Browse Source

Merge pull request #354 from marcospereirampj/test/openid

Test/openid
pull/357/head v1.9.0
Richard Nemeth 3 years ago
committed by GitHub
parent
commit
1cade3f1f3
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      .github/workflows/lint.yaml
  2. 1
      .gitignore
  3. 4
      MANIFEST.in
  4. 3
      docs/source/conf.py
  5. 341
      poetry.lock
  6. 3
      pyproject.toml
  7. 2
      src/keycloak/__init__.py
  8. 10
      src/keycloak/authorization/__init__.py
  9. 26
      src/keycloak/authorization/permission.py
  10. 40
      src/keycloak/authorization/policy.py
  11. 9
      src/keycloak/authorization/role.py
  12. 15
      src/keycloak/connection.py
  13. 42
      src/keycloak/exceptions.py
  14. 615
      src/keycloak/keycloak_admin.py
  15. 111
      src/keycloak/keycloak_openid.py
  16. 42
      src/keycloak/uma_permissions.py
  17. 2
      src/keycloak/urls_patterns.py
  18. 5
      test_keycloak_init.sh
  19. 1
      tests/__init__.py
  20. 216
      tests/conftest.py
  21. 45
      tests/data/authz_settings.json
  22. 31
      tests/test_keycloak_admin.py
  23. 393
      tests/test_keycloak_openid.py
  24. 14
      tests/test_license.py
  25. 28
      tests/test_uma_permissions.py
  26. 3
      tests/test_urls_patterns.py
  27. 16
      tox.ini

3
.github/workflows/lint.yaml

@ -71,6 +71,9 @@ jobs:
- name: Run tests - name: Run tests
run: | run: |
tox -e tests tox -e tests
- name: Keycloak logs
run: |
cat keycloak_test_logs.txt
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest

1
.gitignore

@ -45,6 +45,7 @@ nosetests.xml
coverage.xml coverage.xml
*.cover *.cover
.hypothesis/ .hypothesis/
keycloak_test_logs.txt
# Translations # Translations
*.mo *.mo

4
MANIFEST.in

@ -1,4 +0,0 @@
include LICENSE
include requirements.txt
include dev-requirements.txt
include docs-requirements.txt

3
docs/source/conf.py

@ -20,6 +20,9 @@
# import os # import os
# import sys # import sys
# sys.path.insert(0, os.path.abspath('.')) # sys.path.insert(0, os.path.abspath('.'))
"""Sphinx documentation configuration."""
import sphinx_rtd_theme import sphinx_rtd_theme
# -- General configuration ------------------------------------------------ # -- General configuration ------------------------------------------------

341
poetry.lock

@ -6,9 +6,23 @@ category = "main"
optional = true optional = true
python-versions = "*" python-versions = "*"
[[package]]
name = "argcomplete"
version = "1.12.3"
description = "Bash tab completion for argparse"
category = "dev"
optional = false
python-versions = "*"
[package.dependencies]
importlib-metadata = {version = ">=0.23,<5", markers = "python_version == \"3.7\""}
[package.extras]
test = ["coverage", "flake8", "pexpect", "wheel"]
[[package]] [[package]]
name = "astroid" name = "astroid"
version = "2.11.6"
version = "2.11.7"
description = "An abstract syntax tree for Python with inference support." description = "An abstract syntax tree for Python with inference support."
category = "main" category = "main"
optional = true optional = true
@ -22,7 +36,7 @@ wrapt = ">=1.11,<2"
[[package]] [[package]]
name = "atomicwrites" name = "atomicwrites"
version = "1.4.0"
version = "1.4.1"
description = "Atomic file writes." description = "Atomic file writes."
category = "dev" category = "dev"
optional = false optional = false
@ -55,7 +69,7 @@ pytz = ">=2015.7"
[[package]] [[package]]
name = "black" name = "black"
version = "22.3.0"
version = "22.6.0"
description = "The uncompromising code formatter." description = "The uncompromising code formatter."
category = "dev" category = "dev"
optional = false optional = false
@ -66,7 +80,7 @@ click = ">=8.0.0"
mypy-extensions = ">=0.4.3" mypy-extensions = ">=0.4.3"
pathspec = ">=0.9.0" pathspec = ">=0.9.0"
platformdirs = ">=2" platformdirs = ">=2"
tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""}
tomli = {version = ">=1.1.0", markers = "python_full_version < \"3.11.0a7\""}
typed-ast = {version = ">=1.4.2", markers = "python_version < \"3.8\" and implementation_name == \"cpython\""} typed-ast = {version = ">=1.4.2", markers = "python_version < \"3.8\" and implementation_name == \"cpython\""}
typing-extensions = {version = ">=3.10.0.0", markers = "python_version < \"3.10\""} typing-extensions = {version = ">=3.10.0.0", markers = "python_version < \"3.10\""}
@ -94,11 +108,11 @@ python-versions = ">=3.6.1"
[[package]] [[package]]
name = "charset-normalizer" name = "charset-normalizer"
version = "2.0.12"
version = "2.1.0"
description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
category = "main" category = "main"
optional = false optional = false
python-versions = ">=3.5.0"
python-versions = ">=3.6.0"
[package.extras] [package.extras]
unicode_backport = ["unicodedata2"] unicode_backport = ["unicodedata2"]
@ -123,6 +137,26 @@ category = "main"
optional = false optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
[[package]]
name = "commitizen"
version = "2.28.0"
description = "Python commitizen client tool"
category = "dev"
optional = false
python-versions = ">=3.6.2,<4.0.0"
[package.dependencies]
argcomplete = ">=1.12.1,<2.0.0"
colorama = ">=0.4.1,<0.5.0"
decli = ">=0.5.2,<0.6.0"
jinja2 = ">=2.10.3"
packaging = ">=19,<22"
pyyaml = ">=3.08"
questionary = ">=1.4.0,<2.0.0"
termcolor = ">=1.1,<2.0"
tomlkit = ">=0.5.3,<1.0.0"
typing-extensions = ">=4.0.1,<5.0.0"
[[package]] [[package]]
name = "commonmark" name = "commonmark"
version = "0.9.1" version = "0.9.1"
@ -136,7 +170,7 @@ test = ["flake8 (==3.7.8)", "hypothesis (==3.55.3)"]
[[package]] [[package]]
name = "coverage" name = "coverage"
version = "6.4.1"
version = "6.4.2"
description = "Code coverage measurement for Python" description = "Code coverage measurement for Python"
category = "dev" category = "dev"
optional = false optional = false
@ -148,6 +182,14 @@ tomli = {version = "*", optional = true, markers = "python_full_version <= \"3.1
[package.extras] [package.extras]
toml = ["tomli"] toml = ["tomli"]
[[package]]
name = "decli"
version = "0.5.2"
description = "Minimal, easy-to-use, declarative cli tool"
category = "dev"
optional = false
python-versions = ">=3.6"
[[package]] [[package]]
name = "distlib" name = "distlib"
version = "0.3.4" version = "0.3.4"
@ -166,7 +208,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
[[package]] [[package]]
name = "ecdsa" name = "ecdsa"
version = "0.17.0"
version = "0.18.0"
description = "ECDSA cryptographic signature library (pure python)" description = "ECDSA cryptographic signature library (pure python)"
category = "main" category = "main"
optional = false optional = false
@ -205,6 +247,18 @@ mccabe = ">=0.6.0,<0.7.0"
pycodestyle = ">=2.7.0,<2.8.0" pycodestyle = ">=2.7.0,<2.8.0"
pyflakes = ">=2.3.0,<2.4.0" pyflakes = ">=2.3.0,<2.4.0"
[[package]]
name = "flake8-docstrings"
version = "1.6.0"
description = "Extension for flake8 which uses pydocstyle to check docstrings"
category = "dev"
optional = false
python-versions = "*"
[package.dependencies]
flake8 = ">=3"
pydocstyle = ">=2.1"
[[package]] [[package]]
name = "identify" name = "identify"
version = "2.5.1" version = "2.5.1"
@ -226,7 +280,7 @@ python-versions = ">=3.5"
[[package]] [[package]]
name = "imagesize" name = "imagesize"
version = "1.3.0"
version = "1.4.1"
description = "Getting image size from png/jpeg/jpeg2000/gif file" description = "Getting image size from png/jpeg/jpeg2000/gif file"
category = "main" category = "main"
optional = true optional = true
@ -276,7 +330,7 @@ name = "jinja2"
version = "3.1.2" version = "3.1.2"
description = "A very fast and expressive template engine." description = "A very fast and expressive template engine."
category = "main" category = "main"
optional = true
optional = false
python-versions = ">=3.7" python-versions = ">=3.7"
[package.dependencies] [package.dependencies]
@ -310,7 +364,7 @@ name = "markupsafe"
version = "2.1.1" version = "2.1.1"
description = "Safely add untrusted strings to HTML/XML markup." description = "Safely add untrusted strings to HTML/XML markup."
category = "main" category = "main"
optional = true
optional = false
python-versions = ">=3.7" python-versions = ">=3.7"
[[package]] [[package]]
@ -406,7 +460,7 @@ testing = ["pytest", "pytest-benchmark"]
[[package]] [[package]]
name = "pre-commit" name = "pre-commit"
version = "2.19.0"
version = "2.20.0"
description = "A framework for managing and maintaining multi-language pre-commit hooks." description = "A framework for managing and maintaining multi-language pre-commit hooks."
category = "dev" category = "dev"
optional = false optional = false
@ -421,6 +475,17 @@ pyyaml = ">=5.1"
toml = "*" toml = "*"
virtualenv = ">=20.0.8" virtualenv = ">=20.0.8"
[[package]]
name = "prompt-toolkit"
version = "3.0.30"
description = "Library for building powerful interactive command lines in Python"
category = "dev"
optional = false
python-versions = ">=3.6.2"
[package.dependencies]
wcwidth = "*"
[[package]] [[package]]
name = "py" name = "py"
version = "1.11.0" version = "1.11.0"
@ -445,6 +510,20 @@ category = "dev"
optional = false optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
[[package]]
name = "pydocstyle"
version = "6.1.1"
description = "Python docstring style checker"
category = "dev"
optional = false
python-versions = ">=3.6"
[package.dependencies]
snowballstemmer = "*"
[package.extras]
toml = ["toml"]
[[package]] [[package]]
name = "pyflakes" name = "pyflakes"
version = "2.3.1" version = "2.3.1"
@ -543,6 +622,20 @@ category = "main"
optional = false optional = false
python-versions = ">=3.6" python-versions = ">=3.6"
[[package]]
name = "questionary"
version = "1.10.0"
description = "Python library to build pretty command line user prompts ⭐️"
category = "dev"
optional = false
python-versions = ">=3.6,<4.0"
[package.dependencies]
prompt_toolkit = ">=2.0,<4.0"
[package.extras]
docs = ["Sphinx (>=3.3,<4.0)", "sphinx-rtd-theme (>=0.5.0,<0.6.0)", "sphinx-autobuild (>=2020.9.1,<2021.0.0)", "sphinx-copybutton (>=0.3.1,<0.4.0)", "sphinx-autodoc-typehints (>=1.11.1,<2.0.0)"]
[[package]] [[package]]
name = "readthedocs-sphinx-ext" name = "readthedocs-sphinx-ext"
version = "2.1.8" version = "2.1.8"
@ -571,7 +664,7 @@ sphinx = ">=1.3.1"
[[package]] [[package]]
name = "requests" name = "requests"
version = "2.28.0"
version = "2.28.1"
description = "Python HTTP for Humans." description = "Python HTTP for Humans."
category = "main" category = "main"
optional = false optional = false
@ -579,13 +672,13 @@ python-versions = ">=3.7, <4"
[package.dependencies] [package.dependencies]
certifi = ">=2017.4.17" certifi = ">=2017.4.17"
charset-normalizer = ">=2.0.0,<2.1.0"
charset-normalizer = ">=2,<3"
idna = ">=2.5,<4" idna = ">=2.5,<4"
urllib3 = ">=1.21.1,<1.27" urllib3 = ">=1.21.1,<1.27"
[package.extras] [package.extras]
socks = ["PySocks (>=1.5.6,!=1.5.7)"] socks = ["PySocks (>=1.5.6,!=1.5.7)"]
use_chardet_on_py3 = ["chardet (>=3.0.2,<5)"]
use_chardet_on_py3 = ["chardet (>=3.0.2,<6)"]
[[package]] [[package]]
name = "rsa" name = "rsa"
@ -611,7 +704,7 @@ name = "snowballstemmer"
version = "2.2.0" version = "2.2.0"
description = "This package provides 29 stemmers for 28 languages generated from Snowball algorithms." description = "This package provides 29 stemmers for 28 languages generated from Snowball algorithms."
category = "main" category = "main"
optional = true
optional = false
python-versions = "*" python-versions = "*"
[[package]] [[package]]
@ -752,6 +845,14 @@ python-versions = ">=3.5"
lint = ["flake8", "mypy", "docutils-stubs"] lint = ["flake8", "mypy", "docutils-stubs"]
test = ["pytest"] test = ["pytest"]
[[package]]
name = "termcolor"
version = "1.1.0"
description = "ANSII Color formatting for output in terminal."
category = "dev"
optional = false
python-versions = "*"
[[package]] [[package]]
name = "toml" name = "toml"
version = "0.10.2" version = "0.10.2"
@ -768,9 +869,17 @@ category = "dev"
optional = false optional = false
python-versions = ">=3.7" python-versions = ">=3.7"
[[package]]
name = "tomlkit"
version = "0.11.1"
description = "Style preserving TOML library"
category = "dev"
optional = false
python-versions = ">=3.6,<4.0"
[[package]] [[package]]
name = "tox" name = "tox"
version = "3.25.0"
version = "3.25.1"
description = "tox is a generic virtualenv management and test command line tool" description = "tox is a generic virtualenv management and test command line tool"
category = "dev" category = "dev"
optional = false optional = false
@ -801,7 +910,7 @@ python-versions = ">=3.6"
[[package]] [[package]]
name = "typing-extensions" name = "typing-extensions"
version = "4.2.0"
version = "4.3.0"
description = "Backported and Experimental Type Hints for Python 3.7+" description = "Backported and Experimental Type Hints for Python 3.7+"
category = "main" category = "main"
optional = false optional = false
@ -817,11 +926,11 @@ python-versions = ">=3.5"
[[package]] [[package]]
name = "urllib3" name = "urllib3"
version = "1.26.9"
version = "1.26.10"
description = "HTTP library with thread-safe connection pooling, file post, and more." description = "HTTP library with thread-safe connection pooling, file post, and more."
category = "main" category = "main"
optional = false optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, <4"
[package.extras] [package.extras]
brotli = ["brotlicffi (>=0.8.0)", "brotli (>=1.0.9)", "brotlipy (>=0.6.0)"] brotli = ["brotlicffi (>=0.8.0)", "brotli (>=1.0.9)", "brotlipy (>=0.6.0)"]
@ -830,7 +939,7 @@ socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
[[package]] [[package]]
name = "virtualenv" name = "virtualenv"
version = "20.15.0"
version = "20.15.1"
description = "Virtual Python Environment builder" description = "Virtual Python Environment builder"
category = "dev" category = "dev"
optional = false optional = false
@ -847,6 +956,14 @@ six = ">=1.9.0,<2"
docs = ["proselint (>=0.10.2)", "sphinx (>=3)", "sphinx-argparse (>=0.2.5)", "sphinx-rtd-theme (>=0.4.3)", "towncrier (>=21.3)"] docs = ["proselint (>=0.10.2)", "sphinx (>=3)", "sphinx-argparse (>=0.2.5)", "sphinx-rtd-theme (>=0.4.3)", "towncrier (>=21.3)"]
testing = ["coverage (>=4)", "coverage-enable-subprocess (>=1)", "flaky (>=3)", "pytest (>=4)", "pytest-env (>=0.6.2)", "pytest-freezegun (>=0.4.1)", "pytest-mock (>=2)", "pytest-randomly (>=1)", "pytest-timeout (>=1)", "packaging (>=20.0)"] testing = ["coverage (>=4)", "coverage-enable-subprocess (>=1)", "flaky (>=3)", "pytest (>=4)", "pytest-env (>=0.6.2)", "pytest-freezegun (>=0.4.1)", "pytest-mock (>=2)", "pytest-randomly (>=1)", "pytest-timeout (>=1)", "packaging (>=20.0)"]
[[package]]
name = "wcwidth"
version = "0.2.5"
description = "Measures the displayed width of unicode strings in a terminal"
category = "dev"
optional = false
python-versions = "*"
[[package]] [[package]]
name = "wrapt" name = "wrapt"
version = "1.14.1" version = "1.14.1"
@ -857,15 +974,15 @@ python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7"
[[package]] [[package]]
name = "zipp" name = "zipp"
version = "3.8.0"
version = "3.8.1"
description = "Backport of pathlib-compatible object wrapper for zip files" description = "Backport of pathlib-compatible object wrapper for zip files"
category = "main" category = "main"
optional = false optional = false
python-versions = ">=3.7" python-versions = ">=3.7"
[package.extras] [package.extras]
docs = ["sphinx", "jaraco.packaging (>=9)", "rst.linker (>=1.9)"]
testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.0.1)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy (>=0.9.1)"]
docs = ["sphinx", "jaraco.packaging (>=9)", "rst.linker (>=1.9)", "jaraco.tidelift (>=1.4)"]
testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.3)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy (>=0.9.1)"]
[extras] [extras]
docs = ["mock", "alabaster", "commonmark", "recommonmark", "Sphinx", "sphinx-rtd-theme", "readthedocs-sphinx-ext", "m2r2", "sphinx-autoapi"] docs = ["mock", "alabaster", "commonmark", "recommonmark", "Sphinx", "sphinx-rtd-theme", "readthedocs-sphinx-ext", "m2r2", "sphinx-autoapi"]
@ -873,21 +990,19 @@ docs = ["mock", "alabaster", "commonmark", "recommonmark", "Sphinx", "sphinx-rtd
[metadata] [metadata]
lock-version = "1.1" lock-version = "1.1"
python-versions = "^3.7" python-versions = "^3.7"
content-hash = "58ad1dfa1c2cdbb232bc53ceb2c1a9d0767a3db7fd8e6d0baae3e753f1c570dc"
content-hash = "ed105f41fc20e390af8eeefafd3168bb4b370d3a5135bfdec55aab7fc5d0bb3e"
[metadata.files] [metadata.files]
alabaster = [ alabaster = [
{file = "alabaster-0.7.12-py2.py3-none-any.whl", hash = "sha256:446438bdcca0e05bd45ea2de1668c1d9b032e1a9154c2c259092d77031ddd359"}, {file = "alabaster-0.7.12-py2.py3-none-any.whl", hash = "sha256:446438bdcca0e05bd45ea2de1668c1d9b032e1a9154c2c259092d77031ddd359"},
{file = "alabaster-0.7.12.tar.gz", hash = "sha256:a661d72d58e6ea8a57f7a86e37d86716863ee5e92788398526d58b26a4e4dc02"}, {file = "alabaster-0.7.12.tar.gz", hash = "sha256:a661d72d58e6ea8a57f7a86e37d86716863ee5e92788398526d58b26a4e4dc02"},
] ]
astroid = [
{file = "astroid-2.11.6-py3-none-any.whl", hash = "sha256:ba33a82a9a9c06a5ceed98180c5aab16e29c285b828d94696bf32d6015ea82a9"},
{file = "astroid-2.11.6.tar.gz", hash = "sha256:4f933d0bf5e408b03a6feb5d23793740c27e07340605f236496cd6ce552043d6"},
]
atomicwrites = [
{file = "atomicwrites-1.4.0-py2.py3-none-any.whl", hash = "sha256:6d1784dea7c0c8d4a5172b6c620f40b6e4cbfdf96d783691f2e1302a7b88e197"},
{file = "atomicwrites-1.4.0.tar.gz", hash = "sha256:ae70396ad1a434f9c7046fd2dd196fc04b12f9e91ffb859164193be8b6168a7a"},
argcomplete = [
{file = "argcomplete-1.12.3-py2.py3-none-any.whl", hash = "sha256:291f0beca7fd49ce285d2f10e4c1c77e9460cf823eef2de54df0c0fec88b0d81"},
{file = "argcomplete-1.12.3.tar.gz", hash = "sha256:2c7dbffd8c045ea534921e63b0be6fe65e88599990d8dc408ac8c542b72a5445"},
] ]
astroid = []
atomicwrites = []
attrs = [ attrs = [
{file = "attrs-21.4.0-py2.py3-none-any.whl", hash = "sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4"}, {file = "attrs-21.4.0-py2.py3-none-any.whl", hash = "sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4"},
{file = "attrs-21.4.0.tar.gz", hash = "sha256:626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd"}, {file = "attrs-21.4.0.tar.gz", hash = "sha256:626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd"},
@ -897,29 +1012,29 @@ babel = [
{file = "Babel-2.10.3.tar.gz", hash = "sha256:7614553711ee97490f732126dc077f8d0ae084ebc6a96e23db1482afabdb2c51"}, {file = "Babel-2.10.3.tar.gz", hash = "sha256:7614553711ee97490f732126dc077f8d0ae084ebc6a96e23db1482afabdb2c51"},
] ]
black = [ black = [
{file = "black-22.3.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:2497f9c2386572e28921fa8bec7be3e51de6801f7459dffd6e62492531c47e09"},
{file = "black-22.3.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:5795a0375eb87bfe902e80e0c8cfaedf8af4d49694d69161e5bd3206c18618bb"},
{file = "black-22.3.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:e3556168e2e5c49629f7b0f377070240bd5511e45e25a4497bb0073d9dda776a"},
{file = "black-22.3.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:67c8301ec94e3bcc8906740fe071391bce40a862b7be0b86fb5382beefecd968"},
{file = "black-22.3.0-cp310-cp310-win_amd64.whl", hash = "sha256:fd57160949179ec517d32ac2ac898b5f20d68ed1a9c977346efbac9c2f1e779d"},
{file = "black-22.3.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:cc1e1de68c8e5444e8f94c3670bb48a2beef0e91dddfd4fcc29595ebd90bb9ce"},
{file = "black-22.3.0-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6d2fc92002d44746d3e7db7cf9313cf4452f43e9ea77a2c939defce3b10b5c82"},
{file = "black-22.3.0-cp36-cp36m-win_amd64.whl", hash = "sha256:a6342964b43a99dbc72f72812bf88cad8f0217ae9acb47c0d4f141a6416d2d7b"},
{file = "black-22.3.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:328efc0cc70ccb23429d6be184a15ce613f676bdfc85e5fe8ea2a9354b4e9015"},
{file = "black-22.3.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:06f9d8846f2340dfac80ceb20200ea5d1b3f181dd0556b47af4e8e0b24fa0a6b"},
{file = "black-22.3.0-cp37-cp37m-win_amd64.whl", hash = "sha256:ad4efa5fad66b903b4a5f96d91461d90b9507a812b3c5de657d544215bb7877a"},
{file = "black-22.3.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:e8477ec6bbfe0312c128e74644ac8a02ca06bcdb8982d4ee06f209be28cdf163"},
{file = "black-22.3.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:637a4014c63fbf42a692d22b55d8ad6968a946b4a6ebc385c5505d9625b6a464"},
{file = "black-22.3.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:863714200ada56cbc366dc9ae5291ceb936573155f8bf8e9de92aef51f3ad0f0"},
{file = "black-22.3.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:10dbe6e6d2988049b4655b2b739f98785a884d4d6b85bc35133a8fb9a2233176"},
{file = "black-22.3.0-cp38-cp38-win_amd64.whl", hash = "sha256:cee3e11161dde1b2a33a904b850b0899e0424cc331b7295f2a9698e79f9a69a0"},
{file = "black-22.3.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:5891ef8abc06576985de8fa88e95ab70641de6c1fca97e2a15820a9b69e51b20"},
{file = "black-22.3.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:30d78ba6bf080eeaf0b7b875d924b15cd46fec5fd044ddfbad38c8ea9171043a"},
{file = "black-22.3.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:ee8f1f7228cce7dffc2b464f07ce769f478968bfb3dd1254a4c2eeed84928aad"},
{file = "black-22.3.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6ee227b696ca60dd1c507be80a6bc849a5a6ab57ac7352aad1ffec9e8b805f21"},
{file = "black-22.3.0-cp39-cp39-win_amd64.whl", hash = "sha256:9b542ced1ec0ceeff5b37d69838106a6348e60db7b8fdd245294dc1d26136265"},
{file = "black-22.3.0-py3-none-any.whl", hash = "sha256:bc58025940a896d7e5356952228b68f793cf5fcb342be703c3a2669a1488cb72"},
{file = "black-22.3.0.tar.gz", hash = "sha256:35020b8886c022ced9282b51b5a875b6d1ab0c387b31a065b84db7c33085ca79"},
{file = "black-22.6.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:f586c26118bc6e714ec58c09df0157fe2d9ee195c764f630eb0d8e7ccce72e69"},
{file = "black-22.6.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b270a168d69edb8b7ed32c193ef10fd27844e5c60852039599f9184460ce0807"},
{file = "black-22.6.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:6797f58943fceb1c461fb572edbe828d811e719c24e03375fd25170ada53825e"},
{file = "black-22.6.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c85928b9d5f83b23cee7d0efcb310172412fbf7cb9d9ce963bd67fd141781def"},
{file = "black-22.6.0-cp310-cp310-win_amd64.whl", hash = "sha256:f6fe02afde060bbeef044af7996f335fbe90b039ccf3f5eb8f16df8b20f77666"},
{file = "black-22.6.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:cfaf3895a9634e882bf9d2363fed5af8888802d670f58b279b0bece00e9a872d"},
{file = "black-22.6.0-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:94783f636bca89f11eb5d50437e8e17fbc6a929a628d82304c80fa9cd945f256"},
{file = "black-22.6.0-cp36-cp36m-win_amd64.whl", hash = "sha256:2ea29072e954a4d55a2ff58971b83365eba5d3d357352a07a7a4df0d95f51c78"},
{file = "black-22.6.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:e439798f819d49ba1c0bd9664427a05aab79bfba777a6db94fd4e56fae0cb849"},
{file = "black-22.6.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:187d96c5e713f441a5829e77120c269b6514418f4513a390b0499b0987f2ff1c"},
{file = "black-22.6.0-cp37-cp37m-win_amd64.whl", hash = "sha256:074458dc2f6e0d3dab7928d4417bb6957bb834434516f21514138437accdbe90"},
{file = "black-22.6.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:a218d7e5856f91d20f04e931b6f16d15356db1c846ee55f01bac297a705ca24f"},
{file = "black-22.6.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:568ac3c465b1c8b34b61cd7a4e349e93f91abf0f9371eda1cf87194663ab684e"},
{file = "black-22.6.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:6c1734ab264b8f7929cef8ae5f900b85d579e6cbfde09d7387da8f04771b51c6"},
{file = "black-22.6.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c9a3ac16efe9ec7d7381ddebcc022119794872abce99475345c5a61aa18c45ad"},
{file = "black-22.6.0-cp38-cp38-win_amd64.whl", hash = "sha256:b9fd45787ba8aa3f5e0a0a98920c1012c884622c6c920dbe98dbd05bc7c70fbf"},
{file = "black-22.6.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:7ba9be198ecca5031cd78745780d65a3f75a34b2ff9be5837045dce55db83d1c"},
{file = "black-22.6.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:a3db5b6409b96d9bd543323b23ef32a1a2b06416d525d27e0f67e74f1446c8f2"},
{file = "black-22.6.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:560558527e52ce8afba936fcce93a7411ab40c7d5fe8c2463e279e843c0328ee"},
{file = "black-22.6.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b154e6bbde1e79ea3260c4b40c0b7b3109ffcdf7bc4ebf8859169a6af72cd70b"},
{file = "black-22.6.0-cp39-cp39-win_amd64.whl", hash = "sha256:4af5bc0e1f96be5ae9bd7aaec219c901a94d6caa2484c21983d043371c733fc4"},
{file = "black-22.6.0-py3-none-any.whl", hash = "sha256:ac609cf8ef5e7115ddd07d85d988d074ed00e10fbc3445aee393e70164a2219c"},
{file = "black-22.6.0.tar.gz", hash = "sha256:6c6d39e28aed379aec40da1c65434c77d75e65bb59a1e1c283de545fb4e7c6c9"},
] ]
certifi = [ certifi = [
{file = "certifi-2022.6.15-py3-none-any.whl", hash = "sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412"}, {file = "certifi-2022.6.15-py3-none-any.whl", hash = "sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412"},
@ -930,8 +1045,8 @@ cfgv = [
{file = "cfgv-3.3.1.tar.gz", hash = "sha256:f5a830efb9ce7a445376bb66ec94c638a9787422f96264c98edc6bdeed8ab736"}, {file = "cfgv-3.3.1.tar.gz", hash = "sha256:f5a830efb9ce7a445376bb66ec94c638a9787422f96264c98edc6bdeed8ab736"},
] ]
charset-normalizer = [ charset-normalizer = [
{file = "charset-normalizer-2.0.12.tar.gz", hash = "sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597"},
{file = "charset_normalizer-2.0.12-py3-none-any.whl", hash = "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"},
{file = "charset-normalizer-2.1.0.tar.gz", hash = "sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413"},
{file = "charset_normalizer-2.1.0-py3-none-any.whl", hash = "sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5"},
] ]
click = [ click = [
{file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"}, {file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"},
@ -941,52 +1056,18 @@ colorama = [
{file = "colorama-0.4.5-py2.py3-none-any.whl", hash = "sha256:854bf444933e37f5824ae7bfc1e98d5bce2ebe4160d46b5edf346a89358e99da"}, {file = "colorama-0.4.5-py2.py3-none-any.whl", hash = "sha256:854bf444933e37f5824ae7bfc1e98d5bce2ebe4160d46b5edf346a89358e99da"},
{file = "colorama-0.4.5.tar.gz", hash = "sha256:e6c6b4334fc50988a639d9b98aa429a0b57da6e17b9a44f0451f930b6967b7a4"}, {file = "colorama-0.4.5.tar.gz", hash = "sha256:e6c6b4334fc50988a639d9b98aa429a0b57da6e17b9a44f0451f930b6967b7a4"},
] ]
commitizen = [
{file = "commitizen-2.28.0-py3-none-any.whl", hash = "sha256:d222f68da12a3ebcaf85c270f19eec7caacbe904349f1823deca6b5e7c2fc0f5"},
{file = "commitizen-2.28.0.tar.gz", hash = "sha256:8510b67e4c45131ef75114aeca5fe30b4f973b2b943457cf1667177af296192e"},
]
commonmark = [ commonmark = [
{file = "commonmark-0.9.1-py2.py3-none-any.whl", hash = "sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9"}, {file = "commonmark-0.9.1-py2.py3-none-any.whl", hash = "sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9"},
{file = "commonmark-0.9.1.tar.gz", hash = "sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60"}, {file = "commonmark-0.9.1.tar.gz", hash = "sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60"},
] ]
coverage = [
{file = "coverage-6.4.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:f1d5aa2703e1dab4ae6cf416eb0095304f49d004c39e9db1d86f57924f43006b"},
{file = "coverage-6.4.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:4ce1b258493cbf8aec43e9b50d89982346b98e9ffdfaae8ae5793bc112fb0068"},
{file = "coverage-6.4.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:83c4e737f60c6936460c5be330d296dd5b48b3963f48634c53b3f7deb0f34ec4"},
{file = "coverage-6.4.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:84e65ef149028516c6d64461b95a8dbcfce95cfd5b9eb634320596173332ea84"},
{file = "coverage-6.4.1-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f69718750eaae75efe506406c490d6fc5a6161d047206cc63ce25527e8a3adad"},
{file = "coverage-6.4.1-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:e57816f8ffe46b1df8f12e1b348f06d164fd5219beba7d9433ba79608ef011cc"},
{file = "coverage-6.4.1-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:01c5615d13f3dd3aa8543afc069e5319cfa0c7d712f6e04b920431e5c564a749"},
{file = "coverage-6.4.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:75ab269400706fab15981fd4bd5080c56bd5cc07c3bccb86aab5e1d5a88dc8f4"},
{file = "coverage-6.4.1-cp310-cp310-win32.whl", hash = "sha256:a7f3049243783df2e6cc6deafc49ea123522b59f464831476d3d1448e30d72df"},
{file = "coverage-6.4.1-cp310-cp310-win_amd64.whl", hash = "sha256:ee2ddcac99b2d2aec413e36d7a429ae9ebcadf912946b13ffa88e7d4c9b712d6"},
{file = "coverage-6.4.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:fb73e0011b8793c053bfa85e53129ba5f0250fdc0392c1591fd35d915ec75c46"},
{file = "coverage-6.4.1-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:106c16dfe494de3193ec55cac9640dd039b66e196e4641fa8ac396181578b982"},
{file = "coverage-6.4.1-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:87f4f3df85aa39da00fd3ec4b5abeb7407e82b68c7c5ad181308b0e2526da5d4"},
{file = "coverage-6.4.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:961e2fb0680b4f5ad63234e0bf55dfb90d302740ae9c7ed0120677a94a1590cb"},
{file = "coverage-6.4.1-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:cec3a0f75c8f1031825e19cd86ee787e87cf03e4fd2865c79c057092e69e3a3b"},
{file = "coverage-6.4.1-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:129cd05ba6f0d08a766d942a9ed4b29283aff7b2cccf5b7ce279d50796860bb3"},
{file = "coverage-6.4.1-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:bf5601c33213d3cb19d17a796f8a14a9eaa5e87629a53979a5981e3e3ae166f6"},
{file = "coverage-6.4.1-cp37-cp37m-win32.whl", hash = "sha256:269eaa2c20a13a5bf17558d4dc91a8d078c4fa1872f25303dddcbba3a813085e"},
{file = "coverage-6.4.1-cp37-cp37m-win_amd64.whl", hash = "sha256:f02cbbf8119db68455b9d763f2f8737bb7db7e43720afa07d8eb1604e5c5ae28"},
{file = "coverage-6.4.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ffa9297c3a453fba4717d06df579af42ab9a28022444cae7fa605af4df612d54"},
{file = "coverage-6.4.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:145f296d00441ca703a659e8f3eb48ae39fb083baba2d7ce4482fb2723e050d9"},
{file = "coverage-6.4.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d67d44996140af8b84284e5e7d398e589574b376fb4de8ccd28d82ad8e3bea13"},
{file = "coverage-6.4.1-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2bd9a6fc18aab8d2e18f89b7ff91c0f34ff4d5e0ba0b33e989b3cd4194c81fd9"},
{file = "coverage-6.4.1-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3384f2a3652cef289e38100f2d037956194a837221edd520a7ee5b42d00cc605"},
{file = "coverage-6.4.1-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:9b3e07152b4563722be523e8cd0b209e0d1a373022cfbde395ebb6575bf6790d"},
{file = "coverage-6.4.1-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:1480ff858b4113db2718848d7b2d1b75bc79895a9c22e76a221b9d8d62496428"},
{file = "coverage-6.4.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:865d69ae811a392f4d06bde506d531f6a28a00af36f5c8649684a9e5e4a85c83"},
{file = "coverage-6.4.1-cp38-cp38-win32.whl", hash = "sha256:664a47ce62fe4bef9e2d2c430306e1428ecea207ffd68649e3b942fa8ea83b0b"},
{file = "coverage-6.4.1-cp38-cp38-win_amd64.whl", hash = "sha256:26dff09fb0d82693ba9e6231248641d60ba606150d02ed45110f9ec26404ed1c"},
{file = "coverage-6.4.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d9c80df769f5ec05ad21ea34be7458d1dc51ff1fb4b2219e77fe24edf462d6df"},
{file = "coverage-6.4.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:39ee53946bf009788108b4dd2894bf1349b4e0ca18c2016ffa7d26ce46b8f10d"},
{file = "coverage-6.4.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f5b66caa62922531059bc5ac04f836860412f7f88d38a476eda0a6f11d4724f4"},
{file = "coverage-6.4.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fd180ed867e289964404051a958f7cccabdeed423f91a899829264bb7974d3d3"},
{file = "coverage-6.4.1-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:84631e81dd053e8a0d4967cedab6db94345f1c36107c71698f746cb2636c63e3"},
{file = "coverage-6.4.1-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:8c08da0bd238f2970230c2a0d28ff0e99961598cb2e810245d7fc5afcf1254e8"},
{file = "coverage-6.4.1-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:d42c549a8f41dc103a8004b9f0c433e2086add8a719da00e246e17cbe4056f72"},
{file = "coverage-6.4.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:309ce4a522ed5fca432af4ebe0f32b21d6d7ccbb0f5fcc99290e71feba67c264"},
{file = "coverage-6.4.1-cp39-cp39-win32.whl", hash = "sha256:fdb6f7bd51c2d1714cea40718f6149ad9be6a2ee7d93b19e9f00934c0f2a74d9"},
{file = "coverage-6.4.1-cp39-cp39-win_amd64.whl", hash = "sha256:342d4aefd1c3e7f620a13f4fe563154d808b69cccef415415aece4c786665397"},
{file = "coverage-6.4.1-pp36.pp37.pp38-none-any.whl", hash = "sha256:4803e7ccf93230accb928f3a68f00ffa80a88213af98ed338a57ad021ef06815"},
{file = "coverage-6.4.1.tar.gz", hash = "sha256:4321f075095a096e70aff1d002030ee612b65a205a0a0f5b815280d5dc58100c"},
coverage = []
decli = [
{file = "decli-0.5.2-py3-none-any.whl", hash = "sha256:d3207bc02d0169bf6ed74ccca09ce62edca0eb25b0ebf8bf4ae3fb8333e15ca0"},
{file = "decli-0.5.2.tar.gz", hash = "sha256:f2cde55034a75c819c630c7655a844c612f2598c42c21299160465df6ad463ad"},
] ]
distlib = [ distlib = [
{file = "distlib-0.3.4-py2.py3-none-any.whl", hash = "sha256:6564fe0a8f51e734df6333d08b8b94d4ea8ee6b99b5ed50613f731fd4089f34b"}, {file = "distlib-0.3.4-py2.py3-none-any.whl", hash = "sha256:6564fe0a8f51e734df6333d08b8b94d4ea8ee6b99b5ed50613f731fd4089f34b"},
@ -996,10 +1077,7 @@ docutils = [
{file = "docutils-0.17.1-py2.py3-none-any.whl", hash = "sha256:cf316c8370a737a022b72b56874f6602acf974a37a9fba42ec2876387549fc61"}, {file = "docutils-0.17.1-py2.py3-none-any.whl", hash = "sha256:cf316c8370a737a022b72b56874f6602acf974a37a9fba42ec2876387549fc61"},
{file = "docutils-0.17.1.tar.gz", hash = "sha256:686577d2e4c32380bb50cbb22f575ed742d58168cee37e99117a854bcd88f125"}, {file = "docutils-0.17.1.tar.gz", hash = "sha256:686577d2e4c32380bb50cbb22f575ed742d58168cee37e99117a854bcd88f125"},
] ]
ecdsa = [
{file = "ecdsa-0.17.0-py2.py3-none-any.whl", hash = "sha256:5cf31d5b33743abe0dfc28999036c849a69d548f994b535e527ee3cb7f3ef676"},
{file = "ecdsa-0.17.0.tar.gz", hash = "sha256:b9f500bb439e4153d0330610f5d26baaf18d17b8ced1bc54410d189385ea68aa"},
]
ecdsa = []
filelock = [ filelock = [
{file = "filelock-3.7.1-py3-none-any.whl", hash = "sha256:37def7b658813cda163b56fc564cdc75e86d338246458c4c28ae84cabefa2404"}, {file = "filelock-3.7.1-py3-none-any.whl", hash = "sha256:37def7b658813cda163b56fc564cdc75e86d338246458c4c28ae84cabefa2404"},
{file = "filelock-3.7.1.tar.gz", hash = "sha256:3a0fd85166ad9dbab54c9aec96737b744106dc5f15c0b09a6744a445299fcf04"}, {file = "filelock-3.7.1.tar.gz", hash = "sha256:3a0fd85166ad9dbab54c9aec96737b744106dc5f15c0b09a6744a445299fcf04"},
@ -1008,6 +1086,10 @@ flake8 = [
{file = "flake8-3.9.2-py2.py3-none-any.whl", hash = "sha256:bf8fd333346d844f616e8d47905ef3a3384edae6b4e9beb0c5101e25e3110907"}, {file = "flake8-3.9.2-py2.py3-none-any.whl", hash = "sha256:bf8fd333346d844f616e8d47905ef3a3384edae6b4e9beb0c5101e25e3110907"},
{file = "flake8-3.9.2.tar.gz", hash = "sha256:07528381786f2a6237b061f6e96610a4167b226cb926e2aa2b6b1d78057c576b"}, {file = "flake8-3.9.2.tar.gz", hash = "sha256:07528381786f2a6237b061f6e96610a4167b226cb926e2aa2b6b1d78057c576b"},
] ]
flake8-docstrings = [
{file = "flake8-docstrings-1.6.0.tar.gz", hash = "sha256:9fe7c6a306064af8e62a055c2f61e9eb1da55f84bb39caef2b84ce53708ac34b"},
{file = "flake8_docstrings-1.6.0-py2.py3-none-any.whl", hash = "sha256:99cac583d6c7e32dd28bbfbef120a7c0d1b6dde4adb5a9fd441c4227a6534bde"},
]
identify = [ identify = [
{file = "identify-2.5.1-py2.py3-none-any.whl", hash = "sha256:0dca2ea3e4381c435ef9c33ba100a78a9b40c0bab11189c7cf121f75815efeaa"}, {file = "identify-2.5.1-py2.py3-none-any.whl", hash = "sha256:0dca2ea3e4381c435ef9c33ba100a78a9b40c0bab11189c7cf121f75815efeaa"},
{file = "identify-2.5.1.tar.gz", hash = "sha256:3d11b16f3fe19f52039fb7e39c9c884b21cb1b586988114fbe42671f03de3e82"}, {file = "identify-2.5.1.tar.gz", hash = "sha256:3d11b16f3fe19f52039fb7e39c9c884b21cb1b586988114fbe42671f03de3e82"},
@ -1017,8 +1099,8 @@ idna = [
{file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"}, {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
] ]
imagesize = [ imagesize = [
{file = "imagesize-1.3.0-py2.py3-none-any.whl", hash = "sha256:1db2f82529e53c3e929e8926a1fa9235aa82d0bd0c580359c67ec31b2fddaa8c"},
{file = "imagesize-1.3.0.tar.gz", hash = "sha256:cd1750d452385ca327479d45b64d9c7729ecf0b3969a58148298c77092261f9d"},
{file = "imagesize-1.4.1-py2.py3-none-any.whl", hash = "sha256:0d8d18d08f840c19d0ee7ca1fd82490fdc3729b7ac93f49870406ddde8ef8d8b"},
{file = "imagesize-1.4.1.tar.gz", hash = "sha256:69150444affb9cb0d5cc5a92b3676f0b2fb7cd9ae39e947a5e11a36b4497cd4a"},
] ]
importlib-metadata = [ importlib-metadata = [
{file = "importlib_metadata-4.12.0-py3-none-any.whl", hash = "sha256:7401a975809ea1fdc658c3aa4f78cc2195a0e019c5cbc4c06122884e9ae80c23"}, {file = "importlib_metadata-4.12.0-py3-none-any.whl", hash = "sha256:7401a975809ea1fdc658c3aa4f78cc2195a0e019c5cbc4c06122884e9ae80c23"},
@ -1157,9 +1239,10 @@ pluggy = [
{file = "pluggy-1.0.0-py2.py3-none-any.whl", hash = "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"}, {file = "pluggy-1.0.0-py2.py3-none-any.whl", hash = "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"},
{file = "pluggy-1.0.0.tar.gz", hash = "sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159"}, {file = "pluggy-1.0.0.tar.gz", hash = "sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159"},
] ]
pre-commit = [
{file = "pre_commit-2.19.0-py2.py3-none-any.whl", hash = "sha256:10c62741aa5704faea2ad69cb550ca78082efe5697d6f04e5710c3c229afdd10"},
{file = "pre_commit-2.19.0.tar.gz", hash = "sha256:4233a1e38621c87d9dda9808c6606d7e7ba0e087cd56d3fe03202a01d2919615"},
pre-commit = []
prompt-toolkit = [
{file = "prompt_toolkit-3.0.30-py3-none-any.whl", hash = "sha256:d8916d3f62a7b67ab353a952ce4ced6a1d2587dfe9ef8ebc30dd7c386751f289"},
{file = "prompt_toolkit-3.0.30.tar.gz", hash = "sha256:859b283c50bde45f5f97829f77a4674d1c1fcd88539364f1b28a37805cfd89c0"},
] ]
py = [ py = [
{file = "py-1.11.0-py2.py3-none-any.whl", hash = "sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"}, {file = "py-1.11.0-py2.py3-none-any.whl", hash = "sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"},
@ -1184,6 +1267,10 @@ pycodestyle = [
{file = "pycodestyle-2.7.0-py2.py3-none-any.whl", hash = "sha256:514f76d918fcc0b55c6680472f0a37970994e07bbb80725808c17089be302068"}, {file = "pycodestyle-2.7.0-py2.py3-none-any.whl", hash = "sha256:514f76d918fcc0b55c6680472f0a37970994e07bbb80725808c17089be302068"},
{file = "pycodestyle-2.7.0.tar.gz", hash = "sha256:c389c1d06bf7904078ca03399a4816f974a1d590090fecea0c63ec26ebaf1cef"}, {file = "pycodestyle-2.7.0.tar.gz", hash = "sha256:c389c1d06bf7904078ca03399a4816f974a1d590090fecea0c63ec26ebaf1cef"},
] ]
pydocstyle = [
{file = "pydocstyle-6.1.1-py3-none-any.whl", hash = "sha256:6987826d6775056839940041beef5c08cc7e3d71d63149b48e36727f70144dc4"},
{file = "pydocstyle-6.1.1.tar.gz", hash = "sha256:1d41b7c459ba0ee6c345f2eb9ae827cab14a7533a88c5c6f7e94923f72df92dc"},
]
pyflakes = [ pyflakes = [
{file = "pyflakes-2.3.1-py2.py3-none-any.whl", hash = "sha256:7893783d01b8a89811dd72d7dfd4d84ff098e5eed95cfa8905b22bbffe52efc3"}, {file = "pyflakes-2.3.1-py2.py3-none-any.whl", hash = "sha256:7893783d01b8a89811dd72d7dfd4d84ff098e5eed95cfa8905b22bbffe52efc3"},
{file = "pyflakes-2.3.1.tar.gz", hash = "sha256:f5bc8ecabc05bb9d291eb5203d6810b49040f6ff446a756326104746cc00c1db"}, {file = "pyflakes-2.3.1.tar.gz", hash = "sha256:f5bc8ecabc05bb9d291eb5203d6810b49040f6ff446a756326104746cc00c1db"},
@ -1247,6 +1334,10 @@ pyyaml = [
{file = "PyYAML-6.0-cp39-cp39-win_amd64.whl", hash = "sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c"}, {file = "PyYAML-6.0-cp39-cp39-win_amd64.whl", hash = "sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c"},
{file = "PyYAML-6.0.tar.gz", hash = "sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2"}, {file = "PyYAML-6.0.tar.gz", hash = "sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2"},
] ]
questionary = [
{file = "questionary-1.10.0-py3-none-any.whl", hash = "sha256:fecfcc8cca110fda9d561cb83f1e97ecbb93c613ff857f655818839dac74ce90"},
{file = "questionary-1.10.0.tar.gz", hash = "sha256:600d3aefecce26d48d97eee936fdb66e4bc27f934c3ab6dd1e292c4f43946d90"},
]
readthedocs-sphinx-ext = [ readthedocs-sphinx-ext = [
{file = "readthedocs-sphinx-ext-2.1.8.tar.gz", hash = "sha256:a57e3713daf77bf91d1ba19e4b9888a47c0abfeb63ecf02e3ac77fcfd99bfe69"}, {file = "readthedocs-sphinx-ext-2.1.8.tar.gz", hash = "sha256:a57e3713daf77bf91d1ba19e4b9888a47c0abfeb63ecf02e3ac77fcfd99bfe69"},
{file = "readthedocs_sphinx_ext-2.1.8-py2.py3-none-any.whl", hash = "sha256:5ab5875993191e5e526ca196a1082b73116b0cefd79073ab25367ba0458fffe9"}, {file = "readthedocs_sphinx_ext-2.1.8-py2.py3-none-any.whl", hash = "sha256:5ab5875993191e5e526ca196a1082b73116b0cefd79073ab25367ba0458fffe9"},
@ -1256,8 +1347,8 @@ recommonmark = [
{file = "recommonmark-0.7.1.tar.gz", hash = "sha256:bdb4db649f2222dcd8d2d844f0006b958d627f732415d399791ee436a3686d67"}, {file = "recommonmark-0.7.1.tar.gz", hash = "sha256:bdb4db649f2222dcd8d2d844f0006b958d627f732415d399791ee436a3686d67"},
] ]
requests = [ requests = [
{file = "requests-2.28.0-py3-none-any.whl", hash = "sha256:bc7861137fbce630f17b03d3ad02ad0bf978c844f3536d0edda6499dafce2b6f"},
{file = "requests-2.28.0.tar.gz", hash = "sha256:d568723a7ebd25875d8d1eaf5dfa068cd2fc8194b2e483d7b1f7c81918dbec6b"},
{file = "requests-2.28.1-py3-none-any.whl", hash = "sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349"},
{file = "requests-2.28.1.tar.gz", hash = "sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983"},
] ]
rsa = [ rsa = [
{file = "rsa-4.8-py3-none-any.whl", hash = "sha256:95c5d300c4e879ee69708c428ba566c59478fd653cc3a22243eeb8ed846950bb"}, {file = "rsa-4.8-py3-none-any.whl", hash = "sha256:95c5d300c4e879ee69708c428ba566c59478fd653cc3a22243eeb8ed846950bb"},
@ -1307,6 +1398,9 @@ sphinxcontrib-serializinghtml = [
{file = "sphinxcontrib-serializinghtml-1.1.5.tar.gz", hash = "sha256:aa5f6de5dfdf809ef505c4895e51ef5c9eac17d0f287933eb49ec495280b6952"}, {file = "sphinxcontrib-serializinghtml-1.1.5.tar.gz", hash = "sha256:aa5f6de5dfdf809ef505c4895e51ef5c9eac17d0f287933eb49ec495280b6952"},
{file = "sphinxcontrib_serializinghtml-1.1.5-py2.py3-none-any.whl", hash = "sha256:352a9a00ae864471d3a7ead8d7d79f5fc0b57e8b3f95e9867eb9eb28999b92fd"}, {file = "sphinxcontrib_serializinghtml-1.1.5-py2.py3-none-any.whl", hash = "sha256:352a9a00ae864471d3a7ead8d7d79f5fc0b57e8b3f95e9867eb9eb28999b92fd"},
] ]
termcolor = [
{file = "termcolor-1.1.0.tar.gz", hash = "sha256:1d6d69ce66211143803fbc56652b41d73b4a400a2891d7bf7a1cdf4c02de613b"},
]
toml = [ toml = [
{file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"},
{file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"},
@ -1315,9 +1409,10 @@ tomli = [
{file = "tomli-2.0.1-py3-none-any.whl", hash = "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc"}, {file = "tomli-2.0.1-py3-none-any.whl", hash = "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc"},
{file = "tomli-2.0.1.tar.gz", hash = "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"}, {file = "tomli-2.0.1.tar.gz", hash = "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"},
] ]
tomlkit = []
tox = [ tox = [
{file = "tox-3.25.0-py2.py3-none-any.whl", hash = "sha256:0805727eb4d6b049de304977dfc9ce315a1938e6619c3ab9f38682bb04662a5a"},
{file = "tox-3.25.0.tar.gz", hash = "sha256:37888f3092aa4e9f835fc8cc6dadbaaa0782651c41ef359e3a5743fcb0308160"},
{file = "tox-3.25.1-py2.py3-none-any.whl", hash = "sha256:c38e15f4733683a9cc0129fba078633e07eb0961f550a010ada879e95fb32632"},
{file = "tox-3.25.1.tar.gz", hash = "sha256:c138327815f53bc6da4fe56baec5f25f00622ae69ef3fe4e1e385720e22486f9"},
] ]
typed-ast = [ typed-ast = [
{file = "typed_ast-1.5.4-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:669dd0c4167f6f2cd9f57041e03c3c2ebf9063d0757dc89f79ba1daa2bfca9d4"}, {file = "typed_ast-1.5.4-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:669dd0c4167f6f2cd9f57041e03c3c2ebf9063d0757dc89f79ba1daa2bfca9d4"},
@ -1346,20 +1441,21 @@ typed-ast = [
{file = "typed_ast-1.5.4.tar.gz", hash = "sha256:39e21ceb7388e4bb37f4c679d72707ed46c2fbf2a5609b8b8ebc4b067d977df2"}, {file = "typed_ast-1.5.4.tar.gz", hash = "sha256:39e21ceb7388e4bb37f4c679d72707ed46c2fbf2a5609b8b8ebc4b067d977df2"},
] ]
typing-extensions = [ typing-extensions = [
{file = "typing_extensions-4.2.0-py3-none-any.whl", hash = "sha256:6657594ee297170d19f67d55c05852a874e7eb634f4f753dbd667855e07c1708"},
{file = "typing_extensions-4.2.0.tar.gz", hash = "sha256:f1c24655a0da0d1b67f07e17a5e6b2a105894e6824b92096378bb3668ef02376"},
{file = "typing_extensions-4.3.0-py3-none-any.whl", hash = "sha256:25642c956049920a5aa49edcdd6ab1e06d7e5d467fc00e0506c44ac86fbfca02"},
{file = "typing_extensions-4.3.0.tar.gz", hash = "sha256:e6d2677a32f47fc7eb2795db1dd15c1f34eff616bcaf2cfb5e997f854fa1c4a6"},
] ]
unidecode = [ unidecode = [
{file = "Unidecode-1.3.4-py3-none-any.whl", hash = "sha256:afa04efcdd818a93237574791be9b2817d7077c25a068b00f8cff7baa4e59257"}, {file = "Unidecode-1.3.4-py3-none-any.whl", hash = "sha256:afa04efcdd818a93237574791be9b2817d7077c25a068b00f8cff7baa4e59257"},
{file = "Unidecode-1.3.4.tar.gz", hash = "sha256:8e4352fb93d5a735c788110d2e7ac8e8031eb06ccbfe8d324ab71735015f9342"}, {file = "Unidecode-1.3.4.tar.gz", hash = "sha256:8e4352fb93d5a735c788110d2e7ac8e8031eb06ccbfe8d324ab71735015f9342"},
] ]
urllib3 = [
{file = "urllib3-1.26.9-py2.py3-none-any.whl", hash = "sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14"},
{file = "urllib3-1.26.9.tar.gz", hash = "sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"},
]
urllib3 = []
virtualenv = [ virtualenv = [
{file = "virtualenv-20.15.0-py2.py3-none-any.whl", hash = "sha256:804cce4de5b8a322f099897e308eecc8f6e2951f1a8e7e2b3598dff865f01336"},
{file = "virtualenv-20.15.0.tar.gz", hash = "sha256:4c44b1d77ca81f8368e2d7414f9b20c428ad16b343ac6d226206c5b84e2b4fcc"},
{file = "virtualenv-20.15.1-py2.py3-none-any.whl", hash = "sha256:b30aefac647e86af6d82bfc944c556f8f1a9c90427b2fb4e3bfbf338cb82becf"},
{file = "virtualenv-20.15.1.tar.gz", hash = "sha256:288171134a2ff3bfb1a2f54f119e77cd1b81c29fc1265a2356f3e8d14c7d58c4"},
]
wcwidth = [
{file = "wcwidth-0.2.5-py2.py3-none-any.whl", hash = "sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784"},
{file = "wcwidth-0.2.5.tar.gz", hash = "sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83"},
] ]
wrapt = [ wrapt = [
{file = "wrapt-1.14.1-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:1b376b3f4896e7930f1f772ac4b064ac12598d1c38d04907e696cc4d794b43d3"}, {file = "wrapt-1.14.1-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:1b376b3f4896e7930f1f772ac4b064ac12598d1c38d04907e696cc4d794b43d3"},
@ -1427,7 +1523,4 @@ wrapt = [
{file = "wrapt-1.14.1-cp39-cp39-win_amd64.whl", hash = "sha256:dee60e1de1898bde3b238f18340eec6148986da0455d8ba7848d50470a7a32fb"}, {file = "wrapt-1.14.1-cp39-cp39-win_amd64.whl", hash = "sha256:dee60e1de1898bde3b238f18340eec6148986da0455d8ba7848d50470a7a32fb"},
{file = "wrapt-1.14.1.tar.gz", hash = "sha256:380a85cf89e0e69b7cfbe2ea9f765f004ff419f34194018a6827ac0e3edfed4d"}, {file = "wrapt-1.14.1.tar.gz", hash = "sha256:380a85cf89e0e69b7cfbe2ea9f765f004ff419f34194018a6827ac0e3edfed4d"},
] ]
zipp = [
{file = "zipp-3.8.0-py3-none-any.whl", hash = "sha256:c4f6e5bbf48e74f7a38e7cc5b0480ff42b0ae5178957d564d18932525d5cf099"},
{file = "zipp-3.8.0.tar.gz", hash = "sha256:56bf8aadb83c24db6c4b577e13de374ccfb67da2078beba1d037c17980bf43ad"},
]
zipp = []

3
pyproject.toml

@ -22,6 +22,7 @@ packages = [
{ include = "keycloak", from = "src/" }, { include = "keycloak", from = "src/" },
{ include = "keycloak/**/*.py", from = "src/" }, { include = "keycloak/**/*.py", from = "src/" },
] ]
include = ["LICENSE", "CHANGELOG.md", "CODEOWNERS", "CONTRIBUTING.md"]
[tool.poetry.urls] [tool.poetry.urls]
Documentation = "https://python-keycloak.readthedocs.io/en/latest/" Documentation = "https://python-keycloak.readthedocs.io/en/latest/"
@ -51,6 +52,8 @@ pre-commit = "^2.19.0"
isort = "^5.10.1" isort = "^5.10.1"
black = "^22.3.0" black = "^22.3.0"
flake8 = "^3.5.0" flake8 = "^3.5.0"
flake8-docstrings = "^1.6.0"
commitizen = "^2.28.0"
[tool.poetry.extras] [tool.poetry.extras]
docs = [ docs = [

2
src/keycloak/__init__.py

@ -21,6 +21,8 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""Python-Keycloak library."""
from ._version import __version__ from ._version import __version__
from .connection import ConnectionManager from .connection import ConnectionManager
from .exceptions import ( from .exceptions import (

10
src/keycloak/authorization/__init__.py

@ -21,6 +21,8 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""Authorization module."""
import ast import ast
import json import json
@ -30,18 +32,19 @@ from .role import Role
class Authorization: class Authorization:
"""
Keycloak Authorization (policies, roles, scopes and resources).
"""Keycloak Authorization (policies, roles, scopes and resources).
https://keycloak.gitbooks.io/documentation/authorization_services/index.html https://keycloak.gitbooks.io/documentation/authorization_services/index.html
""" """
def __init__(self): def __init__(self):
"""Init method."""
self.policies = {} self.policies = {}
@property @property
def policies(self): def policies(self):
"""Get policies."""
return self._policies return self._policies
@policies.setter @policies.setter
@ -49,8 +52,7 @@ class Authorization:
self._policies = value self._policies = value
def load_config(self, data): def load_config(self, data):
"""
Load policies, roles and permissions (scope/resources).
"""Load policies, roles and permissions (scope/resources).
:param data: keycloak authorization data (dict) :param data: keycloak authorization data (dict)
:returns: None :returns: None

26
src/keycloak/authorization/permission.py

@ -21,9 +21,12 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""Keycloak authorization Permission module."""
class Permission: class Permission:
"""
"""Base permission class.
Consider this simple and very common permission: Consider this simple and very common permission:
A permission associates the object being protected with the policies that must be evaluated to A permission associates the object being protected with the policies that must be evaluated to
@ -45,21 +48,25 @@ class Permission:
""" """
def __init__(self, name, type, logic, decision_strategy): def __init__(self, name, type, logic, decision_strategy):
self._name = name
self._type = type
self._logic = logic
self._decision_strategy = decision_strategy
self._resources = []
self._scopes = []
"""Init method."""
self.name = name
self.type = type
self.logic = logic
self.decision_strategy = decision_strategy
self.resources = []
self.scopes = []
def __repr__(self): def __repr__(self):
"""Repr method."""
return "<Permission: %s (%s)>" % (self.name, self.type) return "<Permission: %s (%s)>" % (self.name, self.type)
def __str__(self): def __str__(self):
"""Str method."""
return "Permission: %s (%s)" % (self.name, self.type) return "Permission: %s (%s)" % (self.name, self.type)
@property @property
def name(self): def name(self):
"""Get name."""
return self._name return self._name
@name.setter @name.setter
@ -68,6 +75,7 @@ class Permission:
@property @property
def type(self): def type(self):
"""Get type."""
return self._type return self._type
@type.setter @type.setter
@ -76,6 +84,7 @@ class Permission:
@property @property
def logic(self): def logic(self):
"""Get logic."""
return self._logic return self._logic
@logic.setter @logic.setter
@ -84,6 +93,7 @@ class Permission:
@property @property
def decision_strategy(self): def decision_strategy(self):
"""Get decision strategy."""
return self._decision_strategy return self._decision_strategy
@decision_strategy.setter @decision_strategy.setter
@ -92,6 +102,7 @@ class Permission:
@property @property
def resources(self): def resources(self):
"""Get resources."""
return self._resources return self._resources
@resources.setter @resources.setter
@ -100,6 +111,7 @@ class Permission:
@property @property
def scopes(self): def scopes(self):
"""Get scopes."""
return self._scopes return self._scopes
@scopes.setter @scopes.setter

40
src/keycloak/authorization/policy.py

@ -21,11 +21,14 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""Keycloak authorization Policy module."""
from ..exceptions import KeycloakAuthorizationConfigError from ..exceptions import KeycloakAuthorizationConfigError
class Policy: class Policy:
"""
"""Base policy class.
A policy defines the conditions that must be satisfied to grant access to an object. A policy defines the conditions that must be satisfied to grant access to an object.
Unlike permissions, you do not specify the object being protected but rather the conditions Unlike permissions, you do not specify the object being protected but rather the conditions
that must be satisfied for access to a given object (for example, resource, scope, or both). that must be satisfied for access to a given object (for example, resource, scope, or both).
@ -39,21 +42,25 @@ class Policy:
""" """
def __init__(self, name, type, logic, decision_strategy): def __init__(self, name, type, logic, decision_strategy):
self._name = name
self._type = type
self._logic = logic
self._decision_strategy = decision_strategy
self._roles = []
self._permissions = []
"""Init method."""
self.name = name
self.type = type
self.logic = logic
self.decision_strategy = decision_strategy
self.roles = []
self.permissions = []
def __repr__(self): def __repr__(self):
"""Repr method."""
return "<Policy: %s (%s)>" % (self.name, self.type) return "<Policy: %s (%s)>" % (self.name, self.type)
def __str__(self): def __str__(self):
"""Str method."""
return "Policy: %s (%s)" % (self.name, self.type) return "Policy: %s (%s)" % (self.name, self.type)
@property @property
def name(self): def name(self):
"""Get name."""
return self._name return self._name
@name.setter @name.setter
@ -62,6 +69,7 @@ class Policy:
@property @property
def type(self): def type(self):
"""Get type."""
return self._type return self._type
@type.setter @type.setter
@ -70,6 +78,7 @@ class Policy:
@property @property
def logic(self): def logic(self):
"""Get logic."""
return self._logic return self._logic
@logic.setter @logic.setter
@ -78,6 +87,7 @@ class Policy:
@property @property
def decision_strategy(self): def decision_strategy(self):
"""Get decision strategy."""
return self._decision_strategy return self._decision_strategy
@decision_strategy.setter @decision_strategy.setter
@ -86,15 +96,24 @@ class Policy:
@property @property
def roles(self): def roles(self):
"""Get roles."""
return self._roles return self._roles
@roles.setter
def roles(self, value):
self._roles = value
@property @property
def permissions(self): def permissions(self):
"""Get permissions."""
return self._permissions return self._permissions
@permissions.setter
def permissions(self, value):
self._permissions = value
def add_role(self, role): def add_role(self, role):
"""
Add keycloak role in policy.
"""Add keycloak role in policy.
:param role: keycloak role. :param role: keycloak role.
:return: :return:
@ -106,8 +125,7 @@ class Policy:
self._roles.append(role) self._roles.append(role)
def add_permission(self, permission): def add_permission(self, permission):
"""
Add keycloak permission in policy.
"""Add keycloak permission in policy.
:param permission: keycloak permission. :param permission: keycloak permission.
:return: :return:

9
src/keycloak/authorization/role.py

@ -21,25 +21,30 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""The authorization Role module."""
class Role: class Role:
"""
"""Authorization Role base class.
Roles identify a type or category of user. Admin, user, Roles identify a type or category of user. Admin, user,
manager, and employee are all typical roles that may exist in an organization. manager, and employee are all typical roles that may exist in an organization.
https://keycloak.gitbooks.io/documentation/server_admin/topics/roles.html https://keycloak.gitbooks.io/documentation/server_admin/topics/roles.html
""" """
def __init__(self, name, required=False): def __init__(self, name, required=False):
"""Init method."""
self.name = name self.name = name
self.required = required self.required = required
@property @property
def get_name(self): def get_name(self):
"""Get name."""
return self.name return self.name
def __eq__(self, other): def __eq__(self, other):
"""Eq method."""
if isinstance(other, str): if isinstance(other, str):
return self.name == other return self.name == other
return NotImplemented return NotImplemented

15
src/keycloak/connection.py

@ -21,6 +21,8 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""Connection manager module."""
try: try:
from urllib.parse import urljoin from urllib.parse import urljoin
except ImportError: except ImportError:
@ -33,8 +35,7 @@ from .exceptions import KeycloakConnectionError
class ConnectionManager(object): class ConnectionManager(object):
"""
Represents a simple server connection.
"""Represents a simple server connection.
:param base_url: (str) The server URL. :param base_url: (str) The server URL.
:param headers: (dict) The header parameters of the requests to the server. :param headers: (dict) The header parameters of the requests to the server.
@ -44,6 +45,7 @@ class ConnectionManager(object):
""" """
def __init__(self, base_url, headers={}, timeout=60, verify=True, proxies=None): def __init__(self, base_url, headers={}, timeout=60, verify=True, proxies=None):
"""Init method."""
self._base_url = base_url self._base_url = base_url
self._headers = headers self._headers = headers
self._timeout = timeout self._timeout = timeout
@ -66,6 +68,7 @@ class ConnectionManager(object):
self._s.proxies.update(proxies) self._s.proxies.update(proxies)
def __del__(self): def __del__(self):
"""Del method."""
self._s.close() self._s.close()
@property @property
@ -75,7 +78,6 @@ class ConnectionManager(object):
@base_url.setter @base_url.setter
def base_url(self, value): def base_url(self, value):
""" """
self._base_url = value self._base_url = value
@property @property
@ -85,7 +87,6 @@ class ConnectionManager(object):
@timeout.setter @timeout.setter
def timeout(self, value): def timeout(self, value):
""" """
self._timeout = value self._timeout = value
@property @property
@ -95,7 +96,6 @@ class ConnectionManager(object):
@verify.setter @verify.setter
def verify(self, value): def verify(self, value):
""" """
self._verify = value self._verify = value
@property @property
@ -105,12 +105,10 @@ class ConnectionManager(object):
@headers.setter @headers.setter
def headers(self, value): def headers(self, value):
""" """
self._headers = value self._headers = value
def param_headers(self, key): def param_headers(self, key):
"""
Return a specific header parameter.
"""Return a specific header parameter.
:param key: (str) Header parameters key. :param key: (str) Header parameters key.
:returns: If the header parameters exist, return its value. :returns: If the header parameters exist, return its value.
@ -151,7 +149,6 @@ class ConnectionManager(object):
:returns: Response the request. :returns: Response the request.
:raises: HttpError Can't connect to server. :raises: HttpError Can't connect to server.
""" """
try: try:
return self._s.get( return self._s.get(
urljoin(self.base_url, path), urljoin(self.base_url, path),

42
src/keycloak/exceptions.py

@ -21,12 +21,22 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""Keycloak custom exeptions module."""
import requests import requests
class KeycloakError(Exception): class KeycloakError(Exception):
def __init__(self, error_message="", response_code=None, response_body=None):
"""Base class for custom Keycloak errors.
:param error_message: The error message
:type error_message: str
:param response_code: The response status code
:type response_code: int
"""
def __init__(self, error_message="", response_code=None, response_body=None):
"""Init method."""
Exception.__init__(self, error_message) Exception.__init__(self, error_message)
self.response_code = response_code self.response_code = response_code
@ -34,6 +44,7 @@ class KeycloakError(Exception):
self.error_message = error_message self.error_message = error_message
def __str__(self): def __str__(self):
"""Str method."""
if self.response_code is not None: if self.response_code is not None:
return "{0}: {1}".format(self.response_code, self.error_message) return "{0}: {1}".format(self.response_code, self.error_message)
else: else:
@ -41,62 +52,91 @@ class KeycloakError(Exception):
class KeycloakAuthenticationError(KeycloakError): class KeycloakAuthenticationError(KeycloakError):
"""Keycloak authentication error exception."""
pass pass
class KeycloakConnectionError(KeycloakError): class KeycloakConnectionError(KeycloakError):
"""Keycloak connection error exception."""
pass pass
class KeycloakOperationError(KeycloakError): class KeycloakOperationError(KeycloakError):
"""Keycloak operation error exception."""
pass pass
class KeycloakDeprecationError(KeycloakError): class KeycloakDeprecationError(KeycloakError):
"""Keycloak deprecation error exception."""
pass pass
class KeycloakGetError(KeycloakOperationError): class KeycloakGetError(KeycloakOperationError):
"""Keycloak request get error exception."""
pass pass
class KeycloakPostError(KeycloakOperationError): class KeycloakPostError(KeycloakOperationError):
"""Keycloak request post error exception."""
pass pass
class KeycloakPutError(KeycloakOperationError): class KeycloakPutError(KeycloakOperationError):
"""Keycloak request put error exception."""
pass pass
class KeycloakDeleteError(KeycloakOperationError): class KeycloakDeleteError(KeycloakOperationError):
"""Keycloak request delete error exception."""
pass pass
class KeycloakSecretNotFound(KeycloakOperationError): class KeycloakSecretNotFound(KeycloakOperationError):
"""Keycloak secret not found exception."""
pass pass
class KeycloakRPTNotFound(KeycloakOperationError): class KeycloakRPTNotFound(KeycloakOperationError):
"""Keycloak RPT not found exception."""
pass pass
class KeycloakAuthorizationConfigError(KeycloakOperationError): class KeycloakAuthorizationConfigError(KeycloakOperationError):
"""Keycloak authorization config exception."""
pass pass
class KeycloakInvalidTokenError(KeycloakOperationError): class KeycloakInvalidTokenError(KeycloakOperationError):
"""Keycloak invalid token exception."""
pass pass
class KeycloakPermissionFormatError(KeycloakOperationError): class KeycloakPermissionFormatError(KeycloakOperationError):
"""Keycloak permission format exception."""
pass pass
class PermissionDefinitionError(Exception): class PermissionDefinitionError(Exception):
"""Keycloak permission definition exception."""
pass pass
def raise_error_from_response(response, error, expected_codes=None, skip_exists=False): def raise_error_from_response(response, error, expected_codes=None, skip_exists=False):
"""Raise an exception for the response."""
if expected_codes is None: if expected_codes is None:
expected_codes = [200, 201, 204] expected_codes = [200, 201, 204]

615
src/keycloak/keycloak_admin.py
File diff suppressed because it is too large
View File

111
src/keycloak/keycloak_openid.py

@ -21,6 +21,12 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""Keycloak OpenID module.
The module contains mainly the implementation of KeycloakOpenID class, the main
class to handle authentication and token manipulation.
"""
import json import json
from jose import jwt from jose import jwt
@ -52,8 +58,7 @@ from .urls_patterns import (
class KeycloakOpenID: class KeycloakOpenID:
"""
Keycloak OpenID client.
"""Keycloak OpenID client.
:param server_url: Keycloak server url :param server_url: Keycloak server url
:param client_id: client id :param client_id: client id
@ -76,6 +81,7 @@ class KeycloakOpenID:
proxies=None, proxies=None,
timeout=60, timeout=60,
): ):
"""Init method."""
self.client_id = client_id self.client_id = client_id
self.client_secret_key = client_secret_key self.client_secret_key = client_secret_key
self.realm_name = realm_name self.realm_name = realm_name
@ -88,6 +94,7 @@ class KeycloakOpenID:
@property @property
def client_id(self): def client_id(self):
"""Get client id."""
return self._client_id return self._client_id
@client_id.setter @client_id.setter
@ -96,6 +103,7 @@ class KeycloakOpenID:
@property @property
def client_secret_key(self): def client_secret_key(self):
"""Get the client secret key."""
return self._client_secret_key return self._client_secret_key
@client_secret_key.setter @client_secret_key.setter
@ -104,6 +112,7 @@ class KeycloakOpenID:
@property @property
def realm_name(self): def realm_name(self):
"""Get the realm name."""
return self._realm_name return self._realm_name
@realm_name.setter @realm_name.setter
@ -112,6 +121,7 @@ class KeycloakOpenID:
@property @property
def connection(self): def connection(self):
"""Get connection."""
return self._connection return self._connection
@connection.setter @connection.setter
@ -120,6 +130,7 @@ class KeycloakOpenID:
@property @property
def authorization(self): def authorization(self):
"""Get authorization."""
return self._authorization return self._authorization
@authorization.setter @authorization.setter
@ -127,8 +138,7 @@ class KeycloakOpenID:
self._authorization = value self._authorization = value
def _add_secret_key(self, payload): def _add_secret_key(self, payload):
"""
Add secret key if exist.
"""Add secret key if exists.
:param payload: :param payload:
:return: :return:
@ -139,7 +149,7 @@ class KeycloakOpenID:
return payload return payload
def _build_name_role(self, role): def _build_name_role(self, role):
"""
"""Build name of a role.
:param role: :param role:
:return: :return:
@ -147,7 +157,7 @@ class KeycloakOpenID:
return self.client_id + "/" + role return self.client_id + "/" + role
def _token_info(self, token, method_token_info, **kwargs): def _token_info(self, token, method_token_info, **kwargs):
"""
"""Getter for the token data.
:param token: :param token:
:param method_token_info: :param method_token_info:
@ -162,21 +172,20 @@ class KeycloakOpenID:
return token_info return token_info
def well_known(self): def well_known(self):
"""The most important endpoint to understand is the well-known configuration
"""Get the well_known object.
The most important endpoint to understand is the well-known configuration
endpoint. It lists endpoints and other configuration options relevant to endpoint. It lists endpoints and other configuration options relevant to
the OpenID Connect implementation in Keycloak. the OpenID Connect implementation in Keycloak.
:return It lists endpoints and other configuration options relevant. :return It lists endpoints and other configuration options relevant.
""" """
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_get(URL_WELL_KNOWN.format(**params_path)) data_raw = self.connection.raw_get(URL_WELL_KNOWN.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def auth_url(self, redirect_uri, scope="email", state=""): def auth_url(self, redirect_uri, scope="email", state=""):
"""
Get authorization URL endpoint.
"""Get authorization URL endpoint.
:param redirect_uri: Redirect url to receive oauth code :param redirect_uri: Redirect url to receive oauth code
:type redirect_uri: str :type redirect_uri: str
@ -206,7 +215,8 @@ class KeycloakOpenID:
totp=None, totp=None,
**extra **extra
): ):
"""
"""Retrieve user token.
The token endpoint is used to obtain tokens. Tokens can either be obtained by The token endpoint is used to obtain tokens. Tokens can either be obtained by
exchanging an authorization code or by supplying credentials directly depending on exchanging an authorization code or by supplying credentials directly depending on
what flow is used. The token endpoint is also used to obtain new access tokens what flow is used. The token endpoint is also used to obtain new access tokens
@ -239,10 +249,11 @@ class KeycloakOpenID:
payload = self._add_secret_key(payload) payload = self._add_secret_key(payload)
data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path), data=payload) data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path), data=payload)
return raise_error_from_response(data_raw, KeycloakGetError)
return raise_error_from_response(data_raw, KeycloakPostError)
def refresh_token(self, refresh_token, grant_type=["refresh_token"]): def refresh_token(self, refresh_token, grant_type=["refresh_token"]):
"""
"""Refresh the user token.
The token endpoint is used to obtain tokens. Tokens can either be obtained by The token endpoint is used to obtain tokens. Tokens can either be obtained by
exchanging an authorization code or by supplying credentials directly depending on exchanging an authorization code or by supplying credentials directly depending on
what flow is used. The token endpoint is also used to obtain new access tokens what flow is used. The token endpoint is also used to obtain new access tokens
@ -262,10 +273,11 @@ class KeycloakOpenID:
} }
payload = self._add_secret_key(payload) payload = self._add_secret_key(payload)
data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path), data=payload) data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path), data=payload)
return raise_error_from_response(data_raw, KeycloakGetError)
return raise_error_from_response(data_raw, KeycloakPostError)
def exchange_token(self, token: str, client_id: str, audience: str, subject: str) -> dict: def exchange_token(self, token: str, client_id: str, audience: str, subject: str) -> dict:
"""
"""Exchange user token.
Use a token to obtain an entirely different token. See Use a token to obtain an entirely different token. See
https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange
@ -286,10 +298,11 @@ class KeycloakOpenID:
} }
payload = self._add_secret_key(payload) payload = self._add_secret_key(payload)
data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path), data=payload) data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path), data=payload)
return raise_error_from_response(data_raw, KeycloakGetError)
return raise_error_from_response(data_raw, KeycloakPostError)
def userinfo(self, token): def userinfo(self, token):
"""
"""Get the user info object.
The userinfo endpoint returns standard claims about the authenticated user, The userinfo endpoint returns standard claims about the authenticated user,
and is protected by a bearer token. and is protected by a bearer token.
@ -298,30 +311,26 @@ class KeycloakOpenID:
:param token: :param token:
:return: :return:
""" """
self.connection.add_param_headers("Authorization", "Bearer " + token) self.connection.add_param_headers("Authorization", "Bearer " + token)
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_get(URL_USERINFO.format(**params_path)) data_raw = self.connection.raw_get(URL_USERINFO.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def logout(self, refresh_token): def logout(self, refresh_token):
"""
The logout endpoint logs out the authenticated user.
"""Log out the authenticated user.
:param refresh_token: :param refresh_token:
:return: :return:
""" """
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
payload = {"client_id": self.client_id, "refresh_token": refresh_token} payload = {"client_id": self.client_id, "refresh_token": refresh_token}
payload = self._add_secret_key(payload) payload = self._add_secret_key(payload)
data_raw = self.connection.raw_post(URL_LOGOUT.format(**params_path), data=payload) data_raw = self.connection.raw_post(URL_LOGOUT.format(**params_path), data=payload)
return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
return raise_error_from_response(data_raw, KeycloakPostError, expected_codes=[204])
def certs(self): def certs(self):
"""
"""Get certificates.
The certificate endpoint returns the public keys enabled by the realm, encoded as a The certificate endpoint returns the public keys enabled by the realm, encoded as a
JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled
for verifying tokens. for verifying tokens.
@ -335,7 +344,8 @@ class KeycloakOpenID:
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def public_key(self): def public_key(self):
"""
"""Retrieve the public key.
The public key is exposed by the realm page directly. The public key is exposed by the realm page directly.
:return: :return:
@ -345,7 +355,8 @@ class KeycloakOpenID:
return raise_error_from_response(data_raw, KeycloakGetError)["public_key"] return raise_error_from_response(data_raw, KeycloakGetError)["public_key"]
def entitlement(self, token, resource_server_id): def entitlement(self, token, resource_server_id):
"""
"""Get entitlements from the token.
Client applications can use a specific endpoint to obtain a special security token Client applications can use a specific endpoint to obtain a special security token
called a requesting party token (RPT). This token consists of all the entitlements called a requesting party token (RPT). This token consists of all the entitlements
(or permissions) for a user as a result of the evaluation of the permissions and (or permissions) for a user as a result of the evaluation of the permissions and
@ -361,10 +372,11 @@ class KeycloakOpenID:
if data_raw.status_code == 404: if data_raw.status_code == 404:
return raise_error_from_response(data_raw, KeycloakDeprecationError) return raise_error_from_response(data_raw, KeycloakDeprecationError)
return raise_error_from_response(data_raw, KeycloakGetError)
return raise_error_from_response(data_raw, KeycloakGetError) # pragma: no cover
def introspect(self, token, rpt=None, token_type_hint=None): def introspect(self, token, rpt=None, token_type_hint=None):
"""
"""Introspect the user token.
The introspection endpoint is used to retrieve the active state of a token. The introspection endpoint is used to retrieve the active state of a token.
It is can only be invoked by confidential clients. It is can only be invoked by confidential clients.
@ -377,7 +389,6 @@ class KeycloakOpenID:
:return: :return:
""" """
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
payload = {"client_id": self.client_id, "token": token} payload = {"client_id": self.client_id, "token": token}
if token_type_hint == "requesting_party_token": if token_type_hint == "requesting_party_token":
@ -390,11 +401,11 @@ class KeycloakOpenID:
payload = self._add_secret_key(payload) payload = self._add_secret_key(payload)
data_raw = self.connection.raw_post(URL_INTROSPECT.format(**params_path), data=payload) data_raw = self.connection.raw_post(URL_INTROSPECT.format(**params_path), data=payload)
return raise_error_from_response(data_raw, KeycloakGetError)
return raise_error_from_response(data_raw, KeycloakPostError)
def decode_token(self, token, key, algorithms=["RS256"], **kwargs): def decode_token(self, token, key, algorithms=["RS256"], **kwargs):
"""
"""Decode user token.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification structure that represents a cryptographic key. This specification
also defines a JWK Set JSON data structure that represents a set of also defines a JWK Set JSON data structure that represents a set of
@ -409,29 +420,25 @@ class KeycloakOpenID:
:param algorithms: :param algorithms:
:return: :return:
""" """
return jwt.decode(token, key, algorithms=algorithms, audience=self.client_id, **kwargs) return jwt.decode(token, key, algorithms=algorithms, audience=self.client_id, **kwargs)
def load_authorization_config(self, path): def load_authorization_config(self, path):
"""
Load Keycloak settings (authorization)
"""Load Keycloak settings (authorization).
:param path: settings file (json) :param path: settings file (json)
:return: :return:
""" """
authorization_file = open(path, "r")
authorization_json = json.loads(authorization_file.read())
with open(path, "r") as fp:
authorization_json = json.load(fp)
self.authorization.load_config(authorization_json) self.authorization.load_config(authorization_json)
authorization_file.close()
def get_policies(self, token, method_token_info="introspect", **kwargs): def get_policies(self, token, method_token_info="introspect", **kwargs):
"""
Get policies by user token
"""Get policies by user token.
:param token: user token :param token: user token
:return: policies list :return: policies list
""" """
if not self.authorization.policies: if not self.authorization.policies:
raise KeycloakAuthorizationConfigError( raise KeycloakAuthorizationConfigError(
"Keycloak settings not found. Load Authorization Keycloak settings." "Keycloak settings not found. Load Authorization Keycloak settings."
@ -457,15 +464,13 @@ class KeycloakOpenID:
return list(set(policies)) return list(set(policies))
def get_permissions(self, token, method_token_info="introspect", **kwargs): def get_permissions(self, token, method_token_info="introspect", **kwargs):
"""
Get permission by user token
"""Get permission by user token.
:param token: user token :param token: user token
:param method_token_info: Decode token method :param method_token_info: Decode token method
:param kwargs: parameters for decode :param kwargs: parameters for decode
:return: permissions list :return: permissions list
""" """
if not self.authorization.policies: if not self.authorization.policies:
raise KeycloakAuthorizationConfigError( raise KeycloakAuthorizationConfigError(
"Keycloak settings not found. Load Authorization Keycloak settings." "Keycloak settings not found. Load Authorization Keycloak settings."
@ -491,8 +496,7 @@ class KeycloakOpenID:
return list(set(permissions)) return list(set(permissions))
def uma_permissions(self, token, permissions=""): def uma_permissions(self, token, permissions=""):
"""
Get UMA permissions by user token with requested permissions
"""Get UMA permissions by user token with requested permissions.
The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be
invoked by confidential clients. invoked by confidential clients.
@ -503,7 +507,6 @@ class KeycloakOpenID:
:param permissions: list of uma permissions list(resource:scope) requested by the user :param permissions: list of uma permissions list(resource:scope) requested by the user
:return: permissions list :return: permissions list
""" """
permission = build_permission_param(permissions) permission = build_permission_param(permissions)
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
@ -516,12 +519,10 @@ class KeycloakOpenID:
self.connection.add_param_headers("Authorization", "Bearer " + token) self.connection.add_param_headers("Authorization", "Bearer " + token)
data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path), data=payload) data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path), data=payload)
return raise_error_from_response(data_raw, KeycloakPostError) return raise_error_from_response(data_raw, KeycloakPostError)
def has_uma_access(self, token, permissions): def has_uma_access(self, token, permissions):
"""
Determine whether user has uma permissions with specified user token
"""Determine whether user has uma permissions with specified user token.
:param token: user token :param token: user token
:param permissions: list of uma permissions (resource:scope) :param permissions: list of uma permissions (resource:scope)
@ -531,7 +532,7 @@ class KeycloakOpenID:
try: try:
granted = self.uma_permissions(token, permissions) granted = self.uma_permissions(token, permissions)
except (KeycloakPostError, KeycloakAuthenticationError) as e: except (KeycloakPostError, KeycloakAuthenticationError) as e:
if e.response_code == 403:
if e.response_code == 403: # pragma: no cover
return AuthStatus( return AuthStatus(
is_logged_in=True, is_authorized=False, missing_permissions=needed is_logged_in=True, is_authorized=False, missing_permissions=needed
) )
@ -547,7 +548,7 @@ class KeycloakOpenID:
if not scopes: if not scopes:
needed.discard(resource) needed.discard(resource)
continue continue
for scope in scopes:
for scope in scopes: # pragma: no cover
needed.discard("{}#{}".format(resource, scope)) needed.discard("{}#{}".format(resource, scope))
return AuthStatus( return AuthStatus(

42
src/keycloak/uma_permissions.py

@ -21,11 +21,14 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""User-managed access permissions module."""
from keycloak.exceptions import KeycloakPermissionFormatError, PermissionDefinitionError from keycloak.exceptions import KeycloakPermissionFormatError, PermissionDefinitionError
class UMAPermission: class UMAPermission:
"""A class to conveniently assembly permissions. """A class to conveniently assembly permissions.
The class itself is callable, and will return the assembled permission. The class itself is callable, and will return the assembled permission.
Usage example: Usage example:
@ -36,9 +39,16 @@ class UMAPermission:
>>> print(permission) >>> print(permission)
'Users#delete' 'Users#delete'
:param permission: Permission
:type permission: UMAPermission
:param resource: Resource
:type resource: str
:param scope: Scope
:type scope: str
""" """
def __init__(self, permission=None, resource="", scope=""): def __init__(self, permission=None, resource="", scope=""):
"""Init method."""
self.resource = resource self.resource = resource
self.scope = scope self.scope = scope
@ -53,21 +63,26 @@ class UMAPermission:
self.scope = str(permission.scope) self.scope = str(permission.scope)
def __str__(self): def __str__(self):
"""Str method."""
scope = self.scope scope = self.scope
if scope: if scope:
scope = "#" + scope scope = "#" + scope
return "{}{}".format(self.resource, scope) return "{}{}".format(self.resource, scope)
def __eq__(self, __o: object) -> bool: def __eq__(self, __o: object) -> bool:
"""Eq method."""
return str(self) == str(__o) return str(self) == str(__o)
def __repr__(self) -> str: def __repr__(self) -> str:
"""Repr method."""
return self.__str__() return self.__str__()
def __hash__(self) -> int: def __hash__(self) -> int:
"""Hash method."""
return hash(str(self)) return hash(str(self))
def __call__(self, permission=None, resource="", scope="") -> object: def __call__(self, permission=None, resource="", scope="") -> object:
"""Call method."""
result_resource = self.resource result_resource = self.resource
result_scope = self.scope result_scope = self.scope
@ -91,36 +106,58 @@ class UMAPermission:
class Resource(UMAPermission): class Resource(UMAPermission):
"""An UMAPermission Resource class to conveniently assembly permissions. """An UMAPermission Resource class to conveniently assembly permissions.
The class itself is callable, and will return the assembled permission. The class itself is callable, and will return the assembled permission.
:param resource: Resource
:type resource: str
""" """
def __init__(self, resource): def __init__(self, resource):
"""Init method."""
super().__init__(resource=resource) super().__init__(resource=resource)
class Scope(UMAPermission): class Scope(UMAPermission):
"""An UMAPermission Scope class to conveniently assembly permissions. """An UMAPermission Scope class to conveniently assembly permissions.
The class itself is callable, and will return the assembled permission. The class itself is callable, and will return the assembled permission.
:param scope: Scope
:type scope: str
""" """
def __init__(self, scope): def __init__(self, scope):
"""Init method."""
super().__init__(scope=scope) super().__init__(scope=scope)
class AuthStatus: class AuthStatus:
"""A class that represents the authorization/login status of a user associated with a token. """A class that represents the authorization/login status of a user associated with a token.
This has to evaluate to True if and only if the user is properly authorized This has to evaluate to True if and only if the user is properly authorized
for the requested resource."""
for the requested resource.
:param is_logged_in: Is logged in indicator
:type is_logged_in: bool
:param is_authorized: Is authorized indicator
:type is_authorized: bool
:param missing_permissions: Missing permissions
:type missing_permissions: set
"""
def __init__(self, is_logged_in, is_authorized, missing_permissions): def __init__(self, is_logged_in, is_authorized, missing_permissions):
"""Init method."""
self.is_logged_in = is_logged_in self.is_logged_in = is_logged_in
self.is_authorized = is_authorized self.is_authorized = is_authorized
self.missing_permissions = missing_permissions self.missing_permissions = missing_permissions
def __bool__(self): def __bool__(self):
"""Bool method."""
return self.is_authorized return self.is_authorized
def __repr__(self): def __repr__(self):
"""Repr method."""
return ( return (
f"AuthStatus(" f"AuthStatus("
f"is_authorized={self.is_authorized}, " f"is_authorized={self.is_authorized}, "
@ -130,8 +167,7 @@ class AuthStatus:
def build_permission_param(permissions): def build_permission_param(permissions):
"""
Transform permissions to a set, so they are usable for requests
"""Transform permissions to a set, so they are usable for requests.
:param permissions: either str (resource#scope), :param permissions: either str (resource#scope),
iterable[str] (resource#scope), iterable[str] (resource#scope),

2
src/keycloak/urls_patterns.py

@ -21,6 +21,8 @@
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""Keycloak URL patterns."""
# OPENID URLS # OPENID URLS
URL_REALM = "realms/{realm-name}" URL_REALM = "realms/{realm-name}"
URL_WELL_KNOWN = "realms/{realm-name}/.well-known/openid-configuration" URL_WELL_KNOWN = "realms/{realm-name}/.well-known/openid-configuration"

5
test_keycloak_init.sh

@ -3,8 +3,6 @@
CMD_ARGS=$1 CMD_ARGS=$1
KEYCLOAK_DOCKER_IMAGE="quay.io/keycloak/keycloak:latest" KEYCLOAK_DOCKER_IMAGE="quay.io/keycloak/keycloak:latest"
echo "${CMD_ARGS}"
function keycloak_stop() { function keycloak_stop() {
docker stop unittest_keycloak &> /dev/null docker stop unittest_keycloak &> /dev/null
docker rm unittest_keycloak &> /dev/null docker rm unittest_keycloak &> /dev/null
@ -12,7 +10,7 @@ function keycloak_stop() {
function keycloak_start() { function keycloak_start() {
echo "Starting keycloak docker container" echo "Starting keycloak docker container"
docker run -d --name unittest_keycloak -e KEYCLOAK_ADMIN="${KEYCLOAK_ADMIN}" -e KEYCLOAK_ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD}" -p "${KEYCLOAK_PORT}:8080" "${KEYCLOAK_DOCKER_IMAGE}" start-dev
docker run -d --name unittest_keycloak -e KEYCLOAK_ADMIN="${KEYCLOAK_ADMIN}" -e KEYCLOAK_ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD}" -e KC_FEATURES="token-exchange" -p "${KEYCLOAK_PORT}:8080" "${KEYCLOAK_DOCKER_IMAGE}" start-dev
SECONDS=0 SECONDS=0
until curl --silent --output /dev/null localhost:$KEYCLOAK_PORT; do until curl --silent --output /dev/null localhost:$KEYCLOAK_PORT; do
sleep 5; sleep 5;
@ -31,5 +29,6 @@ keycloak_start
eval ${CMD_ARGS} eval ${CMD_ARGS}
RETURN_VALUE=$? RETURN_VALUE=$?
docker logs unittest_keycloak > keycloak_test_logs.txt
exit ${RETURN_VALUE} exit ${RETURN_VALUE}

1
tests/__init__.py

@ -0,0 +1 @@
"""Tests module."""

216
tests/conftest.py

@ -1,24 +1,89 @@
"""Fixtures for tests."""
import os import os
import uuid import uuid
import pytest import pytest
from keycloak import KeycloakAdmin
from keycloak import KeycloakAdmin, KeycloakOpenID
class KeycloakTestEnv(object):
"""Wrapper for test Keycloak connection configuration.
:param host: Hostname
:type host: str
:param port: Port
:type port: str
:param username: Admin username
:type username: str
:param password: Admin password
:type password: str
"""
def __init__(
self,
host: str = os.environ["KEYCLOAK_HOST"],
port: str = os.environ["KEYCLOAK_PORT"],
username: str = os.environ["KEYCLOAK_ADMIN"],
password: str = os.environ["KEYCLOAK_ADMIN_PASSWORD"],
):
"""Init method."""
self.KEYCLOAK_HOST = host
self.KEYCLOAK_PORT = port
self.KEYCLOAK_ADMIN = username
self.KEYCLOAK_ADMIN_PASSWORD = password
@property
def KEYCLOAK_HOST(self):
"""Hostname getter."""
return self._KEYCLOAK_HOST
@KEYCLOAK_HOST.setter
def KEYCLOAK_HOST(self, value: str):
"""Hostname setter."""
self._KEYCLOAK_HOST = value
@property
def KEYCLOAK_PORT(self):
"""Port getter."""
return self._KEYCLOAK_PORT
@KEYCLOAK_PORT.setter
def KEYCLOAK_PORT(self, value: str):
"""Port setter."""
self._KEYCLOAK_PORT = value
@property
def KEYCLOAK_ADMIN(self):
"""Admin username getter."""
return self._KEYCLOAK_ADMIN
@KEYCLOAK_ADMIN.setter
def KEYCLOAK_ADMIN(self, value: str):
"""Admin username setter."""
self._KEYCLOAK_ADMIN = value
@property
def KEYCLOAK_ADMIN_PASSWORD(self):
"""Admin password getter."""
return self._KEYCLOAK_ADMIN_PASSWORD
@KEYCLOAK_ADMIN_PASSWORD.setter
def KEYCLOAK_ADMIN_PASSWORD(self, value: str):
"""Admin password setter."""
self._KEYCLOAK_ADMIN_PASSWORD = value
@pytest.fixture @pytest.fixture
def env(): def env():
class KeycloakTestEnv(object):
KEYCLOAK_HOST = os.environ["KEYCLOAK_HOST"]
KEYCLOAK_PORT = os.environ["KEYCLOAK_PORT"]
KEYCLOAK_ADMIN = os.environ["KEYCLOAK_ADMIN"]
KEYCLOAK_ADMIN_PASSWORD = os.environ["KEYCLOAK_ADMIN_PASSWORD"]
"""Fixture for getting the test environment configuration object."""
return KeycloakTestEnv() return KeycloakTestEnv()
@pytest.fixture @pytest.fixture
def admin(env):
def admin(env: KeycloakTestEnv):
"""Fixture for initialized KeycloakAdmin class."""
return KeycloakAdmin( return KeycloakAdmin(
server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}", server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
username=env.KEYCLOAK_ADMIN, username=env.KEYCLOAK_ADMIN,
@ -26,16 +91,147 @@ def admin(env):
) )
@pytest.fixture
def oid(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
"""Fixture for initialized KeycloakOpenID class."""
# Set the realm
admin.realm_name = realm
# Create client
client = str(uuid.uuid4())
client_id = admin.create_client(
payload={
"name": client,
"clientId": client,
"enabled": True,
"publicClient": True,
"protocol": "openid-connect",
}
)
# Return OID
yield KeycloakOpenID(
server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
realm_name=realm,
client_id=client,
)
# Cleanup
admin.delete_client(client_id=client_id)
@pytest.fixture
def oid_with_credentials(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
"""Fixture for an initialized KeycloakOpenID class and a random user credentials."""
# Set the realm
admin.realm_name = realm
# Create client
client = str(uuid.uuid4())
secret = str(uuid.uuid4())
client_id = admin.create_client(
payload={
"name": client,
"clientId": client,
"enabled": True,
"publicClient": False,
"protocol": "openid-connect",
"secret": secret,
"clientAuthenticatorType": "client-secret",
}
)
# Create user
username = str(uuid.uuid4())
password = str(uuid.uuid4())
user_id = admin.create_user(
payload={
"username": username,
"email": f"{username}@test.test",
"enabled": True,
"credentials": [{"type": "password", "value": password}],
}
)
yield (
KeycloakOpenID(
server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
realm_name=realm,
client_id=client,
client_secret_key=secret,
),
username,
password,
)
# Cleanup
admin.delete_client(client_id=client_id)
admin.delete_user(user_id=user_id)
@pytest.fixture
def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
"""Fixture for an initialized KeycloakOpenID class and a random user credentials."""
# Set the realm
admin.realm_name = realm
# Create client
client = str(uuid.uuid4())
secret = str(uuid.uuid4())
client_id = admin.create_client(
payload={
"name": client,
"clientId": client,
"enabled": True,
"publicClient": False,
"protocol": "openid-connect",
"secret": secret,
"clientAuthenticatorType": "client-secret",
"authorizationServicesEnabled": True,
"serviceAccountsEnabled": True,
}
)
admin.create_client_authz_role_based_policy(
client_id=client_id,
payload={
"name": "test-authz-rb-policy",
"roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
},
)
# Create user
username = str(uuid.uuid4())
password = str(uuid.uuid4())
user_id = admin.create_user(
payload={
"username": username,
"email": f"{username}@test.test",
"enabled": True,
"credentials": [{"type": "password", "value": password}],
}
)
yield (
KeycloakOpenID(
server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
realm_name=realm,
client_id=client,
client_secret_key=secret,
),
username,
password,
)
# Cleanup
admin.delete_client(client_id=client_id)
admin.delete_user(user_id=user_id)
@pytest.fixture @pytest.fixture
def realm(admin: KeycloakAdmin) -> str: def realm(admin: KeycloakAdmin) -> str:
"""Fixture for a new random realm."""
realm_name = str(uuid.uuid4()) realm_name = str(uuid.uuid4())
admin.create_realm(payload={"realm": realm_name})
admin.create_realm(payload={"realm": realm_name, "enabled": True})
yield realm_name yield realm_name
admin.delete_realm(realm_name=realm_name) admin.delete_realm(realm_name=realm_name)
@pytest.fixture @pytest.fixture
def user(admin: KeycloakAdmin, realm: str) -> str: def user(admin: KeycloakAdmin, realm: str) -> str:
"""Fixture for a new random user."""
admin.realm_name = realm admin.realm_name = realm
username = str(uuid.uuid4()) username = str(uuid.uuid4())
user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"}) user_id = admin.create_user(payload={"username": username, "email": f"{username}@test.test"})
@ -45,6 +241,7 @@ def user(admin: KeycloakAdmin, realm: str) -> str:
@pytest.fixture @pytest.fixture
def group(admin: KeycloakAdmin, realm: str) -> str: def group(admin: KeycloakAdmin, realm: str) -> str:
"""Fixture for a new random group."""
admin.realm_name = realm admin.realm_name = realm
group_name = str(uuid.uuid4()) group_name = str(uuid.uuid4())
group_id = admin.create_group(payload={"name": group_name}) group_id = admin.create_group(payload={"name": group_name})
@ -54,6 +251,7 @@ def group(admin: KeycloakAdmin, realm: str) -> str:
@pytest.fixture @pytest.fixture
def client(admin: KeycloakAdmin, realm: str) -> str: def client(admin: KeycloakAdmin, realm: str) -> str:
"""Fixture for a new random client."""
admin.realm_name = realm admin.realm_name = realm
client = str(uuid.uuid4()) client = str(uuid.uuid4())
client_id = admin.create_client(payload={"name": client, "clientId": client}) client_id = admin.create_client(payload={"name": client, "clientId": client})

45
tests/data/authz_settings.json

@ -0,0 +1,45 @@
{
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"policies": [
{
"name": "Default Policy",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
},
{
"name": "test-authz-rb-policy",
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"roles": "[{\"id\":\"offline_access\",\"required\":false}]"
}
},
{
"name": "Default Permission",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"applyPolicies": "[\"test-authz-rb-policy\"]"
}
},
{
"name": "Test scope",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"scopes": "[]",
"applyPolicies": "[\"test-authz-rb-policy\"]"
}
}
],
"scopes": [],
"decisionStrategy": "UNANIMOUS"
}

31
tests/test_keycloak_admin.py

@ -1,3 +1,5 @@
"""Test the keycloak admin object."""
import pytest import pytest
import keycloak import keycloak
@ -13,10 +15,12 @@ from keycloak.exceptions import (
def test_keycloak_version(): def test_keycloak_version():
"""Test version."""
assert keycloak.__version__, keycloak.__version__ assert keycloak.__version__, keycloak.__version__
def test_keycloak_admin_bad_init(env): def test_keycloak_admin_bad_init(env):
"""Test keycloak admin bad init."""
with pytest.raises(TypeError) as err: with pytest.raises(TypeError) as err:
KeycloakAdmin( KeycloakAdmin(
server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}", server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
@ -37,6 +41,7 @@ def test_keycloak_admin_bad_init(env):
def test_keycloak_admin_init(env): def test_keycloak_admin_init(env):
"""Test keycloak admin init."""
admin = KeycloakAdmin( admin = KeycloakAdmin(
server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}", server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
username=env.KEYCLOAK_ADMIN, username=env.KEYCLOAK_ADMIN,
@ -111,6 +116,7 @@ def test_keycloak_admin_init(env):
def test_realms(admin: KeycloakAdmin): def test_realms(admin: KeycloakAdmin):
"""Test realms."""
# Get realms # Get realms
realms = admin.get_realms() realms = admin.get_realms()
assert len(realms) == 1, realms assert len(realms) == 1, realms
@ -175,6 +181,7 @@ def test_realms(admin: KeycloakAdmin):
def test_import_export_realms(admin: KeycloakAdmin, realm: str): def test_import_export_realms(admin: KeycloakAdmin, realm: str):
"""Test import and export of realms."""
admin.realm_name = realm admin.realm_name = realm
realm_export = admin.export_realm(export_clients=True, export_groups_and_role=True) realm_export = admin.export_realm(export_clients=True, export_groups_and_role=True)
@ -192,6 +199,7 @@ def test_import_export_realms(admin: KeycloakAdmin, realm: str):
def test_users(admin: KeycloakAdmin, realm: str): def test_users(admin: KeycloakAdmin, realm: str):
"""Test users."""
admin.realm_name = realm admin.realm_name = realm
# Check no users present # Check no users present
@ -283,6 +291,7 @@ def test_users(admin: KeycloakAdmin, realm: str):
def test_users_pagination(admin: KeycloakAdmin, realm: str): def test_users_pagination(admin: KeycloakAdmin, realm: str):
"""Test user pagination."""
admin.realm_name = realm admin.realm_name = realm
for ind in range(admin.PAGE_SIZE + 50): for ind in range(admin.PAGE_SIZE + 50):
@ -300,6 +309,7 @@ def test_users_pagination(admin: KeycloakAdmin, realm: str):
def test_idps(admin: KeycloakAdmin, realm: str): def test_idps(admin: KeycloakAdmin, realm: str):
"""Test IDPs."""
admin.realm_name = realm admin.realm_name = realm
# Create IDP # Create IDP
@ -371,6 +381,7 @@ def test_idps(admin: KeycloakAdmin, realm: str):
def test_user_credentials(admin: KeycloakAdmin, user: str): def test_user_credentials(admin: KeycloakAdmin, user: str):
"""Test user credentials."""
res = admin.set_user_password(user_id=user, password="booya", temporary=True) res = admin.set_user_password(user_id=user, password="booya", temporary=True)
assert res == dict(), res assert res == dict(), res
@ -398,6 +409,7 @@ def test_user_credentials(admin: KeycloakAdmin, user: str):
def test_social_logins(admin: KeycloakAdmin, user: str): def test_social_logins(admin: KeycloakAdmin, user: str):
"""Test social logins."""
res = admin.add_user_social_login( res = admin.add_user_social_login(
user_id=user, provider_id="gitlab", provider_userid="test", provider_username="test" user_id=user, provider_id="gitlab", provider_userid="test", provider_username="test"
) )
@ -437,6 +449,7 @@ def test_social_logins(admin: KeycloakAdmin, user: str):
def test_server_info(admin: KeycloakAdmin): def test_server_info(admin: KeycloakAdmin):
"""Test server info."""
info = admin.get_server_info() info = admin.get_server_info()
assert set(info.keys()) == { assert set(info.keys()) == {
"systemInfo", "systemInfo",
@ -456,6 +469,7 @@ def test_server_info(admin: KeycloakAdmin):
def test_groups(admin: KeycloakAdmin, user: str): def test_groups(admin: KeycloakAdmin, user: str):
"""Test groups."""
# Test get groups # Test get groups
groups = admin.get_groups() groups = admin.get_groups()
assert len(groups) == 0 assert len(groups) == 0
@ -599,6 +613,7 @@ def test_groups(admin: KeycloakAdmin, user: str):
def test_clients(admin: KeycloakAdmin, realm: str): def test_clients(admin: KeycloakAdmin, realm: str):
"""Test clients."""
admin.realm_name = realm admin.realm_name = realm
# Test get clients # Test get clients
@ -860,6 +875,7 @@ def test_clients(admin: KeycloakAdmin, realm: str):
def test_realm_roles(admin: KeycloakAdmin, realm: str): def test_realm_roles(admin: KeycloakAdmin, realm: str):
"""Test realm roles."""
admin.realm_name = realm admin.realm_name = realm
# Test get realm roles # Test get realm roles
@ -1015,6 +1031,7 @@ def test_realm_roles(admin: KeycloakAdmin, realm: str):
def test_client_roles(admin: KeycloakAdmin, client: str): def test_client_roles(admin: KeycloakAdmin, client: str):
"""Test client roles."""
# Test get client roles # Test get client roles
res = admin.get_client_roles(client_id=client) res = admin.get_client_roles(client_id=client)
assert len(res) == 0 assert len(res) == 0
@ -1177,6 +1194,7 @@ def test_client_roles(admin: KeycloakAdmin, client: str):
def test_enable_token_exchange(admin: KeycloakAdmin, realm: str): def test_enable_token_exchange(admin: KeycloakAdmin, realm: str):
"""Test enable token exchange."""
# Test enabling token exchange between two confidential clients # Test enabling token exchange between two confidential clients
admin.realm_name = realm admin.realm_name = realm
@ -1265,6 +1283,7 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str):
def test_email(admin: KeycloakAdmin, user: str): def test_email(admin: KeycloakAdmin, user: str):
"""Test email."""
# Emails will fail as we don't have SMTP test setup # Emails will fail as we don't have SMTP test setup
with pytest.raises(KeycloakPutError) as err: with pytest.raises(KeycloakPutError) as err:
admin.send_update_account(user_id=user, payload=dict()) admin.send_update_account(user_id=user, payload=dict())
@ -1277,6 +1296,7 @@ def test_email(admin: KeycloakAdmin, user: str):
def test_get_sessions(admin: KeycloakAdmin): def test_get_sessions(admin: KeycloakAdmin):
"""Test get sessions."""
sessions = admin.get_sessions(user_id=admin.get_user_id(username=admin.username)) sessions = admin.get_sessions(user_id=admin.get_user_id(username=admin.username))
assert len(sessions) >= 1 assert len(sessions) >= 1
with pytest.raises(KeycloakGetError) as err: with pytest.raises(KeycloakGetError) as err:
@ -1285,6 +1305,7 @@ def test_get_sessions(admin: KeycloakAdmin):
def test_get_client_installation_provider(admin: KeycloakAdmin, client: str): def test_get_client_installation_provider(admin: KeycloakAdmin, client: str):
"""Test get client installation provider."""
with pytest.raises(KeycloakGetError) as err: with pytest.raises(KeycloakGetError) as err:
admin.get_client_installation_provider(client_id=client, provider_id="bad") admin.get_client_installation_provider(client_id=client, provider_id="bad")
assert err.match('404: b\'{"error":"Unknown Provider"}\'') assert err.match('404: b\'{"error":"Unknown Provider"}\'')
@ -1303,6 +1324,7 @@ def test_get_client_installation_provider(admin: KeycloakAdmin, client: str):
def test_auth_flows(admin: KeycloakAdmin, realm: str): def test_auth_flows(admin: KeycloakAdmin, realm: str):
"""Test auth flows."""
admin.realm_name = realm admin.realm_name = realm
res = admin.get_authentication_flows() res = admin.get_authentication_flows()
@ -1449,6 +1471,7 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str):
def test_authentication_configs(admin: KeycloakAdmin, realm: str): def test_authentication_configs(admin: KeycloakAdmin, realm: str):
"""Test authentication configs."""
admin.realm_name = realm admin.realm_name = realm
# Test list of auth providers # Test list of auth providers
@ -1480,6 +1503,7 @@ def test_authentication_configs(admin: KeycloakAdmin, realm: str):
def test_sync_users(admin: KeycloakAdmin, realm: str): def test_sync_users(admin: KeycloakAdmin, realm: str):
"""Test sync users."""
admin.realm_name = realm admin.realm_name = realm
# Only testing the error message # Only testing the error message
@ -1489,6 +1513,7 @@ def test_sync_users(admin: KeycloakAdmin, realm: str):
def test_client_scopes(admin: KeycloakAdmin, realm: str): def test_client_scopes(admin: KeycloakAdmin, realm: str):
"""Test client scopes."""
admin.realm_name = realm admin.realm_name = realm
# Test get client scopes # Test get client scopes
@ -1626,6 +1651,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str):
def test_components(admin: KeycloakAdmin, realm: str): def test_components(admin: KeycloakAdmin, realm: str):
"""Test components."""
admin.realm_name = realm admin.realm_name = realm
# Test get components # Test get components
@ -1676,6 +1702,7 @@ def test_components(admin: KeycloakAdmin, realm: str):
def test_keys(admin: KeycloakAdmin, realm: str): def test_keys(admin: KeycloakAdmin, realm: str):
"""Test keys."""
admin.realm_name = realm admin.realm_name = realm
assert set(admin.get_keys()["active"].keys()) == {"AES", "HS256", "RS256", "RSA-OAEP"} assert set(admin.get_keys()["active"].keys()) == {"AES", "HS256", "RS256", "RSA-OAEP"}
assert {k["algorithm"] for k in admin.get_keys()["keys"]} == { assert {k["algorithm"] for k in admin.get_keys()["keys"]} == {
@ -1687,6 +1714,7 @@ def test_keys(admin: KeycloakAdmin, realm: str):
def test_events(admin: KeycloakAdmin, realm: str): def test_events(admin: KeycloakAdmin, realm: str):
"""Test events."""
admin.realm_name = realm admin.realm_name = realm
events = admin.get_events() events = admin.get_events()
@ -1706,6 +1734,7 @@ def test_events(admin: KeycloakAdmin, realm: str):
def test_auto_refresh(admin: KeycloakAdmin, realm: str): def test_auto_refresh(admin: KeycloakAdmin, realm: str):
"""Test auto refresh token."""
# Test get refresh # Test get refresh
admin.auto_refresh_token = list() admin.auto_refresh_token = list()
admin.connection = ConnectionManager( admin.connection = ConnectionManager(
@ -1731,7 +1760,7 @@ def test_auto_refresh(admin: KeycloakAdmin, realm: str):
verify=admin.verify, verify=admin.verify,
) )
admin.token["refresh_token"] = "bad" admin.token["refresh_token"] = "bad"
with pytest.raises(KeycloakGetError) as err:
with pytest.raises(KeycloakPostError) as err:
admin.get_realm(realm_name="test-refresh") admin.get_realm(realm_name="test-refresh")
assert err.match( assert err.match(
'400: b\'{"error":"invalid_grant","error_description":"Invalid refresh token"}\'' '400: b\'{"error":"invalid_grant","error_description":"Invalid refresh token"}\''

393
tests/test_keycloak_openid.py

@ -0,0 +1,393 @@
"""Test module for KeycloakOpenID."""
from typing import Tuple
from unittest import mock
import pytest
from keycloak.authorization import Authorization
from keycloak.authorization.permission import Permission
from keycloak.authorization.policy import Policy
from keycloak.authorization.role import Role
from keycloak.connection import ConnectionManager
from keycloak.exceptions import (
KeycloakAuthenticationError,
KeycloakAuthorizationConfigError,
KeycloakDeprecationError,
KeycloakInvalidTokenError,
KeycloakPostError,
KeycloakRPTNotFound,
)
from keycloak.keycloak_admin import KeycloakAdmin
from keycloak.keycloak_openid import KeycloakOpenID
def test_keycloak_openid_init(env):
"""Test KeycloakOpenId's init method."""
oid = KeycloakOpenID(
server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
realm_name="master",
client_id="admin-cli",
)
assert oid.client_id == "admin-cli"
assert oid.client_secret_key is None
assert oid.realm_name == "master"
assert isinstance(oid.connection, ConnectionManager)
assert isinstance(oid.authorization, Authorization)
def test_well_known(oid: KeycloakOpenID):
"""Test the well_known method."""
res = oid.well_known()
assert res is not None
assert res != dict()
for key in [
"acr_values_supported",
"authorization_encryption_alg_values_supported",
"authorization_encryption_enc_values_supported",
"authorization_endpoint",
"authorization_signing_alg_values_supported",
"backchannel_authentication_endpoint",
"backchannel_authentication_request_signing_alg_values_supported",
"backchannel_logout_session_supported",
"backchannel_logout_supported",
"backchannel_token_delivery_modes_supported",
"check_session_iframe",
"claim_types_supported",
"claims_parameter_supported",
"claims_supported",
"code_challenge_methods_supported",
"device_authorization_endpoint",
"end_session_endpoint",
"frontchannel_logout_session_supported",
"frontchannel_logout_supported",
"grant_types_supported",
"id_token_encryption_alg_values_supported",
"id_token_encryption_enc_values_supported",
"id_token_signing_alg_values_supported",
"introspection_endpoint",
"introspection_endpoint_auth_methods_supported",
"introspection_endpoint_auth_signing_alg_values_supported",
"issuer",
"jwks_uri",
"mtls_endpoint_aliases",
"pushed_authorization_request_endpoint",
"registration_endpoint",
"request_object_encryption_alg_values_supported",
"request_object_encryption_enc_values_supported",
"request_object_signing_alg_values_supported",
"request_parameter_supported",
"request_uri_parameter_supported",
"require_pushed_authorization_requests",
"require_request_uri_registration",
"response_modes_supported",
"response_types_supported",
"revocation_endpoint",
"revocation_endpoint_auth_methods_supported",
"revocation_endpoint_auth_signing_alg_values_supported",
"scopes_supported",
"subject_types_supported",
"tls_client_certificate_bound_access_tokens",
"token_endpoint",
"token_endpoint_auth_methods_supported",
"token_endpoint_auth_signing_alg_values_supported",
"userinfo_encryption_alg_values_supported",
"userinfo_encryption_enc_values_supported",
"userinfo_endpoint",
"userinfo_signing_alg_values_supported",
]:
assert key in res
def test_auth_url(env, oid: KeycloakOpenID):
"""Test the auth_url method."""
res = oid.auth_url(redirect_uri="http://test.test/*")
assert (
res
== f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}/realms/{oid.realm_name}"
+ f"/protocol/openid-connect/auth?client_id={oid.client_id}&response_type=code"
+ "&redirect_uri=http://test.test/*&scope=email&state= "
)
def test_token(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
"""Test the token method."""
oid, username, password = oid_with_credentials
token = oid.token(username=username, password=password)
assert token == {
"access_token": mock.ANY,
"expires_in": 300,
"not-before-policy": 0,
"refresh_expires_in": 1800,
"refresh_token": mock.ANY,
"scope": mock.ANY,
"session_state": mock.ANY,
"token_type": "Bearer",
}
# Test with dummy totp
token = oid.token(username=username, password=password, totp="123456")
assert token == {
"access_token": mock.ANY,
"expires_in": 300,
"not-before-policy": 0,
"refresh_expires_in": 1800,
"refresh_token": mock.ANY,
"scope": mock.ANY,
"session_state": mock.ANY,
"token_type": "Bearer",
}
# Test with extra param
token = oid.token(username=username, password=password, extra_param="foo")
assert token == {
"access_token": mock.ANY,
"expires_in": 300,
"not-before-policy": 0,
"refresh_expires_in": 1800,
"refresh_token": mock.ANY,
"scope": mock.ANY,
"session_state": mock.ANY,
"token_type": "Bearer",
}
def test_exchange_token(
oid_with_credentials: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
):
"""Test the exchange token method."""
# Verify existing user
oid, username, password = oid_with_credentials
# Allow impersonation
admin.realm_name = oid.realm_name
admin.assign_client_role(
user_id=admin.get_user_id(username=username),
client_id=admin.get_client_id(client_name="realm-management"),
roles=[
admin.get_client_role(
client_id=admin.get_client_id(client_name="realm-management"),
role_name="impersonation",
)
],
)
token = oid.token(username=username, password=password)
assert oid.userinfo(token=token["access_token"]) == {
"email": f"{username}@test.test",
"email_verified": False,
"preferred_username": username,
"sub": mock.ANY,
}
# Exchange token with the new user
new_token = oid.exchange_token(
token=token["access_token"],
client_id=oid.client_id,
audience=oid.client_id,
subject=username,
)
assert oid.userinfo(token=new_token["access_token"]) == {
"email": f"{username}@test.test",
"email_verified": False,
"preferred_username": username,
"sub": mock.ANY,
}
assert token != new_token
def test_logout(oid_with_credentials):
"""Test logout."""
oid, username, password = oid_with_credentials
token = oid.token(username=username, password=password)
assert oid.userinfo(token=token["access_token"]) != dict()
assert oid.logout(refresh_token=token["refresh_token"]) == dict()
with pytest.raises(KeycloakAuthenticationError):
oid.userinfo(token=token["access_token"])
def test_certs(oid: KeycloakOpenID):
"""Test certificates."""
assert len(oid.certs()["keys"]) == 2
def test_public_key(oid: KeycloakOpenID):
"""Test public key."""
assert oid.public_key() is not None
def test_entitlement(
oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
):
"""Test entitlement."""
oid, username, password = oid_with_credentials_authz
token = oid.token(username=username, password=password)
resource_server_id = admin.get_client_authz_resources(
client_id=admin.get_client_id(oid.client_id)
)[0]["_id"]
with pytest.raises(KeycloakDeprecationError):
oid.entitlement(token=token["access_token"], resource_server_id=resource_server_id)
def test_introspect(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
"""Test introspect."""
oid, username, password = oid_with_credentials
token = oid.token(username=username, password=password)
assert oid.introspect(token=token["access_token"])["active"]
assert oid.introspect(
token=token["access_token"], rpt="some", token_type_hint="requesting_party_token"
) == {"active": False}
with pytest.raises(KeycloakRPTNotFound):
oid.introspect(token=token["access_token"], token_type_hint="requesting_party_token")
def test_decode_token(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
"""Test decode token."""
oid, username, password = oid_with_credentials
token = oid.token(username=username, password=password)
assert (
oid.decode_token(
token=token["access_token"],
key="-----BEGIN PUBLIC KEY-----\n" + oid.public_key() + "\n-----END PUBLIC KEY-----",
options={"verify_aud": False},
)["preferred_username"]
== username
)
def test_load_authorization_config(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
"""Test load authorization config."""
oid, username, password = oid_with_credentials_authz
oid.load_authorization_config(path="tests/data/authz_settings.json")
assert "test-authz-rb-policy" in oid.authorization.policies
assert isinstance(oid.authorization.policies["test-authz-rb-policy"], Policy)
assert len(oid.authorization.policies["test-authz-rb-policy"].roles) == 1
assert isinstance(oid.authorization.policies["test-authz-rb-policy"].roles[0], Role)
assert len(oid.authorization.policies["test-authz-rb-policy"].permissions) == 2
assert isinstance(
oid.authorization.policies["test-authz-rb-policy"].permissions[0], Permission
)
def test_get_policies(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
"""Test get policies."""
oid, username, password = oid_with_credentials_authz
token = oid.token(username=username, password=password)
with pytest.raises(KeycloakAuthorizationConfigError):
oid.get_policies(token=token["access_token"])
oid.load_authorization_config(path="tests/data/authz_settings.json")
assert oid.get_policies(token=token["access_token"]) is None
key = "-----BEGIN PUBLIC KEY-----\n" + oid.public_key() + "\n-----END PUBLIC KEY-----"
orig_client_id = oid.client_id
oid.client_id = "account"
assert oid.get_policies(token=token["access_token"], method_token_info="decode", key=key) == []
policy = Policy(name="test", type="role", logic="POSITIVE", decision_strategy="UNANIMOUS")
policy.add_role(role="account/view-profile")
oid.authorization.policies["test"] = policy
assert [
str(x)
for x in oid.get_policies(token=token["access_token"], method_token_info="decode", key=key)
] == ["Policy: test (role)"]
assert [
repr(x)
for x in oid.get_policies(token=token["access_token"], method_token_info="decode", key=key)
] == ["<Policy: test (role)>"]
oid.client_id = orig_client_id
oid.logout(refresh_token=token["refresh_token"])
with pytest.raises(KeycloakInvalidTokenError):
oid.get_policies(token=token["access_token"])
def test_get_permissions(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
"""Test get policies."""
oid, username, password = oid_with_credentials_authz
token = oid.token(username=username, password=password)
with pytest.raises(KeycloakAuthorizationConfigError):
oid.get_permissions(token=token["access_token"])
oid.load_authorization_config(path="tests/data/authz_settings.json")
assert oid.get_permissions(token=token["access_token"]) is None
key = "-----BEGIN PUBLIC KEY-----\n" + oid.public_key() + "\n-----END PUBLIC KEY-----"
orig_client_id = oid.client_id
oid.client_id = "account"
assert (
oid.get_permissions(token=token["access_token"], method_token_info="decode", key=key) == []
)
policy = Policy(name="test", type="role", logic="POSITIVE", decision_strategy="UNANIMOUS")
policy.add_role(role="account/view-profile")
policy.add_permission(
permission=Permission(
name="test-perm", type="resource", logic="POSITIVE", decision_strategy="UNANIMOUS"
)
)
oid.authorization.policies["test"] = policy
assert [
str(x)
for x in oid.get_permissions(
token=token["access_token"], method_token_info="decode", key=key
)
] == ["Permission: test-perm (resource)"]
assert [
repr(x)
for x in oid.get_permissions(
token=token["access_token"], method_token_info="decode", key=key
)
] == ["<Permission: test-perm (resource)>"]
oid.client_id = orig_client_id
oid.logout(refresh_token=token["refresh_token"])
with pytest.raises(KeycloakInvalidTokenError):
oid.get_permissions(token=token["access_token"])
def test_uma_permissions(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
"""Test UMA permissions."""
oid, username, password = oid_with_credentials_authz
token = oid.token(username=username, password=password)
assert len(oid.uma_permissions(token=token["access_token"])) == 1
assert oid.uma_permissions(token=token["access_token"])[0]["rsname"] == "Default Resource"
def test_has_uma_access(
oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
):
"""Test has UMA access."""
oid, username, password = oid_with_credentials_authz
token = oid.token(username=username, password=password)
assert (
str(oid.has_uma_access(token=token["access_token"], permissions=""))
== "AuthStatus(is_authorized=True, is_logged_in=True, missing_permissions=set())"
)
assert (
str(oid.has_uma_access(token=token["access_token"], permissions="Default Resource"))
== "AuthStatus(is_authorized=True, is_logged_in=True, missing_permissions=set())"
)
with pytest.raises(KeycloakPostError):
oid.has_uma_access(token=token["access_token"], permissions="Does not exist")
oid.logout(refresh_token=token["refresh_token"])
assert (
str(oid.has_uma_access(token=token["access_token"], permissions=""))
== "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions=set())"
)
assert (
str(oid.has_uma_access(token=admin.token["access_token"], permissions="Default Resource"))
== "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions="
+ "{'Default Resource'})"
)

14
tests/test_license.py

@ -0,0 +1,14 @@
"""Tests for license."""
import os
def test_license_present():
"""Test that the MIT license is present in the header of each module file."""
for path, _, files in os.walk("src/keycloak"):
for _file in files:
if _file.endswith(".py"):
with open(os.path.join(path, _file), "r") as fp:
content = fp.read()
assert content.startswith(
"# -*- coding: utf-8 -*-\n#\n# The MIT License (MIT)\n#\n#"
)

28
tests/test_uma_permissions.py

@ -14,6 +14,9 @@
# #
# You should have received a copy of the GNU Lesser General Public License # You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
"""Test uma permissions."""
import re import re
import pytest import pytest
@ -23,30 +26,35 @@ from keycloak.uma_permissions import Resource, Scope, build_permission_param
def test_resource_with_scope_obj(): def test_resource_with_scope_obj():
"""Test resource with scope."""
r = Resource("Resource1") r = Resource("Resource1")
s = Scope("Scope1") s = Scope("Scope1")
assert r(s) == "Resource1#Scope1" assert r(s) == "Resource1#Scope1"
def test_scope_with_resource_obj(): def test_scope_with_resource_obj():
"""Test scope with resource."""
r = Resource("Resource1") r = Resource("Resource1")
s = Scope("Scope1") s = Scope("Scope1")
assert s(r) == "Resource1#Scope1" assert s(r) == "Resource1#Scope1"
def test_resource_scope_str(): def test_resource_scope_str():
"""Test resource scope as string."""
r = Resource("Resource1") r = Resource("Resource1")
s = "Scope1" s = "Scope1"
assert r(scope=s) == "Resource1#Scope1" assert r(scope=s) == "Resource1#Scope1"
def test_scope_resource_str(): def test_scope_resource_str():
"""Test scope resource as string."""
r = "Resource1" r = "Resource1"
s = Scope("Scope1") s = Scope("Scope1")
assert s(resource=r) == "Resource1#Scope1" assert s(resource=r) == "Resource1#Scope1"
def test_resource_scope_list(): def test_resource_scope_list():
"""Test resource scope as list."""
r = Resource("Resource1") r = Resource("Resource1")
s = ["Scope1"] s = ["Scope1"]
with pytest.raises(PermissionDefinitionError) as err: with pytest.raises(PermissionDefinitionError) as err:
@ -55,94 +63,114 @@ def test_resource_scope_list():
def test_build_permission_none(): def test_build_permission_none():
"""Test build permission param with None."""
assert build_permission_param(None) == set() assert build_permission_param(None) == set()
def test_build_permission_empty_str(): def test_build_permission_empty_str():
"""Test build permission param with an empty string."""
assert build_permission_param("") == set() assert build_permission_param("") == set()
def test_build_permission_empty_list(): def test_build_permission_empty_list():
"""Test build permission param with an empty list."""
assert build_permission_param([]) == set() assert build_permission_param([]) == set()
def test_build_permission_empty_tuple(): def test_build_permission_empty_tuple():
"""Test build permission param with an empty tuple."""
assert build_permission_param(()) == set() assert build_permission_param(()) == set()
def test_build_permission_empty_set(): def test_build_permission_empty_set():
"""Test build permission param with an empty set."""
assert build_permission_param(set()) == set() assert build_permission_param(set()) == set()
def test_build_permission_empty_dict(): def test_build_permission_empty_dict():
"""Test build permission param with an empty dict."""
assert build_permission_param({}) == set() assert build_permission_param({}) == set()
def test_build_permission_str(): def test_build_permission_str():
"""Test build permission param as string."""
assert build_permission_param("resource1") == {"resource1"} assert build_permission_param("resource1") == {"resource1"}
def test_build_permission_list_str(): def test_build_permission_list_str():
"""Test build permission param with list of strings."""
assert build_permission_param(["res1#scope1", "res1#scope2"]) == {"res1#scope1", "res1#scope2"} assert build_permission_param(["res1#scope1", "res1#scope2"]) == {"res1#scope1", "res1#scope2"}
def test_build_permission_tuple_str(): def test_build_permission_tuple_str():
"""Test build permission param with tuple of strings."""
assert build_permission_param(("res1#scope1", "res1#scope2")) == {"res1#scope1", "res1#scope2"} assert build_permission_param(("res1#scope1", "res1#scope2")) == {"res1#scope1", "res1#scope2"}
def test_build_permission_set_str(): def test_build_permission_set_str():
"""Test build permission param with set of strings."""
assert build_permission_param({"res1#scope1", "res1#scope2"}) == {"res1#scope1", "res1#scope2"} assert build_permission_param({"res1#scope1", "res1#scope2"}) == {"res1#scope1", "res1#scope2"}
def test_build_permission_tuple_dict_str_str(): def test_build_permission_tuple_dict_str_str():
"""Test build permission param with dictionary."""
assert build_permission_param({"res1": "scope1"}) == {"res1#scope1"} assert build_permission_param({"res1": "scope1"}) == {"res1#scope1"}
def test_build_permission_tuple_dict_str_list_str(): def test_build_permission_tuple_dict_str_list_str():
"""Test build permission param with dictionary of list."""
assert build_permission_param({"res1": ["scope1", "scope2"]}) == {"res1#scope1", "res1#scope2"} assert build_permission_param({"res1": ["scope1", "scope2"]}) == {"res1#scope1", "res1#scope2"}
def test_build_permission_tuple_dict_str_list_str2(): def test_build_permission_tuple_dict_str_list_str2():
"""Test build permission param with mutliple-keyed dictionary."""
assert build_permission_param( assert build_permission_param(
{"res1": ["scope1", "scope2"], "res2": ["scope2", "scope3"]} {"res1": ["scope1", "scope2"], "res2": ["scope2", "scope3"]}
) == {"res1#scope1", "res1#scope2", "res2#scope2", "res2#scope3"} ) == {"res1#scope1", "res1#scope2", "res2#scope2", "res2#scope3"}
def test_build_permission_uma(): def test_build_permission_uma():
"""Test build permission param with UMA."""
assert build_permission_param(Resource("res1")(Scope("scope1"))) == {"res1#scope1"} assert build_permission_param(Resource("res1")(Scope("scope1"))) == {"res1#scope1"}
def test_build_permission_uma_list(): def test_build_permission_uma_list():
"""Test build permission param with list of UMAs."""
assert build_permission_param( assert build_permission_param(
[Resource("res1")(Scope("scope1")), Resource("res1")(Scope("scope2"))] [Resource("res1")(Scope("scope1")), Resource("res1")(Scope("scope2"))]
) == {"res1#scope1", "res1#scope2"} ) == {"res1#scope1", "res1#scope2"}
def test_build_permission_misbuilt_dict_str_list_list_str(): def test_build_permission_misbuilt_dict_str_list_list_str():
"""Test bad build of permission param from dictionary."""
with pytest.raises(KeycloakPermissionFormatError) as err: with pytest.raises(KeycloakPermissionFormatError) as err:
build_permission_param({"res1": [["scope1", "scope2"]]}) build_permission_param({"res1": [["scope1", "scope2"]]})
assert err.match(re.escape("misbuilt permission {'res1': [['scope1', 'scope2']]}")) assert err.match(re.escape("misbuilt permission {'res1': [['scope1', 'scope2']]}"))
def test_build_permission_misbuilt_list_list_str(): def test_build_permission_misbuilt_list_list_str():
"""Test bad build of permission param from list."""
with pytest.raises(KeycloakPermissionFormatError) as err: with pytest.raises(KeycloakPermissionFormatError) as err:
print(build_permission_param([["scope1", "scope2"]])) print(build_permission_param([["scope1", "scope2"]]))
assert err.match(re.escape("misbuilt permission [['scope1', 'scope2']]")) assert err.match(re.escape("misbuilt permission [['scope1', 'scope2']]"))
def test_build_permission_misbuilt_list_set_str(): def test_build_permission_misbuilt_list_set_str():
"""Test bad build of permission param from set."""
with pytest.raises(KeycloakPermissionFormatError) as err: with pytest.raises(KeycloakPermissionFormatError) as err:
build_permission_param([{"scope1", "scope2"}]) build_permission_param([{"scope1", "scope2"}])
assert err.match("misbuilt permission.*") assert err.match("misbuilt permission.*")
def test_build_permission_misbuilt_set_set_str(): def test_build_permission_misbuilt_set_set_str():
"""Test bad build of permission param from list of set."""
with pytest.raises(KeycloakPermissionFormatError) as err: with pytest.raises(KeycloakPermissionFormatError) as err:
build_permission_param([{"scope1"}]) build_permission_param([{"scope1"}])
assert err.match(re.escape("misbuilt permission [{'scope1'}]")) assert err.match(re.escape("misbuilt permission [{'scope1'}]"))
def test_build_permission_misbuilt_dict_non_iterable(): def test_build_permission_misbuilt_dict_non_iterable():
"""Test bad build of permission param from non-iterable."""
with pytest.raises(KeycloakPermissionFormatError) as err: with pytest.raises(KeycloakPermissionFormatError) as err:
build_permission_param({"res1": 5}) build_permission_param({"res1": 5})
assert err.match(re.escape("misbuilt permission {'res1': 5}")) assert err.match(re.escape("misbuilt permission {'res1': 5}"))

3
tests/test_urls_patterns.py

@ -1,9 +1,10 @@
"""Test URL patterns."""
from keycloak import urls_patterns from keycloak import urls_patterns
def test_correctness_of_patterns(): def test_correctness_of_patterns():
"""Test that there are no duplicate url patterns.""" """Test that there are no duplicate url patterns."""
# Test that the patterns are present # Test that the patterns are present
urls = [x for x in dir(urls_patterns) if not x.startswith("__")] urls = [x for x in dir(urls_patterns) if not x.startswith("__")]
assert len(urls) >= 0 assert len(urls) >= 0

16
tox.ini

@ -1,13 +1,10 @@
[tox] [tox]
isolated_build = true
requires =
tox-poetry
poetry
envlist = check, apply-check, docs, tests, build envlist = check, apply-check, docs, tests, build
[testenv] [testenv]
install_command = pip install {opts} {packages}
deps =
poetry>=1.1.13
commands_pre =
bash -c "python -m pip install -r <(poetry export --dev --extras=docs --without-hashes --no-interaction)"
whitelist_externals = whitelist_externals =
bash bash
@ -24,16 +21,19 @@ commands =
isort src/keycloak tests docs isort src/keycloak tests docs
[testenv:docs] [testenv:docs]
extras = docs
commands = commands =
sphinx-build -T -E -W -b html -d _build/doctrees -D language=en ./docs/source _build/html sphinx-build -T -E -W -b html -d _build/doctrees -D language=en ./docs/source _build/html
[testenv:tests] [testenv:tests]
setenv = file|tox.env setenv = file|tox.env
passenv = CONTAINER_HOST
commands = commands =
./test_keycloak_init.sh "pytest -vv --cov=keycloak --cov-report term-missing {posargs}" ./test_keycloak_init.sh "pytest -vv --cov=keycloak --cov-report term-missing {posargs}"
[testenv:build] [testenv:build]
commands_pre =
deps =
poetry
setenv = setenv =
POETRY_VIRTUALENVS_CREATE = false POETRY_VIRTUALENVS_CREATE = false
commands = commands =
@ -42,3 +42,5 @@ commands =
[flake8] [flake8]
max-line-length = 99 max-line-length = 99
docstring-convention = all
ignore = D203, D213, W503
Loading…
Cancel
Save