refactor(keycloak): remove authentik naming and switch to keycloak-only paths

2026-04-01 02:01:41 +08:00
parent 34fc865b30
commit 0bc667847d
21 changed files with 368 additions and 681 deletions
--- a/app/api/admin_catalog.py
+++ b/app/api/admin_catalog.py
@@ -53,7 +53,7 @@ from app.schemas.api_clients import (
 from app.schemas.permissions import PermissionGrantRequest, PermissionRevokeRequest
 from app.security.admin_guard import require_admin_principal
 from app.security.api_client_auth import hash_api_key
-from app.services.authentik_admin_service import AuthentikAdminService
+from app.services.idp_admin_service import KeycloakAdminService

 router = APIRouter(
    prefix="/admin",
@@ -133,7 +133,7 @@ def _generate_api_key() -> str:
    return secrets.token_urlsafe(36)


-def _sync_member_to_authentik(
+def _sync_member_to_idp(
    *,
    user_sub: str | None,
    idp_user_id: str | None,
@@ -143,9 +143,9 @@ def _sync_member_to_authentik(
    is_active: bool,
 ) -> dict[str, str]:
    if not email:
-        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="email_required_for_authentik_sync")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="email_required_for_idp_sync")
    settings = get_settings()
-    service = AuthentikAdminService(settings=settings)
+    service = KeycloakAdminService(settings=settings)
    result = service.ensure_user(
        sub=user_sub,
        email=email,
@@ -590,11 +590,11 @@ def upsert_member(
    resolved_sub = payload.user_sub
    resolved_username = payload.username
    idp_user_id = None
-    if payload.sync_to_authentik:
+    if payload.sync_to_idp:
        seed_sub = payload.user_sub or payload.username
        if not seed_sub:
            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="user_sub_or_username_required")
-        sync = _sync_member_to_authentik(
+        sync = _sync_member_to_idp(
            user_sub=seed_sub,
            idp_user_id=idp_user_id,
            username=payload.username,
@@ -642,8 +642,8 @@ def update_member(
    next_is_active = payload.is_active if payload.is_active is not None else row.is_active

    idp_user_id = row.idp_user_id
-    if payload.sync_to_authentik:
-        sync = _sync_member_to_authentik(
+    if payload.sync_to_idp:
+        sync = _sync_member_to_idp(
            user_sub=row.user_sub,
            idp_user_id=row.idp_user_id,
            username=next_username,
@@ -681,7 +681,7 @@ def delete_member(
    if not row:
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found")
    settings = get_settings()
-    service = AuthentikAdminService(settings=settings)
+    service = KeycloakAdminService(settings=settings)
    service.delete_user(
        idp_user_id=row.idp_user_id,
        email=row.email,
@@ -703,7 +703,7 @@ def reset_member_password(
    if not user:
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found")
    settings = get_settings()
-    service = AuthentikAdminService(settings=settings)
+    service = KeycloakAdminService(settings=settings)
    result = service.reset_password(
        idp_user_id=user.idp_user_id,
        email=user.email,