Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
Browse Source

feat: Adding additional methods to support roles-by-id api calls 

Most of the methods rely on the role name within python keycloak, which for the vast majority is fine, however there are some role names which cannot be used by the API endpoint as they contain characters that cannot be encoded properly. Therefore this change is to allow the use of the role's id to get, update and delete roles by their id instead.'
fix/update-dependencies
Geoff Owen 9 months ago
committed by Marcos Pereira
parent
355a2f48d9
commit
7df92332fd
6 changed files with 89 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 54
      src/keycloak/keycloak_admin.py
  2. 4
      src/keycloak/keycloak_openid.py
  3. 1
      src/keycloak/urls_patterns.py
  4. 29
      tests/test_keycloak_admin.py
  5. 4
      tests/test_keycloak_openid.py
  6. 3
      tox.ini

54
src/keycloak/keycloak_admin.py
View File

@ -2569,6 +2569,60 @@ class KeycloakAdmin:
urls_patterns.URL_ADMIN_CLIENT_ROLE_GROUPS.format(**params_path), query urls_patterns.URL_ADMIN_CLIENT_ROLE_GROUPS.format(**params_path), query
) )
def get_role_by_id(self, role_id):
"""Get a specific role’s representation.
RoleRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
:param role_id: id of role
:type role_id: str
:return: Keycloak server response (RoleRepresentation)
:rtype: bytes
"""
params_path = {"realm-name": self.connection.realm_name, "role-id": role_id}
data_raw = self.connection.raw_get(
urls_patterns.URL_ADMIN_REALM_ROLES_ROLE_BY_ID.format(**params_path)
)
return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200])
def update_role_by_id(self, role_id, payload):
"""Update the role.
RoleRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
:param payload: RoleRepresentation
:type payload: dict
:param role_id: id of role
:type role_id: str
:returns: Keycloak server response
:rtype: bytes
"""
params_path = {"realm-name": self.connection.realm_name, "role-id": role_id}
data_raw = self.connection.raw_put(
urls_patterns.URL_ADMIN_REALM_ROLES_ROLE_BY_ID.format(**params_path),
data=json.dumps(payload),
)
return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[204])
def delete_role_by_id(self, role_id):
"""Delete a role by its id.
RoleRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
:param role_id: id of role
:type role_id: str
:returns: Keycloak server response
:rtype: bytes
"""
params_path = {"realm-name": self.connection.realm_name, "role-id": role_id}
data_raw = self.connection.raw_delete(
urls_patterns.URL_ADMIN_REALM_ROLES_ROLE_BY_ID.format(**params_path)
)
return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204])
def create_realm_role(self, payload, skip_exists=False): def create_realm_role(self, payload, skip_exists=False):
"""Create a new role for the realm or client. """Create a new role for the realm or client.

4
src/keycloak/keycloak_openid.py
View File

@ -736,9 +736,7 @@ class KeycloakOpenID:
:rtype: dict :rtype: dict
""" """
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
payload = {
"client_id": self.client_id,
}
payload = {"client_id": self.client_id}
payload = self._add_secret_key(payload) payload = self._add_secret_key(payload)
data_raw = self.connection.raw_post(URL_DEVICE.format(**params_path), data=payload) data_raw = self.connection.raw_post(URL_DEVICE.format(**params_path), data=payload)

1
src/keycloak/urls_patterns.py
View File

@ -43,6 +43,7 @@ URL_CLIENT_REGISTRATION = URL_REALM + "/clients-registrations/default"
URL_CLIENT_UPDATE = URL_CLIENT_REGISTRATION + "/{client-id}" URL_CLIENT_UPDATE = URL_CLIENT_REGISTRATION + "/{client-id}"
# ADMIN URLS # ADMIN URLS
URL_ADMIN_ROOT = "admin/realms/{realm-name}"
URL_ADMIN_USERS = "admin/realms/{realm-name}/users" URL_ADMIN_USERS = "admin/realms/{realm-name}/users"
URL_ADMIN_USERS_COUNT = "admin/realms/{realm-name}/users/count" URL_ADMIN_USERS_COUNT = "admin/realms/{realm-name}/users/count"
URL_ADMIN_USER = "admin/realms/{realm-name}/users/{id}" URL_ADMIN_USER = "admin/realms/{realm-name}/users/{id}"

29
tests/test_keycloak_admin.py
View File

@ -1763,6 +1763,35 @@ def test_client_roles(admin: KeycloakAdmin, client: str):
admin.delete_client_role(client_role_id=client, role_name="client-role-test-update") admin.delete_client_role(client_role_id=client, role_name="client-role-test-update")
assert err.match('404: b\'{"error":"Could not find role"}\'') assert err.match('404: b\'{"error":"Could not find role"}\'')
# Test of roles by id - Get role
admin.create_client_role(
client_role_id=client, payload={"name": "client-role-by-id-test"}, skip_exists=True
)
role = admin.get_client_role(client_id=client, role_name="client-role-by-id-test")
res = admin.get_role_by_id(role_id=role["id"])
assert res["name"] == "client-role-by-id-test"
with pytest.raises(KeycloakGetError) as err:
admin.get_role_by_id(role_id="bad")
assert err.match('404: b\'{"error":"Could not find role with id"}\'')
# Test of roles by id - Update role
res = admin.update_role_by_id(
role_id=role["id"], payload={"name": "client-role-by-id-test-update"}
)
assert res == dict()
with pytest.raises(KeycloakPutError) as err:
res = admin.update_role_by_id(
role_id="bad", payload={"name": "client-role-by-id-test-update"}
)
assert err.match('404: b\'{"error":"Could not find role with id"}\'')
# Test of roles by id - Delete role
res = admin.delete_role_by_id(role_id=role["id"])
assert res == dict()
with pytest.raises(KeycloakDeleteError) as err:
admin.delete_role_by_id(role_id="bad")
assert err.match('404: b\'{"error":"Could not find role with id"}\'')
def test_enable_token_exchange(admin: KeycloakAdmin, realm: str): def test_enable_token_exchange(admin: KeycloakAdmin, realm: str):
"""Test enable token exchange. """Test enable token exchange.

4
tests/test_keycloak_openid.py
View File

@ -208,9 +208,7 @@ def test_exchange_token(
# Exchange token with the new user # Exchange token with the new user
new_token = oid.exchange_token( new_token = oid.exchange_token(
token=token["access_token"],
audience=oid.client_id,
subject=username,
token=token["access_token"], audience=oid.client_id, subject=username
) )
assert oid.userinfo(token=new_token["access_token"]) == { assert oid.userinfo(token=new_token["access_token"]) == {
"email": f"{username}@test.test", "email": f"{username}@test.test",

3
tox.ini
View File

@ -14,18 +14,21 @@ commands =
isort -c --df src/keycloak tests docs isort -c --df src/keycloak tests docs
flake8 src/keycloak tests docs flake8 src/keycloak tests docs
codespell src tests docs codespell src tests docs
allowlist_externals = black, poetry
[testenv:apply-check] [testenv:apply-check]
commands = commands =
black -C src/keycloak tests docs black -C src/keycloak tests docs
black src/keycloak tests docs black src/keycloak tests docs
isort src/keycloak tests docs isort src/keycloak tests docs
allowlist_externals = black, poetry, isort
[testenv:docs] [testenv:docs]
commands_pre = commands_pre =
poetry install --no-root --sync -E docs poetry install --no-root --sync -E docs
commands = commands =
sphinx-build -T -E -W -b html -d _build/doctrees -D language=en ./docs/source _build/html sphinx-build -T -E -W -b html -d _build/doctrees -D language=en ./docs/source _build/html
allowlist_externals = sphinx-build, poetry
[testenv:tests] [testenv:tests]
setenv = file|tox.env setenv = file|tox.env

Write Preview
Loading…
Cancel
Save