Changeset View
Changeset View
Standalone View
Standalone View
docker/services/keycloak/keycloak_swh_setup.py
Show All 23 Lines | |||||
def assign_client_base_url(keycloak_admin, client_name, base_url): | def assign_client_base_url(keycloak_admin, client_name, base_url): | ||||
client_data = {"baseUrl": base_url, "clientId": client_name} | client_data = {"baseUrl": base_url, "clientId": client_name} | ||||
client_id = keycloak_admin.get_client_id(client_name) | client_id = keycloak_admin.get_client_id(client_name) | ||||
keycloak_admin.update_client(client_id, client_data) | keycloak_admin.update_client(client_id, client_data) | ||||
def assign_client_role_to_user(keycloak_admin, client_name, client_role, username): | def assign_client_role_to_user(keycloak_admin, client_name, client_role, username): | ||||
client_id = keycloak_admin.get_client_id(client_name) | client_id = keycloak_admin.get_client_id(client_name) | ||||
staff_user_role = keycloak_admin.get_client_role(client_id, client_role) | user_role = keycloak_admin.get_client_role(client_id, client_role) | ||||
anlambert: while you are working on this file, could you rename that variable to `user_role` ? | |||||
Done Inline Actionssure ardumont: sure | |||||
user_id = keycloak_admin.get_user_id(username) | user_id = keycloak_admin.get_user_id(username) | ||||
keycloak_admin.assign_client_role(user_id, client_id, staff_user_role) | keycloak_admin.assign_client_role(user_id, client_id, user_role) | ||||
def assign_client_roles_to_user(keycloak_admin, client_name, client_roles, username): | def assign_client_roles_to_user(keycloak_admin, client_name, client_roles, username): | ||||
for client_role in client_roles: | for client_role in client_roles: | ||||
assign_client_role_to_user(keycloak_admin, client_name, client_role, username) | assign_client_role_to_user(keycloak_admin, client_name, client_role, username) | ||||
def create_user(keycloak_admin, user_data): | def create_user(keycloak_admin, user_data): | ||||
▲ Show 20 Lines • Show All 171 Lines • ▼ Show 20 Lines | |||||
# create webapp client roles | # create webapp client roles | ||||
create_client_roles( | create_client_roles( | ||||
KEYCLOAK_ADMIN, | KEYCLOAK_ADMIN, | ||||
CLIENT_WEBAPP_NAME, | CLIENT_WEBAPP_NAME, | ||||
["swh.web.api.throttling_exempted", "swh.web.api.graph"], | ["swh.web.api.throttling_exempted", "swh.web.api.graph"], | ||||
) | ) | ||||
DEPOSIT_API_ROLE_NAME = "swh.deposit.api" | |||||
# create deposit client roles | # create deposit client roles | ||||
create_client_roles( | create_client_roles( | ||||
KEYCLOAK_ADMIN, | KEYCLOAK_ADMIN, | ||||
CLIENT_DEPOSIT_NAME, | CLIENT_DEPOSIT_NAME, | ||||
["swh.deposit.api"], | [DEPOSIT_API_ROLE_NAME], | ||||
) | ) | ||||
# create some test users | # create some test users | ||||
for user_data in [ | for user_data in [ | ||||
{ | { | ||||
"email": "john.doe@example.org", | "email": "john.doe@example.org", | ||||
"username": "johndoe", | "username": "johndoe", | ||||
"firstName": "John", | "firstName": "John", | ||||
Show All 17 Lines | for user_data in [ | ||||
"firstName": "HAL", | "firstName": "HAL", | ||||
"lastName": "AI", | "lastName": "AI", | ||||
"credentials": [{"value": "test", "type": "password", "temporary": False}], | "credentials": [{"value": "test", "type": "password", "temporary": False}], | ||||
"enabled": True, | "enabled": True, | ||||
"emailVerified": False, | "emailVerified": False, | ||||
} | } | ||||
]: | ]: | ||||
create_user(KEYCLOAK_ADMIN, user_data) | create_user(KEYCLOAK_ADMIN, user_data) | ||||
assign_client_roles_to_user( | |||||
KEYCLOAK_ADMIN, CLIENT_DEPOSIT_NAME, [DEPOSIT_API_ROLE_NAME], "hal" | |||||
) | |||||
Not Done Inline ActionsUse assign_client_role_to_user function instead as it is the same as assign_deposit_api_role_to_user. anlambert: Use `assign_client_role_to_user` function instead as it is the same as… | |||||
Done Inline Actionsd'oh (yes) ardumont: d'oh
(yes) |
while you are working on this file, could you rename that variable to user_role ?