def save_consumers(kong_admin_api_url, consumers):
consumers_url = "{}/consumers".format(kong_admin_api_url)
consumers_to_be_present = [
consumer for consumer in consumers if consumer['state'] == 'present'
]
consumers_to_be_absent = [
consumer for consumer in consumers if consumer['state'] == 'absent'
]
for consumer in consumers_to_be_absent:
username = consumer['username']
if (_consumer_exists(kong_admin_api_url, username)):
print("Deleting consumer {}".format(username))
json_request("DELETE", consumers_url + "/" + username, "")
for consumer in consumers_to_be_present:
username = consumer['username']
_ensure_consumer_exists(kong_admin_api_url, consumer)
_save_groups_for_consumer(kong_admin_api_url, consumer)
jwt_credential = _get_first_or_create_jwt_credential(
kong_admin_api_url, consumer)
credential_algorithm = jwt_credential['algorithm']
if credential_algorithm == 'HS256':
jwt_token = jwt.encode({'iss': jwt_credential['key']},
jwt_credential['secret'],
algorithm=credential_algorithm)
print("JWT token for {} is : {}".format(username, jwt_token))
if 'print_credentials' in consumer:
print("Credentials for consumer {}, key: {}, secret: {}".format(
username, jwt_credential['key'], jwt_credential['secret']))
def _save_groups_for_consumer(kong_admin_api_url, consumer):
username = consumer["username"]
input_groups = consumer["groups"]
consumer_acls_url = kong_admin_api_url + "/consumers/" + username + "/acls"
saved_acls_details = json.loads(urllib2.urlopen(consumer_acls_url).read())
saved_acls = saved_acls_details["data"]
saved_groups = [acl["group"] for acl in saved_acls]
print("Existing groups for consumer {} : {}".format(
username, saved_groups))
print("Required groups for consumer {} : {}".format(
username, input_groups))
input_groups_to_be_created = [
input_group for input_group in input_groups
if input_group not in saved_groups
]
saved_groups_to_be_deleted = [
saved_group for saved_group in saved_groups
if saved_group not in input_groups
]
for input_group in input_groups_to_be_created:
print("Adding group {} for consumer {}".format(input_group, username))
json_request("POST", consumer_acls_url, {'group': input_group})
for saved_group in saved_groups_to_be_deleted:
print("Deleting group {} for consumer {}".format(
saved_group, username))
json_request("DELETE", consumer_acls_url + "/" + saved_group, "")
def _get_first_or_create_jwt_credential(kong_admin_api_url, consumer):
username = consumer["username"]
credential_algorithm = consumer.get('credential_algorithm', 'HS256')
consumer_jwt_credentials_url = kong_admin_api_url + "/consumers/" + username + "/jwt"
saved_credentials_details = json.loads(
urllib2.urlopen(consumer_jwt_credentials_url).read())
saved_credentials = saved_credentials_details["data"]
saved_credentials_for_algorithm = [
saved_credential for saved_credential in saved_credentials
if saved_credential['algorithm'] == credential_algorithm
]
if (len(saved_credentials_for_algorithm) > 0):
print("Updating credentials for consumer {} for algorithm {}".format(
username, credential_algorithm))
this_credential = saved_credentials_for_algorithm[0]
credential_data = {
"rsa_public_key":
consumer.get('credential_rsa_public_key',
this_credential.get("rsa_public_key", '')),
"key":
consumer.get('credential_iss', this_credential['key'])
}
this_credential_url = "{}/{}".format(consumer_jwt_credentials_url,
this_credential["id"])
response = json_request("PATCH", this_credential_url, credential_data)
jwt_credential = json.loads(response.read())
return jwt_credential
else:
print("Creating jwt credentials for consumer {}".format(username))
credential_data = {
"algorithm": credential_algorithm,
}
if 'credential_rsa_public_key' in consumer:
credential_data["rsa_public_key"] = consumer[
'credential_rsa_public_key']
if 'credential_iss' in consumer:
credential_data["key"] = consumer['credential_iss']
response = json_request("POST", consumer_jwt_credentials_url,
credential_data)
jwt_credential = json.loads(response.read())
return jwt_credential
def _save_plugins_for_api(kong_admin_api_url, input_api_details):
get_plugins_max_page_size = 2000
api_name = input_api_details["name"]
input_plugins = input_api_details["plugins"]
api_pugins_url = "{}/apis/{}/plugins".format(kong_admin_api_url, api_name)
saved_plugins_including_consumer_overrides = get_api_plugins(
kong_admin_api_url, api_name)
saved_plugins_without_consumer_overrides = [
plugin for plugin in saved_plugins_including_consumer_overrides
if not plugin.get('consumer_id')
]
saved_plugins = saved_plugins_without_consumer_overrides
input_plugin_names = [
input_plugin["name"] for input_plugin in input_plugins
]
saved_plugin_names = [
saved_plugin["name"] for saved_plugin in saved_plugins
]
input_plugins_to_be_created = [
input_plugin for input_plugin in input_plugins
if input_plugin["name"] not in saved_plugin_names
]
input_plugins_to_be_updated = [
input_plugin for input_plugin in input_plugins
if input_plugin["name"] in saved_plugin_names
]
saved_plugins_to_be_deleted = [
saved_plugin for saved_plugin in saved_plugins
if saved_plugin["name"] not in input_plugin_names
]
for input_plugin in input_plugins_to_be_created:
print("Adding plugin {} for API {}".format(input_plugin["name"],
api_name))
json_request("POST", api_pugins_url, input_plugin)
for input_plugin in input_plugins_to_be_updated:
print("Updating plugin {} for API {}".format(input_plugin["name"],
api_name))
saved_plugin_id = [
saved_plugin["id"] for saved_plugin in saved_plugins
if saved_plugin["name"] == input_plugin["name"]
][0]
input_plugin["id"] = saved_plugin_id
json_request("PATCH", api_pugins_url + "/" + saved_plugin["id"],
input_plugin)
for saved_plugin in saved_plugins_to_be_deleted:
print("Deleting plugin {} for API {}".format(saved_plugin["name"],
api_name))
json_request("DELETE", api_pugins_url + "/" + saved_plugin["id"], "")
def _save_plugins_for_api(kong_admin_api_url, input_api_details):
api_name = input_api_details["name"]
input_plugins = input_api_details["plugins"]
api_pugins_url = kong_admin_api_url + "/apis/" + api_name + "/plugins"
saved_api_details = json.loads(urllib2.urlopen(api_pugins_url).read())
saved_plugins = saved_api_details["data"]
input_plugin_names = [
input_plugin["name"] for input_plugin in input_plugins
]
saved_plugin_names = [
saved_plugin["name"] for saved_plugin in saved_plugins
]
input_plugins_to_be_created = [
input_plugin for input_plugin in input_plugins
if input_plugin["name"] not in saved_plugin_names
]
input_plugins_to_be_updated = [
input_plugin for input_plugin in input_plugins
if input_plugin["name"] in saved_plugin_names
]
saved_plugins_to_be_deleted = [
saved_plugin for saved_plugin in saved_plugins
if saved_plugin["name"] not in input_plugin_names
]
for input_plugin in input_plugins_to_be_created:
print("Adding plugin {} for API {}".format(input_plugin["name"],
api_name))
json_request("POST", api_pugins_url, input_plugin)
for input_plugin in input_plugins_to_be_updated:
print("Updating plugin {} for API {}".format(input_plugin["name"],
api_name))
saved_plugin_id = [
saved_plugin["id"] for saved_plugin in saved_plugins
if saved_plugin["name"] == input_plugin["name"]
][0]
input_plugin["id"] = saved_plugin_id
json_request("PATCH", api_pugins_url + "/" + saved_plugin["id"],
input_plugin)
for saved_plugin in saved_plugins_to_be_deleted:
print("Deleting plugin {} for API {}".format(saved_plugin["name"],
api_name))
json_request("DELETE", api_pugins_url + "/" + saved_plugin["id"], "")
def save_apis(kong_admin_api_url, input_apis):
apis_url = "{}/apis".format(kong_admin_api_url)
saved_apis = get_apis(kong_admin_api_url)
print("Number of input APIs : {}".format(len(input_apis)))
print("Number of existing APIs : {}".format(len(saved_apis)))
input_api_names = [api["name"] for api in input_apis]
saved_api_names = [api["name"] for api in saved_apis]
print("Input APIs : {}".format(input_api_names))
print("Existing APIs : {}".format(saved_api_names))
input_apis_to_be_created = [
input_api for input_api in input_apis
if input_api["name"] not in saved_api_names
]
input_apis_to_be_updated = [
input_api for input_api in input_apis
if input_api["name"] in saved_api_names
]
saved_api_to_be_deleted = [
saved_api for saved_api in saved_apis
if saved_api["name"] not in input_api_names
]
for input_api in input_apis_to_be_created:
print("Adding API {}".format(input_api["name"]))
json_request("POST", apis_url, _sanitized_api_data(input_api))
for input_api in input_apis_to_be_updated:
print("Updating API {}".format(input_api["name"]))
saved_api_id = [
saved_api["id"] for saved_api in saved_apis
if saved_api["name"] == input_api["name"]
][0]
input_api["id"] = saved_api_id
json_request("PATCH", apis_url + "/" + saved_api_id,
_sanitized_api_data(input_api))
for saved_api in saved_api_to_be_deleted:
print("Deleting API {}".format(saved_api["name"]))
json_request("DELETE", apis_url + "/" + saved_api["id"], "")
for input_api in input_apis:
_save_plugins_for_api(kong_admin_api_url, input_api)
def _save_rate_limits(kong_admin_api_url, saved_consumer, rate_limits):
plugin_name = 'rate-limiting'
consumer_id = saved_consumer['id']
consumer_username = saved_consumer['username']
for rate_limit in rate_limits:
api_name = rate_limit["api"]
saved_plugins = get_api_plugins(kong_admin_api_url, api_name)
rate_limit_plugins = [
saved_plugin for saved_plugin in saved_plugins
if saved_plugin['name'] == plugin_name
]
rate_limit_plugins_for_this_consumer = [
rate_limit_plugin for rate_limit_plugin in rate_limit_plugins
if rate_limit_plugin.get('consumer_id') == consumer_id
]
rate_limit_plugin_for_this_consumer = rate_limit_plugins_for_this_consumer[
0] if rate_limit_plugins_for_this_consumer else None
rate_limit_state = rate_limit.get('state', 'present')
api_pugins_url = kong_admin_api_url + "/apis/" + api_name + "/plugins"
if rate_limit_state == 'present':
rate_limit_plugin_data = _dict_without_keys(
rate_limit, ['api', 'state'])
rate_limit_plugin_data['name'] = plugin_name
rate_limit_plugin_data['consumer_id'] = consumer_id
if not rate_limit_plugin_for_this_consumer:
print("Adding rate_limit for consumer {} for API {}".format(
consumer_username, api_name))
print("rate_limit_plugin_data: {}".format(
rate_limit_plugin_data))
json_request("POST", api_pugins_url, rate_limit_plugin_data)
if rate_limit_plugin_for_this_consumer:
print("Updating rate_limit for consumer {} for API {}".format(
consumer_username, api_name))
json_request(
"PATCH", api_pugins_url + "/" +
rate_limit_plugin_for_this_consumer["id"],
rate_limit_plugin_data)
elif rate_limit_state == 'absent':
if rate_limit_plugin_for_this_consumer:
print("Deleting rate_limit for consumer {} for API {}".format(
consumer_username, api_name))
json_request("DELETE",
api_pugins_url + "/" + saved_plugin["id"], "")
def _ensure_consumer_exists(kong_admin_api_url, consumer):
username = consumer['username']
consumers_url = "{}/consumers".format(kong_admin_api_url)
if (not _consumer_exists(kong_admin_api_url, username)):
print("Adding consumer {}".format(username))
json_request("POST", consumers_url, {'username': username})