def create_department_group(keycloak_admin: keycloak.KeycloakAdmin, department: Department, parent_id=None, path="/"): with start_action(action_type="create_department_group", department=department.internal_name, path=path): # Create or update group keycloak_admin.create_group({"name": department.internal_name, "attributes": {"display_name": [department.name]}}, parent=parent_id, skip_exists=True) # Extend path path += department.internal_name # Get group id try: created_group = keycloak_admin.get_group_by_path(path, search_in_subgroups=True) except keycloak.KeycloakGetError as e: log_message(message_type="get_group_failed", exception=e) return # Add slash to group path path += "/" # Create groups for sub departments subgroup_names = [] for sub_department in department.children: create_department_group(keycloak_admin, sub_department, parent_id=created_group["id"], path=path) subgroup_names.append(sub_department.internal_name) # Delete old subgroups for old_group in created_group["subGroups"]: if old_group["name"] not in subgroup_names: keycloak_admin.delete_group(old_group["id"])
class KeycloakHelper: def __init__(self, base_url: str, realm: str, username: str, password: str): self.base_url: str = base_url self.realm: str = realm self.username: str = username self.password: str = password self.keycloak_admin: Union[KeycloakAdmin, None] = None self._authentificate() self.user_endpoint = f"{self.base_url}/admin/realms/{self.realm}/users" self.group_endpoint = f"{self.base_url}/admin/realms/{self.realm}/groups" def _authentificate(self): self.keycloak_admin = KeycloakAdmin(server_url=self.base_url, username=self.username, password=self.password, verify=True) self.keycloak_admin.realm_name = self.realm @classmethod def from_config(cls, config): return cls( base_url=config.KEYCLOAK_BASE_URL, realm=config.KEYCLOAK_REALM, username=config.KEYCLOAK_USERNAME, password=config.KEYCLOAK_PASSWORD ) def update_user_at_creation(self, user_id: str, first_name: str, last_name: str, attributes: dict) -> bool: self._authentificate() body = { "firstName": first_name, "lastName": last_name, "attributes": attributes } current_app.logger.info(f"User id : {user_id}") self.keycloak_admin.update_user(user_id=user_id, payload=body) return True def update_user_attributes(self, user_id: str, attributes: dict) -> bool: self._authentificate() body = { "attributes": attributes } self.keycloak_admin.update_user(user_id=user_id, payload=body) return True def assign_to_group(self, user_id: str, group_name: str) -> bool: self._authentificate() current_app.logger.info(f"group_name {group_name}") group_id = self.keycloak_admin.get_group_by_path(f"/{group_name}")["id"] self.keycloak_admin.group_user_add(user_id=user_id, group_id=group_id) return True
class KeycloakHelper: def __init__(self, base_url: str, realm: str, username: str, password: str): self.base_url: str = base_url self.realm: str = realm self.username: str = username self.password: str = password self.keycloak_admin: Union[KeycloakAdmin, None] = None self._authentificate() self.user_endpoint = f"{self.base_url}/admin/realms/{self.realm}/users" self.group_endpoint = f"{self.base_url}/admin/realms/{self.realm}/groups" def _authentificate(self): self.keycloak_admin = KeycloakAdmin(server_url=self.base_url, username=self.username, password=self.password, verify=True) self.keycloak_admin.realm_name = self.realm @classmethod def from_config(cls, config): return cls(base_url=config.KEYCLOAK_BASE_URL, realm=config.KEYCLOAK_REALM, username=config.KEYCLOAK_USERNAME, password=config.KEYCLOAK_PASSWORD) def update_user_at_creation(self, user_id: str, first_name: str, last_name: str, attributes: dict) -> bool: self._authentificate() body = { "firstName": first_name, "lastName": last_name, "attributes": attributes } self.keycloak_admin.update_user(user_id=user_id, payload=body) return True def update_user_attributes(self, user_id: str, attributes: dict) -> bool: self._authentificate() body = {"attributes": attributes} self.keycloak_admin.update_user(user_id=user_id, payload=body) return True def assign_to_group(self, user_id: str, group_name: str) -> bool: self._authentificate() group_id = self.keycloak_admin.get_group_by_path( f"/{group_name}")["id"] self.keycloak_admin.group_user_add(user_id=user_id, group_id=group_id) return True def create_user_from_invitation(self, email: str): self._authentificate() user_id = self.keycloak_admin.create_user({ "email": email, "username": email, "enabled": True, "requiredActions": ["UPDATE_PASSWORD", "UPDATE_PROFILE", "VERIFY_EMAIL"] }) return user_id def send_update_email(self, user_id): self._authentificate() response = self.keycloak_admin.send_update_account( user_id=user_id, payload=json.dumps( ['UPDATE_PASSWORD', 'UPDATE_PROFILE', 'VERIFY_EMAIL']))
# Delete client roles of a user. keycloak_admin.delete_client_roles_of_user(client_id="client_id", user_id="user_id", roles={"id": "role-id"}) keycloak_admin.delete_client_roles_of_user(client_id="client_id", user_id="user_id", roles=[{"id": "role-id_1"}, {"id": "role-id_2"}]) # Create new group group = keycloak_admin.create_group(name="Example Group") # Get all groups groups = keycloak_admin.get_groups() # Get group group = keycloak_admin.get_group(group_id='group_id') # Get group by name group = keycloak_admin.get_group_by_path(path='/group/subgroup', search_in_subgroups=True) # Function to trigger user sync from provider sync_users(storage_id="storage_di", action="action") # Get client role id from name role_id = keycloak_admin.get_client_role_id(client_id=client_id, role_name="test") # Get all roles for the realm or client realm_roles = keycloak_admin.get_roles() # Assign client role to user. Note that BOTH role_name and role_id appear to be required. keycloak_admin.assign_client_role(client_id=client_id, user_id=user_id, role_id=role_id, role_name="test") # Get all ID Providers idps = keycloak_admin.get_idps()