Marcos Pereira
7 years ago
9 changed files with 368 additions and 32 deletions
-
1.gitignore
-
8.travis.yml
-
79keycloak/__init__.py
-
80keycloak/authorization/__init__.py
-
82keycloak/authorization/permission.py
-
84keycloak/authorization/policy.py
-
27keycloak/authorization/role.py
-
35keycloak/connection.py
-
4keycloak/exceptions.py
@ -1,8 +0,0 @@ |
|||
language: python |
|||
python: |
|||
- "3.6" |
|||
- "pypy" |
|||
install: |
|||
- pip3 install -r requirements.txt |
|||
script: |
|||
python3 -m unittest discover |
@ -0,0 +1,80 @@ |
|||
# -*- coding: utf-8 -*- |
|||
# |
|||
# Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com> |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Lesser General Public License as published by |
|||
# the Free Software Foundation, either version 3 of the License, or |
|||
# (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Lesser General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Lesser General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
|
|||
import ast |
|||
import json |
|||
|
|||
from keycloak.authorization.permission import Permission |
|||
from keycloak.authorization.policy import Policy |
|||
from keycloak.authorization.role import Role |
|||
|
|||
|
|||
class Authorization: |
|||
|
|||
def __init__(self): |
|||
self._policies = {} |
|||
|
|||
@property |
|||
def policies(self): |
|||
return self._policies |
|||
|
|||
@policies.setter |
|||
def policies(self, value): |
|||
self._policies = value |
|||
|
|||
def load_config(self, data): |
|||
""" |
|||
|
|||
:param data: |
|||
:return: |
|||
""" |
|||
for pol in data['policies']: |
|||
if pol['type'] == 'role': |
|||
policy = Policy(name=pol['name'], |
|||
type=pol['type'], |
|||
logic=pol['logic'], |
|||
decision_strategy=pol['decisionStrategy']) |
|||
|
|||
config_roles = json.loads(pol['config']['roles']) |
|||
for role in config_roles: |
|||
policy.add_role(Role(name=role['id'], |
|||
required=role['required'])) |
|||
|
|||
self.policies[policy.name] = policy |
|||
|
|||
if pol['type'] == 'scope': |
|||
permission = Permission(name=pol['name'], |
|||
type=pol['type'], |
|||
logic=pol['logic'], |
|||
decision_strategy=pol['decisionStrategy']) |
|||
|
|||
permission.scopes = ast.literal_eval(pol['config']['scopes']) |
|||
|
|||
for policy_name in ast.literal_eval(pol['config']['applyPolicies']): |
|||
self.policies[policy_name].add_permission(permission) |
|||
|
|||
if pol['type'] == 'resource': |
|||
permission = Permission(name=pol['name'], |
|||
type=pol['type'], |
|||
logic=pol['logic'], |
|||
decision_strategy=pol['decisionStrategy']) |
|||
|
|||
permission.resources = ast.literal_eval(pol['config']['resources']) |
|||
|
|||
for policy_name in ast.literal_eval(pol['config']['applyPolicies']): |
|||
self.policies[policy_name].add_permission(permission) |
|||
|
@ -0,0 +1,82 @@ |
|||
# -*- coding: utf-8 -*- |
|||
# |
|||
# Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com> |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Lesser General Public License as published by |
|||
# the Free Software Foundation, either version 3 of the License, or |
|||
# (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Lesser General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Lesser General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
|
|||
|
|||
class Permission: |
|||
|
|||
def __init__(self, name, type, logic, decision_strategy): |
|||
self._name = name |
|||
self._type = type |
|||
self._logic = logic |
|||
self._decision_strategy = decision_strategy |
|||
self._resources = [] |
|||
self._scopes = [] |
|||
|
|||
def __repr__(self): |
|||
return "<Permission: %s (%s)>" % (self.name, self.type) |
|||
|
|||
def __str__(self): |
|||
return "Permission: %s (%s)" % (self.name, self.type) |
|||
|
|||
@property |
|||
def name(self): |
|||
return self._name |
|||
|
|||
@name.setter |
|||
def name(self, value): |
|||
self._name = value |
|||
|
|||
@property |
|||
def type(self): |
|||
return self._type |
|||
|
|||
@type.setter |
|||
def type(self, value): |
|||
self._type = value |
|||
|
|||
@property |
|||
def logic(self): |
|||
return self._logic |
|||
|
|||
@logic.setter |
|||
def logic(self, value): |
|||
self._logic = value |
|||
|
|||
@property |
|||
def decision_strategy(self): |
|||
return self._decision_strategy |
|||
|
|||
@decision_strategy.setter |
|||
def decision_strategy(self, value): |
|||
self._decision_strategy = value |
|||
|
|||
@property |
|||
def resources(self): |
|||
return self._resources |
|||
|
|||
@resources.setter |
|||
def resources(self, value): |
|||
self._resources = value |
|||
|
|||
@property |
|||
def scopes(self): |
|||
return self._scopes |
|||
|
|||
@scopes.setter |
|||
def scopes(self, value): |
|||
self._scopes = value |
|||
|
@ -0,0 +1,84 @@ |
|||
# -*- coding: utf-8 -*- |
|||
# |
|||
# Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com> |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Lesser General Public License as published by |
|||
# the Free Software Foundation, either version 3 of the License, or |
|||
# (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Lesser General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Lesser General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
|
|||
from keycloak.exceptions import KeycloakAuthorizationConfigError |
|||
|
|||
|
|||
class Policy: |
|||
|
|||
def __init__(self, name, type, logic, decision_strategy): |
|||
self._name = name |
|||
self._type = type |
|||
self._logic = logic |
|||
self._decision_strategy = decision_strategy |
|||
self._roles = [] |
|||
self._permissions = [] |
|||
|
|||
def __repr__(self): |
|||
return "<Policy: %s (%s)>" % (self.name, self.type) |
|||
|
|||
def __str__(self): |
|||
return "Policy: %s (%s)" % (self.name, self.type) |
|||
|
|||
@property |
|||
def name(self): |
|||
return self._name |
|||
|
|||
@name.setter |
|||
def name(self, value): |
|||
self._name = value |
|||
|
|||
@property |
|||
def type(self): |
|||
return self._type |
|||
|
|||
@type.setter |
|||
def type(self, value): |
|||
self._type = value |
|||
|
|||
@property |
|||
def logic(self): |
|||
return self._logic |
|||
|
|||
@logic.setter |
|||
def logic(self, value): |
|||
self._logic = value |
|||
|
|||
@property |
|||
def decision_strategy(self): |
|||
return self._decision_strategy |
|||
|
|||
@decision_strategy.setter |
|||
def decision_strategy(self, value): |
|||
self._decision_strategy = value |
|||
|
|||
@property |
|||
def roles(self): |
|||
return self._roles |
|||
|
|||
@property |
|||
def permissions(self): |
|||
return self._permissions |
|||
|
|||
def add_role(self, role): |
|||
if self.type != 'role': |
|||
raise KeycloakAuthorizationConfigError( |
|||
"Can't add role. Policy type is different of role") |
|||
self._roles.append(role) |
|||
|
|||
def add_permission(self, permission): |
|||
self._permissions.append(permission) |
@ -0,0 +1,27 @@ |
|||
# -*- coding: utf-8 -*- |
|||
# |
|||
# Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com> |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Lesser General Public License as published by |
|||
# the Free Software Foundation, either version 3 of the License, or |
|||
# (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Lesser General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Lesser General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
|
|||
|
|||
class Role: |
|||
|
|||
def __init__(self, name, required=False): |
|||
self.name = name |
|||
self.required = required |
|||
|
|||
@property |
|||
def get_name(self): |
|||
return self.name |
Write
Preview
Loading…
Cancel
Save
Reference in new issue