Add support for creating keycloak roles with default groups (#229)

Author: lincmba

importer/README.md

@@ -12,13 +12,14 @@ This script is used to setup keycloak roles and groups. It takes in a csv file w
 - `csv_file` : (Required) The csv file with the list of roles
 - `group` : (Not required) This is the actual group name. If not passed then the roles will just be created but not assigned to any group
 - `roles_max` : (Not required) This is the maximum number of roles to pull from the api. The default is set to 500. If the number of roles in your setup is more than this you will need to change this value
+- `defaultgroups` : (Not Required)
 
 
 ### To run script
 1. Create virtualenv
 2. Install requirements.txt - `pip install -r requirements.txt`
 3. Create a `config.py` file. The `sample_config.py` is an example  of what this should look like. Populate it with the right credentials, you can either provide an access token or client credentials. Ensure that the user whose details you provide in this config file has the necessary permissions/privilleges.
-4. Run script - `python3 main.py --setup roles --csv_file csv/setup/roles.csv --group Supervisor`
+4. Run script - `python3 main.py --setup roles --csv_file csv/setup/roles.csv --group Supervisor --defaultgroups true`
 5. If you are running the script without `https` setup e.g locally or a server without https setup, you will need to set the `OAUTHLIB_INSECURE_TRANSPORT` environment variable to 1. For example `export OAUTHLIB_INSECURE_TRANSPORT=1 && python3 main.py --setup roles --csv_file csv/setup/roles.csv --group OpenSRP_Provider --log_level debug`
 6. You can turn on logging by passing a `--log_level` to the command line as `info`, `debug` or `error`. For example `python3 main.py --setup roles --csv_file csv/setup/roles.csv --group Supervisor --log_level debug`
 

importer/csv/setup/roles.csv

@@ -115,5 +115,6 @@ PUT_SERVICEREQUEST,,
 PUT_STRUCTUREMAP,,
 PUT_TASK,,
 WEB_CLIENT,,
+ANDROID_CLIENT,,
 EDIT_KEYCLOAK_USERS,TRUE,manage-users|query-users
 VIEW_KEYCLOAK_USERS,TRUE,view-users|query-users|query-groups

importer/main.py

@@ -20,7 +20,10 @@
     exit()
 
 global_access_token = ""
-
+DEFAULT_GROUPS = {
+    "ANDROID_PRACTITIONER" : ["ANDROID_CLIENT"],
+    "WEB_PRACTITIONER": ["WEB_CLIENT"]
+}
 
 # This function takes in a csv file
 # reads it and returns a list of strings/lines
@@ -1356,6 +1359,11 @@ def assign_group_roles(role_list, group, roles_max):
     )
 
 
+def assign_default_groups_roles(roles_max):
+    for group_name, roles in DEFAULT_GROUPS.items():
+        assign_group_roles(roles, group_name, roles_max)
+
+
 def delete_resource(resource_type, resource_id, cascade):
     if cascade:
         cascade = "?_cascade=delete"
@@ -1804,6 +1812,7 @@ def filter(self, record):
 @click.option("--setup", required=False)
 @click.option("--group", required=False)
 @click.option("--roles_max", required=False, default=500)
+@click.option("--defaultgroups", required=False, default=False)
 @click.option("--cascade_delete", required=False, default=False)
 @click.option("--only_response", required=False)
 @click.option(
@@ -1832,6 +1841,7 @@ def main(
     setup,
     group,
     roles_max,
+    default_groups,
     cascade_delete,
     only_response,
     log_level,
@@ -1954,6 +1964,8 @@ def main(
             if group:
                 assign_group_roles(resource_list, group, roles_max)
             logging.info("Processing complete")
+            if default_groups:
+                assign_default_groups_roles(roles_max)
         elif setup == "clean_duplicates":
             logging.info(
                 "You are about to clean/delete Practitioner resources on the HAPI server"