keycloak.authorization¶

Authorization module.

Submodules¶

Classes¶

`Permission`	Base permission class.
`Policy`	Base policy class.
`Role`	Authorization Role base class.
`Authorization`	Keycloak Authorization (policies, roles, scopes and resources).

Package Contents¶

class keycloak.authorization.Permission(name, type, logic, decision_strategy)[source]¶

Base permission class.

Consider this simple and very common permission:

A permission associates the object being protected with the policies that must be evaluated to determine whether access is granted.

X CAN DO Y ON RESOURCE Z

where

X represents one or more users, roles, or groups, or a combination of them. You can
also use claims and context here.
Y represents an action to be performed, for example, write, view, and so on.
Z represents a protected resource, for example, “/accounts”.

https://keycloak.gitbooks.io/documentation/authorization_services/topics/permission/overview.html

Parameters:

name (str) – Name
type (str) – Type
logic (str) – Logic
decision_strategy (str) – Decision strategy

__repr__()[source]¶

Repr method.

Returns:: Class representation
Return type:: str

__str__()[source]¶

Str method.

Returns:: Class string representation
Return type:: str

property name¶

Get name.

Returns:: name
Return type:: str

property type¶

Get type.

Returns:: type
Return type:: str

property logic¶

Get logic.

Returns:: Logic
Return type:: str

property decision_strategy¶

Get decision strategy.

Returns:: Decision strategy
Return type:: str

property resources¶

Get resources.

Returns:: Resources
Return type:: list

property scopes¶

Get scopes.

Returns:: Scopes
Return type:: list

class keycloak.authorization.Policy(name, type, logic, decision_strategy)[source]¶

Base policy class.

A policy defines the conditions that must be satisfied to grant access to an object. Unlike permissions, you do not specify the object being protected but rather the conditions that must be satisfied for access to a given object (for example, resource, scope, or both). Policies are strongly related to the different access control mechanisms (ACMs) that you can use to protect your resources. With policies, you can implement strategies for attribute-based access control (ABAC), role-based access control (RBAC), context-based access control, or any combination of these.

https://keycloak.gitbooks.io/documentation/authorization_services/topics/policy/overview.html

Parameters:

name (str) – Name
type (str) – Type
logic (str) – Logic
decision_strategy (str) – Decision strategy

__repr__()[source]¶

Repr method.

Returns:: Class representation
Return type:: str

__str__()[source]¶

Str method.

Returns:: Class string representation
Return type:: str

property name¶

Get name.

Returns:: Name
Return type:: str

property type¶

Get type.

Returns:: Type
Return type:: str

property logic¶

Get logic.

Returns:: Logic
Return type:: str

property decision_strategy¶

Get decision strategy.

Returns:: Decision strategy
Return type:: str

property roles¶

Get roles.

Returns:: Roles
Return type:: list

property permissions¶

Get permissions.

Returns:: Permissions
Return type:: list

add_role(role)[source]¶

Add keycloak role in policy.

Parameters:: role (keycloak.authorization.Role) – Keycloak role
Raises:: KeycloakAuthorizationConfigError – In case of misconfigured policy type

add_permission(permission)[source]¶

Add keycloak permission in policy.

Parameters:: permission (keycloak.authorization.Permission) – Keycloak permission

class keycloak.authorization.Role(name, required=False)[source]¶

Authorization Role base class.

Roles identify a type or category of user. Admin, user, manager, and employee are all typical roles that may exist in an organization.

https://keycloak.gitbooks.io/documentation/server_admin/topics/roles.html

Parameters:

name (str) – Name
required (bool) – Required role indicator

get_name()[source]¶

Get name.

Returns:: Name
Return type:: str

__eq__(other)[source]¶

Eq method.

Parameters:: other (str) – The other object
Returns:: Equality bool
Return type:: bool | NotImplemented

class keycloak.authorization.Authorization[source]¶

Keycloak Authorization (policies, roles, scopes and resources).

https://keycloak.gitbooks.io/documentation/authorization_services/index.html

property policies[source]¶

Get policies.

Returns:: Policies
Return type:: dict

load_config(data)[source]¶

Load policies, roles and permissions (scope/resources).

Parameters:: data (dict) – keycloak authorization data (dict)