* fix: tox.ini config fixed for testenv:check
* feat: functions for updating reource permissions and getting associated policies
* fix: linting issues resolved
* revert: brought back all functions which were mistakenly removed in commit
* fix: linting issue resolved to prevent unintended changes in file
* fix: comments fixed for docs
* fix: async functions created for new functionality
* feat: test cases completed for new functionality
* chore: tox and deps update
---------
Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
Most of the methods rely on the role name within python keycloak, which for the vast majority is fine, however there are some role names which cannot be used by the API endpoint as they contain characters that cannot be encoded properly. Therefore this change is to allow the use of the role's id to get, update and delete roles by their id instead.'
* feat: added support for Admin Events api
* test: fix auth_flow test and authentication_configs based on KC 22 pre-settings
* docs: update readme
* revert: "test: fix auth_flow test and authentication_configs based on KC 22 pre-settings"
This reverts commit 392b71b351.
* test: trying to support old and new Keycloak versions for test_auth_flows & test_authentication_configs
test: trying to support old and new Keycloak versions for test_auth_flows & test_authentication_configs
https://github.com/keycloak/keycloak/issues/20497
* chore: revert Update tox.ini
These tools should be coming from the poetry virtual env
---------
Co-authored-by: Simone Ferrigno <simone.ferrigno@vorwerk.de>
Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
* feat: add missing get_realm_role_by_id to KeycloakAdmin
* fix: test was using role_name instead role_id
---------
Co-authored-by: Cainã S. G <p-caina.galante@pd.tec.br>
* feat(api): add api url
* feat(api): add create permission function
* feat(api): add testcases for create permission function
* fix: linting
* fix: linting
* feat(api): add testcases for create permission function
* feat(api): add testcases for create permission function
* feat(api): apply formating
* feat(api): fix testing
* feat(api): fix testing
* feat(api): fix testing for create client_authz_scope_permission
* feat(api): add scope id for get client_authz_scope_permission
* fix create_client_authz_scope_permission test case
* fix: create_client_authz_scope_permission test case
* fix: add id in create client authz scope permissions
* fix: linting
* fix: test case of create client authz scope permissions
* fix: test case of create client authz scope permissions
---------
Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
* feat: add an optional search criteria to the get_realm_roles function
* style: reformat code to fix linting error
* test: add unit test for get_realm_roles function with search_text param
* feat: add create_client_authz_scope_permission and create_client_authz_policy to keycloak_admin
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed create_client_authz_policy url
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed test expect number of policies
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed typo in test for create_client_authz_scope_based_permission
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: removed duplicated test
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: chenge url to use existing variables
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: linting
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: linting
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
---------
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
Co-authored-by: Cainã S. G <p-caina.galante@pd.tec.br>
* feat: add tests and logic for deleting client authz resource
* feat: add tests and logic for getting client authz resource
* fix: update return type of get_client_authz_resource from bytes to dict
* fix: update return type of get_client_authz_resources admin method
Keycloak provides an API endpoint to directly load a group by its path.
This commit changes get_group_by_path to not filter the groups locally
and instead uses the API endpoint.
This adds support for the basic endpoints necessary to configure client-to-client token exchange.
The /authz API is lacking official documentation. Basic docs added to docstrings instead.
A permission associates the object being protected and the policies that must be evaluated to decide whether access should be granted.
Permissions can be created to protect two main types of objects:
1. Resources
2. Scopes