Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Eoepca 910 um keycloak develop an identity api based on keycloak api #17

Merged
merged 6 commits into from
Jul 25, 2023
Merged

Eoepca 910 um keycloak develop an identity api based on keycloak api #17

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7105c5d
feat: policies endpoints added, not completely
flaviorosadme Jul 19, 2023
030c6a0
feat: working on update policies
flaviorosadme Jul 19, 2023
dedfda1
feat: all remaining added, still policy update not working, create an…
flaviorosadme Jul 20, 2023
ef5e327
feat: last resource permissions endpoints added and working
flaviorosadme Jul 24, 2023
ee4c6c5
fix: changed pyyaml version from 5.4.1 to 5.3.1
flaviorosadme Jul 25, 2023
7da7d42
feat: endpoints changed
flaviorosadme Jul 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ requests==2.25.1
flask-swagger-ui==4.11.1
python-keycloak==3.2.0
mock==5.0.2
pyyaml==5.4.1
pyyaml==5.3.1
elasticsearch==8.8.0
lxml==4.9.2
configparser==5.3.0
Expand Down
43 changes: 42 additions & 1 deletion src/blueprints/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,49 @@
from flask import Blueprint
from flask import Blueprint, request


def construct_blueprint(keycloak_client):
keycloak_client = keycloak_client
permissions = Blueprint('permissions', __name__)

@permissions.route("/client_authz_permissions/<client_id>", methods=["GET"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/permissions/<client_id>

def get_client_authz_permissions(client_id: str):
return keycloak_client.get_client_authz_permissions(client_id)

@permissions.route("/client_management_permissions/<client_id>", methods=["GET"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/permissions/<client_id>/management

def get_client_management_permissions(client_id: str):
return keycloak_client.get_client_management_permissions(client_id)

@permissions.route("/client_authz_resource_permissions/<client_id>", methods=["GET"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/permissions/<client_id>/resources

def get_client_resource_permissions(client_id: str):
return keycloak_client.get_client_resource_permissions(client_id)

#@permissions.route("/client_authz_scope_permissions/<client_id>/<scope_id>", methods=["GET"])
#def get_client_authz_scope_permissions(client_id: str, scope_id: str):
# return keycloak_client.get_client_authz_scope_permissions(client_id, scope_id)

#@permissions.route("/client_authz_scope_permissions/<client_id>", methods=["POST"])
#def create_client_authz_scope_based_permissions(client_id: str):
# payload = request.get_json()
# return keycloak_client.create_client_authz_scope_based_permission(client_id, payload)

@permissions.route("/client_authz_resource_permissions/<client_id>", methods=["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/permissions/<client_id>/resources

def create_client_authz_resource_based_permission(client_id: str):
payload = request.get_json()
return keycloak_client.create_client_authz_resource_based_permission(client_id, payload)

@permissions.route("/client_management_permissions/<client_id>", methods=["PUT"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/permissions/<client_id>/management

def update_client_management_permissions(client_id: str):
payload = request.get_json()
return keycloak_client.update_client_management_permissions(client_id, payload)

@permissions.route("/client_authz_resource_permissions/<client_id>/<permission_id>", methods=["PUT"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/permissions/<client_id>/resources/<permission_id>

def update_client_authz_resource_permission(client_id: str, permission_id):
payload = request.get_json()
return keycloak_client.update_client_authz_resource_permission(client_id, payload, permission_id)

@permissions.route("/client_authz_scope_permissions/<client_id>/<scope_id>", methods=["PUT"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/permissions/<client_id>/scopes/<scope_id>

def update_client_authz_scope_permissions(client_id: str, scope_id):
payload = request.get_json()
return keycloak_client.update_client_authz_scope_permission(client_id, payload, scope_id)

return permissions
119 changes: 118 additions & 1 deletion src/blueprints/policies.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,125 @@
from flask import Blueprint
from flask import Blueprint, request


def construct_blueprint(keycloak_client):
keycloak_client = keycloak_client
policies = Blueprint('policies', __name__)


@policies.route("/policies", methods=["GET"])
def get_policies():
resource = request.args.get('resource', "")
name = request.args.get('name', "")
scope = request.args.get('uri', "")
first = int(request.args.get('first', 0))
maximum = int(request.args.get('maximum', -1))
return keycloak_client.get_policies(resource, name, scope, first, maximum)
# --------------- GET -----------------
@policies.route("/policies/<client_id>", methods=["GET"])
def get_client_authz_policies(client_id: str):
return keycloak_client.get_client_authz_policies(client_id)

# --------------- POST -----------------

@policies.route("/client_policy", methods=["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/client

def create_client_policy():
policy = request.get_json()
return keycloak_client.register_client_policy(policy)


@policies.route("/aggregated_policy", methods = ["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/aggregated

def create_aggregated_policy():
payload = request.get_json()
name = payload["name"]
policies = payload["policies"]
strategy = payload["strategy"]
return keycloak_client.register_aggregated_policy(name, policies, strategy)

@policies.route("/scope_policy", methods = ["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/scope

def create_client_scope_policy():
policy = request.get_json()
return keycloak_client.register_client_scope_policy(policy)

@policies.route("/group_policy", methods = ["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/group

def create_group_policy():
name = request.get_json()["name"]
groups = request.get_json()["groups"]
groups_claim = request.get_json()["groups_claim"]
return keycloak_client.register_group_policy(name, groups, groups_claim)

@policies.route("/regex_policy", methods = ["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/regex

def create_regex_policy():
payload = request.get_json()
name = payload["name"]
regex = payload["regex"]
target_claim = payload["target_claim"]
return keycloak_client.register_regex_policy(name, regex, target_claim)

@policies.route("/role_policy", methods = ["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/role

def create_role_policy():
payload = request.get_json()
name = payload["name"]
roles = payload["roles"]
return keycloak_client.register_role_policy(name, roles)

@policies.route("/time_policy", methods = ["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/time

def create_time_policy():
# time can be one of:
# "notAfter":"1970-01-01 00:00:00"
# "notBefore":"1970-01-01 00:00:00"
# "dayMonth":<day-of-month>
# "dayMonthEnd":<day-of-month>
# "month":<month>
# "monthEnd":<month>
# "year":<year>
# "yearEnd":<year>
# "hour":<hour>
# "hourEnd":<hour>
# "minute":<minute>
# "minuteEnd":<minute>
possible_times = [
"notAfter",
"notBefore",
"dayMonth",
"dayMonthEnd",
"month",
"monthEnd",
"year",
"yearEnd",
"hour",
"hourEnd",
"minute",
"minuteEnd"
]
payload = request.get_json()
name = payload["name"]
time = {}
for key, value in payload.items():
if key in possible_times:
time[key] = value
return keycloak_client.register_time_policy(name, time)

@policies.route("/user_policy", methods = ["POST"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/user

def create_user_policy():
payload = request.get_json()
name = payload["name"]
users = payload["users"]
return keycloak_client.register_user_policy(name, users)



# --------------- UPDATE -----------------

@policies.route("/policy/<policy_id>", methods=["PUT"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/<policy_id>

def update_policy(policy_id: str):
policy = request.get_json()
return keycloak_client.update_policy(policy_id, policy)

# --------------- DELETE -----------------

@policies.route("/policy/<policy_id>", methods=["DELETE"])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/policies/<policy_id>

def delete_policy(policy_id: str):
return keycloak_client.delete_policy(policy_id)


return policies