def create_client_and_get_client_secret(): # Create kong client on Keycloak keycloak_admin = KeycloakAdmin(server_url=KEYCLOAK_URL, username=KEYCLOAK_ADMIN_USER, password=KEYCLOAK_ADMIN_PASSWORD, verify=True) try: keycloak_admin.create_client({ "clientId": CLIENT_NAME, "name": CLIENT_NAME, "enabled": True, "redirectUris": ["/front/*", "/api/*", "/*", "*"], }) client_uuid = keycloak_admin.get_client_id(CLIENT_NAME) keycloak_admin.generate_client_secrets(client_uuid) except KeycloakGetError as e: if e.response_code == 409: print("Keycloak Kong client already exists") client_uuid = keycloak_admin.get_client_id(CLIENT_NAME) return keycloak_admin.get_client_secrets(client_uuid)['value']
def _get_service_oidc_payload(service_name, realm): client_id = KEYCLOAK_KONG_CLIENT client_secret = None # must be the public url KEYCLOAK_URL = f'{HOST}/keycloak/auth/realms' OPENID_PATH = 'protocol/openid-connect' try: # https://bitbucket.org/agriness/python-keycloak # find out client secret # 1. connect to master realm keycloak_admin = KeycloakAdmin( server_url=KC_URL, username=KC_ADMIN_USER, password=KC_ADMIN_PASSWORD, realm_name=KC_MASTER_REALM, ) # 2. change to given realm keycloak_admin.realm_name = realm # 3. get kong client internal id client_pk = keycloak_admin.get_client_id(client_id) # 4. get its secrets secret = keycloak_admin.get_client_secrets(client_pk) client_secret = secret.get('value') except KeycloakError as ke: raise RuntimeError(f'Could not get info from keycloak {str(ke)}') except Exception as e: raise RuntimeError( f'Unexpected error, do the realm and the client exist? {str(e)}') # OIDC plugin settings (same for all endpoints) return { 'name': KONG_OIDC_PLUGIN, 'config.client_id': client_id, 'config.client_secret': client_secret, 'config.cookie_domain': DOMAIN, 'config.email_key': 'email', 'config.scope': 'openid+profile+email+iss', 'config.user_info_cache_enabled': 'true', 'config.app_login_redirect_url': f'{HOST}/{realm}/{service_name}/', 'config.authorize_url': f'{KEYCLOAK_URL}/{realm}/{OPENID_PATH}/auth', 'config.service_logout_url': f'{KEYCLOAK_URL}/{realm}/{OPENID_PATH}/logout', 'config.token_url': f'{KEYCLOAK_URL}/{realm}/{OPENID_PATH}/token', 'config.user_url': f'{KEYCLOAK_URL}/{realm}/{OPENID_PATH}/userinfo', }
# Create kong client on Keycloak keycloak_admin = KeycloakAdmin(server_url=KEYCLOAK_URL, username=KEYCLOAK_ADMIN_USER, password=KEYCLOAK_ADMIN_PASSWORD, verify=True) CLIENT_KONG_KEYCLOAK_ID = str(uuid.uuid4()) keycloak_admin.create_client({ "id": CLIENT_KONG_KEYCLOAK_ID, "clientId": CLIENT_ID, "name": CLIENT_ID, "enabled": True, "redirectUris": ["/front/*", "/api/*", "/*", "*"], }) CLIENT_SECRET = keycloak_admin.get_client_secrets( CLIENT_KONG_KEYCLOAK_ID)["value"] introspection_url = f'http://{KEYCLOAK_HOST_IP}:{KEYCLOAK_PORT}/auth/realms/{REALM_NAME}/protocol/openid-connect/token/introspect' discovery_url = f'http://{KEYCLOAK_HOST_IP}:{KEYCLOAK_PORT}/auth/realms/{REALM_NAME}/.well-known/openid-configuration' for service in services: data = service # Create Service response = requests.post(f'http://{KONG_HOST_IP}:{KONG_PORT}/services', data=data) created_service_id = response.json()["id"] # Create route data = { 'service.id': f'{created_service_id}',