Browse Source

chore: Feat/create permission for scopes (#400)

* feat(api): add api url

* feat(api): add create permission function

* feat(api): add testcases for create permission function

* fix: linting

* fix: linting

* feat(api): add testcases for create permission function

* feat(api): add testcases for create permission function

* feat(api): apply formating

* feat(api): fix testing

* feat(api): fix testing

* feat(api): fix testing for create client_authz_scope_permission

* feat(api): add scope id for get client_authz_scope_permission

* fix create_client_authz_scope_permission test case

* fix: create_client_authz_scope_permission test case

* fix: add id in create client authz scope permissions

* fix: linting

* fix: test case of create client authz scope permissions

* fix: test case of create client authz scope permissions

---------

Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
pull/508/head
Hadeer Elsaeed 12 months ago
committed by GitHub
parent
commit
7dd46e1658
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 30
      src/keycloak/keycloak_admin.py
  2. 1
      src/keycloak/urls_patterns.py
  3. 25
      tests/test_keycloak_admin.py

30
src/keycloak/keycloak_admin.py

@ -4155,6 +4155,36 @@ class KeycloakAdmin:
) )
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def create_client_authz_scope_permission(self, payload, client_id):
"""Create permissions for a authz scope.
Payload example::
payload={
"name": "My Permission Name",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"resources": [some_resource_id],
"scopes": [some_scope_id],
"policies": [some_policy_id],
}
:param payload: No Document
:type payload: dict
:param client_id: id in ClientRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
:type client_id: str
:return: Keycloak server response
:rtype: bytes
"""
params_path = {"realm-name": self.realm_name, "id": client_id}
data_raw = self.raw_post(
urls_patterns.URL_ADMIN_ADD_CLIENT_AUTHZ_SCOPE_PERMISSION.format(**params_path),
data=json.dumps(payload),
)
return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[201])
def update_client_authz_scope_permission(self, payload, client_id, scope_id): def update_client_authz_scope_permission(self, payload, client_id, scope_id):
"""Update permissions for a given scope. """Update permissions for a given scope.

1
src/keycloak/urls_patterns.py

@ -126,6 +126,7 @@ URL_ADMIN_CLIENT_AUTHZ_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/{policy-id}"
URL_ADMIN_CLIENT_AUTHZ_POLICY_SCOPES = URL_ADMIN_CLIENT_AUTHZ_POLICY + "/scopes" URL_ADMIN_CLIENT_AUTHZ_POLICY_SCOPES = URL_ADMIN_CLIENT_AUTHZ_POLICY + "/scopes"
URL_ADMIN_CLIENT_AUTHZ_POLICY_RESOURCES = URL_ADMIN_CLIENT_AUTHZ_POLICY + "/resources" URL_ADMIN_CLIENT_AUTHZ_POLICY_RESOURCES = URL_ADMIN_CLIENT_AUTHZ_POLICY + "/resources"
URL_ADMIN_CLIENT_AUTHZ_SCOPE_PERMISSION = URL_ADMIN_CLIENT_AUTHZ + "/permission/scope/{scope-id}" URL_ADMIN_CLIENT_AUTHZ_SCOPE_PERMISSION = URL_ADMIN_CLIENT_AUTHZ + "/permission/scope/{scope-id}"
URL_ADMIN_ADD_CLIENT_AUTHZ_SCOPE_PERMISSION = URL_ADMIN_CLIENT_AUTHZ + "/permission/scope?max=-1"
URL_ADMIN_CLIENT_AUTHZ_CLIENT_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/client" URL_ADMIN_CLIENT_AUTHZ_CLIENT_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/client"
URL_ADMIN_CLIENT_SERVICE_ACCOUNT_USER = URL_ADMIN_CLIENT + "/service-account-user" URL_ADMIN_CLIENT_SERVICE_ACCOUNT_USER = URL_ADMIN_CLIENT + "/service-account-user"

25
tests/test_keycloak_admin.py

@ -1819,6 +1819,31 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str):
scope_id=token_exchange_permission_id, scope_id=token_exchange_permission_id,
) )
# Create permissions on the target client to reference this policy
admin.create_client_authz_scope_permission(
payload={
"id": token_exchange_permission_id,
"name": "test-permission",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"resources": [token_exchange_resource_id],
"scopes": [token_exchange_scope_id],
"policies": [client_policy_id],
},
client_id=realm_management_id,
)
permission_name = admin.get_client_authz_scope_permission(
client_id=realm_management_id, scope_id=token_exchange_permission_id
)["name"]
assert permission_name == "test-permission"
with pytest.raises(KeycloakPostError) as err:
admin.create_client_authz_scope_permission(
payload={"name": "test-permission", "scopes": [token_exchange_scope_id]},
client_id="realm_management_id",
)
assert err.match('404: b\'{"errorMessage":"Could not find client"}\'')
def test_email(admin: KeycloakAdmin, user: str): def test_email(admin: KeycloakAdmin, user: str):
"""Test email. """Test email.

Loading…
Cancel
Save