Changeset View
Changeset View
Standalone View
Standalone View
services/swh-web/keycloak_create_test_users.py
- This file was added.
# Copyright (C) 2019 The Software Heritage developers | |||||
# See the AUTHORS file at the top-level directory of this distribution | |||||
# License: GNU Affero General Public License version 3, or any later version | |||||
# See top-level LICENSE file for more information | |||||
from swh.web.config import get_config | |||||
from keycloak import KeycloakAdmin | |||||
def assign_client_base_url(keycloak_admin, client_name, base_url): | |||||
client_data = { | |||||
'baseUrl': base_url, | |||||
'clientId': client_name | |||||
} | |||||
client_id = keycloak_admin.get_client_id(client_name) | |||||
keycloak_admin.update_client(client_id, client_data) | |||||
def assign_client_role_to_user(keycloak_admin, client_name, client_role, | |||||
username): | |||||
client_id = keycloak_admin.get_client_id(client_name) | |||||
staff_user_role = keycloak_admin.get_client_role(client_id, client_role) | |||||
user_id = keycloak_admin.get_user_id(username) | |||||
keycloak_admin.assign_client_role(user_id, client_id, staff_user_role) | |||||
def assign_client_roles_to_user(keycloak_admin, client_name, client_roles, | |||||
username): | |||||
for client_role in client_roles: | |||||
assign_client_role_to_user(keycloak_admin, client_name, client_role, | |||||
username) | |||||
master_admin = { | |||||
'username': 'admin', | |||||
'password': 'admin' | |||||
} | |||||
keycloak_config = get_config()['keycloak'] | |||||
client_id = 'swh-web-api' | |||||
# login as admin in master realm | |||||
keycloak_admin = KeycloakAdmin(keycloak_config['server_url'], | |||||
master_admin['username'], | |||||
master_admin['password']) | |||||
# update master realm clients base urls as we use a reverse proxy | |||||
assign_client_base_url( | |||||
keycloak_admin, | |||||
'account', | |||||
'/keycloak/auth/realms/master/account' | |||||
) | |||||
assign_client_base_url( | |||||
keycloak_admin, | |||||
'security-admin-console', | |||||
'/keycloak/auth/admin/master/console/index.html' | |||||
) | |||||
# set swh realm name in order to create users in it | |||||
keycloak_admin.realm_name = keycloak_config['realm']['name'] | |||||
# update swh realm clients base urls as we use a reverse proxy | |||||
assign_client_base_url( | |||||
keycloak_admin, | |||||
'account', | |||||
'/keycloak/auth/realms/SoftwareHeritage/account' | |||||
) | |||||
assign_client_base_url( | |||||
keycloak_admin, | |||||
'security-admin-console', | |||||
'/keycloak/auth/admin/SoftwareHeritage/console/index.html' | |||||
) | |||||
# create an admin user in the swh realm | |||||
user_data = { | |||||
'email': '', | |||||
'username': keycloak_config['realm']['admin_username'], | |||||
'firstName': '', | |||||
'lastName': '', | |||||
'credentials': [{ | |||||
'value': keycloak_config['realm']['admin_password'], | |||||
'type': 'password', | |||||
'temporary': False | |||||
}], | |||||
'enabled': True, | |||||
'emailVerified': False, | |||||
} | |||||
keycloak_admin.create_user(user_data) | |||||
# assign realm admin roles to created user | |||||
realm_management_roles = [ | |||||
'create-client', 'impersonation', 'manage-authorization', 'manage-clients', | |||||
'manage-events', 'manage-identity-providers', 'manage-realm', | |||||
'manage-users', 'query-clients', 'query-groups', 'query-realms', | |||||
'query-users', 'realm-admin', 'uma_protection', 'view-authorization', | |||||
'view-clients', 'view-events', 'view-identity-providers', 'view-realm', | |||||
'view-users' | |||||
] | |||||
assign_client_roles_to_user(keycloak_admin, 'realm-management', | |||||
realm_management_roles, 'admin') | |||||
assign_client_role_to_user(keycloak_admin, client_id, 'staff-user', | |||||
keycloak_config['realm']['admin_username']) | |||||
# login as admin in swh realm | |||||
keycloak_admin = KeycloakAdmin(keycloak_config['server_url'], | |||||
keycloak_config['realm']['admin_username'], | |||||
keycloak_config['realm']['admin_password'], | |||||
keycloak_config['realm']['name']) | |||||
# create a new user with partner-user role | |||||
user_data = { | |||||
'email': 'john.doe@example.org', | |||||
'username': 'johndoe', | |||||
'firstName': 'John', | |||||
'lastName': 'Doe', | |||||
'credentials': [{ | |||||
'value': 'johndoe-swh', | |||||
'type': 'password', | |||||
'temporary': False | |||||
}], | |||||
'enabled': True, | |||||
'emailVerified': False, | |||||
} | |||||
keycloak_admin.create_user(user_data) | |||||
assign_client_role_to_user(keycloak_admin, client_id, 'partner-user', | |||||
user_data['username']) | |||||
# create a new user with default role | |||||
user_data = { | |||||
'email': 'jane.doe@example.org', | |||||
'username': 'janedoe', | |||||
'firstName': 'Jane', | |||||
'lastName': 'Doe', | |||||
'credentials': [{ | |||||
'value': 'janedoe-swh', | |||||
'type': 'password', | |||||
'temporary': False | |||||
}], | |||||
'enabled': True, | |||||
'emailVerified': False, | |||||
} | |||||
keycloak_admin.create_user(user_data) |