Changeset View
Changeset View
Standalone View
Standalone View
services/swh-web/keycloak_create_test_users.py
- This file was added.
| # Copyright (C) 2019 The Software Heritage developers | |||||
| # See the AUTHORS file at the top-level directory of this distribution | |||||
| # License: GNU Affero General Public License version 3, or any later version | |||||
| # See top-level LICENSE file for more information | |||||
| from swh.web.config import get_config | |||||
| from keycloak import KeycloakAdmin | |||||
| def assign_client_base_url(keycloak_admin, client_name, base_url): | |||||
| client_data = { | |||||
| 'baseUrl': base_url, | |||||
| 'clientId': client_name | |||||
| } | |||||
| client_id = keycloak_admin.get_client_id(client_name) | |||||
| keycloak_admin.update_client(client_id, client_data) | |||||
| def assign_client_role_to_user(keycloak_admin, client_name, client_role, | |||||
| username): | |||||
| client_id = keycloak_admin.get_client_id(client_name) | |||||
| staff_user_role = keycloak_admin.get_client_role(client_id, client_role) | |||||
| user_id = keycloak_admin.get_user_id(username) | |||||
| keycloak_admin.assign_client_role(user_id, client_id, staff_user_role) | |||||
| def assign_client_roles_to_user(keycloak_admin, client_name, client_roles, | |||||
| username): | |||||
| for client_role in client_roles: | |||||
| assign_client_role_to_user(keycloak_admin, client_name, client_role, | |||||
| username) | |||||
| master_admin = { | |||||
| 'username': 'admin', | |||||
| 'password': 'admin' | |||||
| } | |||||
| keycloak_config = get_config()['keycloak'] | |||||
| client_id = 'swh-web-api' | |||||
| # login as admin in master realm | |||||
| keycloak_admin = KeycloakAdmin(keycloak_config['server_url'], | |||||
| master_admin['username'], | |||||
| master_admin['password']) | |||||
| # update master realm clients base urls as we use a reverse proxy | |||||
| assign_client_base_url( | |||||
| keycloak_admin, | |||||
| 'account', | |||||
| '/keycloak/auth/realms/master/account' | |||||
| ) | |||||
| assign_client_base_url( | |||||
| keycloak_admin, | |||||
| 'security-admin-console', | |||||
| '/keycloak/auth/admin/master/console/index.html' | |||||
| ) | |||||
| # set swh realm name in order to create users in it | |||||
| keycloak_admin.realm_name = keycloak_config['realm']['name'] | |||||
| # update swh realm clients base urls as we use a reverse proxy | |||||
| assign_client_base_url( | |||||
| keycloak_admin, | |||||
| 'account', | |||||
| '/keycloak/auth/realms/SoftwareHeritage/account' | |||||
| ) | |||||
| assign_client_base_url( | |||||
| keycloak_admin, | |||||
| 'security-admin-console', | |||||
| '/keycloak/auth/admin/SoftwareHeritage/console/index.html' | |||||
| ) | |||||
| # create an admin user in the swh realm | |||||
| user_data = { | |||||
| 'email': '', | |||||
| 'username': keycloak_config['realm']['admin_username'], | |||||
| 'firstName': '', | |||||
| 'lastName': '', | |||||
| 'credentials': [{ | |||||
| 'value': keycloak_config['realm']['admin_password'], | |||||
| 'type': 'password', | |||||
| 'temporary': False | |||||
| }], | |||||
| 'enabled': True, | |||||
| 'emailVerified': False, | |||||
| } | |||||
| keycloak_admin.create_user(user_data) | |||||
| # assign realm admin roles to created user | |||||
| realm_management_roles = [ | |||||
| 'create-client', 'impersonation', 'manage-authorization', 'manage-clients', | |||||
| 'manage-events', 'manage-identity-providers', 'manage-realm', | |||||
| 'manage-users', 'query-clients', 'query-groups', 'query-realms', | |||||
| 'query-users', 'realm-admin', 'uma_protection', 'view-authorization', | |||||
| 'view-clients', 'view-events', 'view-identity-providers', 'view-realm', | |||||
| 'view-users' | |||||
| ] | |||||
| assign_client_roles_to_user(keycloak_admin, 'realm-management', | |||||
| realm_management_roles, 'admin') | |||||
| assign_client_role_to_user(keycloak_admin, client_id, 'staff-user', | |||||
| keycloak_config['realm']['admin_username']) | |||||
| # login as admin in swh realm | |||||
| keycloak_admin = KeycloakAdmin(keycloak_config['server_url'], | |||||
| keycloak_config['realm']['admin_username'], | |||||
| keycloak_config['realm']['admin_password'], | |||||
| keycloak_config['realm']['name']) | |||||
| # create a new user with partner-user role | |||||
| user_data = { | |||||
| 'email': 'john.doe@example.org', | |||||
| 'username': 'johndoe', | |||||
| 'firstName': 'John', | |||||
| 'lastName': 'Doe', | |||||
| 'credentials': [{ | |||||
| 'value': 'johndoe-swh', | |||||
| 'type': 'password', | |||||
| 'temporary': False | |||||
| }], | |||||
| 'enabled': True, | |||||
| 'emailVerified': False, | |||||
| } | |||||
| keycloak_admin.create_user(user_data) | |||||
| assign_client_role_to_user(keycloak_admin, client_id, 'partner-user', | |||||
| user_data['username']) | |||||
| # create a new user with default role | |||||
| user_data = { | |||||
| 'email': 'jane.doe@example.org', | |||||
| 'username': 'janedoe', | |||||
| 'firstName': 'Jane', | |||||
| 'lastName': 'Doe', | |||||
| 'credentials': [{ | |||||
| 'value': 'janedoe-swh', | |||||
| 'type': 'password', | |||||
| 'temporary': False | |||||
| }], | |||||
| 'enabled': True, | |||||
| 'emailVerified': False, | |||||
| } | |||||
| keycloak_admin.create_user(user_data) | |||||