Release (#39)

* Fix develop dockerfile * Change keycloak urls * Fix develop workflow tag * Fix production workflow * Change log message * Change config * Add health check * Fix health check * Add ready health endpoint * Fix issue * Change workflow filenames * Eoepca 910 um keycloak develop an identity api based on keycloak api (#17) * feat: policies endpoints added, not completely * feat: working on update policies * feat: all remaining added, still policy update not working, create and update scope based permission not working * feat: last resource permissions endpoints added and working * fix: changed pyyaml version from 5.4.1 to 5.3.1 * feat: endpoints changed * Update README * Update config * Update config * Update config * Api testing (#18) * feat: added client_id as param to enpoints and other fixes * added changes for permissions endpoints * Update ci * Update ci * Release v1.0.0 * Fix ci * Fix requirements * Fix ci * Upgrade flask version * Update requirements * feat: added error handling (#23) * feat: added validator of register and protect resource enpoint to test * feat: register and protect resources endpoint working * feat: added delete resources, policies and permissions * Update ci * Update ci * Fix ci * Add options method to endpoints * feat: added endpoint to create client, add resources and protect them if provided * Revert "Add options method to endpoints" This reverts commit 9d8c034. * fea: commit fixes * feat: more fixes, some endpoint were dounbled * fix: last fix * Update ci * fix: policies fix, response now return client id and resources created * feat: create client default to confidential and authorization enabled * Convert to FastAPI * Convert to FastAPI * changes to models * Remove file * Add error handling, pydantic models, files restructuring * Fix issues * Handle keycloak error message * added fildes to models and descriptions * Add authenticated field * Clean and reformat * Point to keycloak client 1.0.0 * Change logging * Fix readme * Clean * Change logging * Clean * merge to develop * added default resource to response list * Create default resource * Fix policies issue * Improvements * Change keycloak client to v1.0.0 * Clarify readme * Add log file * Fix gitignore * Fix dockerfile * Change logging * Change settings to pydantic * Clean and reformat * Update to keycloak client 1.0.1 * Remove log file * Update gitignore * Change default scope * Fix bugs * Bump client version * Fix update resources * Update requirements.txt * Update requirements.txt * Fix bug * Fix bugs --------- Co-authored-by: flaviorosadme <82375986+flaviorosadme@users.noreply.github.com> Co-authored-by: flaviorosadme <flavio.rosa@deimos.com.pt>
EOEPCA · Dec 19, 2023 · a2af0a0 · a2af0a0
1 parent b7a0944
commit a2af0a0
Show file tree

Hide file tree

Showing 4 changed files with 103 additions and 50 deletions.
diff --git a/app/models/permissions.py b/app/models/permissions.py
@@ -40,17 +40,12 @@ class ScopePermission(APIBaseModel):
     description: Optional[str] = Field(description="Scope policy description")
 
 
-class Group(APIBaseModel):
-    id: str = Field(description="Group id")
-    path: str = Field(description="Group path")
-
-
 class GroupPermission(APIBaseModel):
     logic: Optional[Logic] = Field(Logic.POSITIVE, description="Logic to apply, either POSITIVE or NEGATIVE")
     decisionStrategy: Optional[DecisionStrategy] = Field(DecisionStrategy.UNANIMOUS.value,
                                                          description="Decision strategy to decide how to apply permissions")
     name: str = Field(description="Group policy name")
-    groups: List[Group] = Field(description="Group policy groups")
+    groups: List[str] = Field(description="Group policy groups")
     groupsClaim: Optional[str] = Field(description="Group policy groups claim")
     description: Optional[str] = Field(description="Group policy description")
 
@@ -67,6 +62,7 @@ class RegexPermission(APIBaseModel):
 
 class Role(APIBaseModel):
     id: str = Field(description="Role id")
+    required: bool = Field(description="Required")
 
 
 class RolePermission(APIBaseModel):
@@ -144,6 +140,7 @@ class UserPermission(APIBaseModel):
                                                          description="Decision strategy to decide how to apply permissions")
     name: str = Field(description="User policy name")
     users: List[str] = Field(description="User policy users list")
+    description: Optional[str] = Field(description="User policy description")
 
 
 class ModifyClientPermission(ClientPermission):
@@ -204,4 +201,7 @@ class ResourceBasedPermission(APIBaseModel):
                                                          description="Decision strategy to decide how to apply permissions")
     name: str = Field(description="Resource based permission name")
     resources: List[str] = Field(description="Resource based permission resources")
-    policies: List[str] = Field(description="Resource based permission policies")
+    policies: List[str] = Field(description="Resource based permission policies")
+
+class ManagementPermission(APIBaseModel):
+    enabled: bool = Field(description="Management enabled/disabled")
diff --git a/app/routers/clients_permissions.py b/app/routers/clients_permissions.py
@@ -1,7 +1,7 @@
 from fastapi import APIRouter
 
 from app.keycloak_client import keycloak
-from app.models.permissions import ResourceBasedPermission
+from app.models.permissions import ResourceBasedPermission, ManagementPermission
 
 router = APIRouter(
     prefix="/{client_id}/permissions",
@@ -18,6 +18,10 @@ def get_client_authz_permissions(client_id: str):
 def get_client_management_permissions(client_id: str):
     return keycloak.get_client_management_permissions(client_id)
 
+@router.put("/management")
+def get_client_management_permissions(client_id: str, managementPermission: ManagementPermission):
+    return keycloak.update_client_management_permissions(client_id, managementPermission.model_dump())
+
 
 @router.get("/resources")
 def get_client_resource_permissions(client_id: str):

diff --git a/app/routers/clients_policies.py b/app/routers/clients_policies.py
@@ -23,70 +23,119 @@ def get_client_authz_policies(client_id: str):
 
 
 @router.post("/client")
-def create_client_policy(client_id: str, client_policy: ClientPermission):
-    client_policy = client_policy.model_dump()
-    client_policy["type"] = "client"
-    return keycloak.register_client_policy(client_id, client_policy)
+def create_client_policy(client_id: str, policy: ClientPermission):
+    policy = policy.model_dump()
+    policy["type"] = "client"
+    return keycloak.register_client_policy(client_id, policy)
 
 
 @router.post("/aggregated")
-def create_aggregated_policy(client_id: str, aggregated_policy: AggregatedPermission):
-    aggregated_policy = aggregated_policy.model_dump()
-    aggregated_policy["type"] = "aggregated"
-    return keycloak.register_aggregated_policy(client_id, aggregated_policy)
+def create_aggregated_policy(client_id: str, policy: AggregatedPermission):
+    policy = policy.model_dump()
+    policy["type"] = "aggregated"
+    return keycloak.register_aggregated_policy(client_id, policy)
 
 
 @router.post("/scope")
-def create_client_scope_policy(client_id: str, scope_policy: ScopePermission):
-    scope_policy = scope_policy.model_dump()
-    scope_policy["type"] = "scope"
-    return keycloak.register_client_scope_policy(client_id, scope_policy)
+def create_client_scope_policy(client_id: str, policy: ScopePermission):
+    policy = policy.model_dump()
+    policy["type"] = "scope"
+    return keycloak.register_client_scope_policy(client_id, policy)
 
 
 @router.post("/group")
-def create_group_policy(client_id: str, group_policy: GroupPermission):
-    group_policy = group_policy.model_dump()
-    group_policy["type"] = "group"
-    return keycloak.register_group_policy(client_id, group_policy)
+def create_group_policy(client_id: str, policy: GroupPermission):
+    policy = policy.model_dump()
+    policy["type"] = "group"
+    return keycloak.register_group_policy(client_id, policy)
 
 
 @router.post("/regex")
-def create_regex_policy(client_id: str, regex_policy: RegexPermission):
-    regex_policy = regex_policy.model_dump()
-    regex_policy["type"] = "regex"
-    return keycloak.register_regex_policy(client_id, regex_policy)
+def create_regex_policy(client_id: str, policy: RegexPermission):
+    policy = policy.model_dump()
+    policy["type"] = "regex"
+    return keycloak.register_regex_policy(client_id, policy)
 
 
 @router.post("/role")
-def create_role_policy(client_id: str, role_policy: RolePermission):
-    role_policy = role_policy.model_dump()
-    role_policy["type"] = "role"
-    return keycloak.register_role_policy(client_id, role_policy)
+def create_role_policy(client_id: str, policy: RolePermission):
+    policy = policy.model_dump()
+    policy["type"] = "role"
+    return keycloak.register_role_policy(client_id, policy)
 
 
 @router.post("/time")
 def create_time_policy(client_id: str,
-                       time_policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
+                       policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
                                     YearTimePermission | HourTimePermission | MinuteTimePermission):
-    time_policy = time_policy.model_dump()
-    time_policy["type"] = "time"
-    return keycloak.register_time_policy(client_id, time_policy)
+    policy = policy.model_dump()
+    policy["type"] = "time"
+    return keycloak.register_time_policy(client_id, policy)
 
 
 @router.post("/user")
-def create_user_policy(client_id: str, user_policy: UserPermission):
-    user_policy = user_policy.model_dump()
-    user_policy["type"] = "user"
-    return keycloak.register_user_policy(client_id, user_policy)
-
-
-@router.put("/{policy_id}")
-def update_policy(client_id: str, policy_id: str,
-                  policy: ModifyClientPermission | ModifyAggregatedPermission | ModifyScopePermission |
-                          ModifyRegexPermission | ModifyRolePermission | ModifyRelativeTimePermission | ModifyDayMonthTimePermission |
-                          ModifyMonthTimePermission | ModifyYearTimePermission | ModifyHourTimePermission | ModifyMinuteTimePermission |
-                          ModifyUserPermission):
-    return keycloak.update_policy(client_id, policy_id, policy.model_dump())
+def create_user_policy(client_id: str, policy: UserPermission):
+    policy = policy.model_dump()
+    policy["type"] = "user"
+    return keycloak.register_user_policy(client_id, policy)
+
+
+@router.put("/client/{policy_id}")
+def update_client_policy(client_id: str, policy_id: str, policy: ClientPermission):
+    policy = policy.model_dump()
+    policy["type"] = "client"
+    return keycloak.update_policy(client_id, policy_id, policy)
+
+
+@router.put("/aggregated/{policy_id}")
+def update_aggregated_policy(client_id: str, policy_id: str, policy: AggregatedPermission):
+    policy = policy.model_dump()
+    policy["type"] = "aggregated"
+    return keycloak.update_policy(client_id, policy_id, policy)
+
+
+@router.put("/scope/{policy_id}")
+def update_client_scope_policy(client_id: str, policy_id: str, policy: ScopePermission):
+    scope_policy = policy.model_dump()
+    scope_policy["type"] = "scope"
+    return keycloak.update_policy(client_id, policy_id, policy)
+
+
+@router.put("/group/{policy_id}")
+def update_group_policy(client_id: str, policy_id: str, policy: GroupPermission):
+    group_policy = policy.model_dump()
+    group_policy["type"] = "group"
+    return keycloak.update_policy(client_id, policy_id, policy)
+
+
+@router.put("/regex/{policy_id}")
+def update_regex_policy(client_id: str, policy_id: str, policy: RegexPermission):
+    policy = policy.model_dump()
+    policy["type"] = "regex"
+    return keycloak.update_policy(client_id, policy_id, policy)
+
+
+@router.put("/role/{policy_id}")
+def update_role_policy(client_id: str, policy_id: str, policy: RolePermission):
+    policy = policy.model_dump()
+    policy["type"] = "role"
+    return keycloak.update_policy(client_id, policy_id, policy)
+
+
+@router.put("/time/{policy_id}")
+def update_time_policy(client_id: str, policy_id: str,
+                       policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
+                               YearTimePermission | HourTimePermission | MinuteTimePermission):
+    policy = policy.model_dump()
+    policy["type"] = "time"
+    return keycloak.update_policy(client_id, policy_id, policy)
+
+
+@router.put("/user/{policy_id}")
+def update_user_policy(client_id: str, policy_id: str, policy: UserPermission):
+    policy = policy.model_dump()
+    policy["type"] = "user"
+    return keycloak.update_policy(client_id, policy_id, policy)
 
 
 @router.delete("/{policy_id}")

diff --git a/requirements.txt b/requirements.txt
@@ -7,4 +7,4 @@ retry==0.9.2
 urllib3==2.0.7
 pydantic==2.5.0
 pydantic-settings==2.1.0
-identityutils @ git+https://github.com/eoepca/um-identity-service@v1.0.9
+identityutils @ git+https://github.com/eoepca/um-identity-service@v1.0.10