class KeycloakAdm(object): def __init__(self): self.ClientId = "admin-cli" self.Realm = "zdr" self.Username = "******" self.Password = "******" self.FQDN = "auth.mydomain.dev" self.keycloak_admin = KeycloakAdmin(server_url="https://" + self.FQDN + "/auth/", username=self.Username, password=self.Password, realm_name=self.Realm, verify=True) self.keycloak_users = self.keycloak_admin.get_users({}) self.client_id = self.keycloak_admin.get_client_id("crm") def __del__(self): # Get users Returns a list of users, filtered according to query parameters users = self.keycloak_admin.get_users({}) for user in users: if user['username'] == self.Username: my_sessions = self.keycloak_admin.get_sessions(user['id']) for my_session in my_sessions: ret = self.keycloak_admin.connection.raw_delete( "admin/realms/" + self.Realm + "/sessions/" + my_session['id']) def GetLastUserSessionTime(self, user): lastAccess = None sessions = self.keycloak_admin.get_sessions(user['id']) for sess in sessions: sestime = int(sess['lastAccess']) if lastAccess is not None: if lastAccess < sestime: lastAccess = sestime else: lastAccess = sestime return lastAccess def GetIdBySip(self, sip): lastAccess = None retId = None for user in self.keycloak_users: if 'attributes' in user: attributes = user['attributes'] if 'sip' in attributes: if str(attributes['sip'][0]) == str(sip): if self.GetClientRoleOfUserByRoleName( 'dev', user['id']) == None: sestime = self.GetLastUserSessionTime(user) if lastAccess is not None: if lastAccess < sestime: lastAccess = sestime retId = user['id'] else: lastAccess = sestime retId = user['id'] return retId def GetNameBySip(self, sip): lastAccess = None ret = None for user in self.keycloak_users: if 'attributes' in user: attributes = user['attributes'] if 'sip' in attributes: if str(attributes['sip'][0]) == str(sip): if self.GetClientRoleOfUserByRoleName( 'dev', user['id']) == None: sestime = self.GetLastUserSessionTime(user) if lastAccess is not None: if lastAccess < sestime: lastAccess = sestime ret = user['username'] else: lastAccess = sestime ret = user['username'] return ret def GetClientRoleOfUserByRoleName(self, roleName, userID): rolesOfUser = self.keycloak_admin.get_client_roles_of_user( user_id=userID, client_id=self.client_id) #keycloak_admin.get_available_client_roles_of_user(user_id="user_id", client_id="client_id") #print user['username'], user['id'] for role in rolesOfUser: if roleName == role['name']: return role return None
# Get client role role = keycloak_admin.get_client_role(client_id="client_id", role_name="role_name") # Warning: Deprecated # Get client role id from name role_id = keycloak_admin.get_client_role_id(client_id="client_id", role_name="test") # Create client role keycloak_admin.create_client_role(client_id='client_id', {'name': 'roleName', 'clientRole': True}) # Assign client role to user. Note that BOTH role_name and role_id appear to be required. keycloak_admin.assign_client_role(client_id="client_id", user_id="user_id", role_id="role_id", role_name="test") # Retrieve client roles of a user. keycloak_admin.get_client_roles_of_user(user_id="user_id", client_id="client_id") # Retrieve available client roles of a user. keycloak_admin.get_available_client_roles_of_user(user_id="user_id", client_id="client_id") # Retrieve composite client roles of a user. keycloak_admin.get_composite_client_roles_of_user(user_id="user_id", client_id="client_id") # Delete client roles of a user. keycloak_admin.delete_client_roles_of_user(client_id="client_id", user_id="user_id", roles={"id": "role-id"}) keycloak_admin.delete_client_roles_of_user(client_id="client_id", user_id="user_id", roles=[{"id": "role-id_1"}, {"id": "role-id_2"}]) # Create new group group = keycloak_admin.create_group(name="Example Group") # Get all groups