Class: RailsKeycloakAuthorization::KeycloakAdminRubyAgent

Inherits:

Object

• Object
• RailsKeycloakAuthorization::KeycloakAdminRubyAgent

Defined in:

app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb

Constant Summary

POLICY_NAME =

"RKA-Policy"

Class Method Summary

• .attach_scope_to_resource(keycloak_scope_name, keycloak_resource_id) ⇒ Object
• .create_keycloak_policy(keycloak_realm_role_id, policy_name) ⇒ Object
• .create_keycloak_resource(route_id) ⇒ Object
• .create_keycloak_scope(keycloak_scope_name) ⇒ Object
• .initialize ⇒ Object
• .keycloak_admin_configure ⇒ Object
• .keycloak_resource(controller_name) ⇒ Object
• .list_keycloak_permissions ⇒ Object
• .list_keycloak_policies ⇒ Object
• .list_keycloak_resources_for_controllers ⇒ Object
• .list_policies ⇒ Object
• .list_roles ⇒ Object
• .openid_client ⇒ Object
• .policy_name ⇒ Object
• .realm_name ⇒ Object
• .resource_name_for(controller_name) ⇒ Object
• .resource_type_for_controller ⇒ Object
• .type_for(openid_client_id) ⇒ Object

Class Method Details

.attach_scope_to_resource(keycloak_scope_name, keycloak_resource_id) ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 138

def self.attach_scope_to_resource(keycloak_scope_name, keycloak_resource_id)
  KeycloakAdmin.realm(realm_name)
               .authz_resources(openid_client.id)
               .update(keycloak_resource_id, scopes: [{name: keycloak_scope_name}])
end

.create_keycloak_policy(keycloak_realm_role_id, policy_name) ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 38

def create_keycloak_policy(keycloak_realm_role_id, policy_name)
  KeycloakAdmin
    .realm(realm_name)
    .authz_policies(openid_client.id, 'role')
    .create!(policy_name,
             "#{POLICY_NAME} default policy",
             "role",
             "POSITIVE",
             "UNANIMOUS",
             true,
             [{id: keycloak_realm_role_id, required: true}]
    )
end

.create_keycloak_resource(route_id) ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 71

def create_keycloak_resource(route_id)
  route = WithRoutesReader.route(route_id)
  resource_name = resource_name_for(route.defaults[:controller])

  KeycloakAdmin
    .realm(realm_name)
    .authz_resources(openid_client.id)
    .create!(
      resource_name,
      resource_type_for_controller,
      [],
      true,
      "RKA #{resource_name}",
      [])
end

.create_keycloak_scope(keycloak_scope_name) ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 60

def create_keycloak_scope(keycloak_scope_name)
  KeycloakAdmin
    .realm(realm_name)
    .authz_scopes(openid_client.id)
    .create!(
      keycloak_scope_name,
      "RKA #{keycloak_scope_name}",
      ""
    )
end

.initialize ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 7

def initialize
  super
  keycloak_admin_configure
end

.keycloak_admin_configure ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 124

def keycloak_admin_configure
  KeycloakAdmin.configure do |config|
    config.use_service_account = true
    config.server_url          = RailsKeycloakAuthorization.keycloak_server_url
    config.server_domain       = RailsKeycloakAuthorization.keycloak_server_domain
    config.client_realm_name   = RailsKeycloakAuthorization.keycloak_admin_realm_name
    config.client_id           = RailsKeycloakAuthorization.keycloak_admin_client_id
    config.client_secret       = RailsKeycloakAuthorization.keycloak_admin_client_secret
    config.logger              = Rails.logger
    config.rest_client_options = { timeout: 3, verify_ssl: Rails.env.production? }
  end
end

.keycloak_resource(controller_name) ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 87

def keycloak_resource(controller_name)
  resource_name = resource_name_for(controller_name)
  KeycloakAdmin
    .realm(realm_name)
    .authz_resources(openid_client.id)
    .find_by(resource_name,
             resource_type_for_controller,
             "",
             "",
             "")
    .first
rescue
  nil
end

.list_keycloak_permissions ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 26

def list_keycloak_permissions
  KeycloakAdmin.realm(realm_name)
               .authz_permissions(openid_client.id, "scope")
               .find_by(nil, nil)
end

.list_keycloak_policies ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 32

def list_keycloak_policies
  KeycloakAdmin.realm(realm_name)
               .authz_policies(openid_client.id, 'role')
               .find_by(POLICY_NAME, "role")
end

.list_keycloak_resources_for_controllers ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 16

def list_keycloak_resources_for_controllers
  KeycloakAdmin.realm(realm_name)
               .authz_resources(openid_client.id)
               .find_by("",
                        resource_type_for_controller,
                        "",
                        "",
                        "")
end

.list_policies ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 52

def list_policies

end

.list_roles ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 56

def list_roles
  KeycloakAdmin.realm(realm_name).roles.list
end

.openid_client ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 106

def openid_client
  KeycloakAdmin
    .realm(realm_name)
    .clients
    .find_by_client_id(RailsKeycloakAuthorization.keycloak_auth_client_id)
end

.policy_name ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 12

def policy_name
  POLICY_NAME
end

.realm_name ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 102

def realm_name
  RailsKeycloakAuthorization.keycloak_auth_client_realm_name
end

.resource_name_for(controller_name) ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 120

def resource_name_for(controller_name)
  "#{controller_name}_controller"
end

.resource_type_for_controller ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 113

def resource_type_for_controller
  type_for(openid_client.client_id)
end

.type_for(openid_client_id) ⇒ Object

# File 'app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb', line 117

def type_for(openid_client_id)
  "urn:#{openid_client_id}:rka:resources:controllers"
end