keycloak.authorization¶
Authorization module.
Submodules¶
Package Contents¶
Classes¶
Base permission class. |
|
Base policy class. |
|
Authorization Role base class. |
|
Keycloak Authorization (policies, roles, scopes and resources). |
- class keycloak.authorization.Permission(name, type, logic, decision_strategy)[source]¶
Base permission class.
Consider this simple and very common permission:
A permission associates the object being protected with the policies that must be evaluated to determine whether access is granted.
X CAN DO Y ON RESOURCE Z
where
- X represents one or more users, roles, or groups, or a combination of them. You can
also use claims and context here.
Y represents an action to be performed, for example, write, view, and so on.
Z represents a protected resource, for example, “/accounts”.
https://keycloak.gitbooks.io/documentation/authorization_services/topics/permission/overview.html
- Parameters
name (str) – Name
type (str) – Type
logic (str) – Logic
decision_strategy (str) – Decision strategy
- property name¶
Get name.
- Returns
name
- Return type
str
- property type¶
Get type.
- Returns
type
- Return type
str
- property logic¶
Get logic.
- Returns
Logic
- Return type
str
- property decision_strategy¶
Get decision strategy.
- Returns
Decision strategy
- Return type
str
- property resources¶
Get resources.
- Returns
Resources
- Return type
list
- property scopes¶
Get scopes.
- Returns
Scopes
- Return type
list
- __repr__()¶
Repr method.
- Returns
Class representation
- Return type
str
- __str__()¶
Str method.
- Returns
Class string representation
- Return type
str
- class keycloak.authorization.Policy(name, type, logic, decision_strategy)[source]¶
Base policy class.
A policy defines the conditions that must be satisfied to grant access to an object. Unlike permissions, you do not specify the object being protected but rather the conditions that must be satisfied for access to a given object (for example, resource, scope, or both). Policies are strongly related to the different access control mechanisms (ACMs) that you can use to protect your resources. With policies, you can implement strategies for attribute-based access control (ABAC), role-based access control (RBAC), context-based access control, or any combination of these.
https://keycloak.gitbooks.io/documentation/authorization_services/topics/policy/overview.html
- Parameters
name (str) – Name
type (str) – Type
logic (str) – Logic
decision_strategy (str) – Decision strategy
- property name¶
Get name.
- Returns
Name
- Return type
str
- property type¶
Get type.
- Returns
Type
- Return type
str
- property logic¶
Get logic.
- Returns
Logic
- Return type
str
- property decision_strategy¶
Get decision strategy.
- Returns
Decision strategy
- Return type
str
- property roles¶
Get roles.
- Returns
Roles
- Return type
list
- property permissions¶
Get permissions.
- Returns
Permissions
- Return type
list
- __repr__()¶
Repr method.
- Returns
Class representation
- Return type
str
- __str__()¶
Str method.
- Returns
Class string representation
- Return type
str
- add_role(role)¶
Add keycloak role in policy.
- Parameters
role (keycloak.authorization.Role) – Keycloak role
- Raises
KeycloakAuthorizationConfigError – In case of misconfigured policy type
- add_permission(permission)¶
Add keycloak permission in policy.
- Parameters
permission (keycloak.authorization.Permission) – Keycloak permission
- class keycloak.authorization.Role(name, required=False)[source]¶
Authorization Role base class.
Roles identify a type or category of user. Admin, user, manager, and employee are all typical roles that may exist in an organization.
https://keycloak.gitbooks.io/documentation/server_admin/topics/roles.html
- Parameters
name (str) – Name
required (bool) – Required role indicator
- get_name()¶
Get name.
- Returns
Name
- Return type
str
- __eq__(other)¶
Eq method.
- Parameters
other (str) – The other object
- Returns
Equality bool
- Return type
bool | NotImplemented
- class keycloak.authorization.Authorization[source]¶
Keycloak Authorization (policies, roles, scopes and resources).
https://keycloak.gitbooks.io/documentation/authorization_services/index.html