-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathkeycloak.js
126 lines (100 loc) · 3.55 KB
/
keycloak.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
"use strict";
const axios = require("axios");
const _ = require("lodash");
const util = require('./util');
module.exports = class KeyCloakClient {
constructor(settings, oc) {
this.phases = settings.phases;
this.options = settings.options;
this.oc = oc;
this.hmcrHost = this.phases.dev.host;
}
async init() {
this.getSecrets();
this.apiTokenPath = `/auth/realms/${this.realmId}/protocol/openid-connect/token`;
this.hmcrPublicClientPath = `auth/admin/realms/${this.realmId}/clients/${this.hmcrClientId}`;
this.api = axios.create({
baseURL: `https://${this.ssoHost}`
});
const token = await this.getAccessToken();
this.api.defaults.headers.common = {
Authorization: `Bearer ${token}`
};
}
getSecrets() {
const secret = util.getSecret(this.oc, this.phases.build.namespace, "keycloak-service-client");
this.clientId = Buffer.from(secret.clientId, "base64").toString();
this.clientSecret = Buffer.from(secret.clientSecret, "base64").toString();
this.hmcrClientId = Buffer.from(secret.hmcrPublic, "base64").toString();
this.realmId = Buffer.from(secret.realmId, "base64").toString();
this.ssoHost = Buffer.from(secret.host, "base64").toString();
if (!this.clientId || !this.clientSecret || !this.hmcrClientId)
throw new Error(
"Unable to retrieve Keycloak service account info from OpenShift"
);
}
getAccessToken() {
return this.api
.post(this.apiTokenPath, "grant_type=client_credentials", {
headers: { "Content-Type": "application/x-www-form-urlencoded" },
auth: {
username: this.clientId,
password: this.clientSecret
}
})
.then(function(response) {
if (!response.data.access_token)
throw new Error(
"Unable to retrieve Keycloak service account access token"
);
return Promise.resolve(response.data.access_token);
});
}
async getUris() {
const response = await this.api.get(this.hmcrPublicClientPath);
const data = { ...response.data };
const redirectUris = data.redirectUris;
return { data, redirectUris };
}
async addUris() {
await this.init();
console.log("Attempting to add RedirectUri and WebOrigins");
const { data, redirectUris} = await this.getUris();
const putData = { id: data.id, clientId: data.clientId };
const hasRedirectUris = redirectUris.find(item =>
item.includes(this.hmcrHost)
);
if (!hasRedirectUris) {
redirectUris.push(`https://${this.hmcrHost}/*`);
putData.redirectUris = redirectUris;
}
if (!(hasRedirectUris)) {
this.api
.put(this.hmcrPublicClientPath, putData)
.then(() => console.log("RedirectUri and WebOrigins added."));
} else {
console.log("RedirectUri and WebOrigins add skipped.");
}
}
async remmoveUris() {
await this.init();
console.log("Attempting to remove RedirectUri and WebOrigins");
const { data, redirectUris } = await this.getUris();
const putData = { id: data.id, clientId: data.clientId };
const hasRedirectUris = redirectUris.find(item =>
item.includes(this.hmcrHost)
);
if (hasRedirectUris) {
putData.redirectUris = redirectUris.filter(
item => !item.includes(this.hmcrHost)
);
}
if (hasRedirectUris) {
this.api
.put(this.hmcrPublicClientPath, putData)
.then(() => console.log("RedirectUri and WebOrigins removed."));
} else {
console.log("RedirectUri and WebOrigins remove skipped.");
}
}
};