Eoepca 910 um keycloak develop an identity api based on keycloak api (#…

…17) * feat: policies endpoints added, not completely * feat: working on update policies * feat: all remaining added, still policy update not working, create and update scope based permission not working * feat: last resource permissions endpoints added and working * fix: changed pyyaml version from 5.4.1 to 5.3.1 * feat: endpoints changed
EOEPCA · Jul 25, 2023 · 4667b27 · 4667b27
1 parent 94c2d7e
commit 4667b27
Show file tree

Hide file tree

Showing 3 changed files with 161 additions and 3 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -4,7 +4,7 @@ requests==2.25.1
 flask-swagger-ui==4.11.1
 python-keycloak==3.2.0
 mock==5.0.2
-pyyaml==5.4.1
+pyyaml==5.3.1
 elasticsearch==8.8.0
 lxml==4.9.2
 configparser==5.3.0

diff --git a/src/blueprints/permissions.py b/src/blueprints/permissions.py
@@ -1,8 +1,49 @@
-from flask import Blueprint
+from flask import Blueprint, request
 
 
 def construct_blueprint(keycloak_client):
     keycloak_client = keycloak_client
     permissions = Blueprint('permissions', __name__)
 
+    @permissions.route("/permissions/<client_id>", methods=["GET"])
+    def get_client_authz_permissions(client_id: str):
+        return keycloak_client.get_client_authz_permissions(client_id)
+
+    @permissions.route("/permissions/<client_id>/management", methods=["GET"])
+    def get_client_management_permissions(client_id: str):
+        return keycloak_client.get_client_management_permissions(client_id)
+
+    @permissions.route("/permissions/<client_id>/resources", methods=["GET"])
+    def get_client_resource_permissions(client_id: str):
+        return keycloak_client.get_client_resource_permissions(client_id)
+
+    #@permissions.route("/client_authz_scope_permissions/<client_id>/<scope_id>", methods=["GET"])
+    #def get_client_authz_scope_permissions(client_id: str, scope_id: str):
+    #    return keycloak_client.get_client_authz_scope_permissions(client_id, scope_id)
+
+    #@permissions.route("/client_authz_scope_permissions/<client_id>", methods=["POST"])
+    #def create_client_authz_scope_based_permissions(client_id: str):
+    #    payload = request.get_json()
+    #    return keycloak_client.create_client_authz_scope_based_permission(client_id, payload)
+
+    @permissions.route("/permissions/<client_id>/resources", methods=["POST"])
+    def create_client_authz_resource_based_permission(client_id: str):
+        payload = request.get_json()
+        return keycloak_client.create_client_authz_resource_based_permission(client_id, payload)
+
+    @permissions.route("/permissions/<client_id>/management", methods=["PUT"])
+    def update_client_management_permissions(client_id: str):
+        payload = request.get_json()
+        return keycloak_client.update_client_management_permissions(client_id, payload)
+
+    @permissions.route("/permissions/<client_id>/resources/<permission_id>", methods=["PUT"])
+    def update_client_authz_resource_permission(client_id: str, permission_id):
+        payload = request.get_json()
+        return keycloak_client.update_client_authz_resource_permission(client_id, payload, permission_id)
+
+    #@permissions.route("/permissions/<client_id>/scopes/<scope_id>", methods=["PUT"])
+    #def update_client_authz_scope_permissions(client_id: str, scope_id):
+    #    payload = request.get_json()
+    #    return keycloak_client.update_client_authz_scope_permission(client_id,  payload, scope_id)
+
     return permissions
diff --git a/src/blueprints/policies.py b/src/blueprints/policies.py
@@ -1,8 +1,125 @@
-from flask import Blueprint
+from flask import Blueprint, request
 
 
 def construct_blueprint(keycloak_client):
     keycloak_client = keycloak_client
     policies = Blueprint('policies', __name__)
 
+
+    @policies.route("/policies", methods=["GET"])
+    def get_policies():
+        resource = request.args.get('resource', "")
+        name = request.args.get('name', "")
+        scope = request.args.get('uri', "")
+        first = int(request.args.get('first', 0))
+        maximum = int(request.args.get('maximum', -1))
+        return keycloak_client.get_policies(resource, name, scope, first, maximum)
+    # --------------- GET -----------------
+    @policies.route("/policies/<client_id>", methods=["GET"])
+    def get_client_authz_policies(client_id: str):
+        return keycloak_client.get_client_authz_policies(client_id)
+
+    # --------------- POST -----------------
+
+    @policies.route("/policies/client", methods=["POST"])
+    def create_client_policy():
+        policy = request.get_json()
+        return keycloak_client.register_client_policy(policy)
+
+
+    @policies.route("/policies/aggregated", methods = ["POST"])
+    def create_aggregated_policy():
+        payload = request.get_json()
+        name = payload["name"]
+        policies = payload["policies"]
+        strategy = payload["strategy"]
+        return keycloak_client.register_aggregated_policy(name, policies, strategy)
+
+    @policies.route("/policies/scope", methods = ["POST"])
+    def create_client_scope_policy():
+        policy = request.get_json()
+        return keycloak_client.register_client_scope_policy(policy)
+
+    @policies.route("/policies/group", methods = ["POST"])
+    def create_group_policy():
+        name = request.get_json()["name"]
+        groups = request.get_json()["groups"]
+        groups_claim = request.get_json()["groups_claim"]
+        return keycloak_client.register_group_policy(name, groups, groups_claim)
+
+    @policies.route("/policies/regex", methods = ["POST"])
+    def create_regex_policy():
+        payload = request.get_json()
+        name = payload["name"]
+        regex = payload["regex"]
+        target_claim = payload["target_claim"]
+        return keycloak_client.register_regex_policy(name, regex, target_claim)
+
+    @policies.route("/policies/role", methods = ["POST"])
+    def create_role_policy():
+        payload = request.get_json()
+        name = payload["name"]
+        roles = payload["roles"]
+        return keycloak_client.register_role_policy(name, roles)
+
+    @policies.route("/policies/time", methods = ["POST"])
+    def create_time_policy():
+        # time can be one of:
+        # "notAfter":"1970-01-01 00:00:00"
+        # "notBefore":"1970-01-01 00:00:00"
+        # "dayMonth":<day-of-month>
+        # "dayMonthEnd":<day-of-month>
+        # "month":<month>
+        # "monthEnd":<month>
+        # "year":<year>
+        # "yearEnd":<year>
+        # "hour":<hour>
+        # "hourEnd":<hour>
+        # "minute":<minute>
+        # "minuteEnd":<minute>
+        possible_times = [
+            "notAfter",
+            "notBefore",
+            "dayMonth",
+            "dayMonthEnd",
+            "month",
+            "monthEnd",
+            "year",
+            "yearEnd",
+            "hour",
+            "hourEnd",
+            "minute",
+            "minuteEnd"
+        ]
+        payload = request.get_json()
+        name = payload["name"]
+        time = {}
+        for key, value in payload.items():
+            if key in possible_times:
+                time[key] = value
+        return keycloak_client.register_time_policy(name, time)
+
+    @policies.route("/policies/user", methods = ["POST"])
+    def create_user_policy():
+        payload = request.get_json()
+        name = payload["name"]
+        users = payload["users"]
+        return keycloak_client.register_user_policy(name, users)
+
+
+
+    # --------------- UPDATE -----------------
+
+    @policies.route("/policies/<policy_id>", methods=["PUT"])
+    def update_policy(policy_id: str):
+        policy = request.get_json()
+        return keycloak_client.update_policy(policy_id, policy)
+
+    # --------------- DELETE -----------------
+
+    @policies.route("/policies/<policy_id>", methods=["DELETE"])
+    def delete_policy(policy_id: str):
+        return keycloak_client.delete_policy(policy_id)
+
+
     return policies