From e5e0a4193f46289968f3bfbf7f6306b77721fe00 Mon Sep 17 00:00:00 2001 From: Giovanni Colapinto Date: Sat, 14 Apr 2018 12:39:17 +0100 Subject: [PATCH 1/4] Fix bug in get_client_id method. Add get_client_authz_settings method --- keycloak/keycloak_admin.py | 17 +++++++++++++++-- keycloak/urls_patterns.py | 1 + 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index 17e2c12..c006e75 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -21,7 +21,7 @@ from keycloak.urls_patterns import URL_ADMIN_CLIENT_ROLE from .urls_patterns import \ URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \ URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \ - URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \ + URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, URL_ADMIN_CLIENT_AUTHZ_SETTINGS, \ URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\ URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE @@ -491,11 +491,24 @@ class KeycloakAdmin: clients = self.get_clients() for client in clients: - if client_name == client['name']: + if client_name == client.get('name') or client_name == client.get('clientId'): return client["id"] return None + def get_client_authz_settings(self, client_id): + """ + Get authorization json from client. + + :param client_id: id in ClientRepresentation + http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation + :return: Keycloak server response + """ + + params_path = {"realm-name": self.realm_name, "id": client_id} + data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_AUTHZ_SETTINGS.format(**params_path)) + return data_raw + def create_client(self, payload): """ Create a client diff --git a/keycloak/urls_patterns.py b/keycloak/urls_patterns.py index ce593da..9cf2459 100644 --- a/keycloak/urls_patterns.py +++ b/keycloak/urls_patterns.py @@ -47,6 +47,7 @@ URL_ADMIN_CLIENTS = "admin/realms/{realm-name}/clients" URL_ADMIN_CLIENT = "admin/realms/{realm-name}/clients/{id}" URL_ADMIN_CLIENT_ROLES = "admin/realms/{realm-name}/clients/{id}/roles" URL_ADMIN_CLIENT_ROLE = "admin/realms/{realm-name}/clients/{id}/roles/{role-name}" +URL_ADMIN_CLIENT_AUTHZ_SETTINGS = "admin/realms/{realm-name}/clients/{id}/authz/resource-server/settings" URL_ADMIN_REALM_ROLES = "admin/realms/{realm-name}/roles" From f387c973a2107b4b81ee1edf82c643b5d68e7bff Mon Sep 17 00:00:00 2001 From: Giovanni Colapinto Date: Mon, 16 Apr 2018 22:23:54 +0100 Subject: [PATCH 2/4] Add get_client_authz_resources to retrieve resources --- keycloak/keycloak_admin.py | 16 +++++++++++++++- keycloak/keycloak_openid.py | 1 + keycloak/urls_patterns.py | 3 +++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index c006e75..1fc2017 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -21,7 +21,8 @@ from keycloak.urls_patterns import URL_ADMIN_CLIENT_ROLE from .urls_patterns import \ URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \ URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \ - URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, URL_ADMIN_CLIENT_AUTHZ_SETTINGS, \ + URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES, \ + URL_ADMIN_CLIENT_AUTHZ_SETTINGS, URL_ADMIN_CLIENT_AUTHZ_RESOURCES, \ URL_ADMIN_GROUP, URL_ADMIN_GROUPS, URL_ADMIN_GROUP_CHILD, URL_ADMIN_USER_GROUP,\ URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_USER_CLIENT_ROLES, URL_ADMIN_USER_STORAGE @@ -509,6 +510,19 @@ class KeycloakAdmin: data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_AUTHZ_SETTINGS.format(**params_path)) return data_raw + def get_client_authz_resources(self, client_id): + """ + Get authorization json from client. + + :param client_id: id in ClientRepresentation + http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation + :return: Keycloak server response + """ + + params_path = {"realm-name": self.realm_name, "id": client_id} + data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_AUTHZ_RESOURCES.format(**params_path)) + return data_raw + def create_client(self, payload): """ Create a client diff --git a/keycloak/keycloak_openid.py b/keycloak/keycloak_openid.py index f1dcde4..fe43c2d 100644 --- a/keycloak/keycloak_openid.py +++ b/keycloak/keycloak_openid.py @@ -388,3 +388,4 @@ class KeycloakOpenID: permissions += policy.permissions return list(set(permissions)) + diff --git a/keycloak/urls_patterns.py b/keycloak/urls_patterns.py index 9cf2459..792db73 100644 --- a/keycloak/urls_patterns.py +++ b/keycloak/urls_patterns.py @@ -48,7 +48,10 @@ URL_ADMIN_CLIENT = "admin/realms/{realm-name}/clients/{id}" URL_ADMIN_CLIENT_ROLES = "admin/realms/{realm-name}/clients/{id}/roles" URL_ADMIN_CLIENT_ROLE = "admin/realms/{realm-name}/clients/{id}/roles/{role-name}" URL_ADMIN_CLIENT_AUTHZ_SETTINGS = "admin/realms/{realm-name}/clients/{id}/authz/resource-server/settings" +URL_ADMIN_CLIENT_AUTHZ_RESOURCES = "admin/realms/{realm-name}/clients/{id}/authz/resource-server/resource" +URL_ADMIN_CLIENT_CERTS = "admin/realms/{realm-name}/clients/{id}/certificates/{attr}" URL_ADMIN_REALM_ROLES = "admin/realms/{realm-name}/roles" URL_ADMIN_USER_STORAGE = "admin/realms/{realm-name}/user-storage/{id}/sync" + From 50989a99288b1b7dee36f532ea64050dd4c505ba Mon Sep 17 00:00:00 2001 From: Giovanni Colapinto Date: Mon, 16 Apr 2018 22:27:09 +0100 Subject: [PATCH 3/4] Add get_client_authz_resources to retrieve resources --- keycloak/keycloak_admin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index 1fc2017..66b01ef 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -512,7 +512,7 @@ class KeycloakAdmin: def get_client_authz_resources(self, client_id): """ - Get authorization json from client. + Get resources from client. :param client_id: id in ClientRepresentation http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation From 7fdcc5d22aab7d14bf5fbfdc7b860ab881618407 Mon Sep 17 00:00:00 2001 From: Giovanni Colapinto Date: Wed, 23 May 2018 21:10:24 +0200 Subject: [PATCH 4/4] Fix resources issue --- keycloak/authorization/__init__.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/keycloak/authorization/__init__.py b/keycloak/authorization/__init__.py index 4a1d86d..5d55a63 100644 --- a/keycloak/authorization/__init__.py +++ b/keycloak/authorization/__init__.py @@ -75,13 +75,15 @@ class Authorization: self.policies[policy_name].add_permission(permission) if pol['type'] == 'resource': + from pprint import pprint permission = Permission(name=pol['name'], type=pol['type'], logic=pol['logic'], decision_strategy=pol['decisionStrategy']) - permission.resources = ast.literal_eval(pol['config']['resources']) + permission.resources = ast.literal_eval(pol['config'].get('resources', "[]")) for policy_name in ast.literal_eval(pol['config']['applyPolicies']): - self.policies[policy_name].add_permission(permission) + if self.policies.get(policy_name) is not None: + self.policies[policy_name].add_permission(permission)