summaryrefslogtreecommitdiff
path: root/devstack/tools/oidc/setup_keycloak_client.py
diff options
context:
space:
mode:
Diffstat (limited to 'devstack/tools/oidc/setup_keycloak_client.py')
-rw-r--r--devstack/tools/oidc/setup_keycloak_client.py61
1 files changed, 61 insertions, 0 deletions
diff --git a/devstack/tools/oidc/setup_keycloak_client.py b/devstack/tools/oidc/setup_keycloak_client.py
new file mode 100644
index 000000000..15fa37b41
--- /dev/null
+++ b/devstack/tools/oidc/setup_keycloak_client.py
@@ -0,0 +1,61 @@
+import os
+import requests
+
+KEYCLOAK_USERNAME = os.environ.get('KEYCLOAK_USERNAME')
+KEYCLOAK_PASSWORD = os.environ.get('KEYCLOAK_PASSWORD')
+KEYCLOAK_URL = os.environ.get('KEYCLOAK_URL')
+HOST_IP = os.environ.get('HOST_IP', 'localhost')
+
+class KeycloakClient(object):
+ def __init__(self):
+ self.session = requests.session()
+
+ @staticmethod
+ def construct_url(realm, path):
+ return f'{KEYCLOAK_URL}/admin/realms/{realm}/{path}'
+
+ @staticmethod
+ def token_endpoint(realm):
+ return f'{KEYCLOAK_URL}/realms/{realm}/protocol/openid-connect/token'
+
+ def _admin_auth(self, realm):
+ params = {
+ 'grant_type': 'password',
+ 'client_id': 'admin-cli',
+ 'username': KEYCLOAK_USERNAME,
+ 'password': KEYCLOAK_PASSWORD,
+ 'scope': 'openid',
+ }
+ r = requests.post(self.token_endpoint(realm), data=params).json()
+ headers = {
+ 'Authorization': ("Bearer %s" % r['access_token']),
+ 'Content-Type': 'application/json'
+ }
+ self.session.headers.update(headers)
+ return r
+
+ def create_client(self, realm, client_id, client_secret, redirect_uris):
+ self._admin_auth(realm)
+ data = {
+ 'clientId': client_id,
+ 'secret': client_secret,
+ 'redirectUris': redirect_uris,
+ 'implicitFlowEnabled': True,
+ 'directAccessGrantsEnabled': True,
+ }
+ return self.session.post(self.construct_url(realm, 'clients'), json=data)
+
+
+def main():
+ c = KeycloakClient()
+
+ redirect_uris = [
+ f'http://{HOST_IP}/identity/v3/auth/OS-FEDERATION/identity_providers/sso/protocols/openid/websso',
+ f'http://{HOST_IP}/identity/v3/auth/OS-FEDERATION/websso/openid'
+ ]
+
+ c.create_client('master', 'devstack', 'nomoresecret', redirect_uris)
+
+
+if __name__ == "__main__":
+ main()
View Lorry Controller Status