Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F7066238
D5678.id20282.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Subscribers
None
D5678.id20282.diff
View Options
diff --git a/docker/services/keycloak/keycloak_swh_setup.py b/docker/services/keycloak/keycloak_swh_setup.py
--- a/docker/services/keycloak/keycloak_swh_setup.py
+++ b/docker/services/keycloak/keycloak_swh_setup.py
@@ -34,6 +34,16 @@
keycloak_admin.assign_client_role(user_id, client_id, user_role)
+def assign_realm_roles_to_user(keycloak_admin, realm_roles, username):
+ roles = []
+ for realm_role in realm_roles:
+ roles.append(keycloak_admin.get_realm_role(realm_role))
+ user_id = keycloak_admin.get_user_id(username)
+ # due to a design bug in python-keycloak API, client_id parameter must
+ # be provided while it is not used
+ keycloak_admin.assign_realm_roles(user_id, client_id="", roles=roles)
+
+
def assign_client_roles_to_user(keycloak_admin, client_name, client_roles, username):
for client_role in client_roles:
assign_client_role_to_user(keycloak_admin, client_name, client_role, username)
@@ -53,7 +63,15 @@
client_name, payload={"name": client_role}
)
except Exception as e:
- logger.warning(f"User already created: {e}, skipping.")
+ logger.warning(f"Client role already created: {e}, skipping.")
+
+
+def create_realm_roles(keycloak_admin, realm_roles):
+ for realm_role in realm_roles:
+ try:
+ keycloak_admin.create_realm_role(payload={"name": realm_role})
+ except Exception as e:
+ logger.warning(f"Realm role already created: {e}, skipping.")
# login as admin in master realm
@@ -263,6 +281,17 @@
"enabled": True,
"emailVerified": True,
},
+ {
+ "email": "ambassador@swh.org",
+ "username": "ambassador",
+ "firstName": "ambassador",
+ "lastName": "ambassador",
+ "credentials": [
+ {"value": "ambassador", "type": "password", "temporary": False}
+ ],
+ "enabled": True,
+ "emailVerified": True,
+ },
]:
create_user(KEYCLOAK_ADMIN, user_data)
@@ -270,3 +299,12 @@
assign_client_roles_to_user(
KEYCLOAK_ADMIN, CLIENT_DEPOSIT_NAME, [DEPOSIT_API_ROLE_NAME], "test"
)
+
+AMBASSADOR_ROLE_NAME = "swh.ambassador"
+
+# create SoftwareHeritage realm roles
+create_realm_roles(
+ KEYCLOAK_ADMIN, [AMBASSADOR_ROLE_NAME],
+)
+
+assign_realm_roles_to_user(KEYCLOAK_ADMIN, [AMBASSADOR_ROLE_NAME], "ambassador")
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Nov 5 2024, 3:30 AM (19 w, 6 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3217755
Attached To
D5678: docker/keycloak: Create swh.ambassador realm role and ambassador user
Event Timeline
Log In to Comment