diff --git a/README.md b/README.md index a49cfca9..814c332a 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ A repo to hold our FHIR content and configuration creation tools and scripts. - [cleaner](https://github.com/onaio/fhircore-tooling/tree/main/cleaner) -- [efsity](https://github.com/onaio/fhircore-tooling/tree/main/efsity) +- [efsity-cli](https://github.com/onaio/fhircore-tooling/tree/main/efsity-cli) - [efsity-ide](https://github.com/onaio/fhircore-tooling/tree/main/efsity-ide) - [importer](https://github.com/onaio/fhircore-tooling/tree/main/importer) - [sm-gen](https://github.com/onaio/fhircore-tooling/tree/main/sm-gen) diff --git a/importer/csv/setup/roles.csv b/importer/csv/setup/roles.csv index 6a33ca39..64f37484 100644 --- a/importer/csv/setup/roles.csv +++ b/importer/csv/setup/roles.csv @@ -116,7 +116,7 @@ PUT_STRUCTUREMAP,, PUT_TASK,, WEB_CLIENT,, ANDROID_CLIENT,, -EDIT_KEYCLOAK_USERS,TRUE,manage-users|query-users -VIEW_KEYCLOAK_USERS,TRUE,view-users|query-users|query-groups +EDIT_KEYCLOAK_USERS,TRUE,manage-users|query-users|query-groups +VIEW_KEYCLOAK_USERS,TRUE,view-users|view-groups VIEW_USER_GROUPS,, VIEW_ROLES,, \ No newline at end of file diff --git a/importer/importer/users.py b/importer/importer/users.py index b9c5f7fa..c2e54461 100644 --- a/importer/importer/users.py +++ b/importer/importer/users.py @@ -4,7 +4,7 @@ import uuid from importer.builder import get_base_url -from importer.config.settings import api_service, keycloak_url +from importer.config.settings import api_service from importer.request import handle_request dir_path = str(pathlib.Path(__file__).parent.resolve()) @@ -260,21 +260,22 @@ def confirm_practitioner(user, user_id): return True, obj -def create_roles(role_list, roles_max): +def create_roles(role_list): for role in role_list: current_role = str(role[0]) + _keycloak_url = get_keycloak_url() logging.debug("The current role is: " + current_role) # check if role already exists role_response = handle_request( - "GET", "", keycloak_url + "/roles/" + current_role + "GET", "", _keycloak_url + "/roles/" + current_role ) logging.debug(role_response) if current_role in role_response[0]: logging.error("A role already exists with the name " + current_role) else: role_payload = '{"name": "' + current_role + '"}' - create_role = handle_request("POST", role_payload, keycloak_url + "/roles") + create_role = handle_request("POST", role_payload, _keycloak_url + "/roles") if create_role.status_code == 201: logging.info("Successfully created role: " + current_role) @@ -284,7 +285,7 @@ def create_roles(role_list, roles_max): logging.debug("Role has composite roles") # get roled id full_role = handle_request( - "GET", "", keycloak_url + "/roles/" + current_role + "GET", "", _keycloak_url + "/roles/" + current_role ) json_resp = json.loads(full_role[0]) role_id = json_resp["id"] @@ -294,12 +295,9 @@ def create_roles(role_list, roles_max): available_roles = handle_request( "GET", "", - keycloak_url - + "/admin-ui-available-roles/roles/" - + role_id - + "?first=0&max=" - + str(roles_max) - + "&search=", + _keycloak_url + + "/roles-by-id/" + role_id + + "/composites", ) json_roles = json.loads(available_roles[0]) logging.debug("json_roles: " + str(json_roles)) @@ -307,29 +305,25 @@ def create_roles(role_list, roles_max): rolesMap = {} for jrole in json_roles: - # remove client and clientId, then rename role to name - # to build correct payload - del jrole["client"] - del jrole["clientId"] - jrole["name"] = jrole["role"] - del jrole["role"] rolesMap[str(jrole["name"])] = jrole associated_roles = str(role[2]) - logging.debug("Associated roles: " + associated_roles) associated_role_array = associated_roles.split("|") arr = [] for arole in associated_role_array: - if arole in rolesMap.keys(): - arr.append(rolesMap[arole]) + if arole not in rolesMap.keys(): + role_payload = '{"name": "' + arole + '"}' + arr.append(role_payload) else: - logging.error("Role " + arole + "does not exist") + logging.info("Role " + arole + " exists") + payload_arr = json.dumps(arr) + logging.info("Payload array: " + payload_arr) handle_request( "POST", payload_arr, - keycloak_url + "/roles-by-id/" + role_id + "/composites", + _keycloak_url + "/roles-by-id/" + role_id + "/composites", ) except IndexError: @@ -337,8 +331,9 @@ def create_roles(role_list, roles_max): def get_group_id(group): + _keycloak_url = get_keycloak_url() # check if group exists - all_groups = handle_request("GET", "", keycloak_url + "/groups") + all_groups = handle_request("GET", "", _keycloak_url + "/groups") json_groups = json.loads(all_groups[0]) group_obj = {} @@ -354,11 +349,12 @@ def get_group_id(group): logging.info("Group does not exists, lets create it") # create the group create_group_payload = '{"name":"' + group + '"}' - handle_request("POST", create_group_payload, keycloak_url + "/groups") + handle_request("POST", create_group_payload, _keycloak_url + "/groups") return get_group_id(group) def assign_group_roles(role_list, group, roles_max): + _keycloak_url = get_keycloak_url() group_id = get_group_id(group) logging.debug("The groupID is: " + group_id) @@ -366,9 +362,8 @@ def assign_group_roles(role_list, group, roles_max): available_roles_for_group = handle_request( "GET", "", - keycloak_url - + "/groups/" - + group_id + _keycloak_url + + "/groups/" + group_id + "/role-mappings/realm/available?first=0&max=" + str(roles_max), ) @@ -387,7 +382,7 @@ def assign_group_roles(role_list, group, roles_max): handle_request( "POST", json_assign_payload, - keycloak_url + "/groups/" + group_id + "/role-mappings/realm", + _keycloak_url + "/groups/" + group_id + "/role-mappings/realm", ) diff --git a/importer/main.py b/importer/main.py index e2823132..2f41859a 100644 --- a/importer/main.py +++ b/importer/main.py @@ -194,7 +194,7 @@ def main( logging.info("Processing complete!") elif setup == "roles": logging.info("Setting up keycloak roles") - create_roles(resource_list, roles_max) + create_roles(resource_list) if group: assign_group_roles(resource_list, group, roles_max) logging.info("Processing complete")