def delete(self, request, user_name):
"""
Delete a user
Args:
request: Django rest framework request
user_name: User name of user to delete
Returns:
None
"""
# DP TODO: verify user_name is not an admin
if user_name == 'bossadmin':
msg = "Cannot delete user bossadmin from Keycloak".format(
user_name)
return BossKeycloakError(msg)
else:
try:
with self.get_keycloak_client() as kc:
kc.delete_user(user_name)
return Response(status=204)
except KeyCloakError:
msg = "Error deleting user '{}' from Keycloak".format(
user_name)
return BossKeycloakError(msg)
def delete(self, request, user_name, role_name):
"""
Unasign a role from a user
Args:
request: Django rest framework request
user_name: User name of user to unassign role from
role_name : Role name of role to unassign from user
Returns:
None
"""
# DP NOTE: admin role has to be removed manually in Keycloak
if role_name == 'admin':
return BossHTTPError("Cannot remove 'admin' role",
ErrorCodes.INVALID_ROLE)
# DP NOTE: user-manager role can only be modified by an admin
if role_name == 'user-manager':
resp = check_for_admin(request.user)
if resp is not None:
return resp
try:
with self.get_keycloak_client() as kc:
response = kc.remove_role_from_user(user_name, role_name)
return Response(status=204)
except KeyCloakError:
msg = "Unable to remove role '{}' from user '{}' in Keycloak".format(
role_name, user_name)
return BossKeycloakError(msg)
def get(self, request, user_name, role_name=None):
"""
Multi-function method
1) If role_name is None, return all roles assigned to the user
2) If role_name is not None, return True/False if the user
is assigned the given role
Args:
request: Django rest framework request
user_name: User name of the user to check
role_name: Name of the role to check, or None to return all roles
Returns:
True if the user has the role or a list of all assigned roles
"""
try:
with self.get_keycloak_client() as kc:
resp = kc.get_realm_roles(user_name)
roles = [r['name'] for r in resp]
roles = filter_roles(roles)
if role_name is None:
return Response(roles, status=200)
else:
exists = role_name in roles
return Response(exists, status=200)
except KeyCloakError:
msg = "Error getting user '{}' role's from Keycloak".format(
user_name)
return BossKeycloakError(msg)
def get(self, request, user_name=None):
"""
Get information about a user
Args:
request: Django rest framework request
user_name: User name to get information about
Returns:
JSON dictionary of user data
"""
try:
with self.get_keycloak_client() as kc:
if user_name is None: # Get all users
search = request.GET.get('search')
response = kc.get_all_users(search)
return Response(response, status=200)
else:
response = kc.get_userdata(user_name)
roles = kc.get_realm_roles(user_name)
response["realmRoles"] = filter_roles(
[r['name'] for r in roles])
return Response(response, status=200)
except KeyCloakError:
msg = "Error getting user '{}' from Keycloak".format(user_name)
return BossKeycloakError(msg)
def post(self, request, user_name, role_name):
"""
Assign a role to a user
Args:
request: Django rest framework request
user_name: User name of user to assign role to
role_name : Role name of role to assign to user
Returns:
None
"""
# DP NOTE: admin role has to be assigned manually in Keycloak
if role_name == 'admin':
return BossHTTPError("Cannot assign 'admin' role",
ErrorCodes.INVALID_ROLE)
# DP NOTE: user-manager role can only be modified by an admin
if role_name == 'user-manager':
resp = check_for_admin(request.user)
if resp is not None:
return resp
try:
with KeyCloakClient('BOSS') as kc:
response = kc.map_role_to_user(user_name, role_name)
return Response(status=201)
except KeyCloakError:
msg = "Unable to map role '{}' to user '{}' in Keycloak".format(
role_name, user_name)
return BossKeycloakError(msg)
def post(self, request, user_name):
"""
Create a new user
Args:
request: Django rest framework request
user_name: User name of the user to create
Returns:
None
Note: User's data is passed as json data in the request
"""
user_data = request.data.copy()
# Keep track of what has been created, so in the catch block we can
# delete them when there is an error in another step of create user
user_created = False
try:
with self.get_keycloak_client() as kc:
# DP NOTE: email also has to be unique, in the current configuration of Keycloak
data = {
"username": user_name,
"firstName": user_data.get('first_name'),
"lastName": user_data.get('last_name'),
"email": user_data.get('email'),
"enabled": True
}
data = json.dumps(data)
response = kc.create_user(data)
user_created = True
data = {
"type": "password",
"temporary": False,
"value": user_data.get('password')
}
kc.reset_password(user_name, data)
return Response(status=201)
except KeyCloakError:
# cleanup created objects
if True in [user_created]:
try:
with self.get_keycloak_client() as kc:
try:
if user_created:
kc.delete_user(user_name)
except:
LOG.exception(
"Error deleting user '{}'".format(user_name))
except:
LOG.exception(
"Error communicating with Keycloak to delete created user and primary group"
)
msg = "Error addng user '{}' to Keycloak".format(user_name)
return BossKeycloakError(msg)
def delete(self, request, user_name):
"""
Delete a user
Args:
request: Django rest framework request
user_name: User name of user to delete
Returns:
None
"""
try:
with KeyCloakClient('BOSS') as kc:
kc.delete_user(user_name)
return Response(status=204)
except KeyCloakError:
msg = "Error deleting user '{}' from Keycloak".format(user_name)
return BossKeycloakError(msg)
def get(self, request, user_name):
"""
Get information about a user
Args:
request: Django rest framework request
user_name: User name to get information about
Returns:
JSON dictionary of user data
"""
try:
with KeyCloakClient('BOSS') as kc:
response = kc.get_userdata(user_name)
roles = kc.get_realm_roles(user_name)
response["realmRoles"] = filter_roles(
[r['name'] for r in roles])
return Response(response, status=200)
except KeyCloakError:
msg = "Error getting user '{}' from Keycloak".format(user_name)
return BossKeycloakError(msg)
def delete(self, request, user_name, role_name):
"""
Unasign a role from a user
Args:
request: Django rest framework request
user_name: User name of user to unassign role from
role_name : Role name of role to unassign from user
Returns:
None
"""
try:
with KeyCloakClient('BOSS') as kc:
response = kc.remove_role_from_user(user_name, role_name)
return Response(status=204)
except KeyCloakError:
msg = "Unable to remove role '{}' from user '{}' in Keycloak".format(
role_name, user_name)
return BossKeycloakError(msg)
def post(self, request, user_name, role_name):
"""
Assign a role to a user
Args:
request: Django rest framework request
user_name: User name of user to assign role to
role_name : Role name of role to assign to user
Returns:
None
"""
try:
with KeyCloakClient('BOSS') as kc:
response = kc.map_role_to_user(user_name, role_name)
return Response(status=201)
except KeyCloakError:
msg = "Unable to map role '{}' to user '{}' in Keycloak".format(
role_name, user_name)
return BossKeycloakError(msg)