warricksothr
/
python-keycloak
forked from Mirror/python-keycloak
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
126 Commits
5 Branches
0 Tags
420 KiB
Tree: 7fdcc5d22a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7fdcc5d22a'
${ noResults }
python-keycloak/keycloak/keycloak_admin.py

681 lines
25 KiB
Raw Normal View History

Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
Merge develop
7 years ago
Fixed new features.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docks
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Methods: list users, get user, create user.
7 years ago
Initial commit
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Fixed new features.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Fix bug in get_client_id method. Add get_client_authz_settings method
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Fix bug in get_client_id method. Add get_client_authz_settings method
7 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add sync users function
7 years ago
Added groups functions and client functions. Added Changedlog
7 years ago
Add sync users function
7 years ago
Merge develop
7 years ago
Add sync users function
7 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. # Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the
  19. # internal Keycloak server ID, usually a uuid string
  20. from keycloak.urls_patterns import URL_ADMIN_CLIENT_ROLE
  21. from .urls_patterns import \
  22. URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
  23. URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
  24. URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \
  25. URL_ADMIN_CLIENT_AUTHZ_SETTINGS, URL_ADMIN_CLIENT_AUTHZ_RESOURCES, \
  26. URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\
  27. URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE
  29. from .keycloak_openid import KeycloakOpenID
  31. from .exceptions import raise_error_from_response, KeycloakGetError
  33. from .urls_patterns import (
  34. URL_ADMIN_USERS,
  35. )
  37. from .connection import ConnectionManager
  38. import json
  41. class KeycloakAdmin:
  43. def __init__(self, server_url, username, password, realm_name='master', client_id='admin-cli', verify=True):
  44. """
  46. :param server_url: Keycloak server url
  47. :param username: admin username
  48. :param password: admin password
  49. :param realm_name: realm name
  50. :param client_id: client id
  51. :param verify: True if want check connection SSL
  52. """
  53. self._username = username
  54. self._password = password
  55. self._client_id = client_id
  56. self._realm_name = realm_name
  58. # Get token Admin
  59. keycloak_openid = KeycloakOpenID(server_url=server_url, client_id=client_id, realm_name=realm_name,
  60. verify=verify)
  61. self._token = keycloak_openid.token(username, password)
  63. self._connection = ConnectionManager(base_url=server_url,
  64. headers={'Authorization': 'Bearer ' + self.token.get('access_token'),
  65. 'Content-Type': 'application/json'},
  66. timeout=60,
  67. verify=verify)
  69. @property
  70. def realm_name(self):
  71. return self._realm_name
  73. @realm_name.setter
  74. def realm_name(self, value):
  75. self._realm_name = value
  77. @property
  78. def connection(self):
  79. return self._connection
  81. @connection.setter
  82. def connection(self, value):
  83. self._connection = value
  85. @property
  86. def client_id(self):
  87. return self._client_id
  89. @client_id.setter
  90. def client_id(self, value):
  91. self._client_id = value
  93. @property
  94. def username(self):
  95. return self._username
  97. @username.setter
  98. def username(self, value):
  99. self._username = value
  101. @property
  102. def password(self):
  103. return self._password
  105. @password.setter
  106. def password(self, value):
  107. self._password = value
  109. @property
  110. def token(self):
  111. return self._token
  113. @token.setter
  114. def token(self, value):
  115. self._token = value
  117. def get_users(self, query=None):
  118. """
  119. Get users Returns a list of users, filtered according to query parameters
  121. :return: users list
  122. """
  123. params_path = {"realm-name": self.realm_name}
  124. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query)
  125. return raise_error_from_response(data_raw, KeycloakGetError)
  127. def create_user(self, payload):
  128. """
  129. Create a new user Username must be unique
  131. UserRepresentation
  132. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  134. :param payload: UserRepresentation
  136. :return: UserRepresentation
  137. """
  138. params_path = {"realm-name": self.realm_name}
  139. data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path),
  140. data=json.dumps(payload))
  141. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  143. def users_count(self):
  144. """
  145. User counter
  147. :return: counter
  148. """
  149. params_path = {"realm-name": self.realm_name}
  150. data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path))
  151. return raise_error_from_response(data_raw, KeycloakGetError)
  153. def get_user_id(self, username):
  154. """
  155. Get internal keycloak user id from username
  156. This is required for further actions against this user.
  158. UserRepresentation
  159. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  161. :param username: id in UserRepresentation
  163. :return: user_id
  164. """
  165. params_path = {"realm-name": self.realm_name, "username": username}
  166. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path))
  167. data_content = raise_error_from_response(data_raw, KeycloakGetError)
  169. for user in data_content:
  170. this_use_rname = json.dumps(user["username"]).strip('"')
  171. if this_use_rname == username:
  172. return json.dumps(user["id"]).strip('"')
  174. return None
  176. def get_user(self, user_id):
  177. """
  178. Get representation of the user
  180. :param user_id: User id
  182. UserRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  184. :return: UserRepresentation
  185. """
  186. params_path = {"realm-name": self.realm_name, "id": user_id}
  187. data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path))
  188. return raise_error_from_response(data_raw, KeycloakGetError)
  190. def update_user(self, user_id, payload):
  191. """
  192. Update the user
  194. :param user_id: User id
  195. :param payload: UserRepresentation
  197. :return: Http response
  198. """
  199. params_path = {"realm-name": self.realm_name, "id": user_id}
  200. data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path),
  201. data=json.dumps(payload))
  202. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  204. def delete_user(self, user_id):
  205. """
  206. Delete the user
  208. :param user_id: User id
  210. :return: Http response
  211. """
  212. params_path = {"realm-name": self.realm_name, "id": user_id}
  213. data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path))
  214. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  216. def set_user_password(self, user_id, password, temporary=True):
  217. """
  218. Set up a password for the user. If temporary is True, the user will have to reset
  219. the temporary password next time they log in.
  221. http://www.keycloak.org/docs-api/3.2/rest-api/#_users_resource
  222. http://www.keycloak.org/docs-api/3.2/rest-api/#_credentialrepresentation
  224. :param user_id: User id
  225. :param password: New password
  226. :param temporary: True if password is temporary
  228. :return:
  229. """
  230. payload = {"type": "password", "temporary": temporary, "value": password}
  231. params_path = {"realm-name": self.realm_name, "id": user_id}
  232. data_raw = self.connection.raw_put(URL_ADMIN_RESET_PASSWORD.format(**params_path),
  233. data=json.dumps(payload))
  234. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  236. def consents_user(self, user_id):
  237. """
  238. Get consents granted by the user
  240. :param user_id: User id
  242. :return: consents
  243. """
  244. params_path = {"realm-name": self.realm_name, "id": user_id}
  245. data_raw = self.connection.raw_get(URL_ADMIN_USER_CONSENTS.format(**params_path))
  246. return raise_error_from_response(data_raw, KeycloakGetError)
  248. def send_update_account(self, user_id, payload, client_id=None, lifespan=None, redirect_uri=None):
  249. """
  250. Send a update account email to the user An email contains a
  251. link the user can click to perform a set of required actions.
  253. :param user_id:
  254. :param payload:
  255. :param client_id:
  256. :param lifespan:
  257. :param redirect_uri:
  259. :return:
  260. """
  261. params_path = {"realm-name": self.realm_name, "id": user_id}
  262. params_query = {"client_id": client_id, "lifespan": lifespan, "redirect_uri": redirect_uri}
  263. data_raw = self.connection.raw_put(URL_ADMIN_SEND_UPDATE_ACCOUNT.format(**params_path),
  264. data=payload, **params_query)
  265. return raise_error_from_response(data_raw, KeycloakGetError)
  267. def send_verify_email(self, user_id, client_id=None, redirect_uri=None):
  268. """
  269. Send a update account email to the user An email contains a
  270. link the user can click to perform a set of required actions.
  272. :param user_id: User id
  273. :param client_id: Client id
  274. :param redirect_uri: Redirect uri
  276. :return:
  277. """
  278. params_path = {"realm-name": self.realm_name, "id": user_id}
  279. params_query = {"client_id": client_id, "redirect_uri": redirect_uri}
  280. data_raw = self.connection.raw_put(URL_ADMIN_SEND_VERIFY_EMAIL.format(**params_path),
  281. data={}, **params_query)
  282. return raise_error_from_response(data_raw, KeycloakGetError)
  284. def get_sessions(self, user_id):
  285. """
  286. Get sessions associated with the user
  288. :param user_id: id of user
  290. UserSessionRepresentation
  291. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_usersessionrepresentation
  293. :return: UserSessionRepresentation
  294. """
  295. params_path = {"realm-name": self.realm_name, "id": user_id}
  296. data_raw = self.connection.raw_get(URL_ADMIN_GET_SESSIONS.format(**params_path))
  297. return raise_error_from_response(data_raw, KeycloakGetError)
  299. def get_server_info(self):
  300. """
  301. Get themes, social providers, auth providers, and event listeners available on this server
  303. ServerInfoRepresentation
  304. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_serverinforepresentation
  306. :return: ServerInfoRepresentation
  307. """
  308. data_raw = self.connection.raw_get(URL_ADMIN_SERVER_INFO)
  309. return raise_error_from_response(data_raw, KeycloakGetError)
  311. def get_groups(self):
  312. """
  313. Get groups belonging to the realm. Returns a list of groups belonging to the realm
  315. GroupRepresentation
  316. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  318. :return: array GroupRepresentation
  319. """
  320. params_path = {"realm-name": self.realm_name}
  321. data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
  322. return raise_error_from_response(data_raw, KeycloakGetError)
  324. def get_group(self, group_id):
  325. """
  326. Get group by id. Returns full group details
  328. GroupRepresentation
  329. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  331. :return: Keycloak server response (GroupRepresentation)
  332. """
  333. params_path = {"realm-name": self.realm_name, "id": group_id}
  334. data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
  335. return raise_error_from_response(data_raw, KeycloakGetError)
  337. def get_group_by_name(self, name_or_path, search_in_subgroups=False):
  338. """
  339. Get group id based on name or path.
  340. A straight name or path match with a top-level group will return first.
  341. Subgroups are traversed, the first to match path (or name with path) is returned.
  343. GroupRepresentation
  344. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  346. :param name: group name
  347. :param path: group path
  348. :param search_in_subgroups: True if want search in the subgroups
  349. :return: Keycloak server response (GroupRepresentation)
  350. """
  352. groups = self.get_groups()
  354. # TODO: Review this code is necessary
  355. for group in groups:
  356. if group['name'] == name_or_path or group['path'] == name_or_path:
  357. return group
  358. elif search_in_subgroups and group["subGroups"]:
  359. for subgroup in group["subGroups"]:
  360. if subgroup['name'] == name_or_path or subgroup['path'] == name_or_path:
  361. return subgroup
  363. return None
  365. def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None):
  366. """
  367. Create a group in the Realm
  369. GroupRepresentation
  370. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  372. :param name: group name
  373. :param client_roles: (Dict) Client roles to include in groupp # Not demonstrated to work
  374. :param realm_roles: (List) Realm roles to include in group # Not demonstrated to work
  375. :param sub_groups: (List) Subgroups to include in groupp # Not demonstrated to work
  376. :param path: group path
  377. :param parent: parent group's id. Required to create a sub-group.
  379. :return: Keycloak server response (GroupRepresentation)
  380. """
  382. data = {"name": name or path,
  383. "path": path,
  384. "clientRoles": client_roles,
  385. "realmRoles": realm_roles,
  386. "subGroups": sub_groups}
  388. if parent is None:
  389. params_path = {"realm-name": self.realm_name}
  390. data_raw = self.connection.raw_post(URL_ADMIN_GROUPS.format(**params_path),
  391. data=json.dumps(data))
  392. else:
  393. params_path = {"realm-name": self.realm_name, "id": parent}
  394. data_raw = self.connection.raw_post(URL_ADMIN_GROUP_CHILD.format(**params_path),
  395. data=json.dumps(data))
  397. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  399. def group_set_permissions(self, group_id, enabled=True):
  400. """
  401. Enable/Disable permissions for a group. Cannot delete group if disabled
  403. :param group_id: id of group
  404. :param enabled: boolean
  405. :return: Keycloak server response
  406. """
  408. params_path = {"realm-name": self.realm_name, "id": group_id}
  409. data_raw = self.connection.raw_put(URL_ADMIN_GROUP_PERMISSIONS.format(**params_path),
  410. data=json.dumps({"enabled": enabled}))
  411. return raise_error_from_response(data_raw, KeycloakGetError)
  413. def group_user_add(self, user_id, group_id):
  414. """
  415. Add user to group (user_id and group_id)
  417. :param group_id: id of group
  418. :param user_id: id of user
  419. :param group_id: id of group to add to
  420. :return: Keycloak server response
  421. """
  423. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  424. data_raw = self.connection.raw_put(URL_ADMIN_USER_GROUP.format(**params_path), data=None)
  425. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  427. def group_user_remove(self, user_id, group_id):
  428. """
  429. Remove user from group (user_id and group_id)
  431. :param group_id: id of group
  432. :param user_id: id of user
  433. :param group_id: id of group to add to
  434. :return: Keycloak server response
  435. """
  437. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  438. data_raw = self.connection.raw_delete(URL_ADMIN_USER_GROUP.format(**params_path))
  439. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  441. def delete_group(self, group_id):
  442. """
  443. Deletes a group in the Realm
  445. :param group_id: id of group to delete
  446. :return: Keycloak server response
  447. """
  449. params_path = {"realm-name": self.realm_name, "id": group_id}
  450. data_raw = self.connection.raw_delete(URL_ADMIN_GROUP.format(**params_path))
  451. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  453. def get_clients(self):
  454. """
  455. Get clients belonging to the realm Returns a list of clients belonging to the realm
  457. ClientRepresentation
  458. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  460. :return: Keycloak server response (ClientRepresentation)
  461. """
  463. params_path = {"realm-name": self.realm_name}
  464. data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path))
  465. return raise_error_from_response(data_raw, KeycloakGetError)
  467. def get_client(self, client_id):
  468. """
  469. Get representation of the client
  471. ClientRepresentation
  472. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  474. :param client_id: id of client (not client-id)
  475. :return: Keycloak server response (ClientRepresentation)
  476. """
  478. params_path = {"realm-name": self.realm_name, "id": client_id}
  479. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path))
  480. return raise_error_from_response(data_raw, KeycloakGetError)
  482. def get_client_id(self, client_name):
  483. """
  484. Get internal keycloak client id from client-id.
  485. This is required for further actions against this client.
  487. :param client_name: name in ClientRepresentation
  488. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  489. :return: client_id (uuid as string)
  490. """
  492. clients = self.get_clients()
  494. for client in clients:
  495. if client_name == client.get('name') or client_name == client.get('clientId'):
  496. return client["id"]
  498. return None
  500. def get_client_authz_settings(self, client_id):
  501. """
  502. Get authorization json from client.
  504. :param client_id: id in ClientRepresentation
  505. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  506. :return: Keycloak server response
  507. """
  509. params_path = {"realm-name": self.realm_name, "id": client_id}
  510. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_AUTHZ_SETTINGS.format(**params_path))
  511. return data_raw
  513. def get_client_authz_resources(self, client_id):
  514. """
  515. Get resources from client.
  517. :param client_id: id in ClientRepresentation
  518. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  519. :return: Keycloak server response
  520. """
  522. params_path = {"realm-name": self.realm_name, "id": client_id}
  523. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_AUTHZ_RESOURCES.format(**params_path))
  524. return data_raw
  526. def create_client(self, payload):
  527. """
  528. Create a client
  530. ClientRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  532. :param payload: ClientRepresentation
  533. :return: Keycloak server response (UserRepresentation)
  534. """
  536. params_path = {"realm-name": self.realm_name}
  537. data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path),
  538. data=json.dumps(payload))
  539. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  541. def delete_client(self, client_id):
  542. """
  543. Get representation of the client
  545. ClientRepresentation
  546. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  548. :param client_id: keycloak client id (not oauth client-id)
  549. :return: Keycloak server response (ClientRepresentation)
  550. """
  552. params_path = {"realm-name": self.realm_name, "id": client_id}
  553. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT.format(**params_path))
  554. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  556. def get_realm_roles(self):
  557. """
  558. Get all roles for the realm or client
  560. RoleRepresentation
  561. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  563. :return: Keycloak server response (RoleRepresentation)
  564. """
  566. params_path = {"realm-name": self.realm_name}
  567. data_raw = self.connection.raw_get(URL_ADMIN_REALM_ROLES.format(**params_path))
  568. return raise_error_from_response(data_raw, KeycloakGetError)
  570. def get_client_roles(self, client_id):
  571. """
  572. Get all roles for the client
  574. :param client_id: id of client (not client-id)
  576. RoleRepresentation
  577. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  579. :return: Keycloak server response (RoleRepresentation)
  580. """
  582. params_path = {"realm-name": self.realm_name, "id": client_id}
  583. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path))
  584. return raise_error_from_response(data_raw, KeycloakGetError)
  586. def get_client_role(self, client_id, role_name):
  587. """
  588. Get client role id by name
  589. This is required for further actions with this role.
  591. :param client_id: id of client (not client-id)
  592. :param role_name: roles name (not id!)
  594. RoleRepresentation
  595. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  597. :return: role_id
  598. """
  599. params_path = {"realm-name": self.realm_name, "id": client_id, "role-name": role_name}
  600. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  601. return raise_error_from_response(data_raw, KeycloakGetError)
  603. def get_client_role_id(self, client_id, role_name):
  604. """
  605. Warning: Deprecated
  607. Get client role id by name
  608. This is required for further actions with this role.
  610. :param client_id: id of client (not client-id)
  611. :param role_name: roles name (not id!)
  613. RoleRepresentation
  614. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  616. :return: role_id
  617. """
  618. role = self.get_client_role(client_id, role_name)
  619. return role.get("id")
  621. def create_client_role(self, payload):
  622. """
  623. Create a client role
  625. RoleRepresentation
  626. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  628. :param payload: id of client (not client-id), role_name: name of role
  629. :return: Keycloak server response (RoleRepresentation)
  630. """
  632. params_path = {"realm-name": self.realm_name, "id": self.client_id}
  633. data_raw = self.connection.raw_post(URL_ADMIN_CLIENT_ROLES.format(**params_path),
  634. data=json.dumps(payload))
  635. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  637. def delete_client_role(self, role_name):
  638. """
  639. Create a client role
  641. RoleRepresentation
  642. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  644. :param role_name: roles name (not id!)
  645. """
  646. params_path = {"realm-name": self.realm_name, "id": self.client_id, "role-name": role_name}
  647. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  648. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  650. def assign_client_role(self, user_id, client_id, roles):
  651. """
  652. Assign a client role to a user
  654. :param client_id: id of client (not client-id)
  655. :param user_id: id of user
  656. :param client_id: id of client containing role,
  657. :param roles: roles list or role (use RoleRepresentation)
  658. :return Keycloak server response
  659. """
  661. payload = roles if isinstance(roles, list) else [roles]
  662. params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
  663. data_raw = self.connection.raw_post(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path),
  664. data=json.dumps(payload))
  665. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  667. def sync_users(self, storage_id, action):
  668. """
  669. Function to trigger user sync from provider
  671. :param storage_id:
  672. :param action:
  673. :return:
  674. """
  675. data = {'action': action}
  676. params_query = {"action": action}
  678. params_path = {"realm-name": self.realm_name, "id": storage_id}
  679. data_raw = self.connection.raw_post(URL_ADMIN_USER_STORAGE.format(**params_path),
  680. data=json.dumps(data), **params_query)
  681. return raise_error_from_response(data_raw, KeycloakGetError)