From 7105c5d961b2046fb7633217929d17425e8416fc Mon Sep 17 00:00:00 2001 From: flrr Date: Wed, 19 Jul 2023 12:40:02 +0100 Subject: [PATCH 1/6] feat: policies endpoints added, not completely --- src/blueprints/permissions.py | 20 +++++++- src/blueprints/policies.py | 92 ++++++++++++++++++++++++++++++++++- 2 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/blueprints/permissions.py b/src/blueprints/permissions.py index 8aa7906..730d81f 100644 --- a/src/blueprints/permissions.py +++ b/src/blueprints/permissions.py @@ -1,8 +1,26 @@ -from flask import Blueprint +from flask import Blueprint, request def construct_blueprint(keycloak_client): keycloak_client = keycloak_client permissions = Blueprint('permissions', __name__) + @permissions.route("/permissions/", methods=["GET"]) + def get_permissions(client_id: str): + return keycloak_client.get_permissions(client_id) + + @permissions.route("/permissions", methods=["POST"]) + def create_permission(): + permission = request.get_json() + return keycloak_client.create_permission(permission) + + @permissions.route("/permissions/", methods=["PUT"]) + def update_permission(permission_id: str): + permission = request.get_json() + return keycloak_client.update_permission(permission_id, permission) + + @permissions.route("/permissions/", methods=["DELETE"]) + def delete_permission(permission_id: str): + return keycloak_client.delete_permission(permission_id) + return permissions diff --git a/src/blueprints/policies.py b/src/blueprints/policies.py index cc0fe3d..243ab10 100644 --- a/src/blueprints/policies.py +++ b/src/blueprints/policies.py @@ -1,8 +1,98 @@ -from flask import Blueprint +from flask import Blueprint, request def construct_blueprint(keycloak_client): keycloak_client = keycloak_client policies = Blueprint('policies', __name__) + + @policies.route("/policies", methods=["GET"]) + def get_policies(): + resource = request.args.get('resource', "") + name = request.args.get('name', "") + scope = request.args.get('uri', "") + first = int(request.args.get('first', 0)) + maximum = int(request.args.get('maximum', -1)) + return keycloak_client.get_policies(resource, name, scope, first, maximum) + # --------------- GET ----------------- + @policies.route("/client_policy/", methods=["GET"]) + def get_client_authz_policies(client_id: str): + return keycloak_client.get_client_authz_policies(client_id) + + # --------------- POST ----------------- + + @policies.route("/client_policy", methods=["POST"]) + def create_client_policy(): + policy = request.get_json() + return keycloak_client.register_client_policy(policy) + + + @policies.route("/aggregated_policy", methods = ["POST"]) + def create_aggregated_policy(): + payload = request.get_json() + name = payload["name"] + policies = payload["policies"] + strategy = payload["strategy"] + return keycloak_client.register_aggregated_policy(name, policies, strategy) + + @policies.route("/scope_policy", methods = ["POST"]) + def create_client_scope_policy(): + policy = request.get_json() + return keycloak_client.register_client_scope_policy(policy) + + @policies.route("/group_policy", methods = ["POST"]) + def create_group_policy(): + name = request.get_json()["name"] + groups = request.get_json()["groups"] + groups_claim = request.get_json()["groups_claim"] + return keycloak_client.register_group_policy(name, groups, groups_claim) + + @policies.route("/regex_policy", methods = ["POST"]) + def create_regex_policy(name, regex, target_claim): + payload = request.get_json() + regex = payload["regex"] + target_claim = payload["target_claim"] + return keycloak_client.register_regex_policy(name, regex, target_claim) + + @policies.route("/role_policy", methods = ["POST"]) + def create_role_policy(name, roles): + payload = request.get_json() + name = policy["name"] + roles = policy["roles"] + return keycloak_client.register_role_policy(name, roles) + + @policies.route("/time_policy", methods = ["POST"]) + def create_time_policy(name, time): + payload = request.get_json() + name = payload["name"] + time = payload["time"] + return keycloak_client.register_time_policy(name, time) + + @policies.route("/user_policy", methods = ["POST"]) + def create_user_policy(name, users): + payload = request.get_json() + name = payload["name"] + users = payload["users"] + return keycloak_client.register_user_policy(name, users) + + + + # --------------- UPDATE ----------------- + + @policies.route("/policies/", methods=["PUT"]) + def update_policy(policy_id: str): + policy = request.get_json() + return keycloak_client.update_policy(policy_id, policy) + + # --------------- DELETE ----------------- + + @policies.route("/policies/", methods=["DELETE"]) + def delete_policy(policy_id: str): + return keycloak_client.delete_policy(policy_id) + + @policies.route("/policies", methods=["DELETE"]) + def delete_policies(): + policies = request.get_json() + return keycloak_client.delete_policies(policies) + return policies From 030c6a02fdbaf5f0861c7d3cad68b8c86f681a3b Mon Sep 17 00:00:00 2001 From: flrr Date: Wed, 19 Jul 2023 18:13:35 +0100 Subject: [PATCH 2/6] feat: working on update policies --- src/blueprints/policies.py | 47 +++++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/src/blueprints/policies.py b/src/blueprints/policies.py index 243ab10..f50d9c8 100644 --- a/src/blueprints/policies.py +++ b/src/blueprints/policies.py @@ -48,28 +48,59 @@ def create_group_policy(): return keycloak_client.register_group_policy(name, groups, groups_claim) @policies.route("/regex_policy", methods = ["POST"]) - def create_regex_policy(name, regex, target_claim): + def create_regex_policy(): payload = request.get_json() + name = payload["name"] regex = payload["regex"] target_claim = payload["target_claim"] return keycloak_client.register_regex_policy(name, regex, target_claim) @policies.route("/role_policy", methods = ["POST"]) - def create_role_policy(name, roles): + def create_role_policy(): payload = request.get_json() - name = policy["name"] - roles = policy["roles"] + name = payload["name"] + roles = payload["roles"] return keycloak_client.register_role_policy(name, roles) @policies.route("/time_policy", methods = ["POST"]) - def create_time_policy(name, time): + def create_time_policy(): + # time can be one of: + # "notAfter":"1970-01-01 00:00:00" + # "notBefore":"1970-01-01 00:00:00" + # "dayMonth": + # "dayMonthEnd": + # "month": + # "monthEnd": + # "year": + # "yearEnd": + # "hour": + # "hourEnd": + # "minute": + # "minuteEnd": + possible_times = [ + "notAfter", + "notBefore", + "dayMonth", + "dayMonthEnd", + "month", + "monthEnd", + "year", + "yearEnd", + "hour", + "hourEnd", + "minute", + "minuteEnd" + ] payload = request.get_json() name = payload["name"] - time = payload["time"] + time = {} + for key, value in payload.items(): + if key in possible_times: + time[key] = value return keycloak_client.register_time_policy(name, time) @policies.route("/user_policy", methods = ["POST"]) - def create_user_policy(name, users): + def create_user_policy(): payload = request.get_json() name = payload["name"] users = payload["users"] @@ -79,7 +110,7 @@ def create_user_policy(name, users): # --------------- UPDATE ----------------- - @policies.route("/policies/", methods=["PUT"]) + @policies.route("/policy/", methods=["PUT"]) def update_policy(policy_id: str): policy = request.get_json() return keycloak_client.update_policy(policy_id, policy) From dedfda13d6f2f1092f5d5261517fd4699c52e487 Mon Sep 17 00:00:00 2001 From: flrr Date: Thu, 20 Jul 2023 16:52:06 +0100 Subject: [PATCH 3/6] feat: all remaining added, still policy update not working, create and update scope based permission not working --- src/blueprints/permissions.py | 46 ++++++++++++++++++++++++----------- src/blueprints/policies.py | 10 +++----- 2 files changed, 35 insertions(+), 21 deletions(-) diff --git a/src/blueprints/permissions.py b/src/blueprints/permissions.py index 730d81f..9c07aec 100644 --- a/src/blueprints/permissions.py +++ b/src/blueprints/permissions.py @@ -5,22 +5,40 @@ def construct_blueprint(keycloak_client): keycloak_client = keycloak_client permissions = Blueprint('permissions', __name__) - @permissions.route("/permissions/", methods=["GET"]) - def get_permissions(client_id: str): - return keycloak_client.get_permissions(client_id) + @permissions.route("/client_authz_permissions/", methods=["GET"]) + def get_client_authz_permissions(client_id: str): + return keycloak_client.get_client_authz_permissions(client_id) - @permissions.route("/permissions", methods=["POST"]) - def create_permission(): - permission = request.get_json() - return keycloak_client.create_permission(permission) + @permissions.route("/client_management_permissions/", methods=["GET"]) + def get_client_management_permissions(client_id: str): + return keycloak_client.get_client_management_permissions(client_id) + + @permissions.route("/client_authz_scope_permissions//", methods=["GET"]) + def get_client_authz_scope_permissions(client_id: str, scope_id: str): + return keycloak_client.get_client_authz_scope_permissions(client_id, scope_id) + + @permissions.route("/client_authz_scope_permissions/", methods=["POST"]) + def create_client_authz_scope_based_permissions(client_id: str): + payload = request.get_json() + return keycloak_client.create_client_authz_scope_based_permission(client_id, payload) + + @permissions.route("/client_authz_resource_permissions/", methods=["POST"]) + def create_client_authz_resource_based_permission(client_id: str): + payload = request.get_json() + return keycloak_client.create_client_authz_scope_based_permission(client_id, payload) - @permissions.route("/permissions/", methods=["PUT"]) - def update_permission(permission_id: str): - permission = request.get_json() - return keycloak_client.update_permission(permission_id, permission) + @permissions.route("/client_management_permissions/", methods=["PUT"]) + def update_client_management_permissions(client_id: str): + payload = request.get_json() + return keycloak_client.update_client_management_permissions(client_id, payload) - @permissions.route("/permissions/", methods=["DELETE"]) - def delete_permission(permission_id: str): - return keycloak_client.delete_permission(permission_id) + @permissions.route("/client_authz_scope_permissions//", methods=["PUT"]) + def update_client_authz_scope_permissions(client_id: str, scope_id): + payload = request.get_json() + return keycloak_client.update_client_authz_scope_permission(client_id, payload, scope_id) + + @permissions.route("/scopes", methods=["GET"]) + def get_client_scopes(): + return keycloak_client.get_client_scopes() return permissions diff --git a/src/blueprints/policies.py b/src/blueprints/policies.py index f50d9c8..17daf95 100644 --- a/src/blueprints/policies.py +++ b/src/blueprints/policies.py @@ -15,7 +15,7 @@ def get_policies(): maximum = int(request.args.get('maximum', -1)) return keycloak_client.get_policies(resource, name, scope, first, maximum) # --------------- GET ----------------- - @policies.route("/client_policy/", methods=["GET"]) + @policies.route("/policies/", methods=["GET"]) def get_client_authz_policies(client_id: str): return keycloak_client.get_client_authz_policies(client_id) @@ -117,13 +117,9 @@ def update_policy(policy_id: str): # --------------- DELETE ----------------- - @policies.route("/policies/", methods=["DELETE"]) + @policies.route("/policy/", methods=["DELETE"]) def delete_policy(policy_id: str): return keycloak_client.delete_policy(policy_id) - - @policies.route("/policies", methods=["DELETE"]) - def delete_policies(): - policies = request.get_json() - return keycloak_client.delete_policies(policies) + return policies From ef5e32762034085fa98ca2dca188d0fc71742696 Mon Sep 17 00:00:00 2001 From: flaviorosadme Date: Mon, 24 Jul 2023 17:15:30 +0100 Subject: [PATCH 4/6] feat: last resource permissions endpoints added and working --- src/blueprints/permissions.py | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/src/blueprints/permissions.py b/src/blueprints/permissions.py index 9c07aec..34d1519 100644 --- a/src/blueprints/permissions.py +++ b/src/blueprints/permissions.py @@ -13,32 +13,37 @@ def get_client_authz_permissions(client_id: str): def get_client_management_permissions(client_id: str): return keycloak_client.get_client_management_permissions(client_id) - @permissions.route("/client_authz_scope_permissions//", methods=["GET"]) - def get_client_authz_scope_permissions(client_id: str, scope_id: str): - return keycloak_client.get_client_authz_scope_permissions(client_id, scope_id) + @permissions.route("/client_authz_resource_permissions/", methods=["GET"]) + def get_client_resource_permissions(client_id: str): + return keycloak_client.get_client_resource_permissions(client_id) - @permissions.route("/client_authz_scope_permissions/", methods=["POST"]) - def create_client_authz_scope_based_permissions(client_id: str): - payload = request.get_json() - return keycloak_client.create_client_authz_scope_based_permission(client_id, payload) + #@permissions.route("/client_authz_scope_permissions//", methods=["GET"]) + #def get_client_authz_scope_permissions(client_id: str, scope_id: str): + # return keycloak_client.get_client_authz_scope_permissions(client_id, scope_id) + + #@permissions.route("/client_authz_scope_permissions/", methods=["POST"]) + #def create_client_authz_scope_based_permissions(client_id: str): + # payload = request.get_json() + # return keycloak_client.create_client_authz_scope_based_permission(client_id, payload) @permissions.route("/client_authz_resource_permissions/", methods=["POST"]) def create_client_authz_resource_based_permission(client_id: str): payload = request.get_json() - return keycloak_client.create_client_authz_scope_based_permission(client_id, payload) + return keycloak_client.create_client_authz_resource_based_permission(client_id, payload) @permissions.route("/client_management_permissions/", methods=["PUT"]) def update_client_management_permissions(client_id: str): payload = request.get_json() return keycloak_client.update_client_management_permissions(client_id, payload) + + @permissions.route("/client_authz_resource_permissions//", methods=["PUT"]) + def update_client_authz_resource_permission(client_id: str, permission_id): + payload = request.get_json() + return keycloak_client.update_client_authz_resource_permission(client_id, payload, permission_id) @permissions.route("/client_authz_scope_permissions//", methods=["PUT"]) def update_client_authz_scope_permissions(client_id: str, scope_id): payload = request.get_json() return keycloak_client.update_client_authz_scope_permission(client_id, payload, scope_id) - - @permissions.route("/scopes", methods=["GET"]) - def get_client_scopes(): - return keycloak_client.get_client_scopes() return permissions From ee4c6c5360a3e59a435869a0bd2ed6d6fbd9919e Mon Sep 17 00:00:00 2001 From: flaviorosadme Date: Tue, 25 Jul 2023 10:42:20 +0100 Subject: [PATCH 5/6] fix: changed pyyaml version from 5.4.1 to 5.3.1 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index dba2487..d0f716d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ requests==2.25.1 flask-swagger-ui==4.11.1 python-keycloak==3.2.0 mock==5.0.2 -pyyaml==5.4.1 +pyyaml==5.3.1 elasticsearch==8.8.0 lxml==4.9.2 configparser==5.3.0 From 7da7d4250e6c2b2e57ec4222b6258501093ab17d Mon Sep 17 00:00:00 2001 From: flaviorosadme Date: Tue, 25 Jul 2023 15:00:51 +0100 Subject: [PATCH 6/6] feat: endpoints changed --- src/blueprints/permissions.py | 20 ++++++++++---------- src/blueprints/policies.py | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/blueprints/permissions.py b/src/blueprints/permissions.py index 34d1519..60cd05c 100644 --- a/src/blueprints/permissions.py +++ b/src/blueprints/permissions.py @@ -5,15 +5,15 @@ def construct_blueprint(keycloak_client): keycloak_client = keycloak_client permissions = Blueprint('permissions', __name__) - @permissions.route("/client_authz_permissions/", methods=["GET"]) + @permissions.route("/permissions/", methods=["GET"]) def get_client_authz_permissions(client_id: str): return keycloak_client.get_client_authz_permissions(client_id) - @permissions.route("/client_management_permissions/", methods=["GET"]) + @permissions.route("/permissions//management", methods=["GET"]) def get_client_management_permissions(client_id: str): return keycloak_client.get_client_management_permissions(client_id) - @permissions.route("/client_authz_resource_permissions/", methods=["GET"]) + @permissions.route("/permissions//resources", methods=["GET"]) def get_client_resource_permissions(client_id: str): return keycloak_client.get_client_resource_permissions(client_id) @@ -26,24 +26,24 @@ def get_client_resource_permissions(client_id: str): # payload = request.get_json() # return keycloak_client.create_client_authz_scope_based_permission(client_id, payload) - @permissions.route("/client_authz_resource_permissions/", methods=["POST"]) + @permissions.route("/permissions//resources", methods=["POST"]) def create_client_authz_resource_based_permission(client_id: str): payload = request.get_json() return keycloak_client.create_client_authz_resource_based_permission(client_id, payload) - @permissions.route("/client_management_permissions/", methods=["PUT"]) + @permissions.route("/permissions//management", methods=["PUT"]) def update_client_management_permissions(client_id: str): payload = request.get_json() return keycloak_client.update_client_management_permissions(client_id, payload) - @permissions.route("/client_authz_resource_permissions//", methods=["PUT"]) + @permissions.route("/permissions//resources/", methods=["PUT"]) def update_client_authz_resource_permission(client_id: str, permission_id): payload = request.get_json() return keycloak_client.update_client_authz_resource_permission(client_id, payload, permission_id) - @permissions.route("/client_authz_scope_permissions//", methods=["PUT"]) - def update_client_authz_scope_permissions(client_id: str, scope_id): - payload = request.get_json() - return keycloak_client.update_client_authz_scope_permission(client_id, payload, scope_id) + #@permissions.route("/permissions//scopes/", methods=["PUT"]) + #def update_client_authz_scope_permissions(client_id: str, scope_id): + # payload = request.get_json() + # return keycloak_client.update_client_authz_scope_permission(client_id, payload, scope_id) return permissions diff --git a/src/blueprints/policies.py b/src/blueprints/policies.py index 17daf95..4fe974b 100644 --- a/src/blueprints/policies.py +++ b/src/blueprints/policies.py @@ -21,13 +21,13 @@ def get_client_authz_policies(client_id: str): # --------------- POST ----------------- - @policies.route("/client_policy", methods=["POST"]) + @policies.route("/policies/client", methods=["POST"]) def create_client_policy(): policy = request.get_json() return keycloak_client.register_client_policy(policy) - @policies.route("/aggregated_policy", methods = ["POST"]) + @policies.route("/policies/aggregated", methods = ["POST"]) def create_aggregated_policy(): payload = request.get_json() name = payload["name"] @@ -35,19 +35,19 @@ def create_aggregated_policy(): strategy = payload["strategy"] return keycloak_client.register_aggregated_policy(name, policies, strategy) - @policies.route("/scope_policy", methods = ["POST"]) + @policies.route("/policies/scope", methods = ["POST"]) def create_client_scope_policy(): policy = request.get_json() return keycloak_client.register_client_scope_policy(policy) - @policies.route("/group_policy", methods = ["POST"]) + @policies.route("/policies/group", methods = ["POST"]) def create_group_policy(): name = request.get_json()["name"] groups = request.get_json()["groups"] groups_claim = request.get_json()["groups_claim"] return keycloak_client.register_group_policy(name, groups, groups_claim) - @policies.route("/regex_policy", methods = ["POST"]) + @policies.route("/policies/regex", methods = ["POST"]) def create_regex_policy(): payload = request.get_json() name = payload["name"] @@ -55,14 +55,14 @@ def create_regex_policy(): target_claim = payload["target_claim"] return keycloak_client.register_regex_policy(name, regex, target_claim) - @policies.route("/role_policy", methods = ["POST"]) + @policies.route("/policies/role", methods = ["POST"]) def create_role_policy(): payload = request.get_json() name = payload["name"] roles = payload["roles"] return keycloak_client.register_role_policy(name, roles) - @policies.route("/time_policy", methods = ["POST"]) + @policies.route("/policies/time", methods = ["POST"]) def create_time_policy(): # time can be one of: # "notAfter":"1970-01-01 00:00:00" @@ -99,7 +99,7 @@ def create_time_policy(): time[key] = value return keycloak_client.register_time_policy(name, time) - @policies.route("/user_policy", methods = ["POST"]) + @policies.route("/policies/user", methods = ["POST"]) def create_user_policy(): payload = request.get_json() name = payload["name"] @@ -110,14 +110,14 @@ def create_user_policy(): # --------------- UPDATE ----------------- - @policies.route("/policy/", methods=["PUT"]) + @policies.route("/policies/", methods=["PUT"]) def update_policy(policy_id: str): policy = request.get_json() return keycloak_client.update_policy(policy_id, policy) # --------------- DELETE ----------------- - @policies.route("/policy/", methods=["DELETE"]) + @policies.route("/policies/", methods=["DELETE"]) def delete_policy(policy_id: str): return keycloak_client.delete_policy(policy_id)