From 488b4fa8e1f11c0e13804c84dd54d11622762eb6 Mon Sep 17 00:00:00 2001 From: Matthew DuCharme Date: Sat, 11 Apr 2020 15:21:18 -0400 Subject: [PATCH 1/3] Added routes for deleting and updating realms --- keycloak/keycloak_admin.py | 32 +++++++++++++++++++++++++++++++- keycloak/urls_patterns.py | 1 + 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index 0bcf28f..8e66d9e 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -42,7 +42,7 @@ from .urls_patterns import URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENT_AUTHZ_RESOURC URL_ADMIN_GROUP_MEMBERS, URL_ADMIN_USER_STORAGE, URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_IDPS, \ URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, URL_ADMIN_USERS, URL_ADMIN_CLIENT_SCOPES, \ URL_ADMIN_CLIENT_SCOPES_ADD_MAPPER, URL_ADMIN_CLIENT_SCOPE, URL_ADMIN_CLIENT_SECRETS, \ - URL_ADMIN_USER_REALM_ROLES + URL_ADMIN_USER_REALM_ROLES, URL_ADMIN_REALM class KeycloakAdmin: @@ -263,6 +263,36 @@ class KeycloakAdmin: data=json.dumps(payload)) return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists) + def update_realm(self, realm_name, payload): + """ + Update a realm. This wil only update top level attributes and will ignore any user, + role, or client information in the payload. + + RealmRepresentation: + https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_realmrepresentation + + :param realm_name: Realm name (not the realm id) + :param payload: RealmRepresentation + :return: Http response + """ + + params_path = {"realm-name": realm_name} + data_raw = self.raw_put(URL_ADMIN_REALM.format(**params_path), + data=json.dumps(payload)) + return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) + + def delete_realm(self, realm_name): + """ + Delete a realm + + :param realm_name: Realm name (not the realm id) + :return: Http response + """ + + params_path = {"realm-name": realm_name} + data_raw = self.raw_delete(URL_ADMIN_REALM.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) + def get_users(self, query=None): """ diff --git a/keycloak/urls_patterns.py b/keycloak/urls_patterns.py index 19ca28f..d49a5a9 100644 --- a/keycloak/urls_patterns.py +++ b/keycloak/urls_patterns.py @@ -75,6 +75,7 @@ URL_ADMIN_CLIENT_SCOPES_ADD_MAPPER = URL_ADMIN_CLIENT_SCOPE + "/protocol-mappers URL_ADMIN_REALM_ROLES = "admin/realms/{realm-name}/roles" URL_ADMIN_REALMS = "admin/realms" +URL_ADMIN_REALM = "admin/realms/{realm-name}" URL_ADMIN_IDPS = "admin/realms/{realm-name}/identity-provider/instances" URL_ADMIN_FLOWS = "admin/realms/{realm-name}/authentication/flows" From 4f7069b6754edc854d8c62945554df92989d15e9 Mon Sep 17 00:00:00 2001 From: Shady Nawara Date: Thu, 7 May 2020 04:47:59 -0500 Subject: [PATCH 2/3] Modified update_client & create_realm_role to use keycloak_admin raw_put/post Modified update_client & create_realm_role to use the keycloak_admin raw_put/post instead of the connection's raw_put/post directly to allow for token refresh --- keycloak/keycloak_admin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index 0bcf28f..f13d889 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -775,7 +775,7 @@ class KeycloakAdmin: :return: Http response """ params_path = {"realm-name": self.realm_name, "id": client_id} - data_raw = self.connection.raw_put(URL_ADMIN_CLIENT.format(**params_path), + data_raw = self.raw_put(URL_ADMIN_CLIENT.format(**params_path), data=json.dumps(payload)) return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) @@ -917,7 +917,7 @@ class KeycloakAdmin: """ params_path = {"realm-name": self.realm_name} - data_raw = self.connection.raw_post(URL_ADMIN_REALM_ROLES.format(**params_path), + data_raw = self.raw_post(URL_ADMIN_REALM_ROLES.format(**params_path), data=json.dumps(payload)) return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists) From 50b65c06a2af1e374351511ab7724f589eb1f367 Mon Sep 17 00:00:00 2001 From: Paolo Romolini Date: Fri, 8 May 2020 15:39:23 +0200 Subject: [PATCH 3/3] Add update and delete role by name Add 'Update a role' and 'Delete a role' by name and without passing the client parameter --- keycloak/keycloak_admin.py | 26 +++++++++++++++++++++++++- keycloak/urls_patterns.py | 2 ++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index 0bcf28f..7b87b45 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -29,7 +29,7 @@ from builtins import isinstance from typing import List, Iterable from keycloak.urls_patterns import URL_ADMIN_GROUPS_REALM_ROLES, \ - URL_ADMIN_GET_GROUPS_REALM_ROLES + URL_ADMIN_GET_GROUPS_REALM_ROLES, URL_ADMIN_REALM_ROLES_ROLE_BY_NAME from .connection import ConnectionManager from .exceptions import raise_error_from_response, KeycloakGetError from .keycloak_openid import KeycloakOpenID @@ -921,6 +921,30 @@ class KeycloakAdmin: data=json.dumps(payload)) return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists) + def update_realm_role(self, role_name, payload): + """ + Update a role for the realm by name + :param role_name: The name of the role to be updated + :param payload: The role (use RoleRepresentation) + :return Keycloak server response + """ + + params_path = {"realm-name": self.realm_name, "role-name": role_name} + data_raw = self.connection.raw_put(URL_ADMIN_REALM_ROLES_ROLE_BY_NAME.format(**params_path), + data=json.dumps(payload)) + return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) + + def delete_realm_role(self, role_name): + """ + Delete a role for the realm by name + :param payload: The role name {'role-name':'name-of-the-role'} + :return Keycloak server response + """ + + params_path = {"realm-name": self.realm_name, "role-name": role_name} + data_raw = self.connection.raw_delete( + URL_ADMIN_REALM_ROLES_ROLE_BY_NAME.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204) def assign_realm_roles(self, user_id, client_id, roles): """ diff --git a/keycloak/urls_patterns.py b/keycloak/urls_patterns.py index 19ca28f..8cb88b2 100644 --- a/keycloak/urls_patterns.py +++ b/keycloak/urls_patterns.py @@ -76,6 +76,8 @@ URL_ADMIN_CLIENT_SCOPES_ADD_MAPPER = URL_ADMIN_CLIENT_SCOPE + "/protocol-mappers URL_ADMIN_REALM_ROLES = "admin/realms/{realm-name}/roles" URL_ADMIN_REALMS = "admin/realms" URL_ADMIN_IDPS = "admin/realms/{realm-name}/identity-provider/instances" +URL_ADMIN_REALM_ROLES_ROLE_BY_NAME = "admin/realms/{realm-name}/roles/{role-name}" + URL_ADMIN_FLOWS = "admin/realms/{realm-name}/authentication/flows" URL_ADMIN_FLOWS_EXECUTIONS = "admin/realms/{realm-name}/authentication/flows/{flow-alias}/executions"