Browse Source

added create_client_authz_group_based_policy, create_client_authz_scope_based_permission and their corresponding urls

pull/430/head
Elias Hamacher 2 years ago
committed by elias.hamacher
parent
commit
026e3c06c1
  1. 79
      src/keycloak/keycloak_admin.py
  2. 2
      src/keycloak/urls_patterns.py

79
src/keycloak/keycloak_admin.py

@ -1725,6 +1725,85 @@ class KeycloakAdmin:
data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists
)
def create_client_authz_group_based_policy(self, client_id, payload, skip_exists=False):
"""Create group-based policy of client.
Payload example::
payload={
"type": "group",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"name": "Policy-1",
"groups": [
{
"id": id
}
]
}
:param client_id: id in ClientRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
:type client_id: str
:param payload: No Document
:type payload: dict
:param skip_exists: Skip creation in case the object exists
:type skip_exists: bool
:return: Keycloak server response
:rtype: bytes
"""
params_path = {"realm-name": self.realm_name, "id": client_id}
data_raw = self.connection.raw_post(
urls_patterns.URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY.format(**params_path),
data=json.dumps(payload),
)
return raise_error_from_response(
data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists
)
def create_client_authz_scope_based_permission(self, client_id, payload, skip_exists=False):
"""Create scope-based permission of client.
Payload example::
payload={
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"name": "Permission-Name",
"scopes": [
scope_id
],
"policies": [
policy_id
]
:param client_id: id in ClientRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
:type client_id: str
:param payload: PolicyRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_policyrepresentation
:type payload: dict
:param skip_exists: Skip creation in case the object already exists
:type skip_exists: bool
:return: Keycloak server response
:rtype: bytes
"""
params_path = {"realm-name": self.realm_name, "id": client_id}
data_raw = self.connection.raw_post(
urls_patterns.URL_ADMIN_CLIENT_AUTHZ_SCOPE_BASED_PERMISSION.format(**params_path),
data=json.dumps(payload),
)
return raise_error_from_response(
data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists
)
def create_client_authz_policy(self, client_id, payload, skip_exists=False):
"""Create an authz policy of client.

2
src/keycloak/urls_patterns.py

@ -119,6 +119,8 @@ URL_ADMIN_CLIENT_AUTHZ_SCOPES = URL_ADMIN_CLIENT_AUTHZ + "/scope?max=-1"
URL_ADMIN_CLIENT_AUTHZ_PERMISSIONS = URL_ADMIN_CLIENT_AUTHZ + "/permission?max=-1"
URL_ADMIN_CLIENT_AUTHZ_POLICIES = URL_ADMIN_CLIENT_AUTHZ + "/policy?max=-1&permission=false"
URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/role?max=-1"
URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/group?max=-1"
URL_ADMIN_CLIENT_AUTHZ_SCOPE_BASED_PERMISSION = URL_ADMIN_CLIENT_AUTHZ + "/permission/scope?max=-1"
URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY_UPDATE = URL_ADMIN_CLIENT_AUTHZ + "/policy/role/{policy_id}"
URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/group?max=-1"
URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY_UPDATE = URL_ADMIN_CLIENT_AUTHZ + "/policy/group/{policy_id}"

Loading…
Cancel
Save