Marcos Pereira
7 years ago
9 changed files with 368 additions and 32 deletions
-
1.gitignore
-
8.travis.yml
-
79keycloak/__init__.py
-
80keycloak/authorization/__init__.py
-
82keycloak/authorization/permission.py
-
84keycloak/authorization/policy.py
-
27keycloak/authorization/role.py
-
35keycloak/connection.py
-
4keycloak/exceptions.py
@ -1,8 +0,0 @@ |
|||||
language: python |
|
||||
python: |
|
||||
- "3.6" |
|
||||
- "pypy" |
|
||||
install: |
|
||||
- pip3 install -r requirements.txt |
|
||||
script: |
|
||||
python3 -m unittest discover |
|
@ -0,0 +1,80 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
# |
||||
|
# Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com> |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Lesser General Public License as published by |
||||
|
# the Free Software Foundation, either version 3 of the License, or |
||||
|
# (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Lesser General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Lesser General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
|
||||
|
import ast |
||||
|
import json |
||||
|
|
||||
|
from keycloak.authorization.permission import Permission |
||||
|
from keycloak.authorization.policy import Policy |
||||
|
from keycloak.authorization.role import Role |
||||
|
|
||||
|
|
||||
|
class Authorization: |
||||
|
|
||||
|
def __init__(self): |
||||
|
self._policies = {} |
||||
|
|
||||
|
@property |
||||
|
def policies(self): |
||||
|
return self._policies |
||||
|
|
||||
|
@policies.setter |
||||
|
def policies(self, value): |
||||
|
self._policies = value |
||||
|
|
||||
|
def load_config(self, data): |
||||
|
""" |
||||
|
|
||||
|
:param data: |
||||
|
:return: |
||||
|
""" |
||||
|
for pol in data['policies']: |
||||
|
if pol['type'] == 'role': |
||||
|
policy = Policy(name=pol['name'], |
||||
|
type=pol['type'], |
||||
|
logic=pol['logic'], |
||||
|
decision_strategy=pol['decisionStrategy']) |
||||
|
|
||||
|
config_roles = json.loads(pol['config']['roles']) |
||||
|
for role in config_roles: |
||||
|
policy.add_role(Role(name=role['id'], |
||||
|
required=role['required'])) |
||||
|
|
||||
|
self.policies[policy.name] = policy |
||||
|
|
||||
|
if pol['type'] == 'scope': |
||||
|
permission = Permission(name=pol['name'], |
||||
|
type=pol['type'], |
||||
|
logic=pol['logic'], |
||||
|
decision_strategy=pol['decisionStrategy']) |
||||
|
|
||||
|
permission.scopes = ast.literal_eval(pol['config']['scopes']) |
||||
|
|
||||
|
for policy_name in ast.literal_eval(pol['config']['applyPolicies']): |
||||
|
self.policies[policy_name].add_permission(permission) |
||||
|
|
||||
|
if pol['type'] == 'resource': |
||||
|
permission = Permission(name=pol['name'], |
||||
|
type=pol['type'], |
||||
|
logic=pol['logic'], |
||||
|
decision_strategy=pol['decisionStrategy']) |
||||
|
|
||||
|
permission.resources = ast.literal_eval(pol['config']['resources']) |
||||
|
|
||||
|
for policy_name in ast.literal_eval(pol['config']['applyPolicies']): |
||||
|
self.policies[policy_name].add_permission(permission) |
||||
|
|
@ -0,0 +1,82 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
# |
||||
|
# Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com> |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Lesser General Public License as published by |
||||
|
# the Free Software Foundation, either version 3 of the License, or |
||||
|
# (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Lesser General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Lesser General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
|
||||
|
|
||||
|
class Permission: |
||||
|
|
||||
|
def __init__(self, name, type, logic, decision_strategy): |
||||
|
self._name = name |
||||
|
self._type = type |
||||
|
self._logic = logic |
||||
|
self._decision_strategy = decision_strategy |
||||
|
self._resources = [] |
||||
|
self._scopes = [] |
||||
|
|
||||
|
def __repr__(self): |
||||
|
return "<Permission: %s (%s)>" % (self.name, self.type) |
||||
|
|
||||
|
def __str__(self): |
||||
|
return "Permission: %s (%s)" % (self.name, self.type) |
||||
|
|
||||
|
@property |
||||
|
def name(self): |
||||
|
return self._name |
||||
|
|
||||
|
@name.setter |
||||
|
def name(self, value): |
||||
|
self._name = value |
||||
|
|
||||
|
@property |
||||
|
def type(self): |
||||
|
return self._type |
||||
|
|
||||
|
@type.setter |
||||
|
def type(self, value): |
||||
|
self._type = value |
||||
|
|
||||
|
@property |
||||
|
def logic(self): |
||||
|
return self._logic |
||||
|
|
||||
|
@logic.setter |
||||
|
def logic(self, value): |
||||
|
self._logic = value |
||||
|
|
||||
|
@property |
||||
|
def decision_strategy(self): |
||||
|
return self._decision_strategy |
||||
|
|
||||
|
@decision_strategy.setter |
||||
|
def decision_strategy(self, value): |
||||
|
self._decision_strategy = value |
||||
|
|
||||
|
@property |
||||
|
def resources(self): |
||||
|
return self._resources |
||||
|
|
||||
|
@resources.setter |
||||
|
def resources(self, value): |
||||
|
self._resources = value |
||||
|
|
||||
|
@property |
||||
|
def scopes(self): |
||||
|
return self._scopes |
||||
|
|
||||
|
@scopes.setter |
||||
|
def scopes(self, value): |
||||
|
self._scopes = value |
||||
|
|
@ -0,0 +1,84 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
# |
||||
|
# Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com> |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Lesser General Public License as published by |
||||
|
# the Free Software Foundation, either version 3 of the License, or |
||||
|
# (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Lesser General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Lesser General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
|
||||
|
from keycloak.exceptions import KeycloakAuthorizationConfigError |
||||
|
|
||||
|
|
||||
|
class Policy: |
||||
|
|
||||
|
def __init__(self, name, type, logic, decision_strategy): |
||||
|
self._name = name |
||||
|
self._type = type |
||||
|
self._logic = logic |
||||
|
self._decision_strategy = decision_strategy |
||||
|
self._roles = [] |
||||
|
self._permissions = [] |
||||
|
|
||||
|
def __repr__(self): |
||||
|
return "<Policy: %s (%s)>" % (self.name, self.type) |
||||
|
|
||||
|
def __str__(self): |
||||
|
return "Policy: %s (%s)" % (self.name, self.type) |
||||
|
|
||||
|
@property |
||||
|
def name(self): |
||||
|
return self._name |
||||
|
|
||||
|
@name.setter |
||||
|
def name(self, value): |
||||
|
self._name = value |
||||
|
|
||||
|
@property |
||||
|
def type(self): |
||||
|
return self._type |
||||
|
|
||||
|
@type.setter |
||||
|
def type(self, value): |
||||
|
self._type = value |
||||
|
|
||||
|
@property |
||||
|
def logic(self): |
||||
|
return self._logic |
||||
|
|
||||
|
@logic.setter |
||||
|
def logic(self, value): |
||||
|
self._logic = value |
||||
|
|
||||
|
@property |
||||
|
def decision_strategy(self): |
||||
|
return self._decision_strategy |
||||
|
|
||||
|
@decision_strategy.setter |
||||
|
def decision_strategy(self, value): |
||||
|
self._decision_strategy = value |
||||
|
|
||||
|
@property |
||||
|
def roles(self): |
||||
|
return self._roles |
||||
|
|
||||
|
@property |
||||
|
def permissions(self): |
||||
|
return self._permissions |
||||
|
|
||||
|
def add_role(self, role): |
||||
|
if self.type != 'role': |
||||
|
raise KeycloakAuthorizationConfigError( |
||||
|
"Can't add role. Policy type is different of role") |
||||
|
self._roles.append(role) |
||||
|
|
||||
|
def add_permission(self, permission): |
||||
|
self._permissions.append(permission) |
@ -0,0 +1,27 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
# |
||||
|
# Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com> |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Lesser General Public License as published by |
||||
|
# the Free Software Foundation, either version 3 of the License, or |
||||
|
# (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Lesser General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Lesser General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
|
||||
|
|
||||
|
class Role: |
||||
|
|
||||
|
def __init__(self, name, required=False): |
||||
|
self.name = name |
||||
|
self.required = required |
||||
|
|
||||
|
@property |
||||
|
def get_name(self): |
||||
|
return self.name |
Write
Preview
Loading…
Cancel
Save
Reference in new issue