Browse Source

feat: Add get and delete methods for client authz resources (#435)

* feat: add tests and logic for deleting client authz resource

* feat: add tests and logic for getting client authz resource

* fix: update return type of get_client_authz_resource from bytes to dict

* fix: update return type of get_client_authz_resources admin method
pull/430/head
Raspreet Singh 2 years ago
committed by elias.hamacher
parent
commit
a7407cd9c8
  1. 50
      src/keycloak/keycloak_admin.py
  2. 1
      src/keycloak/urls_patterns.py
  3. 14
      tests/test_keycloak_admin.py

50
src/keycloak/keycloak_admin.py

@ -1523,14 +1523,37 @@ class KeycloakAdmin:
data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists
) )
def delete_client_authz_resource(self, client_id: str, resource_id: str):
"""Delete a client resource.
:param client_id: id in ClientRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
:type client_id: str
:param resource_id: id in ResourceRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_resourcerepresentation
:type resource_id: str
:return: Keycloak server response
:rtype: bytes
"""
params_path = {
"realm-name": self.connection.realm_name,
"id": client_id,
"resource-id": resource_id,
}
data_raw = self.connection.raw_delete(
urls_patterns.URL_ADMIN_CLIENT_AUTHZ_RESOURCE.format(**params_path)
)
return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204])
def get_client_authz_resources(self, client_id): def get_client_authz_resources(self, client_id):
"""Get resources from client. """Get resources from client.
:param client_id: id in ClientRepresentation :param client_id: id in ClientRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
:type client_id: str :type client_id: str
:return: Keycloak server response
:rtype: dict
:return: Keycloak server response (ResourceRepresentation)
:rtype: list
""" """
params_path = {"realm-name": self.connection.realm_name, "id": client_id} params_path = {"realm-name": self.connection.realm_name, "id": client_id}
data_raw = self.connection.raw_get( data_raw = self.connection.raw_get(
@ -1538,6 +1561,29 @@ class KeycloakAdmin:
) )
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def get_client_authz_resource(self, client_id: str, resource_id: str):
"""Get a client resource.
:param client_id: id in ClientRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
:type client_id: str
:param resource_id: id in ResourceRepresentation
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_resourcerepresentation
:type resource_id: str
:return: Keycloak server response (ResourceRepresentation)
:rtype: dict
"""
params_path = {
"realm-name": self.connection.realm_name,
"id": client_id,
"resource-id": resource_id,
}
data_raw = self.connection.raw_get(
urls_patterns.URL_ADMIN_CLIENT_AUTHZ_RESOURCE.format(**params_path)
)
return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200])
def create_client_authz_role_based_policy(self, client_id, payload, skip_exists=False): def create_client_authz_role_based_policy(self, client_id, payload, skip_exists=False):
"""Create role-based policy of client. """Create role-based policy of client.

1
src/keycloak/urls_patterns.py

@ -112,6 +112,7 @@ URL_ADMIN_CLIENT_DEFAULT_CLIENT_SCOPE = (
URL_ADMIN_CLIENT_AUTHZ = URL_ADMIN_CLIENT + "/authz/resource-server" URL_ADMIN_CLIENT_AUTHZ = URL_ADMIN_CLIENT + "/authz/resource-server"
URL_ADMIN_CLIENT_AUTHZ_SETTINGS = URL_ADMIN_CLIENT_AUTHZ + "/settings" URL_ADMIN_CLIENT_AUTHZ_SETTINGS = URL_ADMIN_CLIENT_AUTHZ + "/settings"
URL_ADMIN_CLIENT_AUTHZ_RESOURCE = URL_ADMIN_CLIENT_AUTHZ + "/resource/{resource-id}"
URL_ADMIN_CLIENT_AUTHZ_RESOURCES = URL_ADMIN_CLIENT_AUTHZ + "/resource?max=-1" URL_ADMIN_CLIENT_AUTHZ_RESOURCES = URL_ADMIN_CLIENT_AUTHZ + "/resource?max=-1"
URL_ADMIN_CLIENT_AUTHZ_SCOPES = URL_ADMIN_CLIENT_AUTHZ + "/scope?max=-1" URL_ADMIN_CLIENT_AUTHZ_SCOPES = URL_ADMIN_CLIENT_AUTHZ + "/scope?max=-1"
URL_ADMIN_CLIENT_AUTHZ_PERMISSIONS = URL_ADMIN_CLIENT_AUTHZ + "/permission?max=-1" URL_ADMIN_CLIENT_AUTHZ_PERMISSIONS = URL_ADMIN_CLIENT_AUTHZ + "/permission?max=-1"

14
tests/test_keycloak_admin.py

@ -790,6 +790,10 @@ def test_clients(admin: KeycloakAdmin, realm: str):
assert res["name"] == "test-resource", res assert res["name"] == "test-resource", res
test_resource_id = res["_id"] test_resource_id = res["_id"]
res = admin.get_client_authz_resource(client_id=auth_client_id, resource_id=test_resource_id)
assert res["_id"] == test_resource_id, res
assert res["name"] == "test-resource", res
with pytest.raises(KeycloakPostError) as err: with pytest.raises(KeycloakPostError) as err:
admin.create_client_authz_resource( admin.create_client_authz_resource(
client_id=auth_client_id, payload={"name": "test-resource"} client_id=auth_client_id, payload={"name": "test-resource"}
@ -803,6 +807,16 @@ def test_clients(admin: KeycloakAdmin, realm: str):
assert len(res) == 2 assert len(res) == 2
assert {x["name"] for x in res} == {"Default Resource", "test-resource"} assert {x["name"] for x in res} == {"Default Resource", "test-resource"}
res = admin.create_client_authz_resource(
client_id=auth_client_id, payload={"name": "temp-resource"}
)
assert res["name"] == "temp-resource", res
temp_resource_id = res["_id"]
admin.delete_client_authz_resource(client_id=auth_client_id, resource_id=temp_resource_id)
with pytest.raises(KeycloakGetError) as err:
admin.get_client_authz_resource(client_id=auth_client_id, resource_id=temp_resource_id)
assert err.match("404: b''")
# Authz policies # Authz policies
res = admin.get_client_authz_policies(client_id=auth_client_id) res = admin.get_client_authz_policies(client_id=auth_client_id)
assert len(res) == 1, res assert len(res) == 1, res

Loading…
Cancel
Save