def create_client_and_get_client_secret(): # Create kong client on Keycloak keycloak_admin = KeycloakAdmin(server_url=KEYCLOAK_URL, username=KEYCLOAK_ADMIN_USER, password=KEYCLOAK_ADMIN_PASSWORD, verify=True) try: keycloak_admin.create_client({ "clientId": CLIENT_NAME, "name": CLIENT_NAME, "enabled": True, "redirectUris": ["/front/*", "/api/*", "/*", "*"], }) client_uuid = keycloak_admin.get_client_id(CLIENT_NAME) keycloak_admin.generate_client_secrets(client_uuid) except KeycloakGetError as e: if e.response_code == 409: print("Keycloak Kong client already exists") client_uuid = keycloak_admin.get_client_id(CLIENT_NAME) return keycloak_admin.get_client_secrets(client_uuid)['value']
class KeycloakSession: def __init__(self, realm, server_url, user, pwd, ssl_verify): self.keycloak_admin = KeycloakAdmin(server_url=server_url, username=user, password=pwd, realm_name=realm, verify=ssl_verify) def create_realm(self, realm): payload = { "realm": realm, "enabled": True, "accessCodeLifespan": 7200, "accessCodeLifespanLogin": 1800, "accessCodeLifespanUserAction": 300, "accessTokenLifespan": 86400, "accessTokenLifespanForImplicitFlow": 900, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300 } try: self.keycloak_admin.create_realm(payload, skip_exists=False) except KeycloakError as e: if e.response_code == 409: print('Exists, updating %s' % realm) self.keycloak_admin.update_realm(realm, payload) except: raise return 0 def create_role(self, realm, role): print('Creating role %s for realm %s' % (role, realm)) self.keycloak_admin.realm_name = realm # work around because otherwise role was getting created in master self.keycloak_admin.create_realm_role( { 'name': role, 'clientRole': False }, skip_exists=True) self.keycloak_admin.realm_name = 'master' # restore return 0 # sa_roles: service account roles def create_client(self, realm, client, secret, sa_roles=None): self.keycloak_admin.realm_name = realm # work around because otherwise client was getting created in master payload = { "clientId": client, "secret": secret, "standardFlowEnabled": True, "serviceAccountsEnabled": True, "directAccessGrantsEnabled": True, "redirectUris": ['*'], "authorizationServicesEnabled": True } try: print('Creating client %s' % client) self.keycloak_admin.create_client( payload, skip_exists=False) # If exists, update. So don't skip except KeycloakError as e: if e.response_code == 409: print('Exists, updating %s' % client) client_id = self.keycloak_admin.get_client_id(client) self.keycloak_admin.update_client(client_id, payload) except: self.keycloak_admin.realm_name = 'master' # restore raise if len(sa_roles) == 0: # Skip the below step self.keycloak_admin.realm_name = 'master' # restore return try: roles = [] # Get full role reprentation of all roles for role in sa_roles: role_rep = self.keycloak_admin.get_realm_role(role) roles.append(role_rep) client_id = self.keycloak_admin.get_client_id(client) user = self.keycloak_admin.get_client_service_account_user( client_id) params_path = { "realm-name": self.keycloak_admin.realm_name, "id": user["id"] } self.keycloak_admin.raw_post( URL_ADMIN_USER_REALM_ROLES.format(**params_path), data=json.dumps(roles)) except: self.keycloak_admin.realm_name = 'master' # restore raise self.keycloak_admin.realm_name = 'master' # restore def create_user(self, realm, uname, email, fname, lname, password, temp_flag): self.keycloak_admin.realm_name = realm payload = { "username": uname, "email": email, "firstName": fname, "lastName": lname, "enabled": True } try: print('Creating user %s' % uname) self.keycloak_admin.create_user( payload, False) # If exists, update. So don't skip user_id = self.keycloak_admin.get_user_id(uname) self.keycloak_admin.set_user_password(user_id, password, temporary=temp_flag) except KeycloakError as e: if e.response_code == 409: print('Exists, updating %s' % uname) user_id = self.keycloak_admin.get_user_id(uname) self.keycloak_admin.update_user(user_id, payload) except: self.keycloak_admin.realm_name = 'master' # restore raise self.keycloak_admin.realm_name = 'master' # restore def assign_user_roles(self, realm, username, roles): self.keycloak_admin.realm_name = realm roles = [self.keycloak_admin.get_realm_role(role) for role in roles] try: print(f'''Get user id for {username}''') user_id = self.keycloak_admin.get_user_id(username) self.keycloak_admin.assign_realm_roles(user_id, roles) except: self.keycloak_admin.realm_name = 'master' # restore raise self.keycloak_admin.realm_name = 'master' # restore
for _id in [e["id"] for e in response.json()["data"]]: requests.delete(f'http://{KONG_HOST_IP}:{KONG_PORT}/services/{_id}') from keycloak import KeycloakAdmin # Create kong client on Keycloak keycloak_admin = KeycloakAdmin(server_url=KEYCLOAK_URL, username=KEYCLOAK_ADMIN_USER, password=KEYCLOAK_ADMIN_PASSWORD, verify=True) CLIENT_KONG_KEYCLOAK_ID = str(uuid.uuid4()) keycloak_admin.create_client({ "id": CLIENT_KONG_KEYCLOAK_ID, "clientId": CLIENT_ID, "name": CLIENT_ID, "enabled": True, "redirectUris": ["/front/*", "/api/*", "/*", "*"], }) CLIENT_SECRET = keycloak_admin.get_client_secrets( CLIENT_KONG_KEYCLOAK_ID)["value"] introspection_url = f'http://{KEYCLOAK_HOST_IP}:{KEYCLOAK_PORT}/auth/realms/{REALM_NAME}/protocol/openid-connect/token/introspect' discovery_url = f'http://{KEYCLOAK_HOST_IP}:{KEYCLOAK_PORT}/auth/realms/{REALM_NAME}/.well-known/openid-configuration' for service in services: data = service # Create Service response = requests.post(f'http://{KONG_HOST_IP}:{KONG_PORT}/services',