From 13b1ab617c6e844086edacbe7b90e3379075a9e9 Mon Sep 17 00:00:00 2001 From: Daniel Pimenta <105205108+daniel-pimenta-DME@users.noreply.github.com> Date: Mon, 16 Oct 2023 18:02:37 +0100 Subject: [PATCH] Release (#24) * Fix develop dockerfile * Change keycloak urls * Fix develop workflow tag * Fix production workflow * Change log message * Change config * Add health check * Fix health check * Add ready health endpoint * Fix issue * Change workflow filenames * Eoepca 910 um keycloak develop an identity api based on keycloak api (#17) * feat: policies endpoints added, not completely * feat: working on update policies * feat: all remaining added, still policy update not working, create and update scope based permission not working * feat: last resource permissions endpoints added and working * fix: changed pyyaml version from 5.4.1 to 5.3.1 * feat: endpoints changed * Update README * Update config * Update config * Update config * Api testing (#18) * feat: added client_id as param to enpoints and other fixes * added changes for permissions endpoints * Update ci * Update ci * Release v1.0.0 * Fix ci * Fix requirements * Fix ci * Upgrade flask version * Update requirements * feat: added error handling (#23) --------- Co-authored-by: flaviorosadme <82375986+flaviorosadme@users.noreply.github.com> --- src/blueprints/permissions.py | 52 +++++++++++++++++--- src/blueprints/policies.py | 93 ++++++++++++++++++++++++++++++----- src/blueprints/resources.py | 44 +++++++++++++++-- 3 files changed, 166 insertions(+), 23 deletions(-) diff --git a/src/blueprints/permissions.py b/src/blueprints/permissions.py index 1f6bc86..4f0b27e 100644 --- a/src/blueprints/permissions.py +++ b/src/blueprints/permissions.py @@ -1,4 +1,5 @@ from flask import Blueprint, request +from keycloak import KeycloakGetError, KeycloakPostError, KeycloakPutError def construct_blueprint(keycloak_client): @@ -7,15 +8,33 @@ def construct_blueprint(keycloak_client): @permissions.route("//permissions", methods=["GET"]) def get_client_authz_permissions(client_id: str): - return keycloak_client.get_client_authz_permissions(client_id) + try: + response = keycloak_client.get_client_authz_permissions(client_id) + return response + except KeycloakGetError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @permissions.route("//permissions/management", methods=["GET"]) def get_client_management_permissions(client_id: str): - return keycloak_client.get_client_management_permissions(client_id) + try: + response = keycloak_client.get_client_management_permissions(client_id) + return response + except KeycloakGetError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @permissions.route("//permissions/resources", methods=["GET"]) def get_client_resource_permissions(client_id: str): - return keycloak_client.get_client_resource_permissions(client_id) + try: + response = keycloak_client.get_client_resource_permissions(client_id) + return response + except KeycloakGetError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) #@permissions.route("/client_authz_scope_permissions//", methods=["GET"]) #def get_client_authz_scope_permissions(client_id: str, scope_id: str): @@ -29,21 +48,42 @@ def get_client_resource_permissions(client_id: str): @permissions.route("//permissions/resources", methods=["POST"]) def create_client_authz_resource_based_permission(client_id: str): payload = request.get_json() - return keycloak_client.create_client_authz_resource_based_permission(client_id, payload) + try: + response = keycloak_client.create_client_authz_resource_based_permission(client_id, payload) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @permissions.route("//permissions/management", methods=["PUT"]) def update_client_management_permissions(client_id: str): payload = request.get_json() - return keycloak_client.update_client_management_permissions(client_id, payload) + try: + response = keycloak_client.update_client_management_permissions(client_id, payload) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @permissions.route("//permissions/resources/", methods=["PUT"]) def update_client_authz_resource_permission(client_id: str, permission_id): payload = request.get_json() - return keycloak_client.update_client_authz_resource_permission(client_id, payload, permission_id) + try: + response = keycloak_client.update_client_authz_resource_permission(client_id, payload, permission_id) + return response + except KeycloakPutError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) #@permissions.route("//permissions/scopes/", methods=["PUT"]) #def update_client_authz_scope_permissions(client_id: str, scope_id): # payload = request.get_json() # return keycloak_client.update_client_authz_scope_permission(client_id, payload, scope_id) + def custom_error(message, status_code): + return message, status_code + return permissions diff --git a/src/blueprints/policies.py b/src/blueprints/policies.py index 71d5670..d0d8f0e 100644 --- a/src/blueprints/policies.py +++ b/src/blueprints/policies.py @@ -1,4 +1,5 @@ from flask import Blueprint, request +from keycloak import KeycloakDeleteError, KeycloakGetError, KeycloakPostError, KeycloakPutError def construct_blueprint(keycloak_client): @@ -18,40 +19,82 @@ def construct_blueprint(keycloak_client): @policies.route("//policies", methods=["GET"]) def get_client_authz_policies(client_id: str): - return keycloak_client.get_client_authz_policies(client_id) + try: + response = keycloak_client.get_client_authz_policies(client_id) + return response + except KeycloakGetError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) # --------------- POST ----------------- @policies.route("//policies/client", methods=["POST"]) def create_client_policy(client_id: str): policy = request.get_json() - return keycloak_client.register_client_policy(policy, client_id) + try: + response = keycloak_client.register_client_policy(policy, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @policies.route("//policies/aggregated", methods = ["POST"]) def create_aggregated_policy(client_id: str): policy = request.get_json() - return keycloak_client.register_aggregated_policy(policy, client_id) + try: + response = keycloak_client.register_aggregated_policy(policy, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @policies.route("//policies/scope", methods = ["POST"]) def create_client_scope_policy(client_id: str): policy = request.get_json() - return keycloak_client.register_client_scope_policy(policy, client_id) + try: + response = keycloak_client.register_client_scope_policy(policy, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @policies.route("//policies/group", methods = ["POST"]) def create_group_policy(client_id: str): policy = request.get_json() - return keycloak_client.register_group_policy(policy, client_id) + try: + response = keycloak_client.register_group_policy(policy, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @policies.route("//policies/regex", methods = ["POST"]) def create_regex_policy(client_id: str): policy = request.get_json() - return keycloak_client.register_regex_policy(policy, client_id) + try: + response = keycloak_client.register_regex_policy(policy, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @policies.route("//policies/role", methods = ["POST"]) def create_role_policy(client_id: str): policy = request.get_json() - return keycloak_client.register_role_policy(policy, client_id) + try: + response = keycloak_client.register_role_policy(policy, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @policies.route("//policies/time", methods = ["POST"]) def create_time_policy(client_id: str): @@ -83,12 +126,24 @@ def create_time_policy(client_id: str): "minuteEnd" ] policy = request.get_json() - return keycloak_client.register_time_policy(policy, client_id) + try: + response = keycloak_client.register_time_policy(policy, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @policies.route("//policies/user", methods = ["POST"]) def create_user_policy(client_id: str): policy = request.get_json() - return keycloak_client.register_user_policy(policy, client_id) + try: + response = keycloak_client.register_user_policy(policy, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @@ -97,13 +152,27 @@ def create_user_policy(client_id: str): @policies.route("//policies/", methods=["PUT"]) def update_policy(client_id: str, policy_id: str): policy = request.get_json() - return keycloak_client.update_policy(policy_id, policy, client_id) + try: + response = keycloak_client.update_policy(policy_id, policy, client_id) + return response + except KeycloakPutError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) # --------------- DELETE ----------------- @policies.route("//policies/", methods=["DELETE"]) def delete_policy(client_id: str ,policy_id: str): - return keycloak_client.delete_policy(policy_id, client_id) - + try: + response = keycloak_client.delete_policy(policy_id, client_id) + return response + except KeycloakDeleteError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) + + def custom_error(message, status_code): + return message, status_code return policies diff --git a/src/blueprints/resources.py b/src/blueprints/resources.py index 680df89..6d80c6c 100644 --- a/src/blueprints/resources.py +++ b/src/blueprints/resources.py @@ -1,4 +1,5 @@ from flask import Blueprint, request +from keycloak import KeycloakDeleteError, KeycloakGetError, KeycloakPostError, KeycloakPutError def construct_blueprint(keycloak_client): @@ -7,24 +8,57 @@ def construct_blueprint(keycloak_client): @resources.route("//resources", methods=["GET"]) def get_resources(client_id: str): - return keycloak_client.get_resources(client_id) + try: + response = keycloak_client.get_resources(client_id) + return response + except KeycloakGetError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @resources.route("/resources/", methods=["GET"]) def get_resource(resource_id: str): - return keycloak_client.get_resource(resource_id) + try: + response = keycloak_client.get_resource(resource_id) + return response + except KeycloakGetError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @resources.route("//resources", methods=["POST"]) def register_resource(client_id: str ): resource = request.get_json() - return keycloak_client.register_resource(resource, client_id) + try: + response = keycloak_client.register_resource(resource, client_id) + return response + except KeycloakPostError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @resources.route("//resources/", methods=["PUT"]) def update_resource(client_id: str, resource_id: str): resource = request.get_json() - return keycloak_client.update_resource(resource_id, resource, client_id) + try: + response = keycloak_client.update_resource(resource_id, resource, client_id) + return response + except KeycloakPutError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) @resources.route("//resources/", methods=["DELETE"]) def delete_resource(client_id: str, resource_id: str): - return keycloak_client.delete_resource(resource_id, client_id) + try: + response = keycloak_client.delete_resource(resource_id, client_id) + return response + except KeycloakDeleteError as error: + return custom_error(error.error_message, error.response_code) + except: + return custom_error("Unknown server error", 500) + + def custom_error(message, status_code): + return message, status_code return resources