warricksothr
/
python-keycloak
forked from Mirror/python-keycloak
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
104 Commits
5 Branches
0 Tags
420 KiB
Tree: 50c7c3fd33
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '50c7c3fd33'
${ noResults }
python-keycloak/keycloak/keycloak_admin.py

684 lines
26 KiB
Raw Normal View History

Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Updated docs.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Initial commit
7 years ago
Methods: list users, get user, create user.
7 years ago
Initial commit
7 years ago
Methods: list users, get user, create user.
7 years ago
Initial commit
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add groups functions
7 years ago
Methods: list users, get user, create user.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Methods: list users, get user, create user.
7 years ago
Add groups functions
7 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Initial commit
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Updated docs.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Initial commit
7 years ago
Add Admin Tasks for user and client role management
7 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. # Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the internal Keycloak server ID, usually a uuid string
  20. from .urls_patterns import URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
  21. URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
  22. URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, URL_ADMIN_USER_CLIENT_ROLES, \
  23. URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP, URL_ADMIN_USER_PASSWORD, URL_ADMIN_GROUP_PERMISSIONS
  24. from .keycloak_openid import KeycloakOpenID
  26. from .exceptions import raise_error_from_response, KeycloakGetError
  28. from .urls_patterns import (
  29. URL_ADMIN_USERS,
  30. )
  32. from .connection import ConnectionManager
  33. import json
  36. class KeycloakAdmin:
  38. def __init__(self, server_url, verify, username, password, realm_name='master', client_id='admin-cli'):
  39. self._username = username
  40. self._password = password
  41. self._client_id = client_id
  42. self._realm_name = realm_name
  44. # Get token Admin
  45. keycloak_openid = KeycloakOpenID(server_url=server_url, client_id=client_id, realm_name=realm_name, verify=verify)
  46. self._token = keycloak_openid.token(username, password)
  48. self._connection = ConnectionManager(base_url=server_url,
  49. headers={'Authorization': 'Bearer ' + self.token.get('access_token'),
  50. 'Content-Type': 'application/json'},
  51. timeout=60,
  52. verify=verify)
  54. @property
  55. def realm_name(self):
  56. return self._realm_name
  58. @realm_name.setter
  59. def realm_name(self, value):
  60. self._realm_name = value
  62. @property
  63. def connection(self):
  64. return self._connection
  66. @connection.setter
  67. def connection(self, value):
  68. self._connection = value
  70. @property
  71. def client_id(self):
  72. return self._client_id
  74. @client_id.setter
  75. def client_id(self, value):
  76. self._client_id = value
  78. @property
  79. def username(self):
  80. return self._username
  82. @username.setter
  83. def username(self, value):
  84. self._username = value
  86. @property
  87. def password(self):
  88. return self._password
  90. @password.setter
  91. def password(self, value):
  92. self._password = value
  94. @property
  95. def token(self):
  96. return self._token
  98. @token.setter
  99. def token(self, value):
  100. self._token = value
  102. def get_users(self, query=None):
  103. """
  104. Get users Returns a list of users, filtered according to query parameters
  106. :return: users list
  107. """
  108. params_path = {"realm-name": self.realm_name}
  109. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query)
  110. return raise_error_from_response(data_raw, KeycloakGetError)
  112. def create_user(self, username, email='', firstName='', lastName='', emailVerified=False, enabled=True, password=None, passwordTemp=False, skip_exists=False):
  113. """
  114. Create a new user Username must be unique
  116. UserRepresentation
  117. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  119. :param data: Http response
  121. """
  122. data={}
  123. data["username"]=username
  124. data["email"]=email
  125. data["firstName"]=firstName
  126. data["lastName"]=lastName
  127. data["emailVerified"]=emailVerified
  128. data["enabled"]=enabled
  129. params_path = {"realm-name": self.realm_name}
  131. exists = self.get_user_id(username=username)
  133. if exists is not None:
  134. return str(exists)
  136. data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path),
  137. data=json.dumps(data))
  138. create_resp = raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists)
  140. if password is not None:
  141. user_id = self.get_user_id(username)
  142. data={}
  143. data["value"]=password
  144. data["type"]="password"
  145. data["temporary"]=passwordTemp
  147. params_path = {"realm-name": self.realm_name, "id": user_id}
  148. data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path),
  149. data=json.dumps(data))
  150. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  151. else:
  152. return create_resp
  154. def users_count(self):
  155. """
  156. User counter
  158. :return: counter
  159. """
  160. params_path = {"realm-name": self.realm_name}
  161. data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path))
  162. return raise_error_from_response(data_raw, KeycloakGetError)
  165. def get_user_id(self, username):
  166. """
  167. Get internal keycloak user id from username
  168. This is required for further actions against this user.
  170. :param username:
  171. clientId in UserRepresentation
  172. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  174. :return: user_id
  175. """
  176. params_path = {"realm-name": self.realm_name, "username": username}
  177. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path))
  178. data_content = raise_error_from_response(data_raw, KeycloakGetError)
  180. for user in data_content:
  181. thisusername = json.dumps(user["username"]).strip('"')
  182. if thisusername == username:
  183. return json.dumps(user["id"]).strip('"')
  185. return None
  187. def get_user(self, user_id):
  188. """
  189. Get representation of the user
  191. :param user_id: User id
  193. UserRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  195. :return: UserRepresentation
  196. """
  197. params_path = {"realm-name": self.realm_name, "id": user_id}
  198. data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path))
  199. return raise_error_from_response(data_raw, KeycloakGetError)
  201. def update_user(self, user_id, username, email='', firstName='', lastName='', emailVerified=False, enabled=True, password=None, passwordTemp=False):
  202. """
  203. Update the user
  205. :param user_id: User id
  206. :param data: UserRepresentation
  208. :return: Http response
  209. """
  210. data={}
  211. data["username"]=username
  212. data["email"]=email
  213. data["firstName"]=firstName
  214. data["lastName"]=lastName
  215. data["emailVerified"]=emailVerified
  216. data["enabled"]=enabled
  217. params_path = {"realm-name": self.realm_name, "id": user_id}
  218. data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path),
  219. data=json.dumps(data))
  220. update_resp = raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  222. if password is not None:
  223. user_id = self.get_user_id(username)
  224. data={}
  225. data["value"]=password
  226. data["type"]="password"
  227. data["temporary"]=passwordTemp
  229. params_path = {"realm-name": self.realm_name, "id": user_id}
  230. data_raw = self.connection.raw_put(URL_ADMIN_USER_PASSWORD.format(**params_path),
  231. data=json.dumps(data))
  232. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  233. else:
  234. return update_resp
  236. def delete_user(self, user_id):
  237. """
  238. Delete the user
  240. :param user_id: User id
  242. :return: Http response
  243. """
  244. params_path = {"realm-name": self.realm_name, "id": user_id}
  245. data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path))
  246. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  248. def consents_user(self, user_id):
  249. """
  250. Get consents granted by the user
  252. :param user_id: User id
  254. :return: consents
  255. """
  256. params_path = {"realm-name": self.realm_name, "id": user_id}
  257. data_raw = self.connection.raw_get(URL_ADMIN_USER_CONSENTS.format(**params_path))
  258. return raise_error_from_response(data_raw, KeycloakGetError)
  260. def send_update_account(self, user_id, payload, client_id=None, lifespan=None, redirect_uri=None):
  261. """
  262. Send a update account email to the user An email contains a
  263. link the user can click to perform a set of required actions.
  265. :param user_id:
  266. :param payload:
  267. :param client_id:
  268. :param lifespan:
  269. :param redirect_uri:
  271. :return:
  272. """
  273. params_path = {"realm-name": self.realm_name, "id": user_id}
  274. params_query = {"client_id": client_id, "lifespan": lifespan, "redirect_uri": redirect_uri}
  275. data_raw = self.connection.raw_put(URL_ADMIN_SEND_UPDATE_ACCOUNT.format(**params_path),
  276. data=payload, **params_query)
  277. return raise_error_from_response(data_raw, KeycloakGetError)
  279. def send_verify_email(self, user_id, client_id=None, redirect_uri=None):
  280. """
  281. Send a update account email to the user An email contains a
  282. link the user can click to perform a set of required actions.
  284. :param user_id: User id
  285. :param client_id: Client id
  286. :param redirect_uri: Redirect uri
  288. :return:
  289. """
  290. params_path = {"realm-name": self.realm_name, "id": user_id}
  291. params_query = {"client_id": client_id, "redirect_uri": redirect_uri}
  292. data_raw = self.connection.raw_put(URL_ADMIN_SEND_VERIFY_EMAIL.format(**params_path),
  293. data={}, **params_query)
  294. return raise_error_from_response(data_raw, KeycloakGetError)
  296. def get_sessions(self, user_id):
  297. """
  298. Get sessions associated with the user
  300. :param user_id: id of user
  302. UserSessionRepresentation
  303. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_usersessionrepresentation
  305. :return: UserSessionRepresentation
  306. """
  307. params_path = {"realm-name": self.realm_name, "id": user_id}
  308. data_raw = self.connection.raw_get(URL_ADMIN_GET_SESSIONS.format(**params_path))
  309. return raise_error_from_response(data_raw, KeycloakGetError)
  311. def get_server_info(self):
  312. """
  313. Get themes, social providers, auth providers, and event listeners available on this server
  315. ServerInfoRepresentation
  316. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_serverinforepresentation
  318. :return: ServerInfoRepresentation
  319. """
  320. data_raw = self.connection.raw_get(URL_ADMIN_SERVER_INFO)
  321. return raise_error_from_response(data_raw, KeycloakGetError)
  323. def get_groups(self):
  324. """
  325. Get groups belonging to the realm. Returns a list of groups belonging to the realm
  327. GroupRepresentation
  328. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  330. :return: array GroupRepresentation
  331. """
  332. params_path = {"realm-name": self.realm_name}
  333. data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
  334. return raise_error_from_response(data_raw, KeycloakGetError)
  336. def get_group(self, group_id):
  337. """
  338. Get group by id. Returns full group details
  340. GroupRepresentation
  341. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  343. :return: array GroupRepresentation
  344. """
  345. params_path = {"realm-name": self.realm_name, "id": group_id}
  346. data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
  347. return raise_error_from_response(data_raw, KeycloakGetError)
  349. def get_group_id(self, name=None, path=None, parent=None):
  350. """
  351. Get group id based on name or path.
  352. A straight name or path match with a top-level group will return first.
  353. Subgroups are traversed, the first to match path (or name with path) is returned.
  355. :param name: group name
  356. :param path: group path
  357. :param parent: parent group's id. Required to find a sub-group below level 1.
  359. GroupRepresentation
  360. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  362. :return: GroupID (string)
  363. """
  364. if parent is not None:
  365. params_path = {"realm-name": self.realm_name, "id": parent}
  366. data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
  367. res = raise_error_from_response(data_raw, KeycloakGetError)
  368. data_content = []
  369. data_content.append(res)
  370. else:
  371. params_path = {"realm-name": self.realm_name}
  372. data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
  373. data_content = raise_error_from_response(data_raw, KeycloakGetError)
  375. for group in data_content:
  376. thisgroupname = json.dumps(group["name"]).strip('"')
  377. thisgrouppath = json.dumps(group["path"]).strip('"')
  378. if (thisgroupname == name and name is not None) or (thisgrouppath == path and path is not None):
  379. return json.dumps(group["id"]).strip('"')
  380. for subgroup in group["subGroups"]:
  381. thisgrouppath = json.dumps(subgroup["path"]).strip('"')
  382. if (thisgrouppath == path and path is not None) or (thisgrouppath == name and name is not None):
  383. return json.dumps(subgroup["id"]).strip('"')
  384. return None
  386. def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None, skip_exists=False):
  387. """
  388. Creates a group in the Realm
  390. :param name: group name
  391. :param client_roles (map): Client roles to include in groupp # Not demonstrated to work
  392. :param realm_roles (array): Realm roles to include in group # Not demonstrated to work
  393. :param sub_groups (array): Subgroups to include in groupp # Not demonstrated to work
  394. :param path: group path
  395. :param parent: parent group's id. Required to create a sub-group.
  397. GroupRepresentation
  398. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  400. :return: Http response
  401. """
  402. if name is None and path is not None:
  403. name=path
  405. data={}
  406. data["name"]=name
  407. data["path"]=path
  408. data["clientRoles"]=client_roles
  409. data["realmRoles"]=realm_roles
  410. data["subGroups"]=sub_groups
  412. if name is not None:
  413. exists = self.get_group_id(name=name, parent=parent)
  414. elif path is not None:
  415. exists = self.get_group_id(path=path, parent=parent)
  417. if exists is not None:
  418. return str(exists)
  420. if parent is None:
  421. params_path = {"realm-name": self.realm_name}
  422. data_raw = self.connection.raw_post(URL_ADMIN_GROUPS.format(**params_path),
  423. data=json.dumps(data))
  424. else:
  425. params_path = {"realm-name": self.realm_name, "id": parent,}
  426. data_raw = self.connection.raw_post(URL_ADMIN_GROUP_CHILD.format(**params_path),
  427. data=json.dumps(data))
  428. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists)
  430. def group_set_permissions(self, group_id, enabled=True):
  431. """
  432. Enable/Disable permissions for a group. Cannot delete group if disabled
  434. :param group_id: id of group
  435. :param enabled: boolean
  437. :return: {}
  438. """
  439. data={}
  440. data["enabled"]=enabled
  442. params_path = {"realm-name": self.realm_name, "id": group_id}
  443. data_raw = self.connection.raw_put(URL_ADMIN_GROUP_PERMISSIONS.format(**params_path),
  444. data=json.dumps(data))
  445. return raise_error_from_response(data_raw, KeycloakGetError)
  447. def group_user_add(self, user_id, group_id):
  448. """
  449. Add user to group (user_id and group_id)
  451. :param group_id: id of group
  452. :param user_id: id of user
  453. :param group_id: id of group to add to
  455. :return: {}
  456. """
  457. data={}
  458. data["realm"]=self.realm_name
  459. data["userId"]=user_id
  460. data["groupId"]=group_id
  462. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  463. data_raw = self.connection.raw_put(URL_ADMIN_USER_GROUP.format(**params_path),
  464. data=json.dumps(data))
  465. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  467. def group_user_remove(self, user_id, group_id):
  468. """
  469. Remove user from group (user_id and group_id)
  471. :param group_id: id of group
  472. :param user_id: id of user
  473. :param group_id: id of group to add to
  475. :return: {}
  476. """
  477. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  478. data_raw = self.connection.raw_delete(URL_ADMIN_USER_GROUP.format(**params_path))
  479. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  481. def delete_group(self, group_id):
  482. """
  483. Deletes a group in the Realm
  485. :param group_id: id of group to delete
  487. :return: Http response
  488. """
  489. params_path = {"realm-name": self.realm_name, "id": group_id}
  490. data_raw = self.connection.raw_delete(URL_ADMIN_GROUP.format(**params_path))
  491. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  493. def get_clients(self):
  494. """
  495. Get clients belonging to the realm Returns a list of clients belonging to the realm
  497. ClientRepresentation
  498. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  500. :return: ClientRepresentation
  501. """
  502. params_path = {"realm-name": self.realm_name}
  503. data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path))
  504. return raise_error_from_response(data_raw, KeycloakGetError)
  506. def get_client_id(self, client_id_name):
  507. """
  508. Get internal keycloak client id from client-id.
  509. This is required for further actions against this client.
  511. :param client_id_name: name in ClientRepresentation
  512. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  514. :return: client_id (uuid as string)
  515. """
  516. params_path = {"realm-name": self.realm_name, "clientId": client_id_name}
  517. data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path))
  518. data_content = raise_error_from_response(data_raw, KeycloakGetError)
  520. for client in data_content:
  521. client_id = json.dumps(client["clientId"]).strip('"')
  522. if client_id == client_id_name:
  523. return json.dumps(client["id"]).strip('"')
  525. return None
  527. def get_client(self, client_id):
  528. """
  529. Get representation of the client
  531. ClientRepresentation
  532. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  534. :param client_id: id of client (not client-id)
  536. :return: ClientRepresentation
  537. """
  538. params_path = {"realm-name": self.realm_name, "id": client_id}
  539. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path))
  540. return raise_error_from_response(data_raw, KeycloakGetError)
  542. def create_client(self, name, client_id, redirect_uris, protocol="openid-connect", public_client=True, direct_access_grants=True, skip_exists=False):
  543. """
  544. Create a client
  546. :param name: name of client
  547. :param client_id: (oauth client-id)
  548. :param redirect_uris: Valid edirect URIs
  549. :param redirect urls
  550. :param protocol: openid-connect or saml
  552. ClientRepresentation
  553. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  555. """
  556. data={}
  557. data["name"]=name
  558. data["clientId"]=client_id
  559. data["redirectUris"]=redirect_uris
  560. data["protocol"]=protocol
  561. data["publicClient"]=public_client
  562. data["directAccessGrantsEnabled"]=direct_access_grants
  563. params_path = {"realm-name": self.realm_name}
  564. data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path),
  565. data=json.dumps(data))
  566. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists)
  568. def delete_client(self, client_id):
  569. """
  570. Get representation of the client
  572. ClientRepresentation
  573. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  575. :param client_id: keycloak client id (not oauth client-id)
  577. :return: ClientRepresentation
  578. """
  579. params_path = {"realm-name": self.realm_name, "id": client_id}
  580. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT.format(**params_path))
  581. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  583. def get_client_roles(self, client_id):
  584. """
  585. Get all roles for the client
  587. :param client_id: id of client (not client-id)
  589. RoleRepresentation
  590. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  592. :return: RoleRepresentation
  593. """
  594. params_path = {"realm-name": self.realm_name, "id": client_id}
  595. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path))
  596. return raise_error_from_response(data_raw, KeycloakGetError)
  598. def get_client_role_id(self, client_id, role_name):
  599. """
  600. Get client role id
  601. This is required for further actions with this role.
  603. :param client_id: id of client (not client-id), role_name: name of role
  605. RoleRepresentation
  606. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  608. :return: role_id
  609. """
  610. params_path = {"realm-name": self.realm_name, "id": client_id}
  611. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path))
  612. data_content = raise_error_from_response(data_raw, KeycloakGetError)
  614. for role in data_content:
  615. this_role_name = json.dumps(role["name"]).strip('"')
  616. if this_role_name == role_name:
  617. return json.dumps(role["id"]).strip('"')
  619. return None
  621. def get_roles(self):
  622. """
  623. Get all roles for the realm or client
  625. RoleRepresentation
  626. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  628. :return: RoleRepresentation
  629. """
  630. params_path = {"realm-name": self.realm_name}
  631. data_raw = self.connection.raw_get(URL_ADMIN_REALM_ROLES.format(**params_path))
  632. return raise_error_from_response(data_raw, KeycloakGetError)
  634. def create_client_role(self, client_id, role_name, skip_exists=False):
  635. """
  636. Create a client role
  638. :param client_id: id of client (not client-id), role_name: name of role
  640. RoleRepresentation
  641. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  643. """
  644. data={}
  645. data["name"]=role_name
  646. data["clientRole"]=True
  647. params_path = {"realm-name": self.realm_name, "id": client_id}
  648. data_raw = self.connection.raw_post(URL_ADMIN_CLIENT_ROLES.format(**params_path),
  649. data=json.dumps(data))
  650. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201, skip_exists=skip_exists)
  652. def delete_client_role(self, client_id, role_name):
  653. """
  654. Create a client role
  656. :param client_id: id of client (not client-id), role_name: name of role
  658. RoleRepresentation
  659. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  661. """
  662. data={}
  663. data["name"]=role_name
  664. data["clientRole"]=True
  665. params_path = {"realm-name": self.realm_name, "id": client_id}
  666. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT_ROLES.format(**params_path) + "/" + role_name,
  667. data=json.dumps(data))
  668. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  670. def assign_client_role(self, user_id, client_id, role_id, role_name):
  671. """
  672. Assign a client role to a user
  674. :param client_id: id of client (not client-id), user_id: id of user, client_id: id of client containing role, role_id: client role id, role_name: client role name)
  676. """
  677. payload=[{}]
  678. payload[0]["id"]=role_id
  679. payload[0]["name"]=role_name
  681. params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
  682. data_raw = self.connection.raw_post(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path),
  683. data=json.dumps(payload))
  684. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)