def create_client_and_get_client_secret():
# Create kong client on Keycloak
keycloak_admin = KeycloakAdmin(server_url=KEYCLOAK_URL,
username=KEYCLOAK_ADMIN_USER,
password=KEYCLOAK_ADMIN_PASSWORD,
verify=True)
try:
keycloak_admin.create_client({
"clientId":
CLIENT_NAME,
"name":
CLIENT_NAME,
"enabled":
True,
"redirectUris": ["/front/*", "/api/*", "/*", "*"],
})
client_uuid = keycloak_admin.get_client_id(CLIENT_NAME)
keycloak_admin.generate_client_secrets(client_uuid)
except KeycloakGetError as e:
if e.response_code == 409:
print("Keycloak Kong client already exists")
client_uuid = keycloak_admin.get_client_id(CLIENT_NAME)
return keycloak_admin.get_client_secrets(client_uuid)['value']
def _get_service_oidc_payload(service_name, realm):
client_id = KEYCLOAK_KONG_CLIENT
client_secret = None
# must be the public url
KEYCLOAK_URL = f'{HOST}/keycloak/auth/realms'
OPENID_PATH = 'protocol/openid-connect'
try:
# https://bitbucket.org/agriness/python-keycloak
# find out client secret
# 1. connect to master realm
keycloak_admin = KeycloakAdmin(
server_url=KC_URL,
username=KC_ADMIN_USER,
password=KC_ADMIN_PASSWORD,
realm_name=KC_MASTER_REALM,
)
# 2. change to given realm
keycloak_admin.realm_name = realm
# 3. get kong client internal id
client_pk = keycloak_admin.get_client_id(client_id)
# 4. get its secrets
secret = keycloak_admin.get_client_secrets(client_pk)
client_secret = secret.get('value')
except KeycloakError as ke:
raise RuntimeError(f'Could not get info from keycloak {str(ke)}')
except Exception as e:
raise RuntimeError(
f'Unexpected error, do the realm and the client exist? {str(e)}')
# OIDC plugin settings (same for all endpoints)
return {
'name': KONG_OIDC_PLUGIN,
'config.client_id': client_id,
'config.client_secret': client_secret,
'config.cookie_domain': DOMAIN,
'config.email_key': 'email',
'config.scope': 'openid+profile+email+iss',
'config.user_info_cache_enabled': 'true',
'config.app_login_redirect_url': f'{HOST}/{realm}/{service_name}/',
'config.authorize_url': f'{KEYCLOAK_URL}/{realm}/{OPENID_PATH}/auth',
'config.service_logout_url':
f'{KEYCLOAK_URL}/{realm}/{OPENID_PATH}/logout',
'config.token_url': f'{KEYCLOAK_URL}/{realm}/{OPENID_PATH}/token',
'config.user_url': f'{KEYCLOAK_URL}/{realm}/{OPENID_PATH}/userinfo',
}
# Create kong client on Keycloak
keycloak_admin = KeycloakAdmin(server_url=KEYCLOAK_URL,
username=KEYCLOAK_ADMIN_USER,
password=KEYCLOAK_ADMIN_PASSWORD,
verify=True)
CLIENT_KONG_KEYCLOAK_ID = str(uuid.uuid4())
keycloak_admin.create_client({
"id": CLIENT_KONG_KEYCLOAK_ID,
"clientId": CLIENT_ID,
"name": CLIENT_ID,
"enabled": True,
"redirectUris": ["/front/*", "/api/*", "/*", "*"],
})
CLIENT_SECRET = keycloak_admin.get_client_secrets(
CLIENT_KONG_KEYCLOAK_ID)["value"]
introspection_url = f'http://{KEYCLOAK_HOST_IP}:{KEYCLOAK_PORT}/auth/realms/{REALM_NAME}/protocol/openid-connect/token/introspect'
discovery_url = f'http://{KEYCLOAK_HOST_IP}:{KEYCLOAK_PORT}/auth/realms/{REALM_NAME}/.well-known/openid-configuration'
for service in services:
data = service
# Create Service
response = requests.post(f'http://{KONG_HOST_IP}:{KONG_PORT}/services',
data=data)
created_service_id = response.json()["id"]
# Create route
data = {
'service.id': f'{created_service_id}',