624. """
  625. Assign a client role to a user
  627. :param client_id: id of client (not client-id)
  628. :param user_id: id of user
  629. :param client_id: id of client containing role,
  630. :param roles: roles list or role (use RoleRepresentation)
  631. :return Keycloak server response
  632. """
  634. payload = roles if isinstance(roles, list) else [roles]
  635. params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
  636. data_raw = self.connection.raw_post(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path),
  637. data=json.dumps(payload))
  638. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  640. def sync_users(self, storage_id, action):
  641. """
  642. Function to trigger user sync from provider
  644. :param storage_id:
  645. :param action:
  646. :return:
  647. """
  648. data = {'action': action}
  649. params_query = {"action": action}
  651. params_path = {"realm-name": self.realm_name, "id": storage_id}
  652. data_raw = self.connection.raw_post(URL_ADMIN_USER_STORAGE.format(**params_path),
  653. data=json.dumps(data), **params_query)
  654. return raise_error_from_response(data_raw, KeycloakGetError)