From e013b1864881a4f84538e15728b5a3d966a781d0 Mon Sep 17 00:00:00 2001 From: Elias Hamacher Date: Wed, 12 Apr 2023 11:05:12 +0200 Subject: [PATCH 1/4] added create_client_authz_group_based_policy, create_client_authz_scope_based_permission and their corresponding urls --- src/keycloak/keycloak_admin.py | 79 ++++++++++++++++++++++++++++++++++ src/keycloak/urls_patterns.py | 2 + 2 files changed, 81 insertions(+) diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py index 6fa7f12..3986581 100644 --- a/src/keycloak/keycloak_admin.py +++ b/src/keycloak/keycloak_admin.py @@ -1576,6 +1576,85 @@ class KeycloakAdmin: data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists ) + def create_client_authz_group_based_policy(self, client_id, payload, skip_exists=False): + """Create group-based policy of client. + + Payload example:: + + payload={ + "type": "group", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "name": "Policy-1", + "groups": [ + { + "id": id + } + ] + } + + :param client_id: id in ClientRepresentation + https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation + :type client_id: str + :param payload: No Document + :type payload: dict + :param skip_exists: Skip creation in case the object exists + :type skip_exists: bool + :return: Keycloak server response + :rtype: bytes + + """ + params_path = {"realm-name": self.realm_name, "id": client_id} + + data_raw = self.connection.raw_post( + urls_patterns.URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY.format(**params_path), + data=json.dumps(payload), + ) + return raise_error_from_response( + data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists + ) + + def create_client_authz_scope_based_permission(self, client_id, payload, skip_exists=False): + """Create scope-based permission of client. + + Payload example:: + + payload={ + "type": "resource", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "name": "Permission-Name", + "scopes": [ + scope_id + ], + "policies": [ + policy_id + ] + + :param client_id: id in ClientRepresentation + https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation + :type client_id: str + :param payload: PolicyRepresentation + https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_policyrepresentation + :type payload: dict + :param skip_exists: Skip creation in case the object already exists + :type skip_exists: bool + :return: Keycloak server response + :rtype: bytes + + """ + params_path = {"realm-name": self.realm_name, "id": client_id} + + data_raw = self.connection.raw_post( + urls_patterns.URL_ADMIN_CLIENT_AUTHZ_SCOPE_BASED_PERMISSION.format(**params_path), + data=json.dumps(payload), + ) + return raise_error_from_response( + data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists + ) + + + def create_client_authz_resource_based_permission(self, client_id, payload, skip_exists=False): """Create resource-based permission of client. diff --git a/src/keycloak/urls_patterns.py b/src/keycloak/urls_patterns.py index e5c54ab..1a3ad44 100644 --- a/src/keycloak/urls_patterns.py +++ b/src/keycloak/urls_patterns.py @@ -117,6 +117,8 @@ URL_ADMIN_CLIENT_AUTHZ_SCOPES = URL_ADMIN_CLIENT_AUTHZ + "/scope?max=-1" URL_ADMIN_CLIENT_AUTHZ_PERMISSIONS = URL_ADMIN_CLIENT_AUTHZ + "/permission?max=-1" URL_ADMIN_CLIENT_AUTHZ_POLICIES = URL_ADMIN_CLIENT_AUTHZ + "/policy?max=-1&permission=false" URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/role?max=-1" +URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/group?max=-1" +URL_ADMIN_CLIENT_AUTHZ_SCOPE_BASED_PERMISSION = URL_ADMIN_CLIENT_AUTHZ + "/permission/scope?max=-1" URL_ADMIN_CLIENT_AUTHZ_RESOURCE_BASED_PERMISSION = ( URL_ADMIN_CLIENT_AUTHZ + "/permission/resource?max=-1" ) From 6ef75fef8d0ee58d8e0c969efe6ffffaa1c6326b Mon Sep 17 00:00:00 2001 From: Elias Hamacher Date: Thu, 13 Apr 2023 15:40:25 +0200 Subject: [PATCH 2/4] added update_client_authz_role_based_policy, update_client_authz_group_based_policy and their corresponding urls --- src/keycloak/keycloak_admin.py | 78 ++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py index 3986581..055e6d2 100644 --- a/src/keycloak/keycloak_admin.py +++ b/src/keycloak/keycloak_admin.py @@ -1614,6 +1614,84 @@ class KeycloakAdmin: data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists ) + def update_client_authz_role_based_policy(self, client_id, policy_id, payload): + """Update role-based policy of client. + + Payload example:: + + payload={ + "id": "policy_id" + "type": "role", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "name": "Policy-1", + "roles": [ + { + "id": id + } + ] + } + + :param client_id: id in ClientRepresentation + https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation + :type client_id: str + :param payload: No Document + :type payload: dict + :param skip_exists: Skip creation in case the object exists + :type skip_exists: bool + :return: Keycloak server response + :rtype: bytes + + """ + params_path = {"realm-name": self.connection.realm_name, "id": client_id,"policy_id": policy_id} + + data_raw = self.connection.raw_put( + urls_patterns.URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY_UPDATE.format(**params_path), + data=json.dumps(payload), + ) + return raise_error_from_response( + data_raw, KeycloakPostError, expected_codes=[201], + ) + + def update_client_authz_group_based_policy(self, client_id,policy_id, payload): + """Update group-based policy of client. + + Payload example:: + + payload={ + "id": "policy_id" + "type": "group", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "name": "Policy-1", + "groups": [ + { + "id": id + } + ] + } + + :param client_id: id in ClientRepresentation + https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation + :type client_id: str + :param payload: No Document + :type payload: dict + :param skip_exists: Skip creation in case the object exists + :type skip_exists: bool + :return: Keycloak server response + :rtype: bytes + + """ + params_path = {"realm-name": self.realm_name, "id": client_id, "policy_id": policy_id} + + data_raw = self.connection.raw_put( + urls_patterns.URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY_UPDATE.format(**params_path), + data=json.dumps(payload), + ) + return raise_error_from_response( + data_raw, KeycloakPostError, expected_codes=[201] + ) + def create_client_authz_scope_based_permission(self, client_id, payload, skip_exists=False): """Create scope-based permission of client. From 2eae560074d0a5af2a6038f37bb9bdcd5e532d54 Mon Sep 17 00:00:00 2001 From: Elias Hamacher Date: Thu, 13 Apr 2023 17:56:42 +0200 Subject: [PATCH 3/4] forgot to push urls --- src/keycloak/urls_patterns.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/keycloak/urls_patterns.py b/src/keycloak/urls_patterns.py index 1a3ad44..ef9facf 100644 --- a/src/keycloak/urls_patterns.py +++ b/src/keycloak/urls_patterns.py @@ -117,7 +117,9 @@ URL_ADMIN_CLIENT_AUTHZ_SCOPES = URL_ADMIN_CLIENT_AUTHZ + "/scope?max=-1" URL_ADMIN_CLIENT_AUTHZ_PERMISSIONS = URL_ADMIN_CLIENT_AUTHZ + "/permission?max=-1" URL_ADMIN_CLIENT_AUTHZ_POLICIES = URL_ADMIN_CLIENT_AUTHZ + "/policy?max=-1&permission=false" URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/role?max=-1" +URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY_UPDATE = URL_ADMIN_CLIENT_AUTHZ + "/policy/role/{policy_id}" URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/group?max=-1" +URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY_UPDATE = URL_ADMIN_CLIENT_AUTHZ + "/policy/group/{policy_id}" URL_ADMIN_CLIENT_AUTHZ_SCOPE_BASED_PERMISSION = URL_ADMIN_CLIENT_AUTHZ + "/permission/scope?max=-1" URL_ADMIN_CLIENT_AUTHZ_RESOURCE_BASED_PERMISSION = ( URL_ADMIN_CLIENT_AUTHZ + "/permission/resource?max=-1" From cde8b14d4f5f4b40b51a6bfdf6505555f4533bbe Mon Sep 17 00:00:00 2001 From: Elias Hamacher Date: Mon, 24 Apr 2023 16:19:43 +0200 Subject: [PATCH 4/4] added update_resource_server --- src/keycloak/keycloak_admin.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py index 055e6d2..9091ec0 100644 --- a/src/keycloak/keycloak_admin.py +++ b/src/keycloak/keycloak_admin.py @@ -2095,6 +2095,24 @@ class KeycloakAdmin: ) return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[204]) + def update_resource_server(self, client_id, payload): + """Update a client. + + :param client_id: Client id + :type client_id: str + :param payload: payload + :type payload: dict + + :return: Http response + :rtype: bytes + """ + params_path = {"realm-name": self.connection.realm_name, "id": client_id} + data_raw = self.connection.raw_put( + urls_patterns.URL_ADMIN_CLIENT_AUTHZ.format(**params_path), data=json.dumps(payload) + ) + return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[204]) + + def delete_client(self, client_id): """Get representation of the client.