warricksothr
/
python-keycloak
forked from Mirror/python-keycloak
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
124 Commits
5 Branches
0 Tags
420 KiB
Tree: caf3056229
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'caf3056229'
${ noResults }
python-keycloak/keycloak/keycloak_admin.py

667 lines
25 KiB
Raw Normal View History

Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Fixed new features.
7 years ago
method to get group members
6 years ago
Merge develop
7 years ago
Fixed new features.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docks
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Methods: list users, get user, create user.
7 years ago
Initial commit
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Fixed new features.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
method to get group members
6 years ago
comments
6 years ago
method to get group members
6 years ago
comments
6 years ago
method to get group members
6 years ago
comments
6 years ago
method to get group members
6 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Add sync users function
7 years ago
Added groups functions and client functions. Added Changedlog
7 years ago
Add sync users function
7 years ago
Merge develop
7 years ago
Add sync users function
7 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. # Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the
  19. # internal Keycloak server ID, usually a uuid string
  20. from keycloak.urls_patterns import URL_ADMIN_CLIENT_ROLE
  21. from .urls_patterns import \
  22. URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
  23. URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
  24. URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \
  25. URL_ADMIN_GROUP, URL_ADMIN_GROUP_MEMBERS, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\
  26. URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE
  28. from .keycloak_openid import KeycloakOpenID
  30. from .exceptions import raise_error_from_response, KeycloakGetError
  32. from .urls_patterns import (
  33. URL_ADMIN_USERS,
  34. )
  36. from .connection import ConnectionManager
  37. import json
  40. class KeycloakAdmin:
  42. def __init__(self, server_url, username, password, realm_name='master', client_id='admin-cli', verify=True):
  43. """
  45. :param server_url: Keycloak server url
  46. :param username: admin username
  47. :param password: admin password
  48. :param realm_name: realm name
  49. :param client_id: client id
  50. :param verify: True if want check connection SSL
  51. """
  52. self._username = username
  53. self._password = password
  54. self._client_id = client_id
  55. self._realm_name = realm_name
  57. # Get token Admin
  58. keycloak_openid = KeycloakOpenID(server_url=server_url, client_id=client_id, realm_name=realm_name,
  59. verify=verify)
  60. self._token = keycloak_openid.token(username, password)
  62. self._connection = ConnectionManager(base_url=server_url,
  63. headers={'Authorization': 'Bearer ' + self.token.get('access_token'),
  64. 'Content-Type': 'application/json'},
  65. timeout=60,
  66. verify=verify)
  68. @property
  69. def realm_name(self):
  70. return self._realm_name
  72. @realm_name.setter
  73. def realm_name(self, value):
  74. self._realm_name = value
  76. @property
  77. def connection(self):
  78. return self._connection
  80. @connection.setter
  81. def connection(self, value):
  82. self._connection = value
  84. @property
  85. def client_id(self):
  86. return self._client_id
  88. @client_id.setter
  89. def client_id(self, value):
  90. self._client_id = value
  92. @property
  93. def username(self):
  94. return self._username
  96. @username.setter
  97. def username(self, value):
  98. self._username = value
  100. @property
  101. def password(self):
  102. return self._password
  104. @password.setter
  105. def password(self, value):
  106. self._password = value
  108. @property
  109. def token(self):
  110. return self._token
  112. @token.setter
  113. def token(self, value):
  114. self._token = value
  116. def get_users(self, query=None):
  117. """
  118. Get users Returns a list of users, filtered according to query parameters
  120. :return: users list
  121. """
  122. params_path = {"realm-name": self.realm_name}
  123. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path), **query)
  124. return raise_error_from_response(data_raw, KeycloakGetError)
  126. def create_user(self, payload):
  127. """
  128. Create a new user Username must be unique
  130. UserRepresentation
  131. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  133. :param payload: UserRepresentation
  135. :return: UserRepresentation
  136. """
  137. params_path = {"realm-name": self.realm_name}
  138. data_raw = self.connection.raw_post(URL_ADMIN_USERS.format(**params_path),
  139. data=json.dumps(payload))
  140. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  142. def users_count(self):
  143. """
  144. User counter
  146. :return: counter
  147. """
  148. params_path = {"realm-name": self.realm_name}
  149. data_raw = self.connection.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path))
  150. return raise_error_from_response(data_raw, KeycloakGetError)
  152. def get_user_id(self, username):
  153. """
  154. Get internal keycloak user id from username
  155. This is required for further actions against this user.
  157. UserRepresentation
  158. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  160. :param username: id in UserRepresentation
  162. :return: user_id
  163. """
  164. params_path = {"realm-name": self.realm_name, "username": username}
  165. data_raw = self.connection.raw_get(URL_ADMIN_USERS.format(**params_path))
  166. data_content = raise_error_from_response(data_raw, KeycloakGetError)
  168. for user in data_content:
  169. this_use_rname = json.dumps(user["username"]).strip('"')
  170. if this_use_rname == username:
  171. return json.dumps(user["id"]).strip('"')
  173. return None
  175. def get_user(self, user_id):
  176. """
  177. Get representation of the user
  179. :param user_id: User id
  181. UserRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_userrepresentation
  183. :return: UserRepresentation
  184. """
  185. params_path = {"realm-name": self.realm_name, "id": user_id}
  186. data_raw = self.connection.raw_get(URL_ADMIN_USER.format(**params_path))
  187. return raise_error_from_response(data_raw, KeycloakGetError)
  189. def update_user(self, user_id, payload):
  190. """
  191. Update the user
  193. :param user_id: User id
  194. :param payload: UserRepresentation
  196. :return: Http response
  197. """
  198. params_path = {"realm-name": self.realm_name, "id": user_id}
  199. data_raw = self.connection.raw_put(URL_ADMIN_USER.format(**params_path),
  200. data=json.dumps(payload))
  201. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  203. def delete_user(self, user_id):
  204. """
  205. Delete the user
  207. :param user_id: User id
  209. :return: Http response
  210. """
  211. params_path = {"realm-name": self.realm_name, "id": user_id}
  212. data_raw = self.connection.raw_delete(URL_ADMIN_USER.format(**params_path))
  213. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  215. def set_user_password(self, user_id, password, temporary=True):
  216. """
  217. Set up a password for the user. If temporary is True, the user will have to reset
  218. the temporary password next time they log in.
  220. http://www.keycloak.org/docs-api/3.2/rest-api/#_users_resource
  221. http://www.keycloak.org/docs-api/3.2/rest-api/#_credentialrepresentation
  223. :param user_id: User id
  224. :param password: New password
  225. :param temporary: True if password is temporary
  227. :return:
  228. """
  229. payload = {"type": "password", "temporary": temporary, "value": password}
  230. params_path = {"realm-name": self.realm_name, "id": user_id}
  231. data_raw = self.connection.raw_put(URL_ADMIN_RESET_PASSWORD.format(**params_path),
  232. data=json.dumps(payload))
  233. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  235. def consents_user(self, user_id):
  236. """
  237. Get consents granted by the user
  239. :param user_id: User id
  241. :return: consents
  242. """
  243. params_path = {"realm-name": self.realm_name, "id": user_id}
  244. data_raw = self.connection.raw_get(URL_ADMIN_USER_CONSENTS.format(**params_path))
  245. return raise_error_from_response(data_raw, KeycloakGetError)
  247. def send_update_account(self, user_id, payload, client_id=None, lifespan=None, redirect_uri=None):
  248. """
  249. Send a update account email to the user An email contains a
  250. link the user can click to perform a set of required actions.
  252. :param user_id:
  253. :param payload:
  254. :param client_id:
  255. :param lifespan:
  256. :param redirect_uri:
  258. :return:
  259. """
  260. params_path = {"realm-name": self.realm_name, "id": user_id}
  261. params_query = {"client_id": client_id, "lifespan": lifespan, "redirect_uri": redirect_uri}
  262. data_raw = self.connection.raw_put(URL_ADMIN_SEND_UPDATE_ACCOUNT.format(**params_path),
  263. data=payload, **params_query)
  264. return raise_error_from_response(data_raw, KeycloakGetError)
  266. def send_verify_email(self, user_id, client_id=None, redirect_uri=None):
  267. """
  268. Send a update account email to the user An email contains a
  269. link the user can click to perform a set of required actions.
  271. :param user_id: User id
  272. :param client_id: Client id
  273. :param redirect_uri: Redirect uri
  275. :return:
  276. """
  277. params_path = {"realm-name": self.realm_name, "id": user_id}
  278. params_query = {"client_id": client_id, "redirect_uri": redirect_uri}
  279. data_raw = self.connection.raw_put(URL_ADMIN_SEND_VERIFY_EMAIL.format(**params_path),
  280. data={}, **params_query)
  281. return raise_error_from_response(data_raw, KeycloakGetError)
  283. def get_sessions(self, user_id):
  284. """
  285. Get sessions associated with the user
  287. :param user_id: id of user
  289. UserSessionRepresentation
  290. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_usersessionrepresentation
  292. :return: UserSessionRepresentation
  293. """
  294. params_path = {"realm-name": self.realm_name, "id": user_id}
  295. data_raw = self.connection.raw_get(URL_ADMIN_GET_SESSIONS.format(**params_path))
  296. return raise_error_from_response(data_raw, KeycloakGetError)
  298. def get_server_info(self):
  299. """
  300. Get themes, social providers, auth providers, and event listeners available on this server
  302. ServerInfoRepresentation
  303. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_serverinforepresentation
  305. :return: ServerInfoRepresentation
  306. """
  307. data_raw = self.connection.raw_get(URL_ADMIN_SERVER_INFO)
  308. return raise_error_from_response(data_raw, KeycloakGetError)
  310. def get_groups(self):
  311. """
  312. Get groups belonging to the realm. Returns a list of groups belonging to the realm
  314. GroupRepresentation
  315. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  317. :return: array GroupRepresentation
  318. """
  319. params_path = {"realm-name": self.realm_name}
  320. data_raw = self.connection.raw_get(URL_ADMIN_GROUPS.format(**params_path))
  321. return raise_error_from_response(data_raw, KeycloakGetError)
  323. def get_group(self, group_id):
  324. """
  325. Get group by id. Returns full group details
  327. GroupRepresentation
  328. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  330. :return: Keycloak server response (GroupRepresentation)
  331. """
  332. params_path = {"realm-name": self.realm_name, "id": group_id}
  333. data_raw = self.connection.raw_get(URL_ADMIN_GROUP.format(**params_path))
  334. return raise_error_from_response(data_raw, KeycloakGetError)
  336. def get_group_members(self, group_id):
  337. """
  338. Get members by group id. Returns group members
  340. GroupRepresentation
  341. http://www.keycloak.org/docs-api/3.2/rest-api/#_userrepresentation
  343. :return: Keycloak server response (UserRepresentation)
  344. """
  345. params_path = {"realm-name": self.realm_name, "id": group_id}
  346. data_raw = self.connection.raw_get(URL_ADMIN_GROUP_MEMBERS.format(**params_path))
  347. return raise_error_from_response(data_raw, KeycloakGetError)
  349. def get_group_by_name(self, name_or_path, search_in_subgroups=False):
  350. """
  351. Get group id based on name or path.
  352. A straight name or path match with a top-level group will return first.
  353. Subgroups are traversed, the first to match path (or name with path) is returned.
  355. GroupRepresentation
  356. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  358. :param name: group name
  359. :param path: group path
  360. :param search_in_subgroups: True if want search in the subgroups
  361. :return: Keycloak server response (GroupRepresentation)
  362. """
  364. groups = self.get_groups()
  366. # TODO: Review this code is necessary
  367. for group in groups:
  368. if group['name'] == name_or_path or group['path'] == name_or_path:
  369. return group
  370. elif search_in_subgroups and group["subGroups"]:
  371. for subgroup in group["subGroups"]:
  372. if subgroup['name'] == name_or_path or subgroup['path'] == name_or_path:
  373. return subgroup
  375. return None
  377. def create_group(self, name=None, client_roles={}, realm_roles=[], sub_groups=[], path=None, parent=None):
  378. """
  379. Create a group in the Realm
  381. GroupRepresentation
  382. http://www.keycloak.org/docs-api/3.2/rest-api/#_grouprepresentation
  384. :param name: group name
  385. :param client_roles: (Dict) Client roles to include in groupp # Not demonstrated to work
  386. :param realm_roles: (List) Realm roles to include in group # Not demonstrated to work
  387. :param sub_groups: (List) Subgroups to include in groupp # Not demonstrated to work
  388. :param path: group path
  389. :param parent: parent group's id. Required to create a sub-group.
  391. :return: Keycloak server response (GroupRepresentation)
  392. """
  394. data = {"name": name or path,
  395. "path": path,
  396. "clientRoles": client_roles,
  397. "realmRoles": realm_roles,
  398. "subGroups": sub_groups}
  400. if parent is None:
  401. params_path = {"realm-name": self.realm_name}
  402. data_raw = self.connection.raw_post(URL_ADMIN_GROUPS.format(**params_path),
  403. data=json.dumps(data))
  404. else:
  405. params_path = {"realm-name": self.realm_name, "id": parent}
  406. data_raw = self.connection.raw_post(URL_ADMIN_GROUP_CHILD.format(**params_path),
  407. data=json.dumps(data))
  409. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  411. def group_set_permissions(self, group_id, enabled=True):
  412. """
  413. Enable/Disable permissions for a group. Cannot delete group if disabled
  415. :param group_id: id of group
  416. :param enabled: boolean
  417. :return: Keycloak server response
  418. """
  420. params_path = {"realm-name": self.realm_name, "id": group_id}
  421. data_raw = self.connection.raw_put(URL_ADMIN_GROUP_PERMISSIONS.format(**params_path),
  422. data=json.dumps({"enabled": enabled}))
  423. return raise_error_from_response(data_raw, KeycloakGetError)
  425. def group_user_add(self, user_id, group_id):
  426. """
  427. Add user to group (user_id and group_id)
  429. :param group_id: id of group
  430. :param user_id: id of user
  431. :param group_id: id of group to add to
  432. :return: Keycloak server response
  433. """
  435. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  436. data_raw = self.connection.raw_put(URL_ADMIN_USER_GROUP.format(**params_path), data=None)
  437. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  439. def group_user_remove(self, user_id, group_id):
  440. """
  441. Remove user from group (user_id and group_id)
  443. :param group_id: id of group
  444. :param user_id: id of user
  445. :param group_id: id of group to add to
  446. :return: Keycloak server response
  447. """
  449. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  450. data_raw = self.connection.raw_delete(URL_ADMIN_USER_GROUP.format(**params_path))
  451. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  453. def delete_group(self, group_id):
  454. """
  455. Deletes a group in the Realm
  457. :param group_id: id of group to delete
  458. :return: Keycloak server response
  459. """
  461. params_path = {"realm-name": self.realm_name, "id": group_id}
  462. data_raw = self.connection.raw_delete(URL_ADMIN_GROUP.format(**params_path))
  463. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  465. def get_clients(self):
  466. """
  467. Get clients belonging to the realm Returns a list of clients belonging to the realm
  469. ClientRepresentation
  470. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  472. :return: Keycloak server response (ClientRepresentation)
  473. """
  475. params_path = {"realm-name": self.realm_name}
  476. data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path))
  477. return raise_error_from_response(data_raw, KeycloakGetError)
  479. def get_client(self, client_id):
  480. """
  481. Get representation of the client
  483. ClientRepresentation
  484. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  486. :param client_id: id of client (not client-id)
  487. :return: Keycloak server response (ClientRepresentation)
  488. """
  490. params_path = {"realm-name": self.realm_name, "id": client_id}
  491. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path))
  492. return raise_error_from_response(data_raw, KeycloakGetError)
  494. def get_client_id(self, client_name):
  495. """
  496. Get internal keycloak client id from client-id.
  497. This is required for further actions against this client.
  499. :param client_name: name in ClientRepresentation
  500. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  501. :return: client_id (uuid as string)
  502. """
  504. clients = self.get_clients()
  506. for client in clients:
  507. if client_name == client['name']:
  508. return client["id"]
  510. return None
  512. def create_client(self, payload):
  513. """
  514. Create a client
  516. ClientRepresentation: http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  518. :param payload: ClientRepresentation
  519. :return: Keycloak server response (UserRepresentation)
  520. """
  522. params_path = {"realm-name": self.realm_name}
  523. data_raw = self.connection.raw_post(URL_ADMIN_CLIENTS.format(**params_path),
  524. data=json.dumps(payload))
  525. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  527. def delete_client(self, client_id):
  528. """
  529. Get representation of the client
  531. ClientRepresentation
  532. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
  534. :param client_id: keycloak client id (not oauth client-id)
  535. :return: Keycloak server response (ClientRepresentation)
  536. """
  538. params_path = {"realm-name": self.realm_name, "id": client_id}
  539. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT.format(**params_path))
  540. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  542. def get_realm_roles(self):
  543. """
  544. Get all roles for the realm or client
  546. RoleRepresentation
  547. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  549. :return: Keycloak server response (RoleRepresentation)
  550. """
  552. params_path = {"realm-name": self.realm_name}
  553. data_raw = self.connection.raw_get(URL_ADMIN_REALM_ROLES.format(**params_path))
  554. return raise_error_from_response(data_raw, KeycloakGetError)
  556. def get_client_roles(self, client_id):
  557. """
  558. Get all roles for the client
  560. :param client_id: id of client (not client-id)
  562. RoleRepresentation
  563. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  565. :return: Keycloak server response (RoleRepresentation)
  566. """
  568. params_path = {"realm-name": self.realm_name, "id": client_id}
  569. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path))
  570. return raise_error_from_response(data_raw, KeycloakGetError)
  572. def get_client_role(self, client_id, role_name):
  573. """
  574. Get client role id by name
  575. This is required for further actions with this role.
  577. :param client_id: id of client (not client-id)
  578. :param role_name: roles name (not id!)
  580. RoleRepresentation
  581. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  583. :return: role_id
  584. """
  585. params_path = {"realm-name": self.realm_name, "id": client_id, "role-name": role_name}
  586. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  587. return raise_error_from_response(data_raw, KeycloakGetError)
  589. def get_client_role_id(self, client_id, role_name):
  590. """
  591. Warning: Deprecated
  593. Get client role id by name
  594. This is required for further actions with this role.
  596. :param client_id: id of client (not client-id)
  597. :param role_name: roles name (not id!)
  599. RoleRepresentation
  600. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  602. :return: role_id
  603. """
  604. role = self.get_client_role(client_id, role_name)
  605. return role.get("id")
  607. def create_client_role(self, payload):
  608. """
  609. Create a client role
  611. RoleRepresentation
  612. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  614. :param payload: id of client (not client-id), role_name: name of role
  615. :return: Keycloak server response (RoleRepresentation)
  616. """
  618. params_path = {"realm-name": self.realm_name, "id": self.client_id}
  619. data_raw = self.connection.raw_post(URL_ADMIN_CLIENT_ROLES.format(**params_path),
  620. data=json.dumps(payload))
  621. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
  623. def delete_client_role(self, role_name):
  624. """
  625. Create a client role
  627. RoleRepresentation
  628. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
  630. :param role_name: roles name (not id!)
  631. """
  632. params_path = {"realm-name": self.realm_name, "id": self.client_id, "role-name": role_name}
  633. data_raw = self.connection.raw_delete(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  634. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  636. def assign_client_role(self, user_id, client_id, roles):
  637. """
  638. Assign a client role to a user
  640. :param client_id: id of client (not client-id)
  641. :param user_id: id of user
  642. :param client_id: id of client containing role,
  643. :param roles: roles list or role (use RoleRepresentation)
  644. :return Keycloak server response
  645. """
  647. payload = roles if isinstance(roles, list) else [roles]
  648. params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
  649. data_raw = self.connection.raw_post(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path),
  650. data=json.dumps(payload))
  651. return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)
  653. def sync_users(self, storage_id, action):
  654. """
  655. Function to trigger user sync from provider
  657. :param storage_id:
  658. :param action:
  659. :return:
  660. """
  661. data = {'action': action}
  662. params_query = {"action": action}
  664. params_path = {"realm-name": self.realm_name, "id": storage_id}
  665. data_raw = self.connection.raw_post(URL_ADMIN_USER_STORAGE.format(**params_path),
  666. data=json.dumps(data), **params_query)
  667. return raise_error_from_response(data_raw, KeycloakGetError)