Skip to content

Commit 32eb526

Browse files
binarycodesbinarycodes
committed
add commentry
1 parent 1798b01 commit 32eb526

File tree

1 file changed

+152
-142
lines changed
  • ssh-key-signer-server/environment-setup/dev/docker/keycloak

1 file changed

+152
-142
lines changed

ssh-key-signer-server/environment-setup/dev/docker/keycloak/init.js

Lines changed: 152 additions & 142 deletions
Original file line numberDiff line numberDiff line change
@@ -1,142 +1,152 @@
1-
(async () => {
2-
const keycloakBaseUrl = process.env.KC_URL;
3-
const adminUser = process.env.KC_ADMIN_USERNAME;
4-
const adminPassword = process.env.KC_ADMIN_PASSWORD;
5-
const realmName = "my-test-realm";
6-
const realmUrl = `${keycloakBaseUrl}/admin/realms/${realmName}`;
7-
const clientId = "my-test-client";
8-
const users = [{
9-
username: "user",
10-
firstName: "John",
11-
lastName: "Doe",
12-
email: "user@example.com",
13-
emailVerified: true,
14-
enabled: true,
15-
credentials: [{
16-
type: "password",
17-
value: "user",
18-
temporary: false
19-
}]
20-
}];
21-
22-
/* wrapped in a function because we may need to generate access token more than once during the setup process */
23-
const fetchToken = async () => {
24-
const tokenResponse = await fetch(`${keycloakBaseUrl}/realms/master/protocol/openid-connect/token`, {
25-
method: "POST",
26-
headers: { "Content-Type": "application/x-www-form-urlencoded" },
27-
body: new URLSearchParams({
28-
username: adminUser,
29-
password: adminPassword,
30-
grant_type: "password",
31-
client_id: "admin-cli"
32-
})
33-
});
34-
35-
if (!tokenResponse.ok) {
36-
const { error_description } = await tokenResponse.json();
37-
console.error(error_description);
38-
process.exit(1);
39-
}
40-
41-
return (await tokenResponse.json()).access_token;
42-
};
43-
44-
/* wrap the access token in authorization header */
45-
const authorization_header = async () => {
46-
47-
/* fails early if fetching the token fails, so no need to check anything */
48-
const access_token = await fetchToken();
49-
return {
50-
"Authorization": `Bearer ${access_token}`,
51-
"Content-Type": "application/json"
52-
};
53-
};
54-
55-
/* --- check and create realm --- */
56-
await (async () => {
57-
const checkRealmResponse = await fetch(realmUrl, {
58-
method: "GET",
59-
headers: await authorization_header()
60-
});
61-
62-
if (checkRealmResponse.ok) {
63-
console.log(`Realm '${realmName}' exists already!`);
64-
} else {
65-
const createRealmResponse = await fetch(`${keycloakBaseUrl}/admin/realms`, {
66-
method: "POST",
67-
headers: await authorization_header(),
68-
body: JSON.stringify({ realm: realmName, enabled: true })
69-
});
70-
71-
if (createRealmResponse.ok) {
72-
console.log(`Realm '${realmName}' created successfully!`);
73-
} else {
74-
const errorMessage = await createRealmResponse.json();
75-
console.error("Failed to create realm:", errorMessage);
76-
process.exit(1);
77-
}
78-
}
79-
})();
80-
81-
/* --- check and create client --- */
82-
await (async () => {
83-
const checkClientResponse = await fetch(`${realmUrl}/clients?clientId=${clientId}`, {
84-
method: "GET",
85-
headers: await authorization_header()
86-
});
87-
88-
const [clientInfo] = await checkClientResponse.json();
89-
90-
if (checkClientResponse.ok && !!clientInfo) {
91-
const { secret } = clientInfo;
92-
console.log(`Client '${clientId}' exists already! - Client secret is - ${secret}`);
93-
} else {
94-
const clientConfig = {
95-
clientId: clientId,
96-
enabled: true,
97-
publicClient: false,
98-
redirectUris: ['*'],
99-
attributes: {
100-
'post.logout.redirect.uris': '*'
101-
}
102-
};
103-
104-
const createClientResponse = await fetch(`${realmUrl}/clients`, {
105-
method: "POST",
106-
headers: await authorization_header(),
107-
body: JSON.stringify(clientConfig)
108-
});
109-
110-
if (createClientResponse.ok) {
111-
console.log(`Client '${clientId}' created successfully!`);
112-
} else {
113-
const error_description = await createClientResponse.json();
114-
console.error("Failed to create client:", error_description);
115-
process.exit(1);
116-
}
117-
}
118-
})();
119-
120-
/* --- check and create users --- */
121-
await (async () => {
122-
const createUser = async (newUser) => {
123-
const response = await fetch(`${realmUrl}/users`, {
124-
method: 'POST',
125-
headers: await authorization_header(),
126-
body: JSON.stringify(newUser)
127-
});
128-
129-
if (response.status === 201) {
130-
console.log("User created successfully!");
131-
} else {
132-
const errorText = await response.text();
133-
console.error(`Failed to create user: ${response.status} ${errorText}`);
134-
}
135-
};
136-
137-
await Promise.all(users.map(async (user) => {
138-
await createUser(user);
139-
}));
140-
})();
141-
142-
})();
1+
(async () => {
2+
const keycloakBaseUrl = process.env.KC_URL;
3+
const adminUser = process.env.KC_ADMIN_USERNAME;
4+
const adminPassword = process.env.KC_ADMIN_PASSWORD;
5+
const realmName = "my-test-realm";
6+
const realmUrl = `${keycloakBaseUrl}/admin/realms/${realmName}`;
7+
const clientId = "my-test-client";
8+
9+
/*
10+
remember to apply proper secret management for actual production uses
11+
do not share the secret key in public
12+
*/
13+
const clientSecret = 'UTRtYkyYN1nbgdPPbBru1FDVsE8ye5JE';
14+
15+
const users = [{
16+
username: "user",
17+
firstName: "John",
18+
lastName: "Doe",
19+
email: "user@example.com",
20+
emailVerified: true,
21+
enabled: true,
22+
credentials: [{
23+
type: "password",
24+
value: "user",
25+
temporary: false
26+
}]
27+
}];
28+
29+
/* wrapped in a function because we may need to generate access token more than once during the setup process */
30+
const fetchToken = async () => {
31+
const tokenResponse = await fetch(`${keycloakBaseUrl}/realms/master/protocol/openid-connect/token`, {
32+
method: "POST",
33+
headers: { "Content-Type": "application/x-www-form-urlencoded" },
34+
body: new URLSearchParams({
35+
username: adminUser,
36+
password: adminPassword,
37+
grant_type: "password",
38+
client_id: "admin-cli"
39+
})
40+
});
41+
42+
if (!tokenResponse.ok) {
43+
const { error_description } = await tokenResponse.json();
44+
console.error(error_description);
45+
process.exit(1);
46+
}
47+
48+
return (await tokenResponse.json()).access_token;
49+
};
50+
51+
/* wrap the access token in authorization header */
52+
const authorization_header = async () => {
53+
54+
/* fails early if fetching the token fails, so no need to check anything */
55+
const access_token = await fetchToken();
56+
return {
57+
"Authorization": `Bearer ${access_token}`,
58+
"Content-Type": "application/json"
59+
};
60+
};
61+
62+
/* --- check and create realm --- */
63+
await (async () => {
64+
const checkRealmResponse = await fetch(realmUrl, {
65+
method: "GET",
66+
headers: await authorization_header()
67+
});
68+
69+
if (checkRealmResponse.ok) {
70+
console.log(`Realm '${realmName}' exists already!`);
71+
} else {
72+
const createRealmResponse = await fetch(`${keycloakBaseUrl}/admin/realms`, {
73+
method: "POST",
74+
headers: await authorization_header(),
75+
body: JSON.stringify({ realm: realmName, enabled: true })
76+
});
77+
78+
if (createRealmResponse.ok) {
79+
console.log(`Realm '${realmName}' created successfully!`);
80+
} else {
81+
const errorMessage = await createRealmResponse.json();
82+
console.error("Failed to create realm:", errorMessage);
83+
process.exit(1);
84+
}
85+
}
86+
})();
87+
88+
/* --- check and create client --- */
89+
await (async () => {
90+
const checkClientResponse = await fetch(`${realmUrl}/clients?clientId=${clientId}`, {
91+
method: "GET",
92+
headers: await authorization_header()
93+
});
94+
95+
const [clientInfo] = await checkClientResponse.json();
96+
97+
if (checkClientResponse.ok && !!clientInfo) {
98+
const { secret } = clientInfo;
99+
console.log(`Client '${clientId}' exists already! - Client secret is - ${secret}`);
100+
} else {
101+
const clientConfig = {
102+
clientId: clientId,
103+
secret: clientSecret,
104+
enabled: true,
105+
publicClient: false,
106+
serviceAccountsEnabled: true,
107+
redirectUris: ['*'],
108+
attributes: {
109+
'post.logout.redirect.uris': '*',
110+
'oauth2.device.authorization.grant.enabled': true,
111+
}
112+
};
113+
114+
const createClientResponse = await fetch(`${realmUrl}/clients`, {
115+
method: "POST",
116+
headers: await authorization_header(),
117+
body: JSON.stringify(clientConfig)
118+
});
119+
120+
if (createClientResponse.ok) {
121+
console.log(`Client '${clientId}' created successfully!`);
122+
} else {
123+
const error_description = await createClientResponse.json();
124+
console.error("Failed to create client:", error_description);
125+
process.exit(1);
126+
}
127+
}
128+
})();
129+
130+
/* --- check and create users --- */
131+
await (async () => {
132+
const createUser = async (newUser) => {
133+
const response = await fetch(`${realmUrl}/users`, {
134+
method: 'POST',
135+
headers: await authorization_header(),
136+
body: JSON.stringify(newUser)
137+
});
138+
139+
if (response.status === 201) {
140+
console.log("User created successfully!");
141+
} else {
142+
const errorText = await response.text();
143+
console.error(`Failed to create user: ${response.status} ${errorText}`);
144+
}
145+
};
146+
147+
await Promise.all(users.map(async (user) => {
148+
await createUser(user);
149+
}));
150+
})();
151+
152+
})();

0 commit comments

Comments
 (0)