Skip to content

ProRocketeers/keycloak-snipeit-sync

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
pkg
pkg
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README
README
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Keycloak SnipeIT user sync script.
This script copies new users from Keycloak to SnipeIT, updates SnipeIT users with changes from Keycloak ,deletes users from SnipeIT if they no longer exist in Keycloak and reports SnipeIT users that have no Employee number set.
Binding of the users is based on Keycloak id = SnipeIT Employee number. This way uniqueness is guaranteed and in case of a change of a name/email the data is not discarded.

If you don't have Employee number set up, you can use the script in employee-number-import. That script inserts Keycloak ID as employee number based on user names in KC and SnipeIT.

Please set up configuration envs. The script reads ./.env file and system envs.

Keycloak Client id to use, need Client authentication, Standard flow, Direct access grants.
KC_CLIENTID="clientid"
#Keycloak Client id to use, need Client authentication, Standard flow, Direct access grants
KC_CLIENTSECRET="clientSecret"
#Keycloak client secret of the client
KC_DOMAIN="@domain.com"
#String to be cutout from the username from Keycloak in case the username is an email
KC_PASSWORD="password"
#Password of the keycloak user
KC_REALM="realm"
#Keycloak realm to import users from
KC_URL="https://kc.domain.com"
#Keycloak url without the trailing slash "/"
KC_USER="user@domain.com"
#Keycloak User with permissions to query users in the realm
KC_USER_BLACKLIST=dev-1,dev-\\d,dev*
#List of regex expressions to ignore during the import. Note that the expressions are separated by comma ",", using comma in the regex expression may lead to errors. This regex is used to prevent KC users from being imported to Snipeit.


Number of users to query from Keycloak and from SnipeIT, Defaults to 200.
MAX_USERS=200

SLACK_WEBHOOKURL="https://hooks.slack.com/services/webhook/webhook/webhook"
#Slack webhook that allows to write messages

SNIPEIT_URL="https://snipeit.domain.com"
#SnipeIT URL without trailing slash "/"
SNIPEIT_TOKEN="token"
#Token of and admin user who can create and modify users

SNIPEIT_USER_BLACKLIST
#List of regex expressions to ignore during the import. Note that the expressions are separated by comma ",", using comma in the regex expression may lead to errors. This regex is used to prevent Snipeit users from being reported as incorrectly set up.

In order to update the docker image in harbor, manual build and push is required.

Run these commands with changed versions to push new image to Harbor. Password for Harbor is CLI secret found in the profile.

docker login https://harbor.intra.prorocketeers.com

docker build -t keycloak-snipeit-sync:{VERSION} .

docker tag keycloak-snipeit-sync:{VERSION} harbor.intra.prorocketeers.com/prorocketeers/keycloak-snipeit-sync:{VERSION}

docker push harbor.intra.prorocketeers.com/prorocketeers/keycloak-snipeit-sync:{VERSION}




Functions for debugging http request and responses 
//Debug print to watch request
reqDump, err := httputil.DumpRequestOut(req,true)
if err != nil {
	log.Fatal(err)
}
fmt.Print("REQUEST: \n%s",string(reqDump))

//Debug print for response body
fmt.Println(string(body))


// Debugging print for access_token
println(tokenMessage["access_token"].(string))

About

Tool for automatic syncing of Keycloak users to Snipe-IT instance

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages