feat: add create keycloak client

PrivateAIM · Apr 22, 2024 · e87c841 · e87c841
1 parent 22989ff
commit e87c841
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -24,9 +24,9 @@ COPY src ./src
 EXPOSE 8000
 
 # Define environment variable
-#ENV POSTGRES_HOST=<postgres_host>
-#ENV POSTGRES_DB=<postgres_db>
-#ENV POSTGRES_USER=<postgres_user>
-#ENV POSTGRES_PASSWORD=<postgres_password>
+ENV POSTGRES_HOST=<postgres_host>
+ENV POSTGRES_DB=<postgres_db>
+ENV POSTGRES_USER=<postgres_user>
+ENV POSTGRES_PASSWORD=<postgres_password>
 
 ENTRYPOINT ["poetry", "run", "python", "-m", "src.main"]
diff --git a/setup.sh b/setup.sh
@@ -19,9 +19,10 @@ docker build  -t po:latest .
 #kubectl apply -f k8/manifests/node-pod-orchestration-deployment.yaml
 #kubectl apply -f k8/manifests/node-pod-orchestration-service.yaml
 # Add more kubectl apply commands for any additional YAML files
-kubectl apply -f k8/node-po-nginx-config-map.yaml
-kubectl apply -f k8/node-po-nginx-deployment.yaml
-kubectl apply -f k8/node-po-nginx-service.yaml
+
+#kubectl apply -f k8/node-po-nginx-config-map.yaml
+#kubectl apply -f k8/node-po-nginx-deployment.yaml
+#kubectl apply -f k8/node-po-nginx-service.yaml
 #kubectl apply -f k8/node-analysis-network-policy.yaml
 
 

diff --git a/src/utils/token.py b/src/utils/token.py
@@ -1,5 +1,6 @@
 import os
 import requests
+
 from kong_admin_client import Configuration, ApiClient, ConsumersApi, ACLsApi, KeyAuthsApi
 from kong_admin_client.rest import ApiException
 from kong_admin_client.models.create_consumer_request import CreateConsumerRequest
@@ -13,21 +14,18 @@
 
 def create_tokens(analysis_id: str, project_id: str) -> dict[str, str]:
     tokens = {'DATA_SOURCE_TOKEN': _get_kong_token(analysis_id, project_id),
-            'KEYCLOAK_TOKEN': _get_keycloak_token(analysis_id, project_id)}
+              'KEYCLOAK_TOKEN': _get_keycloak_token(analysis_id)}
 
     return tokens
 
 
-
-def _get_keycloak_token(analysis_id: str, project_id: str) -> str:
-    #TODO create client in keycloak
+def _get_keycloak_token(analysis_id: str) -> str:
     # curl -q -X POST -d "grant_type=client_credentials&client_id=service1&client_secret=9dd01665c2f3f02f93c32d03bd854569f03cd62f439ccf9f0861c141b9d6330e" http://flame-node-keycloak-service:8080/realms/flame/protocol/openid-connect/token
-    client = os.getenv('RESULT_CLIENT_ID')
-    client_secret = os.getenv('RESULT_CLIENT_SECRET')
 
-    keycloak_url = os.getenv('KEYCLOAK_URL') + "/realms/flame/protocol/openid-connect/token"
+    client_secret = _create_keycloak_client(analysis_id)
 
-    data = {"grant_type": "client_credentials", "client_id": client, "client_secret": client_secret}
+    keycloak_url = os.getenv('KEYCLOAK_URL') + "/realms/flame/protocol/openid-connect/token"
+    data = {"grant_type": "client_credentials", "client_id": analysis_id, "client_secret": client_secret}
 
     # get token from keycloak like in the above curl command
     try:
@@ -39,6 +37,39 @@ def _get_keycloak_token(analysis_id: str, project_id: str) -> str:
         return None
 
 
+def _create_keycloak_client(analysis_id: str) -> str:
+    """
+    Create a client in keycloak
+    :return:
+    """
+    keycloak_admin_user = os.getenv('KEYCLOAK_ADMIN_USER')
+    keycloak_admin_password = os.getenv('KEYCLOAK_ADMIN_PASSWORD')
+    keycloak_realm = os.getenv('KEYCLOAK_REALM')
+    keycloak_url = os.getenv('KEYCLOAK_URL')
+
+    # get admin token
+    url_admin_access_token = f"{keycloak_url}/auth/realms/{keycloak_realm}/protocol/openid-connect/token"
+    headers = {"Content-Type": "application/x-www-form-urlencoded"}
+    data = {"grant_type": "password", "client_id": keycloak_admin_user, "client_secret": keycloak_admin_password}
+    response = requests.post(url_admin_access_token, headers=headers, data=data, verify=False)
+    response.raise_for_status()
+    admin_token = response.json()['access_token']
+
+    # create client
+    url_create_client = f"{keycloak_url}/auth/admin/realms/{keycloak_realm}/clients"
+    headers = {"Authorization": f"Bearer {admin_token}"}
+
+    client_data = {
+        "clientId": analysis_id,
+        "publicClient": True,  # Adjust based on your client type
+    }
+
+    response = requests.post(url_create_client, headers=headers, data=client_data , verify=False)
+    response.raise_for_status()
+    print(response.json())
+    return response.json()['client_secret']
+
+
 def _get_kong_token(analysis_id: str, project_id: str) -> str:
     kong_admin_url = "flame-node-kong-admin"
     configuration = Configuration(host=kong_admin_url)