Release (#33)

* Fix develop dockerfile * Change keycloak urls * Fix develop workflow tag * Fix production workflow * Change log message * Change config * Add health check * Fix health check * Add ready health endpoint * Fix issue * Change workflow filenames * Eoepca 910 um keycloak develop an identity api based on keycloak api (#17) * feat: policies endpoints added, not completely * feat: working on update policies * feat: all remaining added, still policy update not working, create and update scope based permission not working * feat: last resource permissions endpoints added and working * fix: changed pyyaml version from 5.4.1 to 5.3.1 * feat: endpoints changed * Update README * Update config * Update config * Update config * Api testing (#18) * feat: added client_id as param to enpoints and other fixes * added changes for permissions endpoints * Update ci * Update ci * Release v1.0.0 * Fix ci * Fix requirements * Fix ci * Upgrade flask version * Update requirements * feat: added error handling (#23) * feat: added validator of register and protect resource enpoint to test * feat: register and protect resources endpoint working * feat: added delete resources, policies and permissions * Update ci * Update ci * Fix ci * Add options method to endpoints * feat: added endpoint to create client, add resources and protect them if provided * Revert "Add options method to endpoints" This reverts commit 9d8c034. * fea: commit fixes * feat: more fixes, some endpoint were dounbled * fix: last fix * Update ci * fix: policies fix, response now return client id and resources created * feat: create client default to confidential and authorization enabled * Convert to FastAPI * Convert to FastAPI * changes to models * Remove file * Add error handling, pydantic models, files restructuring * Fix issues * Handle keycloak error message * added fildes to models and descriptions * Add authenticated field * Clean and reformat * Point to keycloak client 1.0.0 * Change logging * Fix readme * Clean * Change logging * Clean * merge to develop * added default resource to response list * Create default resource * Fix policies issue * Improvements * Change keycloak client to v1.0.0 * Clarify readme * Add log file * Fix gitignore * Fix dockerfile * Change logging * Change settings to pydantic * Clean and reformat * Update to keycloak client 1.0.1 * Remove log file * Update gitignore * Change default scope * Fix bugs --------- Co-authored-by: flaviorosadme <82375986+flaviorosadme@users.noreply.github.com> Co-authored-by: flaviorosadme <flavio.rosa@deimos.com.pt>
EOEPCA · Dec 18, 2023 · 7251778 · 7251778
1 parent c536119
commit 7251778
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 24 deletions.
diff --git a/.gitignore b/.gitignore
@@ -60,5 +60,4 @@ env/
 .vscode
 
 .idea
-postgres
-!um-identity-api.log
+postgres
diff --git a/app/models/resources.py b/app/models/resources.py
@@ -16,7 +16,7 @@ class Resource(APIBaseModel):
     name: str = Field(description="Resource name")
     uris: List[str] = Field(description="Resource URIs")
     attributes: Optional[Any] = Field({}, description="Resource attributes")
-    scopes: Optional[List[str]] = Field(["access"], description="Resource scopes")
+    scopes: Optional[List[str]] = Field(["view"], description="Resource scopes")
     ownerManagedAccess: Optional[bool] = Field(False, description="Enable/Disable management by the resource owner")
     permissions: Optional[ResourcePermission] = Field(None, description="Resource permissions")
     decisionStrategy: Optional[DecisionStrategy] = Field(DecisionStrategy.UNANIMOUS.value,

diff --git a/app/routers/clients_permissions.py b/app/routers/clients_permissions.py
@@ -26,5 +26,6 @@ def get_client_resource_permissions(client_id: str):
 
 @router.post("/resources")
 def create_client_authz_resource_based_permission(client_id: str, resource_based_permission: ResourceBasedPermission):
+    resource_based_permission = resource_based_permission.model_dump()
     resource_based_permission['type'] = 'resource'
     return keycloak.create_client_authz_resource_based_permission(client_id, resource_based_permission)
diff --git a/app/routers/clients_policies.py b/app/routers/clients_policies.py
@@ -24,51 +24,60 @@ def get_client_authz_policies(client_id: str):
 
 @router.post("/client")
 def create_client_policy(client_id: str, client_policy: ClientPermission):
+    client_policy = client_policy.model_dump()
     client_policy["type"] = "client"
-    return keycloak.register_client_policy(client_policy, client_id)
+    return keycloak.register_client_policy(client_id, client_policy)
 
 
 @router.post("/aggregated")
 def create_aggregated_policy(client_id: str, aggregated_policy: AggregatedPermission):
+    aggregated_policy = aggregated_policy.model_dump()
     aggregated_policy["type"] = "aggregated"
-    return keycloak.register_aggregated_policy(aggregated_policy, client_id)
+    return keycloak.register_aggregated_policy(client_id, aggregated_policy)
 
 
 @router.post("/scope")
 def create_client_scope_policy(client_id: str, scope_policy: ScopePermission):
+    scope_policy = scope_policy.model_dump()
     scope_policy["type"] = "scope"
-    return keycloak.register_client_scope_policy(scope_policy, client_id)
+    return keycloak.register_client_scope_policy(client_id, scope_policy)
 
 
 @router.post("/group")
 def create_group_policy(client_id: str, group_policy: GroupPermission):
+    group_policy = group_policy.model_dump()
     group_policy["type"] = "group"
-    return keycloak.register_group_policy(group_policy, client_id)
+    return keycloak.register_group_policy(client_id, group_policy)
 
 
 @router.post("/regex")
 def create_regex_policy(client_id: str, regex_policy: RegexPermission):
+    regex_policy = regex_policy.model_dump()
     regex_policy["type"] = "regex"
-    return keycloak.register_regex_policy(regex_policy, client_id)
+    return keycloak.register_regex_policy(client_id, regex_policy)
 
 
 @router.post("/role")
 def create_role_policy(client_id: str, role_policy: RolePermission):
+    role_policy = role_policy.model_dump()
     role_policy["type"] = "role"
-    return keycloak.register_role_policy(role_policy, client_id)
+    return keycloak.register_role_policy(client_id, role_policy)
 
 
 @router.post("/time")
 def create_time_policy(client_id: str,
                        time_policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
                                     YearTimePermission | HourTimePermission | MinuteTimePermission):
+    time_policy = time_policy.model_dump()
     time_policy["type"] = "time"
-    return keycloak.register_time_policy(time_policy, client_id)
+    return keycloak.register_time_policy(client_id, time_policy)
 
 
 @router.post("/user")
 def create_user_policy(client_id: str, user_policy: UserPermission):
-    return keycloak.register_user_policy(user_policy, client_id)
+    user_policy = user_policy.model_dump()
+    user_policy["type"] = "user"
+    return keycloak.register_user_policy(client_id, user_policy)
 
 
 @router.put("/{policy_id}")
@@ -82,4 +91,4 @@ def update_policy(client_id: str, policy_id: str,
 
 @router.delete("/{policy_id}")
 def delete_policy(client_id: str, policy_id: str):
-    return keycloak.delete_policy(policy_id, client_id)
+    return keycloak.delete_policy(client_id, policy_id)
diff --git a/app/routers/clients_resources.py b/app/routers/clients_resources.py
@@ -36,7 +36,7 @@ def register_resources(client_id: str, resources: List[Resource]):
                     "uris": resource.uris,
                     "scopes": resource.scopes,
                 }
-                response_resource = keycloak.register_resource(res, client_id)
+                response_resource = keycloak.register_resource(client_id, res)
                 response_list.append(response_resource)
             permission_payload = {
                 "type": "resource",
@@ -54,7 +54,7 @@ def register_resources(client_id: str, resources: List[Resource]):
                 "uris": resource.uris,
                 "scopes": resource.scopes,
             }
-            response_resource = keycloak.register_resource(res, client_id)
+            response_resource = keycloak.register_resource(client_id, res)
             response_list.append(response_resource)
             permissions = resource.permissions
             policy_list = []
@@ -63,15 +63,15 @@ def register_resources(client_id: str, resources: List[Resource]):
                     "name": f'{resource.name} Role Policy',
                     "roles": [{"id": p} for p in permissions.role]
                 }
-                policy_response = keycloak.register_role_policy(policy, client_id)
+                policy_response = keycloak.register_role_policy(client_id, policy)
                 print(policy_response)
                 policy_list.append(policy_response["name"])
             if permissions.user:
                 policy = {
                     "name": f'{resource.name} User Policy',
                     "users": permissions.user
                 }
-                policy_response = keycloak.register_user_policy(policy, client_id)
+                policy_response = keycloak.register_user_policy(client_id, policy)
                 print(policy_response)
                 policy_list.append(policy_response["name"])
             print(policy_list)
@@ -95,7 +95,7 @@ def delete_resource_and_policies(client_id: str, resource_name: str):
     for policy in client_policies:
         for policy_type in [e.value for e in PolicyType]:
             if policy['name'].lower() == f'{resource_name} {policy_type} policy'.lower():
-                keycloak.delete_policy(policy['id'], client_id)
+                keycloak.delete_policy(client_id, policy['id'])
     # delete permissions
     permissions = keycloak.get_client_resource_permissions(client_id)
     for permission in permissions:
@@ -105,14 +105,14 @@ def delete_resource_and_policies(client_id: str, resource_name: str):
     resources = keycloak.get_resources(client_id)
     for resource in resources:
         if resource['name'].lower() == resource_name.lower():
-            return keycloak.delete_resource(resource['_id'], client_id)
+            return keycloak.delete_resource(client_id, resource['_id'])
 
 
 @router.put("/{resource_id}")
 def update_resource(client_id: str, resource_id: str, resource: Resource):
-    return keycloak.update_resource(resource_id, resource, client_id)
+    return keycloak.update_resource(client_id, resource_id, resource.model_dump())
 
 
 @router.delete("/{resource_id}")
 def delete_resource(client_id: str, resource_id: str):
-    return keycloak.delete_resource(resource_id, client_id)
+    return keycloak.delete_resource(client_id, resource_id)
diff --git a/app/routers/resources.py b/app/routers/resources.py
@@ -13,6 +13,6 @@ def get_resources(client_id: str):
     return keycloak.get_resources(client_id)
 
 
-@router.get("/resources/{resource_id}")
-def get_resource(resource_id: str):
-    return keycloak.get_resource(resource_id)
+@router.get("/{resource_id}")
+def get_resource(resource_id: str, client_id: str, client_secret: str):
+    return keycloak.get_resource(client_id, client_secret, resource_id)
diff --git a/requirements.txt b/requirements.txt
@@ -7,4 +7,4 @@ retry==0.9.2
 urllib3==2.0.7
 pydantic==2.5.0
 pydantic-settings==2.1.0
-identityutils @ git+https://github.com/eoepca/um-identity-service@v1.0.0
+identityutils @ git+https://github.com/eoepca/um-identity-service@v1.0.1
diff --git a/um-identity-api.log b/um-identity-api.log