Example 1 with LocalSearch
use of org.keycloak.client.admin.cli.operations.LocalSearch in project keycloak by keycloak.
the class HttpUtil method getAttrForType.
public static String getAttrForType(String rootUrl, String realm, String auth, String resourceEndpoint, String attrName, String attrValue, String inputAttrName, String returnAttrName, Supplier<String[]> endpointParams) {
String resourceUrl = composeResourceUrl(rootUrl, realm, resourceEndpoint);
String[] defaultParams;
if (endpointParams == null) {
defaultParams = DEFAULT_QUERY_PARAMS;
} else {
defaultParams = endpointParams.get();
}
resourceUrl = HttpUtil.addQueryParamsToUri(resourceUrl, attrName, attrValue);
resourceUrl = HttpUtil.addQueryParamsToUri(resourceUrl, defaultParams);
List<ObjectNode> users = doGetJSON(RoleOperations.LIST_OF_NODES.class, resourceUrl, auth);
ObjectNode user;
try {
user = new LocalSearch(users).exactMatchOne(attrValue, inputAttrName);
} catch (Exception e) {
throw new RuntimeException("Multiple " + resourceEndpoint + " found for " + attrName + ": " + attrValue, e);
}
String typeName = singularize(resourceEndpoint);
if (user == null) {
throw new RuntimeException(capitalize(typeName) + " not found for " + attrName + ": " + attrValue);
}
JsonNode attr = user.get(returnAttrName);
if (attr == null) {
throw new RuntimeException("Returned " + typeName + " info has no '" + returnAttrName + "' attribute");
}
return attr.asText();
}
Also used :
ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode)
LocalSearch(org.keycloak.client.admin.cli.operations.LocalSearch)
RoleOperations(org.keycloak.client.admin.cli.operations.RoleOperations)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 2 with LocalSearch
use of org.keycloak.client.admin.cli.operations.LocalSearch in project keycloak by keycloak.
the class AddRolesCmd method execute.
@Override
public CommandResult execute(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
List<String> roleNames = new LinkedList<>();
List<String> roleIds = new LinkedList<>();
try {
if (printHelp()) {
return help ? CommandResult.SUCCESS : CommandResult.FAILURE;
}
processGlobalOptions();
Iterator<String> it = args.iterator();
while (it.hasNext()) {
String option = it.next();
switch(option) {
case "--rolename":
{
optionRequiresValueCheck(it, option);
roleNames.add(it.next());
break;
}
case "--roleid":
{
optionRequiresValueCheck(it, option);
roleIds.add(it.next());
break;
}
default:
{
throw new IllegalArgumentException("Invalid option: " + option);
}
}
}
if (uid != null && uusername != null) {
throw new IllegalArgumentException("Incompatible options: --uid and --uusername are mutually exclusive");
}
if ((gid != null && gname != null) || (gid != null && gpath != null) || (gname != null && gpath != null)) {
throw new IllegalArgumentException("Incompatible options: --gid, --gname and --gpath are mutually exclusive");
}
if (roleNames.isEmpty() && roleIds.isEmpty()) {
throw new IllegalArgumentException("No role to add specified. Use --rolename or --roleid to specify roles to add");
}
if (cid != null && cclientid != null) {
throw new IllegalArgumentException("Incompatible options: --cid and --cclientid are mutually exclusive");
}
if (rid != null && rname != null) {
throw new IllegalArgumentException("Incompatible options: --rid and --rname are mutually exclusive");
}
if (isUserSpecified() && isGroupSpecified()) {
throw new IllegalArgumentException("Incompatible options: --uusername / --uid can't be used at the same time as --gname / --gid / --gpath");
}
if (isUserSpecified() && isCompositeRoleSpecified()) {
throw new IllegalArgumentException("Incompatible options: --uusername / --uid can't be used at the same time as --rname / --rid");
}
if (isGroupSpecified() && isCompositeRoleSpecified()) {
throw new IllegalArgumentException("Incompatible options: --rname / --rid can't be used at the same time as --gname / --gid / --gpath");
}
if (!isUserSpecified() && !isGroupSpecified() && !isCompositeRoleSpecified()) {
throw new IllegalArgumentException("No user nor group nor composite role specified. Use --uusername / --uid to specify user or --gname / --gid / --gpath to specify group or --rname / --rid to specify a composite role");
}
ConfigData config = loadConfig();
config = copyWithServerInfo(config);
setupTruststore(config, commandInvocation);
String auth = null;
config = ensureAuthInfo(config, commandInvocation);
config = copyWithServerInfo(config);
if (credentialsAvailable(config)) {
auth = ensureToken(config);
}
auth = auth != null ? "Bearer " + auth : null;
final String server = config.getServerUrl();
final String realm = getTargetRealm(config);
final String adminRoot = adminRestRoot != null ? adminRestRoot : composeAdminRoot(server);
if (isUserSpecified()) {
if (uid == null) {
uid = UserOperations.getIdFromUsername(adminRoot, realm, auth, uusername);
}
if (isClientSpecified()) {
// list client roles for a user
if (cid == null) {
cid = ClientOperations.getIdFromClientId(adminRoot, realm, auth, cclientid);
}
List<ObjectNode> roles = RoleOperations.getClientRoles(adminRoot, realm, cid, auth);
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(roles));
// now add all the roles
UserOperations.addClientRoles(adminRoot, realm, auth, uid, cid, new ArrayList<>(rolesToAdd));
} else {
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(adminRoot, realm, auth)));
// now add all the roles
UserOperations.addRealmRoles(adminRoot, realm, auth, uid, new ArrayList<>(rolesToAdd));
}
} else if (isGroupSpecified()) {
if (gname != null) {
gid = GroupOperations.getIdFromName(adminRoot, realm, auth, gname);
} else if (gpath != null) {
gid = GroupOperations.getIdFromPath(adminRoot, realm, auth, gpath);
}
if (isClientSpecified()) {
// list client roles for a group
if (cid == null) {
cid = ClientOperations.getIdFromClientId(adminRoot, realm, auth, cclientid);
}
List<ObjectNode> roles = RoleOperations.getClientRoles(adminRoot, realm, cid, auth);
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(roles));
// now add all the roles
GroupOperations.addClientRoles(adminRoot, realm, auth, gid, cid, new ArrayList<>(rolesToAdd));
} else {
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(adminRoot, realm, auth)));
// now add all the roles
GroupOperations.addRealmRoles(adminRoot, realm, auth, gid, new ArrayList<>(rolesToAdd));
}
} else if (isCompositeRoleSpecified()) {
if (rid == null) {
rid = RoleOperations.getIdFromRoleName(adminRoot, realm, auth, rname);
}
if (isClientSpecified()) {
// list client roles for a composite role
if (cid == null) {
cid = ClientOperations.getIdFromClientId(adminRoot, realm, auth, cclientid);
}
List<ObjectNode> roles = RoleOperations.getClientRoles(adminRoot, realm, cid, auth);
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(roles));
// now add all the roles
RoleOperations.addClientRoles(adminRoot, realm, auth, rid, new ArrayList<>(rolesToAdd));
} else {
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(adminRoot, realm, auth)));
// now add all the roles
RoleOperations.addRealmRoles(adminRoot, realm, auth, rid, new ArrayList<>(rolesToAdd));
}
} else {
throw new IllegalArgumentException("No user nor group, nor composite role specified. Use --uusername / --uid to specify user or --gname / --gid / --gpath to specify group or --rname / --rid to specify a composite role");
}
return CommandResult.SUCCESS;
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException(e.getMessage() + suggestHelp(), e);
} finally {
commandInvocation.stop();
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
LocalSearch(org.keycloak.client.admin.cli.operations.LocalSearch)
ConfigData(org.keycloak.client.admin.cli.config.ConfigData)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
Example 3 with LocalSearch
use of org.keycloak.client.admin.cli.operations.LocalSearch in project keycloak by keycloak.
the class RemoveRolesCmd method execute.
@Override
public CommandResult execute(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
List<String> roleNames = new LinkedList<>();
List<String> roleIds = new LinkedList<>();
try {
if (printHelp()) {
return help ? CommandResult.SUCCESS : CommandResult.FAILURE;
}
processGlobalOptions();
Iterator<String> it = args.iterator();
while (it.hasNext()) {
String option = it.next();
switch(option) {
case "--rolename":
{
optionRequiresValueCheck(it, option);
roleNames.add(it.next());
break;
}
case "--roleid":
{
optionRequiresValueCheck(it, option);
roleIds.add(it.next());
break;
}
default:
{
throw new IllegalArgumentException("Invalid option: " + option);
}
}
}
if (uid != null && uusername != null) {
throw new IllegalArgumentException("Incompatible options: --uid and --uusername are mutually exclusive");
}
if ((gid != null && gname != null) || (gid != null && gpath != null) || (gname != null && gpath != null)) {
throw new IllegalArgumentException("Incompatible options: --gid, --gname and --gpath are mutually exclusive");
}
if (roleNames.isEmpty() && roleIds.isEmpty()) {
throw new IllegalArgumentException("No role to remove specified. Use --rolename or --roleid to specify roles to remove");
}
if (cid != null && cclientid != null) {
throw new IllegalArgumentException("Incompatible options: --cid and --cclientid are mutually exclusive");
}
if (rid != null && rname != null) {
throw new IllegalArgumentException("Incompatible options: --rid and --rname are mutually exclusive");
}
if (isUserSpecified() && isGroupSpecified()) {
throw new IllegalArgumentException("Incompatible options: --uusername / --uid can't be used at the same time as --gname / --gid / --gpath");
}
if (isUserSpecified() && isCompositeRoleSpecified()) {
throw new IllegalArgumentException("Incompatible options: --uusername / --uid can't be used at the same time as --rname / --rid");
}
if (isGroupSpecified() && isCompositeRoleSpecified()) {
throw new IllegalArgumentException("Incompatible options: --rname / --rid can't be used at the same time as --gname / --gid / --gpath");
}
if (!isUserSpecified() && !isGroupSpecified() && !isCompositeRoleSpecified()) {
throw new IllegalArgumentException("No user nor group nor composite role specified. Use --uusername / --uid to specify user or --gname / --gid / --gpath to specify group or --rname / --rid to specify a composite role");
}
ConfigData config = loadConfig();
config = copyWithServerInfo(config);
setupTruststore(config, commandInvocation);
String auth = null;
config = ensureAuthInfo(config, commandInvocation);
config = copyWithServerInfo(config);
if (credentialsAvailable(config)) {
auth = ensureToken(config);
}
auth = auth != null ? "Bearer " + auth : null;
final String server = config.getServerUrl();
final String realm = getTargetRealm(config);
final String adminRoot = adminRestRoot != null ? adminRestRoot : composeAdminRoot(server);
if (isUserSpecified()) {
if (uid == null) {
uid = UserOperations.getIdFromUsername(adminRoot, realm, auth, uusername);
}
if (isClientSpecified()) {
// remove client roles from a user
if (cid == null) {
cid = ClientOperations.getIdFromClientId(adminRoot, realm, auth, cclientid);
}
List<ObjectNode> roles = RoleOperations.getClientRoles(adminRoot, realm, cid, auth);
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(roles));
// now remove the roles
UserOperations.removeClientRoles(adminRoot, realm, auth, uid, cid, new ArrayList<>(rolesToAdd));
} else {
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(adminRoot, realm, auth)));
// now remove the roles
UserOperations.removeRealmRoles(adminRoot, realm, auth, uid, new ArrayList<>(rolesToAdd));
}
} else if (isGroupSpecified()) {
if (gname != null) {
gid = GroupOperations.getIdFromName(adminRoot, realm, auth, gname);
} else if (gpath != null) {
gid = GroupOperations.getIdFromPath(adminRoot, realm, auth, gpath);
}
if (isClientSpecified()) {
// remove client roles from a group
if (cid == null) {
cid = ClientOperations.getIdFromClientId(adminRoot, realm, auth, cclientid);
}
List<ObjectNode> roles = RoleOperations.getClientRoles(adminRoot, realm, cid, auth);
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(roles));
// now remove the roles
GroupOperations.removeClientRoles(adminRoot, realm, auth, gid, cid, new ArrayList<>(rolesToAdd));
} else {
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(adminRoot, realm, auth)));
// now remove the roles
GroupOperations.removeRealmRoles(adminRoot, realm, auth, gid, new ArrayList<>(rolesToAdd));
}
} else if (isCompositeRoleSpecified()) {
if (rid == null) {
rid = RoleOperations.getIdFromRoleName(adminRoot, realm, auth, rname);
}
if (isClientSpecified()) {
// remove client roles from a role
if (cid == null) {
cid = ClientOperations.getIdFromClientId(adminRoot, realm, auth, cclientid);
}
List<ObjectNode> roles = RoleOperations.getClientRoles(adminRoot, realm, cid, auth);
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(roles));
// now remove the roles
RoleOperations.removeClientRoles(adminRoot, realm, auth, rid, new ArrayList<>(rolesToAdd));
} else {
Set<ObjectNode> rolesToAdd = getRoleRepresentations(roleNames, roleIds, new LocalSearch(RoleOperations.getRealmRolesAsNodes(adminRoot, realm, auth)));
// now remove the roles
RoleOperations.removeRealmRoles(adminRoot, realm, auth, rid, new ArrayList<>(rolesToAdd));
}
} else {
throw new IllegalArgumentException("No user nor group, nor composite role specified. Use --uusername / --uid to specify user or --gname / --gid / --gpath to specify group or --rname / --rid to specify a composite role");
}
return CommandResult.SUCCESS;
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException(e.getMessage() + suggestHelp(), e);
} finally {
commandInvocation.stop();
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
LocalSearch(org.keycloak.client.admin.cli.operations.LocalSearch)
ConfigData(org.keycloak.client.admin.cli.config.ConfigData)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
Aggregations
ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)3
LocalSearch (org.keycloak.client.admin.cli.operations.LocalSearch)3
ArrayList (java.util.ArrayList)2
HashSet (java.util.HashSet)2
LinkedList (java.util.LinkedList)2
List (java.util.List)2
Set (java.util.Set)2
ConfigData (org.keycloak.client.admin.cli.config.ConfigData)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
KeyManagementException (java.security.KeyManagementException)1
KeyStoreException (java.security.KeyStoreException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
CertificateException (java.security.cert.CertificateException)1
RoleOperations (org.keycloak.client.admin.cli.operations.RoleOperations)1
