Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release #41

Merged
merged 109 commits into from
Feb 27, 2024
Merged

Release #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
109 commits
Select commit Hold shift + click to select a range
4e6b9eb
Fix develop dockerfile
daniel-pimenta-DME Jul 5, 2023
918d4c6
Change keycloak urls
daniel-pimenta-DME Jul 5, 2023
ba4b8b6
Fix develop workflow tag
daniel-pimenta-DME Jul 5, 2023
5796045
Fix production workflow
daniel-pimenta-DME Jul 5, 2023
9f4d9c2
Change log message
daniel-pimenta-DME Jul 5, 2023
45704b4
Change config
daniel-pimenta-DME Jul 5, 2023
8fefb80
Add health check
daniel-pimenta-DME Jul 5, 2023
e2b6f3f
Fix health check
daniel-pimenta-DME Jul 5, 2023
e9b702d
Add ready health endpoint
daniel-pimenta-DME Jul 5, 2023
7ad7d20
Fix issue
daniel-pimenta-DME Jul 5, 2023
94c2d7e
Change workflow filenames
daniel-pimenta-DME Jul 5, 2023
4667b27
Eoepca 910 um keycloak develop an identity api based on keycloak api …
flaviorosadme Jul 25, 2023
e8f2581
Update README
daniel-pimenta-DME Aug 21, 2023
7726408
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Aug 21, 2023
6743f64
Update config
daniel-pimenta-DME Sep 26, 2023
f9c6a84
Update config
daniel-pimenta-DME Sep 26, 2023
8468ce0
Update config
daniel-pimenta-DME Sep 26, 2023
c170db2
Api testing (#18)
flaviorosadme Oct 9, 2023
cf2d35a
Update ci
daniel-pimenta-DME Oct 10, 2023
5eecb1e
Update ci
daniel-pimenta-DME Oct 10, 2023
b6a0828
Release v1.0.0
daniel-pimenta-DME Oct 15, 2023
197b1c0
Fix ci
daniel-pimenta-DME Oct 15, 2023
85b8f27
Fix requirements
daniel-pimenta-DME Oct 15, 2023
5aace57
Fix ci
daniel-pimenta-DME Oct 15, 2023
f0ac15a
Merge branch 'master' into develop
daniel-pimenta-DME Oct 15, 2023
e5559d5
Upgrade flask version
daniel-pimenta-DME Oct 15, 2023
b86284c
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Oct 15, 2023
df2ec57
Update requirements
daniel-pimenta-DME Oct 15, 2023
de3ee6c
Merge branch 'master' into develop
daniel-pimenta-DME Oct 15, 2023
c19db10
feat: added error handling (#23)
flaviorosadme Oct 16, 2023
7fda506
feat: added validator of register and protect resource enpoint to test
flaviorosadme Oct 18, 2023
9d51ae6
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
flaviorosadme Oct 18, 2023
ffe7a1d
feat: register and protect resources endpoint working
flaviorosadme Oct 19, 2023
a8c62a6
feat: added delete resources, policies and permissions
flaviorosadme Oct 20, 2023
734244e
Update ci
daniel-pimenta-DME Oct 23, 2023
2de9bfd
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Oct 23, 2023
acc4fed
Update ci
daniel-pimenta-DME Oct 23, 2023
004b489
Fix ci
daniel-pimenta-DME Oct 24, 2023
9d8c034
Add options method to endpoints
daniel-pimenta-DME Oct 29, 2023
e5cdcae
Merge branch 'master' into develop
daniel-pimenta-DME Oct 29, 2023
82a5a5f
feat: added endpoint to create client, add resources and protect them…
flaviorosadme Nov 8, 2023
9ad30a0
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
flaviorosadme Nov 8, 2023
deb3afe
Revert "Add options method to endpoints"
flaviorosadme Nov 8, 2023
63089e0
Merge remote-tracking branch 'origin/master' into develop
flaviorosadme Nov 8, 2023
b3514a6
fea: commit fixes
flaviorosadme Nov 8, 2023
2d6426c
feat: more fixes, some endpoint were dounbled
flaviorosadme Nov 8, 2023
8d77748
fix: last fix
flaviorosadme Nov 8, 2023
7d57858
Update ci
daniel-pimenta-DME Nov 9, 2023
928816d
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Nov 9, 2023
11cae2f
fix: policies fix, response now return client id and resources created
flaviorosadme Nov 10, 2023
31e1db0
feat: create client default to confidential and authorization enabled
flaviorosadme Nov 14, 2023
9d3aae1
Convert to FastAPI
daniel-pimenta-DME Nov 14, 2023
8a8dba0
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Nov 14, 2023
5931be4
Convert to FastAPI
daniel-pimenta-DME Nov 14, 2023
f4d31c5
changes to models
flaviorosadme Nov 14, 2023
025490c
Remove file
daniel-pimenta-DME Nov 14, 2023
c5a0042
Add error handling, pydantic models, files restructuring
daniel-pimenta-DME Nov 15, 2023
32303ec
Fix issues
daniel-pimenta-DME Nov 15, 2023
4c5f607
Handle keycloak error message
daniel-pimenta-DME Nov 15, 2023
fd9b791
added fildes to models and descriptions
flaviorosadme Nov 16, 2023
5030bc6
Add authenticated field
daniel-pimenta-DME Nov 16, 2023
4501347
Clean and reformat
daniel-pimenta-DME Nov 16, 2023
935e825
Point to keycloak client 1.0.0
daniel-pimenta-DME Nov 16, 2023
0389d15
Change logging
daniel-pimenta-DME Nov 16, 2023
c6c3904
Fix readme
daniel-pimenta-DME Nov 16, 2023
e92f49b
Clean
daniel-pimenta-DME Nov 16, 2023
a2fb5d8
Change logging
daniel-pimenta-DME Nov 16, 2023
774cf8f
Clean
daniel-pimenta-DME Nov 16, 2023
077df14
Merge branch 'master' of https://github.com/EOEPCA/um-identity-api in…
daniel-pimenta-DME Nov 16, 2023
4bfbaad
merge to develop
flaviorosadme Nov 16, 2023
2d89460
added default resource to response list
flaviorosadme Nov 16, 2023
6983421
Create default resource
daniel-pimenta-DME Nov 16, 2023
901ae0d
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Nov 16, 2023
a863d4a
Fix policies issue
daniel-pimenta-DME Nov 17, 2023
6ebcea7
Improvements
daniel-pimenta-DME Nov 17, 2023
286ac93
Change keycloak client to v1.0.0
daniel-pimenta-DME Nov 17, 2023
6426ec8
Clarify readme
daniel-pimenta-DME Nov 17, 2023
383cf51
Merge branch 'master' into develop
daniel-pimenta-DME Nov 17, 2023
8b6891e
Add log file
daniel-pimenta-DME Nov 17, 2023
eb0bc07
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Nov 17, 2023
758fe38
Fix gitignore
daniel-pimenta-DME Nov 17, 2023
f14edd4
Fix dockerfile
daniel-pimenta-DME Nov 17, 2023
e851fcc
Change logging
daniel-pimenta-DME Nov 17, 2023
65fbbbc
Change settings to pydantic
daniel-pimenta-DME Nov 17, 2023
96b3f5d
Clean and reformat
daniel-pimenta-DME Nov 17, 2023
7dea166
Merge branch 'master' into develop
daniel-pimenta-DME Nov 17, 2023
0a869ee
Update to keycloak client 1.0.1
daniel-pimenta-DME Nov 22, 2023
d58df5e
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Nov 22, 2023
1375b1a
Remove log file
daniel-pimenta-DME Nov 22, 2023
423f96b
Update gitignore
daniel-pimenta-DME Nov 22, 2023
d5398f5
Change default scope
daniel-pimenta-DME Nov 23, 2023
a72627a
Fix bugs
daniel-pimenta-DME Dec 18, 2023
a3e8dcd
Merge branch 'master' into develop
daniel-pimenta-DME Dec 18, 2023
22ceb77
Bump client version
daniel-pimenta-DME Dec 18, 2023
eaaebfb
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Dec 18, 2023
94e487a
Merge branch 'master' into develop
daniel-pimenta-DME Dec 18, 2023
ce317b0
Fix update resources
daniel-pimenta-DME Dec 18, 2023
f7dd28e
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Dec 18, 2023
8ffd818
Update requirements.txt
daniel-pimenta-DME Dec 18, 2023
7c8d5a0
Merge branch 'master' into develop
daniel-pimenta-DME Dec 18, 2023
5e00ea1
Update requirements.txt
daniel-pimenta-DME Dec 18, 2023
402aec9
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Dec 18, 2023
1a9403e
Merge branch 'master' into develop
daniel-pimenta-DME Dec 18, 2023
237f182
Fix bug
daniel-pimenta-DME Dec 18, 2023
30eb390
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Dec 18, 2023
c38a1c5
Fix bugs
daniel-pimenta-DME Dec 19, 2023
571f872
Merge branch 'master' into develop
daniel-pimenta-DME Dec 19, 2023
c36bb59
Fix public clients creation
daniel-pimenta-DME Feb 27, 2024
9aa71ab
Merge branch 'develop' of https://github.com/EOEPCA/um-identity-api i…
daniel-pimenta-DME Feb 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions app/models/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,17 +40,12 @@ class ScopePermission(APIBaseModel):
description: Optional[str] = Field(description="Scope policy description")


class Group(APIBaseModel):
id: str = Field(description="Group id")
path: str = Field(description="Group path")


class GroupPermission(APIBaseModel):
logic: Optional[Logic] = Field(Logic.POSITIVE, description="Logic to apply, either POSITIVE or NEGATIVE")
decisionStrategy: Optional[DecisionStrategy] = Field(DecisionStrategy.UNANIMOUS.value,
description="Decision strategy to decide how to apply permissions")
name: str = Field(description="Group policy name")
groups: List[Group] = Field(description="Group policy groups")
groups: List[str] = Field(description="Group policy groups")
groupsClaim: Optional[str] = Field(description="Group policy groups claim")
description: Optional[str] = Field(description="Group policy description")

Expand All @@ -67,6 +62,7 @@ class RegexPermission(APIBaseModel):

class Role(APIBaseModel):
id: str = Field(description="Role id")
required: bool = Field(description="Required")


class RolePermission(APIBaseModel):
Expand Down Expand Up @@ -144,6 +140,7 @@ class UserPermission(APIBaseModel):
description="Decision strategy to decide how to apply permissions")
name: str = Field(description="User policy name")
users: List[str] = Field(description="User policy users list")
description: Optional[str] = Field(description="User policy description")


class ModifyClientPermission(ClientPermission):
Expand Down Expand Up @@ -204,4 +201,7 @@ class ResourceBasedPermission(APIBaseModel):
description="Decision strategy to decide how to apply permissions")
name: str = Field(description="Resource based permission name")
resources: List[str] = Field(description="Resource based permission resources")
policies: List[str] = Field(description="Resource based permission policies")
policies: List[str] = Field(description="Resource based permission policies")

class ManagementPermission(APIBaseModel):
enabled: bool = Field(description="Management enabled/disabled")
5 changes: 5 additions & 0 deletions app/routers/clients.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from app.keycloak_client import keycloak
from app.models.clients import Client
from app.routers.clients_resources import register_resources
from app.log import logger

router = APIRouter(
prefix="/clients",
Expand All @@ -15,6 +16,10 @@ def create_client(client: Client):
resources = client.resources
client_dict = client.model_dump()
del client_dict['resources']
if 'publicClient' in client_dict and client_dict['publicClient']:
# public clients requires authorizationServicesEnabled = false
client_dict['authorizationServicesEnabled'] = False
logger.info("client_dict: " + str(client_dict))
response_client = keycloak.create_client(client_dict)
response = {
"client": response_client
Expand Down
6 changes: 5 additions & 1 deletion app/routers/clients_permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from fastapi import APIRouter

from app.keycloak_client import keycloak
from app.models.permissions import ResourceBasedPermission
from app.models.permissions import ResourceBasedPermission, ManagementPermission

router = APIRouter(
prefix="/{client_id}/permissions",
Expand All @@ -18,6 +18,10 @@ def get_client_authz_permissions(client_id: str):
def get_client_management_permissions(client_id: str):
return keycloak.get_client_management_permissions(client_id)

@router.put("/management")
def get_client_management_permissions(client_id: str, managementPermission: ManagementPermission):
return keycloak.update_client_management_permissions(client_id, managementPermission.model_dump())


@router.get("/resources")
def get_client_resource_permissions(client_id: str):
Expand Down
131 changes: 90 additions & 41 deletions app/routers/clients_policies.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,70 +23,119 @@ def get_client_authz_policies(client_id: str):


@router.post("/client")
def create_client_policy(client_id: str, client_policy: ClientPermission):
client_policy = client_policy.model_dump()
client_policy["type"] = "client"
return keycloak.register_client_policy(client_id, client_policy)
def create_client_policy(client_id: str, policy: ClientPermission):
policy = policy.model_dump()
policy["type"] = "client"
return keycloak.register_client_policy(client_id, policy)


@router.post("/aggregated")
def create_aggregated_policy(client_id: str, aggregated_policy: AggregatedPermission):
aggregated_policy = aggregated_policy.model_dump()
aggregated_policy["type"] = "aggregated"
return keycloak.register_aggregated_policy(client_id, aggregated_policy)
def create_aggregated_policy(client_id: str, policy: AggregatedPermission):
policy = policy.model_dump()
policy["type"] = "aggregated"
return keycloak.register_aggregated_policy(client_id, policy)


@router.post("/scope")
def create_client_scope_policy(client_id: str, scope_policy: ScopePermission):
scope_policy = scope_policy.model_dump()
scope_policy["type"] = "scope"
return keycloak.register_client_scope_policy(client_id, scope_policy)
def create_client_scope_policy(client_id: str, policy: ScopePermission):
policy = policy.model_dump()
policy["type"] = "scope"
return keycloak.register_client_scope_policy(client_id, policy)


@router.post("/group")
def create_group_policy(client_id: str, group_policy: GroupPermission):
group_policy = group_policy.model_dump()
group_policy["type"] = "group"
return keycloak.register_group_policy(client_id, group_policy)
def create_group_policy(client_id: str, policy: GroupPermission):
policy = policy.model_dump()
policy["type"] = "group"
return keycloak.register_group_policy(client_id, policy)


@router.post("/regex")
def create_regex_policy(client_id: str, regex_policy: RegexPermission):
regex_policy = regex_policy.model_dump()
regex_policy["type"] = "regex"
return keycloak.register_regex_policy(client_id, regex_policy)
def create_regex_policy(client_id: str, policy: RegexPermission):
policy = policy.model_dump()
policy["type"] = "regex"
return keycloak.register_regex_policy(client_id, policy)


@router.post("/role")
def create_role_policy(client_id: str, role_policy: RolePermission):
role_policy = role_policy.model_dump()
role_policy["type"] = "role"
return keycloak.register_role_policy(client_id, role_policy)
def create_role_policy(client_id: str, policy: RolePermission):
policy = policy.model_dump()
policy["type"] = "role"
return keycloak.register_role_policy(client_id, policy)


@router.post("/time")
def create_time_policy(client_id: str,
time_policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
YearTimePermission | HourTimePermission | MinuteTimePermission):
time_policy = time_policy.model_dump()
time_policy["type"] = "time"
return keycloak.register_time_policy(client_id, time_policy)
policy = policy.model_dump()
policy["type"] = "time"
return keycloak.register_time_policy(client_id, policy)


@router.post("/user")
def create_user_policy(client_id: str, user_policy: UserPermission):
user_policy = user_policy.model_dump()
user_policy["type"] = "user"
return keycloak.register_user_policy(client_id, user_policy)


@router.put("/{policy_id}")
def update_policy(client_id: str, policy_id: str,
policy: ModifyClientPermission | ModifyAggregatedPermission | ModifyScopePermission |
ModifyRegexPermission | ModifyRolePermission | ModifyRelativeTimePermission | ModifyDayMonthTimePermission |
ModifyMonthTimePermission | ModifyYearTimePermission | ModifyHourTimePermission | ModifyMinuteTimePermission |
ModifyUserPermission):
return keycloak.update_policy(client_id, policy_id, policy.model_dump())
def create_user_policy(client_id: str, policy: UserPermission):
policy = policy.model_dump()
policy["type"] = "user"
return keycloak.register_user_policy(client_id, policy)


@router.put("/client/{policy_id}")
def update_client_policy(client_id: str, policy_id: str, policy: ClientPermission):
policy = policy.model_dump()
policy["type"] = "client"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/aggregated/{policy_id}")
def update_aggregated_policy(client_id: str, policy_id: str, policy: AggregatedPermission):
policy = policy.model_dump()
policy["type"] = "aggregated"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/scope/{policy_id}")
def update_client_scope_policy(client_id: str, policy_id: str, policy: ScopePermission):
scope_policy = policy.model_dump()
scope_policy["type"] = "scope"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/group/{policy_id}")
def update_group_policy(client_id: str, policy_id: str, policy: GroupPermission):
group_policy = policy.model_dump()
group_policy["type"] = "group"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/regex/{policy_id}")
def update_regex_policy(client_id: str, policy_id: str, policy: RegexPermission):
policy = policy.model_dump()
policy["type"] = "regex"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/role/{policy_id}")
def update_role_policy(client_id: str, policy_id: str, policy: RolePermission):
policy = policy.model_dump()
policy["type"] = "role"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/time/{policy_id}")
def update_time_policy(client_id: str, policy_id: str,
policy: RelativeTimePermission | DayMonthTimePermission | MonthTimePermission |
YearTimePermission | HourTimePermission | MinuteTimePermission):
policy = policy.model_dump()
policy["type"] = "time"
return keycloak.update_policy(client_id, policy_id, policy)


@router.put("/user/{policy_id}")
def update_user_policy(client_id: str, policy_id: str, policy: UserPermission):
policy = policy.model_dump()
policy["type"] = "user"
return keycloak.update_policy(client_id, policy_id, policy)


@router.delete("/{policy_id}")
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ retry==0.9.2
urllib3==2.0.7
pydantic==2.5.0
pydantic-settings==2.1.0
identityutils @ git+https://github.com/eoepca/um-identity-service@v1.0.9
identityutils @ git+https://github.com/eoepca/um-identity-service@v1.0.10
Loading