chore: implement get_realm_role_groups method (#464)

6 months ago · 2281cc1ada
3 changed files with 37 additions and 0 deletions
--- a/src/keycloak/keycloak_admin.py
+++ b/src/keycloak/keycloak_admin.py
@ -2194,6 +2194,34 @@ class KeycloakAdmin:
        data_raw = self.connection.raw_get(url.format(**params_path), **params)
        return raise_error_from_response(data_raw, KeycloakGetError)

+    def get_realm_role_groups(self, role_name, query=None, brief_representation=True):
+        """Get role groups of realm by role name.
+
+        :param role_name: Name of the role.
+        :type role_name: str
+        :param query: Additional Query parameters
+            (see https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_parameters_226)
+        :type query: dict
+        :param brief_representation: whether to omit role attributes in the response
+        :type brief_representation: bool
+        :return: Keycloak Server Response (GroupRepresentation)
+        :rtype: list
+        """
+        query = query or {}
+
+        params = {"briefRepresentation": brief_representation}
+
+        query.update(params)
+
+        params_path = {"realm-name": self.connection.realm_name, "role-name": role_name}
+
+        url = urls_patterns.URL_ADMIN_REALM_ROLES_GROUPS.format(**params_path)
+
+        if "first" in query or "max" in query:
+            return self.__fetch_paginated(url, query)
+
+        return self.__fetch_all(url, query)
+
    def get_realm_role_members(self, role_name, query=None):
        """Get role members of realm by role name.

--- a/src/keycloak/urls_patterns.py
+++ b/src/keycloak/urls_patterns.py
@ -143,6 +143,7 @@ URL_ADMIN_CLIENT_SCOPES_MAPPERS = URL_ADMIN_CLIENT_SCOPES_ADD_MAPPER + "/{protoc
 URL_ADMIN_REALM_ROLES = "admin/realms/{realm-name}/roles"
 URL_ADMIN_REALM_ROLES_SEARCH = URL_ADMIN_REALM_ROLES + "?search={search-text}"
 URL_ADMIN_REALM_ROLES_MEMBERS = URL_ADMIN_REALM_ROLES + "/{role-name}/users"
+URL_ADMIN_REALM_ROLES_GROUPS = URL_ADMIN_REALM_ROLES + "/{role-name}/groups"
 URL_ADMIN_REALMS = "admin/realms"
 URL_ADMIN_REALM = "admin/realms/{realm-name}"
 URL_ADMIN_IDPS = "admin/realms/{realm-name}/identity-provider/instances"
--- a/tests/test_keycloak_admin.py
+++ b/tests/test_keycloak_admin.py
@ -1259,6 +1259,14 @@ def test_realm_roles(admin: KeycloakAdmin, realm: str):
    res = admin.get_composite_realm_roles_of_role(role_name=composite_role)
    assert len(res) == 0

+    # Test realm role group list
+    res = admin.get_realm_role_groups(role_name="test-realm-role-update")
+    assert len(res) == 1
+    assert res[0]["id"] == group_id
+    with pytest.raises(KeycloakGetError) as err:
+        admin.get_realm_role_groups(role_name="non-existent-role")
+    assert err.match('404: b\'{"error":"Could not find role"}\'')
+
    # Test delete realm role
    res = admin.delete_realm_role(role_name=composite_role)
    assert res == dict(), res