MAIA.keycloak_utils module#

MAIA.keycloak_utils.delete_group_in_keycloak(group_id, settings)[source]#

Delete a group in Keycloak

Parameters:

  • group_id (str) – The ID of the group to be deleted.

  • settings (object) – An object containing the Keycloak server settings. It should have the following attributes: - OIDC_SERVER_URL: str, the URL of the Keycloak server. - OIDC_USERNAME: str, the username for Keycloak authentication. - OIDC_REALM_NAME: str, the realm name in Keycloak. - OIDC_RP_CLIENT_ID: str, the client ID for Keycloak. - OIDC_RP_CLIENT_SECRET: str, the client secret for Keycloak.

Return type:

None

Returns:

None

MAIA.keycloak_utils.delete_user_in_keycloak(email, settings)[source]#

Delete a user in Keycloak

Parameters:

  • email (str) – The email address of the user to be deleted.

  • settings (object) – An object containing the Keycloak server settings. It should have the following attributes: - OIDC_SERVER_URL: str, the URL of the Keycloak server. - OIDC_USERNAME: str, the username for Keycloak authentication. - OIDC_REALM_NAME: str, the realm name in Keycloak. - OIDC_RP_CLIENT_ID: str, the client ID for Keycloak. - OIDC_RP_CLIENT_SECRET: str, the client secret for Keycloak.

Return type:

None

Returns:

None

MAIA.keycloak_utils.get_access_token(keycloak_url, keycloak_client_secret, ca_cert)[source]#

Get an access token from Keycloak.

Parameters:

  • keycloak_url (str) – The URL of the Keycloak server.

  • keycloak_client_secret (str) – The client secret for the Keycloak client.

  • ca_cert (str) – The path to the CA certificate.

Returns:

dict – A dictionary containing the access token.

Raises:

requests.exceptions.RequestException – If the request to Keycloak fails.

MAIA.keycloak_utils.get_groups_for_user(email, settings)[source]#

Retrieve the MAIA groups associated with a user in Keycloak.

Parameters:

  • email (str) – The email address of the user to retrieve groups for.

  • settings (object) – An object containing the Keycloak server settings. It should have the following attributes: - OIDC_SERVER_URL: str, the URL of the Keycloak server. - OIDC_USERNAME: str, the username for Keycloak authentication. - OIDC_REALM_NAME: str, the realm name in Keycloak. - OIDC_RP_CLIENT_ID: str, the client ID for Keycloak. - OIDC_RP_CLIENT_SECRET: str, the client secret for Keycloak.

Returns:

list – A list of MAIA groups that the user is associated with.

MAIA.keycloak_utils.get_groups_in_keycloak(settings)[source]#

Retrieve groups from Keycloak that start with “MAIA:” and return them in a dictionary.

Parameters:

  • settings (object)

  • settings. (An object containing the Keycloak connection)

  • attributes (It should have the following)

  • OIDC_SERVER_URL (-) – The URL of the Keycloak server.

  • OIDC_USERNAME (-) – The username for Keycloak authentication.

  • OIDC_REALM_NAME (-) – The name of the Keycloak realm.

  • OIDC_RP_CLIENT_ID (-) – The client ID for Keycloak.

  • OIDC_RP_CLIENT_SECRET (-) – The client secret for Keycloak.

Return type:

dict[str, str]

Returns:

dict – A dictionary where the keys are group IDs and the values are group names (with the “MAIA:” prefix removed) for groups that start with “MAIA:”.

MAIA.keycloak_utils.get_id_token(keycloak_url, keycloak_client_secret, username, password, ca_cert, realm='maia', client_id='maia')[source]#

Get an ID token from Keycloak.

Parameters:

  • keycloak_url (str) – The URL of the Keycloak server.

  • keycloak_client_secret (str) – The client secret for the Keycloak client.

  • username (str) – The username for the Keycloak user.

  • password (str) – The password for the Keycloak user.

  • ca_cert (str) – The path to the CA certificate.

  • realm (str) – The realm to use for the Keycloak client.

  • client_id (str) – The client ID to use for the Keycloak client.

Returns:

dict – A dictionary containing the ID token.

Raises:

requests.exceptions.RequestException – If the request to Keycloak fails.

MAIA.keycloak_utils.get_list_of_groups_requesting_a_user(email, user_model)[source]#

Retrieves a list of groups (namespaces) that have requested a specific user based on their email.

Parameters:

  • email (str) – The email address of the user to search for.

  • user_model (object) – The user model object to query for user information.

Return type:

list[str]

Returns:

list – A list of namespaces that have requested the user. Returns an empty list if no groups are found.

Raises:

  • KeyError – If environment variables ‘DB_HOST’, ‘DB_USERNAME’, or ‘DB_PASS’ are not set in non-debug mode.

  • Exception – If there is an issue connecting to the database or executing the SQL queries.

MAIA.keycloak_utils.get_list_of_users_requesting_a_group(maia_user_model, group_id)[source]#

Retrieves a list of email addresses of users who have requested access to a specific group.

Parameters:

  • group_id (str) – The ID of the group to check for user requests.

  • settings (object) – A settings object that contains configuration parameters, including DEBUG and LOCAL_DB_PATH.

Return type:

list[str]

Returns:

list – A list of email addresses of users who have requested access to the specified group.

Raises:

  • KeyError – If environment variables for database connection are not set when DEBUG is False.

  • Exception – If there is an issue with database connection or query execution.

Notes

When settings.DEBUG is True, a local SQLite database is used. When settings.DEBUG is False, a MySQL database is used with connection parameters from environment variables.

MAIA.keycloak_utils.get_maia_users_from_keycloak(settings)[source]#

Retrieves all users from Keycloak who are members of any MAIA group.

Parameters:

  • settings (An object containing Keycloak connection)

  • settings

  • including

  • OIDC_SERVER_URL (-) – The URL of the Keycloak server.

  • OIDC_USERNAME (-) – The username for Keycloak authentication.

  • OIDC_REALM_NAME (-) – The realm name in Keycloak.

  • OIDC_RP_CLIENT_ID (-) – The client ID for Keycloak.

  • OIDC_RP_CLIENT_SECRET (-) – The client secret for Keycloak.

Return type:

list[dict[str, Any]]

Returns:

list – A list of dictionaries containing user information for all users in MAIA groups. Each dictionary contains user details like email, username, and groups.

MAIA.keycloak_utils.get_user_ids(settings)[source]#

Retrieve user IDs and their associated MAIA groups from Keycloak.

Parameters:

settings (object) – An object containing the Keycloak server settings. It should have the following attributes: - OIDC_SERVER_URL: str, the URL of the Keycloak server. - OIDC_USERNAME: str, the username for Keycloak authentication. - OIDC_REALM_NAME: str, the realm name in Keycloak. - OIDC_RP_CLIENT_ID: str, the client ID for Keycloak. - OIDC_RP_CLIENT_SECRET: str, the client secret for Keycloak.

Returns:

dict – A dictionary where the keys are user email addresses and the values are lists of MAIA groups the user belongs to.

MAIA.keycloak_utils.get_user_username_from_email(email, settings)[source]#

Retrieve the username for a user from Keycloak.

MAIA.keycloak_utils.get_users_in_group_in_keycloak(group_id, settings)[source]#

Retrieve users in a group in Keycloak.

Parameters:

  • group_id (str) – The ID of the group to retrieve users from.

  • settings (object) – An object containing the Keycloak server settings. It should have the following attributes: - OIDC_SERVER_URL: str, the URL of the Keycloak server. - OIDC_USERNAME: str, the username for Keycloak authentication. - OIDC_REALM_NAME: str, the realm name in Keycloak. - OIDC_RP_CLIENT_ID: str, the client ID for Keycloak. - OIDC_RP_CLIENT_SECRET: str, the client secret for Keycloak.

Return type:

list[str]

Returns:

list[str] – A list of email addresses of users in the group.

MAIA.keycloak_utils.register_group_in_keycloak(group_id, settings)[source]#

Registers a group in Keycloak with the specified group ID and settings.

Parameters:

  • group_id (str) – The ID of the group to be registered.

  • settings (An object containing the Keycloak server)

  • settings

  • including

  • OIDC_SERVER_URL (-) – The URL of the Keycloak server.

  • OIDC_USERNAME (-) – The username for Keycloak authentication.

  • OIDC_REALM_NAME (-) – The name of the Keycloak realm.

  • OIDC_RP_CLIENT_ID (-) – The client ID for Keycloak.

  • OIDC_RP_CLIENT_SECRET (-) – The client secret for Keycloak.

Return type:

None

Returns:

None

MAIA.keycloak_utils.register_user_in_keycloak(email, settings, username=None, temp_password='Maia4YOU!')[source]#

Registers a user in Keycloak and sends an approved registration email.

Parameters:

  • email (str) – The email address of the user to be registered.

  • settings (object) – An object containing the necessary settings for Keycloak connection and email sending.

  • username (str, optional) – The Keycloak username. If not provided, email is used (username and email can differ).

  • temp_password (str, optional) – The temporary password for the user. If not provided, “Maia4YOU!” is used.

  • Attributes (Settings)

  • -------------------

  • OIDC_SERVER_URL (str) – The URL of the Keycloak server.

  • OIDC_USERNAME (str) – The username for Keycloak authentication.

  • OIDC_REALM_NAME (str) – The name of the Keycloak realm.

  • OIDC_RP_CLIENT_ID (str) – The client ID for Keycloak.

  • OIDC_RP_CLIENT_SECRET (str) – The client secret for Keycloak.

  • HOSTNAME (str) – The hostname for generating the MAIA login URL.

Return type:

None

Returns:

None

MAIA.keycloak_utils.register_users_in_group_in_keycloak(emails, group_id, settings)[source]#

Registers users in a specified Keycloak group.

Parameters:

  • emails (list) – A list of email addresses of users to be added to the group.

  • group_id (str) – The ID of the group to which users should be added.

  • settings (An object containing Keycloak server)

  • settings

  • including

  • OIDC_SERVER_URL (-) – The URL of the Keycloak server.

  • OIDC_USERNAME (-) – The username for Keycloak authentication.

  • OIDC_REALM_NAME (-) – The realm name in Keycloak.

  • OIDC_RP_CLIENT_ID (-) – The client ID for Keycloak.

  • OIDC_RP_CLIENT_SECRET (-) – The client secret for Keycloak.

Return type:

None

Returns:

None

MAIA.keycloak_utils.remove_user_from_group_in_keycloak(email, group_id, settings)[source]#

Remove a user from a group in Keycloak.

Parameters:

  • email (str) – The email address of the user to be removed from the group.

  • group_id (str) – The ID of the group from which the user should be removed.

  • settings (object) – An object containing the Keycloak server settings. It should have the following attributes: - OIDC_SERVER_URL: str, the URL of the Keycloak server. - OIDC_USERNAME: str, the username for Keycloak authentication. - OIDC_REALM_NAME: str, the realm name in Keycloak. - OIDC_RP_CLIENT_ID: str, the client ID for Keycloak. - OIDC_RP_CLIENT_SECRET: str, the client secret for Keycloak.

Return type:

None

Returns:

None