cardo-python-utils 0.5.dev24__tar.gz → 0.5.dev26__tar.gz

{cardo_python_utils-0.5.dev24/cardo_python_utils.egg-info → cardo_python_utils-0.5.dev26}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev24
+Version: 0.5.dev26
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT

{cardo_python_utils-0.5.dev24 → cardo_python_utils-0.5.dev26/cardo_python_utils.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev24
+Version: 0.5.dev26
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT

cardo_python_utils-0.5.dev26/cardo_python_utils.egg-info/SOURCES.txt

@@ -0,0 +1,35 @@
+LICENSE
+MANIFEST.in
+README.rst
+pyproject.toml
+cardo_python_utils.egg-info/PKG-INFO
+cardo_python_utils.egg-info/SOURCES.txt
+cardo_python_utils.egg-info/dependency_links.txt
+cardo_python_utils.egg-info/requires.txt
+cardo_python_utils.egg-info/top_level.txt
+python_utils/__init__.py
+python_utils/choices.py
+python_utils/data_structures.py
+python_utils/db.py
+python_utils/django_utils.py
+python_utils/esma_choices.py
+python_utils/exceptions.py
+python_utils/imports.py
+python_utils/math.py
+python_utils/text.py
+python_utils/time.py
+python_utils/types_hinting.py
+python_utils/keycloak/utils.py
+python_utils/keycloak/django/__init__.py
+python_utils/keycloak/django/service.py
+python_utils/keycloak/django/admin/__init__.py
+python_utils/keycloak/django/admin/auth.py
+python_utils/keycloak/django/admin/user_group.py
+python_utils/keycloak/django/api/__init__.py
+python_utils/keycloak/django/api/drf.py
+python_utils/keycloak/django/api/ninja.py
+python_utils/keycloak/django/api/utils.py
+python_utils/keycloak/django/models/__init__.py
+python_utils/keycloak/django/models/user_group.py
+python_utils/keycloak/django/tests/__init__.py
+python_utils/keycloak/django/tests/conftest.py

{cardo_python_utils-0.5.dev24 → cardo_python_utils-0.5.dev26}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "cardo-python-utils"
-version = "0.5.dev24"
+version = "0.5.dev26"
 description = "Python library enhanced with a wide range of functions for different scenarios."
 readme = "README.rst"
 requires-python = ">=3.8"

{cardo_python_utils-0.5.dev24/python_utils/django/keycloak → cardo_python_utils-0.5.dev26/python_utils/keycloak/django}/admin/auth.py

@@ -1,13 +1,21 @@
 from django.conf import settings
 from mozilla_django_oidc.auth import OIDCAuthenticationBackend
 
+from ...utils import get_keycloak_confidential_client_token
+
 
 class AdminAuthenticationBackend(OIDCAuthenticationBackend):
+    def get_token(self, payload):
+        # Instead of passing client_id and client_secret,
+        # client_assertion with service account token will be used
+        payload.pop("client_id", None)
+        payload.pop("client_secret", None)
+
+        return get_keycloak_confidential_client_token(**payload)
+
     def _get_user_data(self, claims) -> dict:
         client_roles = (
-            claims.get("resource_access", {})
-            .get(getattr(settings, "OIDC_RP_CLIENT_ID", ""), {})
-            .get("roles", [])
+            claims.get("resource_access", {}).get(getattr(settings, "OIDC_RP_CLIENT_ID", ""), {}).get("roles", [])
         )
         is_superuser = "Admin" in client_roles
 

{cardo_python_utils-0.5.dev24/python_utils/django/keycloak → cardo_python_utils-0.5.dev26/python_utils/keycloak/django}/service.py

@@ -5,6 +5,13 @@ from keycloak import KeycloakAdmin
 from keycloak import KeycloakOpenIDConnection
 from keycloak.exceptions import KeycloakGetError
 
+from ..utils import (
+    KEYCLOAK_SERVER_URL,
+    KEYCLOAK_REALM,
+    KEYCLOAK_CONFIDENTIAL_CLIENT_ID,
+    get_keycloak_confidential_client_token,
+)
+
 
 def get_user_group_model():
     """
@@ -21,10 +28,7 @@ def get_user_group_model():
     try:
         model_string = getattr(settings, "KEYCLOAK_USER_GROUP_MODEL")
     except AttributeError:
-        raise LookupError(
-            "Please set KEYCLOAK_USER_GROUP_MODEL in your Django settings "
-            "(e.g., 'myapp.UserGroup')."
-        )
+        raise LookupError("Please set KEYCLOAK_USER_GROUP_MODEL in your Django settings (e.g., 'myapp.UserGroup').")
 
     return apps.get_model(model_string)
 
@@ -52,14 +56,10 @@ class KeycloakService:
 
         reported_group_ids = set()
         for group in groups:
-            self._process_group_recursively(
-                group, existing_groups_by_id, reported_group_ids
-            )
+            self._process_group_recursively(group, existing_groups_by_id, reported_group_ids)
 
         # Identify deleted groups
-        deleted_groups = self._user_group_model.objects.exclude(
-            id__in=reported_group_ids
-        )
+        deleted_groups = self._user_group_model.objects.exclude(id__in=reported_group_ids)
         if deleted_groups.exists():
             print(
                 f"Deleting groups no longer present in Keycloak: {list(deleted_groups.values_list('path', flat=True))}"
@@ -68,11 +68,11 @@ class KeycloakService:
 
     def _get_keycloak_admin(self):
         keycloak_connection = KeycloakOpenIDConnection(
-            server_url=settings.KEYCLOAK_SERVER_URL,
-            realm_name=settings.KEYCLOAK_REALM,
-            user_realm_name=settings.KEYCLOAK_REALM,
-            client_id=settings.KEYCLOAK_ADMIN_CLIENT_ID,
-            client_secret_key=settings.KEYCLOAK_ADMIN_CLIENT_SECRET,
+            server_url=KEYCLOAK_SERVER_URL,
+            realm_name=KEYCLOAK_REALM,
+            user_realm_name=KEYCLOAK_REALM,
+            client_id=KEYCLOAK_CONFIDENTIAL_CLIENT_ID,
+            token=get_keycloak_confidential_client_token(),
             verify=True,
         )
         return KeycloakAdmin(connection=keycloak_connection)
@@ -86,9 +86,7 @@ class KeycloakService:
         if group_id in existing_groups_by_id:
             existing_group = existing_groups_by_id[group_id]
             if existing_group.path != group["path"]:
-                print(
-                    f"Updating group path from {existing_group.path} to {group['path']}..."
-                )
+                print(f"Updating group path from {existing_group.path} to {group['path']}...")
                 existing_group.path = group["path"]
                 existing_group.save()
         else:
@@ -97,9 +95,7 @@ class KeycloakService:
 
         if subgroups := group.get("subGroups"):
             for subgroup in subgroups:
-                self._process_group_recursively(
-                    subgroup, existing_groups_by_id, reported_group_ids
-                )
+                self._process_group_recursively(subgroup, existing_groups_by_id, reported_group_ids)
 
 
 class KeycloakServiceAsync(KeycloakService):
@@ -121,24 +117,16 @@ class KeycloakServiceAsync(KeycloakService):
 
         # Process existing and new groups
         existing_groups = self._user_group_model.objects.all()
-        existing_groups_by_id = {
-            str(group.id): group async for group in existing_groups
-        }
+        existing_groups_by_id = {str(group.id): group async for group in existing_groups}
 
         reported_group_ids = set()
         for group in groups:
-            await self._process_group_recursively(
-                group, existing_groups_by_id, reported_group_ids
-            )
+            await self._process_group_recursively(group, existing_groups_by_id, reported_group_ids)
 
         # Identify deleted groups
-        deleted_groups = self._user_group_model.objects.exclude(
-            id__in=reported_group_ids
-        )
+        deleted_groups = self._user_group_model.objects.exclude(id__in=reported_group_ids)
         if await deleted_groups.aexists():
-            paths = [
-                path async for path in deleted_groups.values_list("path", flat=True)
-            ]
+            paths = [path async for path in deleted_groups.values_list("path", flat=True)]
             print(f"Deleting groups no longer present in Keycloak: {paths}")
 
             await deleted_groups.adelete()
@@ -152,22 +140,16 @@ class KeycloakServiceAsync(KeycloakService):
         if group_id in existing_groups_by_id:
             existing_group = existing_groups_by_id[group_id]
             if existing_group.path != group["path"]:
-                print(
-                    f"Updating group path from {existing_group.path} to {group['path']}..."
-                )
+                print(f"Updating group path from {existing_group.path} to {group['path']}...")
                 existing_group.path = group["path"]
                 await existing_group.asave()
         else:
             print(f"Creating new group with path {group['path']}...")
-            await self._user_group_model.objects.acreate(
-                id=group_id, path=group["path"]
-            )
+            await self._user_group_model.objects.acreate(id=group_id, path=group["path"])
 
         if subgroups := group.get("subGroups"):
             for subgroup in subgroups:
-                await self._process_group_recursively(
-                    subgroup, existing_groups_by_id, reported_group_ids
-                )
+                await self._process_group_recursively(subgroup, existing_groups_by_id, reported_group_ids)
 
 
 class AuthServiceBase:

cardo_python_utils-0.5.dev26/python_utils/keycloak/utils.py

@@ -0,0 +1,51 @@
+import os
+import requests
+
+KEYCLOAK_SERVER_URL = os.getenv("KEYCLOAK_SERVER_URL")
+KEYCLOAK_REALM = os.getenv("KEYCLOAK_REALM")
+KEYCLOAK_REALM_URL = f"{KEYCLOAK_SERVER_URL}/realms/{KEYCLOAK_REALM}"
+KEYCLOAK_TOKEN_ENDPOINT = f"{KEYCLOAK_REALM_URL}/protocol/openid-connect/token"
+
+KEYCLOAK_CONFIDENTIAL_CLIENT_ID = os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_ID")
+KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH = os.getenv(
+    "KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH"
+)
+KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials"
+KEYCLOAK_CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
+
+
+def get_confidential_client_service_account_token() -> str:
+    """
+    Reads the Keycloak confidential client service account token from a file.
+    """
+    token_file_path = KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH
+    if not token_file_path or not os.path.isfile(token_file_path):
+        raise FileNotFoundError(f"Keycloak service account token file not found: {token_file_path}")
+
+    with open(token_file_path, "r") as f:
+        token = f.read().strip()
+
+    if not token:
+        raise ValueError("Keycloak service account token is empty.")
+
+    return token
+
+
+def get_keycloak_confidential_client_token(**kwargs) -> dict:
+    """
+    Obtains token for a Keycloak confidential client with the client credentials grant,
+    using a service account token for authentication.
+    """
+
+    response = requests.post(
+        KEYCLOAK_TOKEN_ENDPOINT,
+        data={
+            "grant_type": KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE,
+            "client_assertion_type": KEYCLOAK_CLIENT_ASSERTION_TYPE,
+            "client_assertion": get_confidential_client_service_account_token(),
+            **kwargs,
+        },
+    )
+    response.raise_for_status()
+
+    return response.json()

cardo_python_utils-0.5.dev24/cardo_python_utils.egg-info/SOURCES.txt

@@ -1,35 +0,0 @@
-LICENSE
-MANIFEST.in
-README.rst
-pyproject.toml
-cardo_python_utils.egg-info/PKG-INFO
-cardo_python_utils.egg-info/SOURCES.txt
-cardo_python_utils.egg-info/dependency_links.txt
-cardo_python_utils.egg-info/requires.txt
-cardo_python_utils.egg-info/top_level.txt
-python_utils/__init__.py
-python_utils/choices.py
-python_utils/data_structures.py
-python_utils/db.py
-python_utils/esma_choices.py
-python_utils/exceptions.py
-python_utils/imports.py
-python_utils/math.py
-python_utils/text.py
-python_utils/time.py
-python_utils/types_hinting.py
-python_utils/django/utils.py
-python_utils/django/keycloak/__init__.py
-python_utils/django/keycloak/service.py
-python_utils/django/keycloak/admin/__init__.py
-python_utils/django/keycloak/admin/auth.py
-python_utils/django/keycloak/admin/user_group.py
-python_utils/django/keycloak/admin/user_groups_changelist.html
-python_utils/django/keycloak/api/__init__.py
-python_utils/django/keycloak/api/drf.py
-python_utils/django/keycloak/api/ninja.py
-python_utils/django/keycloak/api/utils.py
-python_utils/django/keycloak/models/__init__.py
-python_utils/django/keycloak/models/user_group.py
-python_utils/django/keycloak/tests/__init__.py
-python_utils/django/keycloak/tests/conftest.py

cardo_python_utils-0.5.dev24/python_utils/django/keycloak/admin/user_groups_changelist.html

@@ -1,7 +0,0 @@
-{% extends 'admin/change_list.html' %}
-
-{% block object-tools-items %}
-{{ block.super }}
-    <li><a href="sync-with-keycloak/">Sync groups with Keycloak 🔄</a></li>
-
-{% endblock %}