From fe39ad3cfedca0fd3bf6f883ec52f6cedf8ba752 Mon Sep 17 00:00:00 2001 From: Kevin Bannier Date: Wed, 25 Oct 2023 14:09:06 +0200 Subject: [PATCH] feat: Add endpoints to get/update management permissions on IdP, and delete mapper to IdP --- src/keycloak/keycloak_admin.py | 74 +++++++++++++++++++++++++++++++++- src/keycloak/urls_patterns.py | 1 + 2 files changed, 74 insertions(+), 1 deletion(-) diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py index a5052f3c..c5bf5fd0 100644 --- a/src/keycloak/keycloak_admin.py +++ b/src/keycloak/keycloak_admin.py @@ -29,7 +29,7 @@ import copy import json from builtins import isinstance -from typing import Optional +from typing import Any, Dict, Optional import deprecation from requests_toolbelt import MultipartEncoder @@ -739,6 +739,27 @@ def update_mapper_in_idp(self, idp_alias, mapper_id, payload): return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[204]) + def delete_mapper_to_idp(self, idp_alias: str, mapper_id: str) -> Dict[str, Any]: + """Delete an IDP mapper. + + IdentityProviderRepresentation + https://www.keycloak.org/docs-api/22.0.5/rest-api/index.html#_identityprovidermapperrepresentation + + :param: idp_alias: alias for Idp to add mapper in + :type idp_alias: str + :param: mapper_id: ID of mapper + :type mapper_id: str + :returns: Keycloak server response + :rtype: dict + """ + params_path = { + "realm-name": self.connection.realm_name, # type:ignore + "idp-alias": idp_alias, + "mapper-id": mapper_id, + } + data_raw = self.raw_delete(urls_patterns.URL_ADMIN_IDP_MAPPER_UPDATE.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204]) + def get_idp_mappers(self, idp_alias): """Get IDP mappers. @@ -785,6 +806,57 @@ def delete_idp(self, idp_alias): data_raw = self.connection.raw_delete(urls_patterns.URL_ADMIN_IDP.format(**params_path)) return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204]) + def get_idp_management_permissions(self, idp_alias: str) -> Dict[str, Any]: + """Get management permissions for a client. + + ManagementPermissionReference + https://www.keycloak.org/docs-api/22.0.5/rest-api/index.html#_managementpermissionreference + + :param: idp_alias: idp alias name + :type idp_alias: str + :returns: Keycloak server response + :rtype: dict + """ + params_path = { + "realm-name": self.connection.realm_name, # type:ignore + "alias": idp_alias, + } + data_raw = self.raw_get( + urls_patterns.URL_ADMIN_IDP_MANAGEMENT_PERMISSIONS.format(**params_path) + ) + return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200]) + + def update_idp_management_permissions( + self, idp_alias: str, payload: Dict[str, Any] + ) -> Dict[str, Any]: + """Update management permissions for a client. + + ManagementPermissionReference + https://www.keycloak.org/docs-api/22.0.5/rest-api/index.html#_managementpermissionreference + + :param: idp_alias: idp alias name + :type idp_alias: str + :param payload: ManagementPermissionReference + :type payload: dict + :returns: Keycloak server response + :rtype: dict + + Payload example:: + + payload={ + "enabled": true + } + """ + params_path = { + "realm-name": self.connection.realm_name, # type:ignore + "alias": idp_alias, + } + data_raw = self.raw_put( + urls_patterns.URL_ADMIN_IDP_MANAGEMENT_PERMISSIONS.format(**params_path), + data=json.dumps(payload), + ) + return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[200]) + def create_user(self, payload, exist_ok=False): """Create a new user. diff --git a/src/keycloak/urls_patterns.py b/src/keycloak/urls_patterns.py index bb5042e2..2d35f21f 100644 --- a/src/keycloak/urls_patterns.py +++ b/src/keycloak/urls_patterns.py @@ -147,6 +147,7 @@ URL_ADMIN_IDP_MAPPERS = "admin/realms/{realm-name}/identity-provider/instances/{idp-alias}/mappers" URL_ADMIN_IDP_MAPPER_UPDATE = URL_ADMIN_IDP_MAPPERS + "/{mapper-id}" URL_ADMIN_IDP = "admin/realms/{realm-name}/identity-provider/instances/{alias}" +URL_ADMIN_IDP_MANAGEMENT_PERMISSIONS = URL_ADMIN_IDP + "/management/permissions" URL_ADMIN_REALM_ROLES_ROLE_BY_NAME = "admin/realms/{realm-name}/roles/{role-name}" URL_ADMIN_REALM_ROLES_COMPOSITE_REALM_ROLE = ( "admin/realms/{realm-name}/roles/{role-name}/composites"