def delete_region(keycloak: KeycloakClient, region_id, user):
region = model.Region.query.get(region_id)
if not region:
return problem(404, 'Not Found', f'Region {region_id} does not exist')
if not keycloak.user_check_role(user, ADMIN_ROLE):
if not keycloak.user_check_group(user, region.owner_group):
raise Forbidden("You don't have write access to this region.")
q = model.RegionProduct.query.filter(
model.RegionProduct.region_id == region.id, )
if q.count() > 0:
for relation in q.all():
db.session.delete(relation)
db.session.flush()
db.session.delete(region)
try:
owner_group = keycloak.group_get(region.owner_group)
keycloak.group_delete(owner_group['id'])
logger.info(f'Deleted owners group {owner_group["id"]}')
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error',
f'Failed to delete owner group in Keycloak, {e}')
db.session.commit()
logger.info(
f'Region {region.name} (id {region.id}) deleted by user {user}')
def get_current_user(user):
try:
return get_keycloak().user_get(user), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def list_user_groups(id):
try:
return get_keycloak().user_group_list(id), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def get_role(id):
try:
return get_keycloak().role_get(id), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def get_user(keycloak: KeycloakClient, user_id):
try:
user_data = keycloak.user_get(user_id)
return user_data | {'_href': _user_href(user_data)}
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def add_user_group(id, body):
try:
get_keycloak().group_user_add(id, body['id'])
return {}, 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def get_role(keycloak: KeycloakClient, role_id):
try:
role_data = keycloak.role_get(role_id)
return role_data | {'_href': _role_href(role_data)}
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def add_user_group(keycloak: KeycloakClient, user_id, body, user):
try:
keycloak.group_user_add(user_id, body['id'])
return {}, 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def delete_user_group(id):
try:
get_keycloak().group_user_remove(id, request.json['id'])
return {}, 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def get_group(keycloak: KeycloakClient, group_id):
try:
group_data = keycloak.group_get(group_id)
return group_data | {'_href': _group_href(group_data)}
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def delete_role(keycloak: KeycloakClient, role_id, user):
try:
keycloak.role_delete(role_id)
logger.info(f'Deleted role {role_id}')
return {}, 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def update_user(id, body):
try:
get_keycloak().user_update(id, body)
logger.info(f'Updated user {id}')
return get_keycloak().user_get(id), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def create_role(body):
try:
role_id = get_keycloak().role_create(body)
logger.info(f'Create role {role_id}')
return get_keycloak().role_get(role_id), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def delete_user(id):
try:
get_keycloak().user_delete(id)
logger.info(f'Deleted user {id}')
return {}, 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def delete_group(keycloak: KeycloakClient, group_id, user):
try:
keycloak.group_delete(group_id)
logger.info(f'Deleted group {group_id}')
return {}, 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def create_user(body):
try:
user_id = get_keycloak().user_create(body)
logger.info(f'Created user {user_id}')
return get_keycloak().user_get(user_id), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def create_group(body):
try:
group_id = get_keycloak().group_create(body)
logger.info(f'Created group {id}')
return get_keycloak().group_get(group_id), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def update_user(keycloak: KeycloakClient, user_id, body, user):
try:
keycloak.user_update(user_id, body)
logger.info(f'Updated user {user_id}')
user_data = keycloak.user_get(user_id)
return user_data | {'_href': _user_href(user_data)}
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def list_groups(keycloak: KeycloakClient):
try:
return [
group | {'_href': _group_href(group)}
for group in keycloak.group_list()
]
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def update_role(id, body):
try:
get_keycloak().role_update(id, body)
role_name = body['name']
logger.info(f'Updated role {id}')
return get_keycloak().role_get(role_name), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def update_group(keycloak: KeycloakClient, group_id, body, user):
try:
keycloak.group_update(group_id, body)
logger.info(f'Updated group {group_id}')
group_data = keycloak.group_get(group_id)
return group_data | {'_href': _group_href(group_data)}
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def create_role(keycloak: KeycloakClient, body, user):
try:
role_id = keycloak.role_create(body)
logger.info(f'Create role {role_id}')
role_data = keycloak.role_get(role_id)
return role_data | {'_href': _role_href(role_data)}
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def get_token_info():
# Bearer auth is enforced by connexion (see openapi spec)
_, access_token = request.headers['Authorization'].split()
try:
return get_keycloak().token_info(access_token), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def list_roles(keycloak: KeycloakClient):
try:
return [
role | {
'_href': _role_href(role)
} for role in keycloak.role_list()
]
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def list_group_users(keycloak: KeycloakClient, group_id):
try:
from rhub.api.auth.user import _user_href
return [
user | {'_href': _user_href(user)}
for user in keycloak.group_user_list(group_id)
]
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def update_role(keycloak: KeycloakClient, role_id, body, user):
try:
keycloak.role_update(role_id, body)
role_name = body['name']
logger.info(f'Updated role {role_id}')
role_data = keycloak.role_get(role_name)
return role_data | {'_href': _role_href(role_data)}
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def list_user_groups(keycloak: KeycloakClient, user_id):
try:
from rhub.api.auth.group import _group_href
return [
group | {
'_href': _group_href(group)
} for group in keycloak.user_group_list(user_id)
]
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def create_token():
if not request.authorization:
return problem(401, 'Unauthorized', 'Missing basic auth credentials')
username = request.authorization['username']
password = request.authorization['password']
try:
return get_keycloak().login(username, password), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def refresh_token():
if 'Authorization' not in request.headers:
return problem(401, 'Unauthorized', 'Missing refresh token')
try:
_, refresh_token = request.headers['Authorization'].split()
except Exception:
return problem(401, 'Unauthorized', 'Invalid token')
try:
return get_keycloak().token_refresh(refresh_token), 200
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def list_users(keycloak: KeycloakClient,
filter_,
page=0,
limit=DEFAULT_PAGE_LIMIT):
try:
return [
user | {
'_href': _user_href(user)
} for user in keycloak.user_list({
'first': page * limit,
'max': limit,
**filter_,
})
]
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
