def create_client_permission(self, client: dict, permission: dict) -> None:
"""
Cria uma permission para um cliente
:param client: dict
:param permission: dict
:return: None
"""
url = ""
client = ClientRepresentation.from_dict(client)
c = {}
c = self.find_by_client_id(client.clientId)[0]
p: PermissionRepresentation = PermissionRepresentation.from_dict(
permission)
if p.scopes is not None:
p.type = "scope"
url = self.keycloak_url + "auth/admin/realms/" + self.keycloak_realms + "/clients/" + c.get(
"id") + "/authz/resource-server/permission/scope"
else:
p.type = "resource"
url = self.keycloak_url + "auth/admin/realms/" + self.keycloak_realms + "/clients/" + c.get(
"id") + "/authz/resource-server/permission/resource"
response = requests.post(url=url,
headers=self.headers,
json=p.__dict__)
if (response.status_code == 409):
print("Permission: " + p.name + " já existe para o cliente " +
client.clientId)
elif (response.status_code == 201):
print("Permission: " + p.name + " criado para o cliente " +
client.clientId)
else:
print(response)
def associate_roles_group(self, role_name: str, group_name: str,
client_id: str):
"""
Associa uma role de um client ao scope de group
:param role_name: Nome da role
:param group_name: Nome do grupo
:param client_id: client id (Não id!)
:return:
"""
client = ClientRepresentation.from_dict(
self.find_by_client_id(client_id)[0])
role = self.find_role_name_client(client, role_name)[0]
group = GroupRepresentation.from_dict(
self.find_groups_by_name(group_name)[0])
url = self.keycloak_url + "auth/admin/realms/" + self.keycloak_realms + "/groups/" + group.id + "/role-mappings/clients/" + client.id
scope = ScopeRoleRepresentation(id=role.get("id"),
name=role.get("name"),
containerId=client.id)
response = requests.post(url=url,
headers=self.headers,
json=[scope.__dict__])
if (response.status_code == 204 or response.status_code == 201):
print("Role " + role_name + " associada ao grupo " + group_name)
else:
print(response)
def create_client_policy(self, client: dict, policy: dict) -> None:
"""
Cria uma policie para um cliente
:param client: dict
:param policy: dict
:return: None
"""
client = ClientRepresentation.from_dict(client)
c = {}
c = self.find_by_client_id(client.clientId)[0]
p = PolicieRoleRepresentation.from_dict(policy)
p.roles = list(
map(
lambda r: {
"id": client.clientId + "/" + r.get("id"),
"required": r.get("required")
}, p.roles))
url = self.keycloak_url + "auth/admin/realms/" + self.keycloak_realms + "/clients/" + c.get(
"id") + "/authz/resource-server/policy/role"
response = requests.post(url=url,
headers=self.headers,
json=p.__dict__)
if (response.status_code == 409):
print("Resource: " + p.name + " já existe para o cliente " +
client.clientId)
elif (response.status_code == 201):
print("Resource: " + p.name + " criado para o cliente " +
client.clientId)
else:
print(response)
def create_client_resource(self, client: dict, resourceDict: dict) -> None:
"""
Cria um recurso para um cliente
:param client: dict
:param resourceDict: dict
:return: None
"""
client = ClientRepresentation.from_dict(client)
resource = ResourceRepresentarion.from_dict(resourceDict)
patch_token = self.get_patch_token(client.clientId, client.secret)
url = self.keycloak_url + "auth/realms/" + self.keycloak_realms + "/authz/protection/resource_set/"
response = requests.post(url=url,
json=resource.__dict__,
headers={
"Authorization":
'Bearer ' + str(patch_token),
"Content-Type": "application/json"
})
if (response.status_code == 409):
print("Resource: " + resource.name + " já existe para o cliente " +
client.clientId)
elif (response.status_code == 201):
print("Resource: " + resource.name + " criado para o cliente " +
client.clientId)
else:
print(response.content)
def find_role_name_client(self, client: ClientRepresentation,
role_name: str) -> list:
client = ClientRepresentation.from_dict(
self.find_by_client_id(client.clientId)[0])
return list(
filter(lambda role: role.get("name") == role_name,
self.list_role_client(client)))
def create_client_role(self, clientDict: dict, role: dict) -> None:
"""
Cria role para um cliente
:param clientDict: dict
:param role: dict
:return:
"""
self.__check_authenticate()
client = ClientRepresentation.from_dict(clientDict)
client = ClientRepresentation.from_dict(
self.find_by_client_id(client.clientId)[0])
role = RoleRepresentation.from_dict(role)
url = self.keycloak_url + 'auth/admin/realms/' + self.keycloak_realms + '/clients/' + client.id + '/roles'
response = requests.post(url=url,
headers=self.headers,
json=role.__dict__)
if (response.status_code == 409):
print("Role: " + role.name + " já existe para o cliente " +
client.clientId)
elif (response.status_code == 201):
print("Role: " + role.name + " criado para o cliente " +
client.clientId)
else:
print(response.content)
def create_client(self, clientDict: dict) -> None:
"""
Cria um cliente no realm keycloak
:param clientDict: dict
:return: None
"""
self.__check_authenticate()
client = ClientRepresentation.from_dict(clientDict)
print("Criando Cliente: " + client.clientId)
url = self.keycloak_url + 'auth/admin/realms/' + self.keycloak_realms + '/clients'
response = requests.post(url=url,
headers=dict(self.headers),
json=client.__dict__)
if (response.status_code == 409):
print("Cliente: " + client.clientId + " já existe")
elif (response.status_code == 201):
print("Cliente: " + client.clientId + " criado")
else:
print(response.content)
def composite_roles_client(self, client_id: str, role_pai_name: str,
roles: list) -> None:
"""
associa um conjunto de roles a uma role pai
:param client_id: client_id (não id!)
:param role_pai_name: O nome da role
:param roles: Lista de string com o nome das roles
:return: None
"""
c = self.find_by_client_id(client_id)[0]
for role in roles:
r = RoleRepresentation.from_dict(
self.find_role_name_client(ClientRepresentation.from_dict(c),
role)[0])
url = self.keycloak_url + "auth/admin/realms/" + self.keycloak_realms + "/clients/" + c.get(
"id") + "/roles/" + role_pai_name + "/composites"
json = [{"id": r.id, "name": r.name}]
response = requests.post(url=url,
json=list(json),
headers=self.headers)
if response.status_code == 204:
print("role " + role_pai_name + " foi composta com " + role)
else:
print(response)