Differential D5203 Diff 18644 docker/services/keycloak/keycloak_swh_setup.py

Changeset View

Standalone View

docker/services/keycloak/keycloak_swh_setup.py

Show All 23 Lines
def assign_client_base_url(keycloak_admin, client_name, base_url):		def assign_client_base_url(keycloak_admin, client_name, base_url):
client_data = {"baseUrl": base_url, "clientId": client_name}		client_data = {"baseUrl": base_url, "clientId": client_name}
client_id = keycloak_admin.get_client_id(client_name)		client_id = keycloak_admin.get_client_id(client_name)
keycloak_admin.update_client(client_id, client_data)		keycloak_admin.update_client(client_id, client_data)


def assign_client_role_to_user(keycloak_admin, client_name, client_role, username):		def assign_client_role_to_user(keycloak_admin, client_name, client_role, username):
client_id = keycloak_admin.get_client_id(client_name)		client_id = keycloak_admin.get_client_id(client_name)
staff_user_role = keycloak_admin.get_client_role(client_id, client_role)		user_role = keycloak_admin.get_client_role(client_id, client_role)
		anlambertUnsubmitted Not Done Inline Actions while you are working on this file, could you rename that variable to `user_role` ? anlambert: while you are working on this file, could you rename that variable to `user_role` ?
		ardumontAuthorUnsubmitted Done Inline Actions sure ardumont: sure
user_id = keycloak_admin.get_user_id(username)		user_id = keycloak_admin.get_user_id(username)
keycloak_admin.assign_client_role(user_id, client_id, staff_user_role)		keycloak_admin.assign_client_role(user_id, client_id, user_role)


def assign_client_roles_to_user(keycloak_admin, client_name, client_roles, username):		def assign_client_roles_to_user(keycloak_admin, client_name, client_roles, username):
for client_role in client_roles:		for client_role in client_roles:
assign_client_role_to_user(keycloak_admin, client_name, client_role, username)		assign_client_role_to_user(keycloak_admin, client_name, client_role, username)


def create_user(keycloak_admin, user_data):		def create_user(keycloak_admin, user_data):
▲ Show 20 Lines • Show All 171 Lines • ▼ Show 20 Lines

# create webapp client roles		# create webapp client roles
create_client_roles(		create_client_roles(
KEYCLOAK_ADMIN,		KEYCLOAK_ADMIN,
CLIENT_WEBAPP_NAME,		CLIENT_WEBAPP_NAME,
["swh.web.api.throttling_exempted", "swh.web.api.graph"],		["swh.web.api.throttling_exempted", "swh.web.api.graph"],
)		)

		DEPOSIT_API_ROLE_NAME = "swh.deposit.api"

# create deposit client roles		# create deposit client roles
create_client_roles(		create_client_roles(
KEYCLOAK_ADMIN,		KEYCLOAK_ADMIN,
CLIENT_DEPOSIT_NAME,		CLIENT_DEPOSIT_NAME,
["swh.deposit.api"],		[DEPOSIT_API_ROLE_NAME],
)		)

# create some test users		# create some test users
for user_data in [		for user_data in [
{		{
"email": "john.doe@example.org",		"email": "john.doe@example.org",
"username": "johndoe",		"username": "johndoe",
"firstName": "John",		"firstName": "John",
Show All 17 Lines	for user_data in [
"firstName": "HAL",		"firstName": "HAL",
"lastName": "AI",		"lastName": "AI",
"credentials": [{"value": "test", "type": "password", "temporary": False}],		"credentials": [{"value": "test", "type": "password", "temporary": False}],
"enabled": True,		"enabled": True,
"emailVerified": False,		"emailVerified": False,
}		}
]:		]:
create_user(KEYCLOAK_ADMIN, user_data)		create_user(KEYCLOAK_ADMIN, user_data)


		assign_client_roles_to_user(
		KEYCLOAK_ADMIN, CLIENT_DEPOSIT_NAME, [DEPOSIT_API_ROLE_NAME], "hal"
		)
		anlambertUnsubmitted Not Done Inline Actions Use `assign_client_role_to_user` function instead as it is the same as `assign_deposit_api_role_to_user`. anlambert: Use `assign_client_role_to_user` function instead as it is the same as…
		ardumontAuthorUnsubmitted Done Inline Actions d'oh (yes) ardumont: d'oh (yes)