warricksothr
/
python-keycloak
forked from Mirror/python-keycloak
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
129 Commits
5 Branches
0 Tags
420 KiB
Tree: 5bf051ed3a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5bf051ed3a'
${ noResults }
python-keycloak/keycloak/keycloak_admin.py

666 lines
25 KiB
Raw Normal View History

Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Fixed new features.
7 years ago
Merge develop
7 years ago
Add get_user_groups function
6 years ago
Fixed new features.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docks
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Methods: list users, get user, create user.
7 years ago
Initial commit
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add get_user_groups function
6 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Fixed new features.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add sync users function
7 years ago
Added groups functions and client functions. Added Changedlog
7 years ago
Add sync users function
7 years ago
Merge develop
7 years ago
Add sync users function
7 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. # Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the
  19. # internal Keycloak server ID, usually a uuid string
  20. from keycloak.urls_patterns import URL_ADMIN_CLIENT_ROLE
  21. from .urls_patterns import \
  22. URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
  23. URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
  24. URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \
  25. URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\
  26. URL_ADMIN_USER_GROUPS, URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE
  28. from .keycloak_openid import KeycloakOpenID
  30. from .exceptions import raise_error_from_response, KeycloakGetError
  32. from .urls_patterns import (
  33. URL_ADMIN_USERS,
  34. )
  36. from .connection import ConnectionManager
  37. import json
  40. class KeycloakAdmin:
  42. def __init__(self, server_url, username, password, realm_name='master', client_id='admin-cli', verify=True):
  43. """
  45. :param server_url: Keycloak server url
  46. :param username: admin username
  47. :param password: admin password
  48. :param realm_name: realm name
  49. :param client_id: client id
  50. :param verify: True if want check connection SSL
  51. """
  52. self._username = username
  53. self._password = password
  54. self._client_id = client_id
  55. self._realm_name = realm_name
  57. # Get token Admin
  58. keycloak_openid = KeycloakOpenID(server_url=server_url, client_id=client_id, realm_name=realm_name,
  59. verify=verify)
  60. self._token = keycloak_openid.token(username, password)
  62. self._connection = ConnectionManager(base_url=server_url,
  63. headers={'Authorization': 'Bearer ' + self.token.get('access_token'),
  64. 'Content-Type': 'application/json'},
  65. timeout=60,
  66. verify=verify)
  68. @property
  69. def realm_name(self):
  70. return self._realm_name
  72. @realm_name.setter
  73. def realm_name(self, value):
  74. self._realm_name = value
  76. @property
  77. def connection(self):
  78. return self._connection
  80. @connection.setter
  81. def connection(self, value):
  82. self._connection = value
  84. @property
  85. def client_id(self):
  86. return self._client_id
  88. @client_id.setter
  89. def client_id(self, value):
  90. self._client_id = value
  92. @property
  93. def username(self):
  94. return self._username
  96. @username.setter
  97. def username(self, value):
  98. self._username = value
  100. @property
  101. def password(self):
  102. return self._password
  104. @password.setter
  105. def password(self, value):
  106. self._password = value
  108. @property
  109. def token(self):
  110. return self._token
  112. @token.setter
  113. def token(self, value):
  114. self._token = value
  116. def get_users(self, query=None):
  117. """
  118. Get users Returns a list of users, filtered according to query parameters
  120. :return: users list
  121. """
  122. params_path = {"realm-name": self.realm_name}
  123. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query)
  124. return raise_error_from_response(data_raw, KeycloakGetError)
  126. def create_user(self, payload):
  127. """
  128. Create a new user Username must be unique
  130. UserRepresentation
  131. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  133. :param payload: UserRepresentation
  135. :return: UserRepresentation
  136. """
  137. params_path = {"realm-name": self.realm_name}
  138. data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path),
  139. data=json.dumps(payload))
  140. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  142. def users_count(self):
  143. """
  144. User counter
  146. :return: counter
  147. """
  148. params_path = {"realm-name": self.realm_name}
  149. data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path))
  150. return raise_error_from_response(data_raw, KeycloakGetError)
  152. def get_user_id(self, username):
  153. """
  154. Get internal keycloak user id from username
  155. This is required for further actions against this user.
  157. UserRepresentation
  158. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  160. :param username: id in UserRepresentation
  162. :return: user_id
  163. """
  164. params_path = {"realm-name": self.realm_name, "username": username}
  165. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path))
  166. data_content = raise_error_from_response(data_raw, KeycloakGetError)
  168. for user in data_content:
  169. this_use_rname = json.dumps(user["username"]).strip('"')
  170. if this_use_rname == username:
  171. return json.dumps(user["id"]).strip('"')
  173. return None
  175. def get_user(self, user_id):
  176. """
  177. Get representation of the user
  179. :param user_id: User id
  181. UserRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  183. :return: UserRepresentation
  184. """
  185. params_path = {"realm-name": self.realm_name, "id": user_id}
  186. data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path))
  187. return raise_error_from_response(data_raw, KeycloakGetError)
  189. def get_user_groups(self, user_id):
  190. """
  191. Get user groups Returns a list of groups of which the user is a member
  193. :param user_id: User id
  195. :return: user groups list
  196. """
  197. params_path = {"realm-name": self.realm_name, "id": user_id}
  198. data_raw = self.connection.raw_get(URL_ADMIN_USER_GROUPS.format(**params_path))
  199. return raise_error_from_response(data_raw, KeycloakGetError)
  201. def update_user(self, user_id, payload):
  202. """
  203. Update the user
  205. :param user_id: User id
  206. :param payload: UserRepresentation
  208. :return: Http response
  209. """
  210. params_path = {"realm-name": self.realm_name, "id": user_id}
  211. data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path),
  212. data=json.dumps(payload))
  213. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  215. def delete_user(self, user_id):
  216. """
  217. Delete the user
  219. :param user_id: User id
  221. :return: Http response
  222. """
  223. params_path = {"realm-name": self.realm_name, "id": user_id}
  224. data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path))
  225. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  227. def set_user_password(self, user_id, password, temporary=True):
  228. """
  229. Set up a password for the user. If temporary is True, the user will have to reset
  230. the temporary password next time they log in.
  232. http://www.keycloak.org/docs-api/3.2/rest-api/#_users_resource
  233. http://www.keycloak.org/docs-api/3.2/rest-api/#_credentialrepresentation
  235. :param user_id: User id
  236. :param password: New password
  237. :param temporary: True if password is temporary
  239. :return:
  240. """
  241. payload = {"type": "password", "temporary": temporary, "value": password}
  242. params_path = {"realm-name": self.realm_name, "id": user_id}
  243. data_raw = self.connection.raw_put(URL_ADMIN_RESET_PASSWORD.format(**params_path),
  244. data=json.dumps(payload))
  245. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  247. def consents_user(self, user_id):
  248. """
  249. Get consents granted by the user
  251. :param user_id: User id
  253. :return: consents
  254. """
  255. params_path = {"realm-name": self.realm_name, "id": user_id}
  256. data_raw = self.connection.raw_get(URL_ADMIN_USER_CONSENTS.format(**params_path))
  257. return raise_error_from_response(data_raw, KeycloakGetError)
  259. def send_update_account(self, user_id, payload, client_id=None, lifespan=None, redirect_uri=None):
  260. """
  261. Send a update account email to the user An email contains a
  262. link the user can click to perform a set of required actions.
  264. :param user_id:
  265. :param payload:
  266. :param client_id:
  267. :param lifespan:
  268. :param redirect_uri:
  270. :return:
  271. """
  272. params_path = {"realm-name": self.realm_name, "id": user_id}
  273. params_query = {"client_id": client_id, "lifespan": lifespan, "redirect_uri": redirect_uri}
  274. data_raw = self.connection.raw_put(URL_ADMIN_SEND_UPDATE_ACCOUNT.format(**params_path),
  275. data=payload, **params_query)
  276. return raise_error_from_response(data_raw, KeycloakGetError)
  278. def send_verify_email(self, user_id, client_id=None, redirect_uri=None):
  279. """
  280. Send a update account email to the user An email contains a
  281. link the user can click to perform a set of required actions.
  283. :param user_id: User id
  284. :param client_id: Client id
  285. :param redirect_uri: Redirect uri
  287. :return:
  288. """
  289. params_path = {"realm-name": self.realm_name, "id": user_id}
  290. params_query = {"client_id": client_id, "redirect_uri": redirect_uri}
  291. data_raw = self.connection.raw_put(URL_ADMIN_SEND_VERIFY_EMAIL.format(**params_path),
  292. data={}, **params_query)
  293. return raise_error_from_response(data_raw, KeycloakGetError)
  295. def get_sessions(self, user_id):
  296. """
  297. Get sessions associated with the user
  299. :param user_id: id of user
  301. UserSessionRepresentation
  302. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_usersessionrepresentation
  304. :return: UserSessionRepresentation
  305. """
  306. params_path = {"realm-name": self.realm_name, "id": user_id}
  307. data_raw = self.connection.raw_get(URL_ADMIN_GET_SESSIONS.format(**params_path))
  308. return raise_error_from_response(data_raw, KeycloakGetError)
  310. def get_server_info(self):
  311. """
  312. Get themes, social providers, auth providers, and event listeners available on this server
  314. ServerInfoRepresentation
  315. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_serverinforepresentation
  317. :return: ServerInfoRepresentation
  318. """
  319. data_raw = self.connection.raw_get(URL_ADMIN_SERVER_INFO)
  320. return raise_error_from_response(data_raw, KeycloakGetError)
  322. def get_groups(self):
  323. """
  324. Get groups belonging to the realm. Returns a list of groups belonging to the realm
  326. GroupRepresentation
  327. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  329. :return: array GroupRepresentation
  330. """
  331. params_path = {"realm-name": self.realm_name}
  332. data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
  333. return raise_error_from_response(data_raw, KeycloakGetError)
  335. def get_group(self, group_id):
  336. """
  337. Get group by id. Returns full group details
  339. GroupRepresentation
  340. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  342. :return: Keycloak server response (GroupRepresentation)
  343. """
  344. params_path = {"realm-name": self.realm_name, "id": group_id}
  345. data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
  346. return raise_error_from_response(data_raw, KeycloakGetError)
  348. def get_group_by_name(self, name_or_path, search_in_subgroups=False):
  349. """
  350. Get group id based on name or path.
  351. A straight name or path match with a top-level group will return first.
  352. Subgroups are traversed, the first to match path (or name with path) is returned.
  354. GroupRepresentation
  355. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  357. :param name: group name
  358. :param path: group path
  359. :param search_in_subgroups: True if want search in the subgroups
  360. :return: Keycloak server response (GroupRepresentation)
  361. """
  363. groups = self.get_groups()
  365. # TODO: Review this code is necessary
  366. for group in groups:
  367. if group['name'] == name_or_path or group['path'] == name_or_path:
  368. return group
  369. elif search_in_subgroups and group["subGroups"]:
  370. for subgroup in group["subGroups"]:
  371. if subgroup['name'] == name_or_path or subgroup['path'] == name_or_path:
  372. return subgroup
  374. return None
  376. def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None):
  377. """
  378. Create a group in the Realm
  380. GroupRepresentation
  381. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  383. :param name: group name
  384. :param client_roles: (Dict) Client roles to include in groupp # Not demonstrated to work
  385. :param realm_roles: (List) Realm roles to include in group # Not demonstrated to work
  386. :param sub_groups: (List) Subgroups to include in groupp # Not demonstrated to work
  387. :param path: group path
  388. :param parent: parent group's id. Required to create a sub-group.
  390. :return: Keycloak server response (GroupRepresentation)
  391. """
  393. data = {"name": name or path,
  394. "path": path,
  395. "clientRoles": client_roles,
  396. "realmRoles": realm_roles,
  397. "subGroups": sub_groups}
  399. if parent is None:
  400. params_path = {"realm-name": self.realm_name}
  401. data_raw = self.connection.raw_post(URL_ADMIN_GROUPS.format(**params_path),
  402. data=json.dumps(data))
  403. else:
  404. params_path = {"realm-name": self.realm_name, "id": parent}
  405. data_raw = self.connection.raw_post(URL_ADMIN_GROUP_CHILD.format(**params_path),
  406. data=json.dumps(data))
  408. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  410. def group_set_permissions(self, group_id, enabled=True):
  411. """
  412. Enable/Disable permissions for a group. Cannot delete group if disabled
  414. :param group_id: id of group
  415. :param enabled: boolean
  416. :return: Keycloak server response
  417. """
  419. params_path = {"realm-name": self.realm_name, "id": group_id}
  420. data_raw = self.connection.raw_put(URL_ADMIN_GROUP_PERMISSIONS.format(**params_path),
  421. data=json.dumps({"enabled": enabled}))
  422. return raise_error_from_response(data_raw, KeycloakGetError)
  424. def group_user_add(self, user_id, group_id):
  425. """
  426. Add user to group (user_id and group_id)
  428. :param group_id: id of group
  429. :param user_id: id of user
  430. :param group_id: id of group to add to
  431. :return: Keycloak server response
  432. """
  434. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  435. data_raw = self.connection.raw_put(URL_ADMIN_USER_GROUP.format(**params_path), data=None)
  436. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  438. def group_user_remove(self, user_id, group_id):
  439. """
  440. Remove user from group (user_id and group_id)
  442. :param group_id: id of group
  443. :param user_id: id of user
  444. :param group_id: id of group to add to
  445. :return: Keycloak server response
  446. """
  448. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  449. data_raw = self.connection.raw_delete(URL_ADMIN_USER_GROUP.format(**params_path))
  450. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  452. def delete_group(self, group_id):
  453. """
  454. Deletes a group in the Realm
  456. :param group_id: id of group to delete
  457. :return: Keycloak server response
  458. """
  460. params_path = {"realm-name": self.realm_name, "id": group_id}
  461. data_raw = self.connection.raw_delete(URL_ADMIN_GROUP.format(**params_path))
  462. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  464. def get_clients(self):
  465. """
  466. Get clients belonging to the realm Returns a list of clients belonging to the realm
  468. ClientRepresentation
  469. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  471. :return: Keycloak server response (ClientRepresentation)
  472. """
  474. params_path = {"realm-name": self.realm_name}
  475. data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path))
  476. return raise_error_from_response(data_raw, KeycloakGetError)
  478. def get_client(self, client_id):
  479. """
  480. Get representation of the client
  482. ClientRepresentation
  483. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  485. :param client_id: id of client (not client-id)
  486. :return: Keycloak server response (ClientRepresentation)
  487. """
  489. params_path = {"realm-name": self.realm_name, "id": client_id}
  490. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path))
  491. return raise_error_from_response(data_raw, KeycloakGetError)
  493. def get_client_id(self, client_name):
  494. """
  495. Get internal keycloak client id from client-id.
  496. This is required for further actions against this client.
  498. :param client_name: name in ClientRepresentation
  499. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  500. :return: client_id (uuid as string)
  501. """
  503. clients = self.get_clients()
  505. for client in clients:
  506. if client_name == client['name']:
  507. return client["id"]
  509. return None
  511. def create_client(self, payload):
  512. """
  513. Create a client
  515. ClientRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  517. :param payload: ClientRepresentation
  518. :return: Keycloak server response (UserRepresentation)
  519. """
  521. params_path = {"realm-name": self.realm_name}
  522. data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path),
  523. data=json.dumps(payload))
  524. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  526. def delete_client(self, client_id):
  527. """
  528. Get representation of the client
  530. ClientRepresentation
  531. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  533. :param client_id: keycloak client id (not oauth client-id)
  534. :return: Keycloak server response (ClientRepresentation)
  535. """
  537. params_path = {"realm-name": self.realm_name, "id": client_id}
  538. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT.format(**params_path))
  539. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  541. def get_realm_roles(self):
  542. """
  543. Get all roles for the realm or client
  545. RoleRepresentation
  546. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  548. :return: Keycloak server response (RoleRepresentation)
  549. """
  551. params_path = {"realm-name": self.realm_name}
  552. data_raw = self.connection.raw_get(URL_ADMIN_REALM_ROLES.format(**params_path))
  553. return raise_error_from_response(data_raw, KeycloakGetError)
  555. def get_client_roles(self, client_id):
  556. """
  557. Get all roles for the client
  559. :param client_id: id of client (not client-id)
  561. RoleRepresentation
  562. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  564. :return: Keycloak server response (RoleRepresentation)
  565. """
  567. params_path = {"realm-name": self.realm_name, "id": client_id}
  568. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path))
  569. return raise_error_from_response(data_raw, KeycloakGetError)
  571. def get_client_role(self, client_id, role_name):
  572. """
  573. Get client role id by name
  574. This is required for further actions with this role.
  576. :param client_id: id of client (not client-id)
  577. :param role_name: roles name (not id!)
  579. RoleRepresentation
  580. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  582. :return: role_id
  583. """
  584. params_path = {"realm-name": self.realm_name, "id": client_id, "role-name": role_name}
  585. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  586. return raise_error_from_response(data_raw, KeycloakGetError)
  588. def get_client_role_id(self, client_id, role_name):
  589. """
  590. Warning: Deprecated
  592. Get client role id by name
  593. This is required for further actions with this role.
  595. :param client_id: id of client (not client-id)
  596. :param role_name: roles name (not id!)
  598. RoleRepresentation
  599. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  601. :return: role_id
  602. """
  603. role = self.get_client_role(client_id, role_name)
  604. return role.get("id")
  606. def create_client_role(self, payload):
  607. """
  608. Create a client role
  610. RoleRepresentation
  611. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  613. :param payload: id of client (not client-id), role_name: name of role
  614. :return: Keycloak server response (RoleRepresentation)
  615. """
  617. params_path = {"realm-name": self.realm_name, "id": self.client_id}
  618. data_raw = self.connection.raw_post(URL_ADMIN_CLIENT_ROLES.format(**params_path),
  619. data=json.dumps(payload))
  620. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  622. def delete_client_role(self, role_name):
  623. """
  624. Create a client role
  626. RoleRepresentation
  627. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  629. :param role_name: roles name (not id!)
  630. """
  631. params_path = {"realm-name": self.realm_name, "id": self.client_id, "role-name": role_name}
  632. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  633. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  635. def assign_client_role(self, user_id, client_id, roles):
  636. """
  637. Assign a client role to a user
  639. :param client_id: id of client (not client-id)
  640. :param user_id: id of user
  641. :param client_id: id of client containing role,
  642. :param roles: roles list or role (use RoleRepresentation)
  643. :return Keycloak server response
  644. """
  646. payload = roles if isinstance(roles, list) else [roles]
  647. params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
  648. data_raw = self.connection.raw_post(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path),
  649. data=json.dumps(payload))
  650. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  652. def sync_users(self, storage_id, action):
  653. """
  654. Function to trigger user sync from provider
  656. :param storage_id:
  657. :param action:
  658. :return:
  659. """
  660. data = {'action': action}
  661. params_query = {"action": action}
  663. params_path = {"realm-name": self.realm_name, "id": storage_id}
  664. data_raw = self.connection.raw_post(URL_ADMIN_USER_STORAGE.format(**params_path),
  665. data=json.dumps(data), **params_query)
  666. return raise_error_from_response(data_raw, KeycloakGetError)