initial submit

keycloak-importer.py

+#!/usr/bin/env python3
+
+import sys
+import json
+import urllib.request
+import urllib.parse
+
+OPENEBENCH_COMMUNITY_URL = "https://dev-openebench.bsc.es/api/scientific/access/Community"
+KEYCLOAK_TOKEN_ENDPOINT = "https://inb.bsc.es/auth/realms/master/protocol/openid-connect/token"
+KEYCLOAK_OPENEBENCH_REALM = "https://inb.bsc.es/auth/admin/realms/openebench/"
+
+def main():
+
+  passowrd = None
+  if (len(sys.argv) > 1):
+    password = sys.argv[1]
+  else:
+    print('password:', end = ' ')
+    password = str(input())
+
+  updateCommunities('admin', password)
+
+# Update OpenEBench communities groups in the Keycloak server
+def updateCommunities(user, password):
+
+  token = getAdminToken(user, password)
+  headers = {'Authorization' : 'Bearer ' + token}
+
+  root = getKeycloakCommunities(headers)
+  groups = root['subGroups']
+
+  communities = getOpenebenchCommunities()
+
+  # update existing communities
+  for group in groups[:]:
+    attributes = group['attributes']
+    print(attributes)
+    for community in communities[:]:
+      if (community['_id'] in attributes['community_id']):
+        attributes['acronym'] = [community['acronym']]
+        updateGroup(group, headers)
+        communities.remove(community)
+        groups.remove(group)
+        break
+    
+  # insert new communities
+  for community in communities:
+    group = {}
+    group['name'] = community['name']
+    group['attributes'] = {'community_id' : [community['_id']], 'acronym' : [community['acronym']]}
+    addGroup(root, group, headers)
+
+  #remove old communities
+  for group in groups:
+    deleteGroup(group, headers)
+
+# Update the openebench community ('group')
+def updateGroup(group, headers):
+  
+  print('updating community ' + group['name'])   
+
+  KC_OEB_SUBGROUP = KEYCLOAK_OPENEBENCH_REALM + 'groups/' + group['id']
+
+  group_req = urllib.request.Request(KC_OEB_SUBGROUP, data=json.dumps(group).encode("utf-8"), headers=headers, method='PUT')
+  group_req.add_header("Content-type", "application/json; charset=UTF-8")
+
+  group_res = urllib.request.urlopen(group_req);
+
+  if(group_res.getcode() >= 400):
+    print("error updating openebench community", group_req)
+
+
+# Insert the openebench community ('group') into the 'Community' group ('root')
+def addGroup(root, group, headers):
+
+  print('inserting community ' + group['name'])
+
+  KC_OEB_SUBGROUP = KEYCLOAK_OPENEBENCH_REALM + 'groups/' + root['id'] + '/children'
+
+  group_req = urllib.request.Request(KC_OEB_SUBGROUP, data=json.dumps(group).encode("utf-8"), headers=headers)
+  group_req.add_header("Content-type", "application/json; charset=UTF-8")
+
+  group_res = urllib.request.urlopen(group_req);
+
+  if(group_res.getcode() >= 400):
+    print("error adding openebench community", group_req)
+
+# Remove the openebench community ('group') from the 'Community' root group
+def deleteGroup(group, headers):
+
+  print('removing community ' + group['name'])
+
+  KC_OEB_SUBGROUP = KEYCLOAK_OPENEBENCH_REALM + 'groups/' + group['id']
+
+  group_req = urllib.request.Request(KC_OEB_SUBGROUP, method='DELETE')
+  group_res = urllib.request.urlopen(group_req);
+
+  if(group_res.getcode() >= 400):
+    print("error removing openebench community", group_req)
+
+# Get the 'Community' group with all its subgroups (openebench communities)
+def getKeycloakCommunities(headers):
+    
+  KC_OEB_GROUPS = KEYCLOAK_OPENEBENCH_REALM + 'groups'
+
+  groups_req = urllib.request.Request(KC_OEB_GROUPS, headers=headers)
+  groups_res = urllib.request.urlopen(groups_req);
+  if(groups_res.getcode() >= 400):
+    print("error obtaining openebench user groups", groups_req)
+
+  data = groups_res.read()
+  groups = json.loads(data)
+
+  for group in groups:
+    if (group['name'] == 'Community'):
+      return enhanceGroups(group, headers)
+
+  ## add Community group  
+  KC_OEB_GROUPS = KEYCLOAK_OPENEBENCH_REALM + 'groups'
+
+  root = {'name' : 'Community'}
+
+  group_req = urllib.request.Request(KC_OEB_GROUPS, data=json.dumps(root).encode("utf-8"), headers=headers)
+  group_req.add_header("Content-type", "application/json; charset=UTF-8")
+
+  group_res = urllib.request.urlopen(group_req);
+
+  if(group_res.getcode() >= 400):
+    print("error adding Keycloak 'Community' group ", group_req)
+
+
+# getting GroupRepresentation[] via /groups doesn't return 'attributes'
+# update it calling /groups/{id} one by one 
+def enhanceGroups(root, headers):
+
+  for group in root['subGroups']:
+    group_id = group['id']
+    KC_OEB_GROUP = KEYCLOAK_OPENEBENCH_REALM + 'groups/' + group_id
+
+    group_req = urllib.request.Request(KC_OEB_GROUP, headers=headers)
+    group_res = urllib.request.urlopen(group_req);
+
+    if(group_res.getcode() >= 400):
+      print("error obtaining openebench user groups", group_req)
+
+    data = group_res.read()
+    subgroup = json.loads(data)
+
+    group['attributes'] = subgroup['attributes']
+
+  return root
+
+# Get OpenEBench communities via the REST API
+def getOpenebenchCommunities():
+
+  res = urllib.request.urlopen(OPENEBENCH_COMMUNITY_URL);
+  if(res.getcode() < 300):
+    data = res.read()
+    return json.loads(data)
+
+  print("error reading communities", req) 
+
+# Get OIDC access token with provided user and password
+def getAdminToken(user, password):
+
+  params = {'username' : user, 'password' : password, 'grant_type' : 'password', 'client_id' : 'admin-cli'}
+  token_req = urllib.request.Request(KEYCLOAK_TOKEN_ENDPOINT, urllib.parse.urlencode(params).encode('utf-8'));
+  token_res = urllib.request.urlopen(token_req)
+
+  if(token_res.getcode() < 300):  
+    data = token_res.read()
+    jwt = json.loads(data)
+    return jwt['access_token']
+
+  print("can't get administration token", req)
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file