This repository has been archived by the owner on Mar 8, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #474 from bcgov/chore/scripts
chore: add node scripts to aggregate data from Keycloak API
- Loading branch information
Showing
8 changed files
with
373 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
KEYCLOAK_CLIENT_ID= | ||
KEYCLOAK_CLIENT_SECRET= | ||
KEYCLOAK_URL= | ||
KEYCLOAK_USERNAME= | ||
KEYCLOAK_PASSWORD= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
node_modules | ||
yarn-error.log | ||
.env |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
# Scripts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
const _ = require('lodash'); | ||
const axios = require('axios'); | ||
const dotenv = require('dotenv'); | ||
const KcAdminClient = require('keycloak-admin').default; | ||
|
||
dotenv.config(); | ||
|
||
const KEYCLOAK_URL = 'https://oidc.gov.bc.ca'; | ||
const KEYCLOAK_CLIENT_ID = process.env.KEYCLOAK_CLIENT_ID || 'admin-cli'; | ||
const KEYCLOAK_CLIENT_SECRET = process.env.KEYCLOAK_CLIENT_SECRET; | ||
const KEYCLOAK_USERNAME = process.env.KEYCLOAK_USERNAME; | ||
const KEYCLOAK_PASSWORD = process.env.KEYCLOAK_PASSWORD; | ||
|
||
const kcAdminClient = new KcAdminClient({ | ||
baseUrl: `${KEYCLOAK_URL}/auth`, | ||
realmName: 'master', | ||
}); | ||
|
||
async function main() { | ||
try { | ||
await kcAdminClient.auth({ | ||
grantType: KEYCLOAK_CLIENT_SECRET ? 'client_credentials' : 'password', | ||
clientId: KEYCLOAK_CLIENT_ID, | ||
clientSecret: KEYCLOAK_CLIENT_SECRET, | ||
username: KEYCLOAK_USERNAME, | ||
password: KEYCLOAK_PASSWORD, | ||
totp: '<TOTP>', | ||
}); | ||
|
||
const realms = await kcAdminClient.realms.find({}); | ||
let realmsData = await Promise.all( | ||
realms.map(async (realm) => { | ||
const sessions = await kcAdminClient.sessions.find({ | ||
realm: realm.realm, | ||
}); | ||
const totalActive = _.sum(_.map(sessions, 'active').map(Number)); | ||
|
||
return { realm, totalActive }; | ||
}) | ||
); | ||
|
||
realmsData = _.orderBy(realmsData, ['totalActive'], ['desc']); | ||
realmsData.forEach(({ realm, totalActive }) => { | ||
console.log(`${realm.realm} (${realm.displayName})`); | ||
console.log(totalActive); | ||
}); | ||
} catch (err) { | ||
console.log(err); | ||
} | ||
} | ||
|
||
main(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
const _ = require('lodash'); | ||
const axios = require('axios'); | ||
const dotenv = require('dotenv'); | ||
const KcAdminClient = require('keycloak-admin').default; | ||
|
||
dotenv.config(); | ||
|
||
const KEYCLOAK_URL = 'https://oidc.gov.bc.ca'; | ||
const KEYCLOAK_CLIENT_ID = process.env.KEYCLOAK_CLIENT_ID || 'admin-cli'; | ||
const KEYCLOAK_CLIENT_SECRET = process.env.KEYCLOAK_CLIENT_SECRET; | ||
const KEYCLOAK_USERNAME = process.env.KEYCLOAK_USERNAME; | ||
const KEYCLOAK_PASSWORD = process.env.KEYCLOAK_PASSWORD; | ||
|
||
const kcAdminClient = new KcAdminClient({ | ||
baseUrl: `${KEYCLOAK_URL}/auth`, | ||
realmName: 'master', | ||
}); | ||
|
||
async function main() { | ||
try { | ||
await kcAdminClient.auth({ | ||
grantType: KEYCLOAK_CLIENT_SECRET ? 'client_credentials' : 'password', | ||
clientId: KEYCLOAK_CLIENT_ID, | ||
clientSecret: KEYCLOAK_CLIENT_SECRET, | ||
username: KEYCLOAK_USERNAME, | ||
password: KEYCLOAK_PASSWORD, | ||
totp: '<TOTP>', | ||
}); | ||
|
||
const realms = await kcAdminClient.realms.find({}); | ||
const realmsData = await Promise.all( | ||
realms.map(async (realm) => { | ||
const count = await kcAdminClient.users.count({ realm: realm.realm }); | ||
return { realm: realm.realm, displayName: realm.displayName, count }; | ||
}) | ||
); | ||
|
||
console.log(_.orderBy(realmsData, ['count'], ['desc'])); | ||
} catch (err) { | ||
console.log(err); | ||
} | ||
} | ||
|
||
main(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,153 @@ | ||
const _ = require('lodash'); | ||
const axios = require('axios'); | ||
const dotenv = require('dotenv'); | ||
const KcAdminClient = require('keycloak-admin').default; | ||
|
||
dotenv.config(); | ||
|
||
const KEYCLOAK_URL = 'https://dev.oidc.gov.bc.ca'; | ||
const KEYCLOAK_CLIENT_ID = process.env.KEYCLOAK_CLIENT_ID || 'admin-cli'; | ||
const KEYCLOAK_CLIENT_SECRET = process.env.KEYCLOAK_CLIENT_SECRET; | ||
const KEYCLOAK_USERNAME = process.env.KEYCLOAK_USERNAME; | ||
const KEYCLOAK_PASSWORD = process.env.KEYCLOAK_PASSWORD; | ||
|
||
const kcAdminClient = new KcAdminClient({ | ||
baseUrl: `${KEYCLOAK_URL}/auth`, | ||
realmName: 'master', | ||
}); | ||
|
||
// see https://github.com/keycloak/keycloak/blob/master/server-spi-private/src/main/java/org/keycloak/events/EventType.java#L23 | ||
const defaultEvents = [ | ||
'LOGIN', | ||
'LOGIN_ERROR', | ||
'REGISTER', | ||
'REGISTER_ERROR', | ||
'LOGOUT', | ||
'LOGOUT_ERROR', | ||
'CODE_TO_TOKEN', | ||
'CODE_TO_TOKEN_ERROR', | ||
'CLIENT_LOGIN', | ||
'CLIENT_LOGIN_ERROR', | ||
'FEDERATED_IDENTITY_LINK', | ||
'FEDERATED_IDENTITY_LINK_ERROR', | ||
'REMOVE_FEDERATED_IDENTITY', | ||
'REMOVE_FEDERATED_IDENTITY_ERROR', | ||
'UPDATE_EMAIL', | ||
'UPDATE_EMAIL_ERROR', | ||
'UPDATE_PROFILE', | ||
'UPDATE_PROFILE_ERROR', | ||
'UPDATE_PASSWORD', | ||
'UPDATE_PASSWORD_ERROR', | ||
'UPDATE_TOTP', | ||
'UPDATE_TOTP_ERROR', | ||
'VERIFY_EMAIL', | ||
'VERIFY_EMAIL_ERROR', | ||
'REMOVE_TOTP', | ||
'REMOVE_TOTP_ERROR', | ||
'GRANT_CONSENT', | ||
'GRANT_CONSENT_ERROR', | ||
'UPDATE_CONSENT', | ||
'UPDATE_CONSENT_ERROR', | ||
'REVOKE_GRANT', | ||
'REVOKE_GRANT_ERROR', | ||
'SEND_VERIFY_EMAIL', | ||
'SEND_VERIFY_EMAIL_ERROR', | ||
'SEND_RESET_PASSWORD', | ||
'SEND_RESET_PASSWORD_ERROR', | ||
'SEND_IDENTITY_PROVIDER_LINK', | ||
'SEND_IDENTITY_PROVIDER_LINK_ERROR', | ||
'RESET_PASSWORD', | ||
'RESET_PASSWORD_ERROR', | ||
'RESTART_AUTHENTICATION', | ||
'RESTART_AUTHENTICATION_ERROR', | ||
'IDENTITY_PROVIDER_LINK_ACCOUNT', | ||
'IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR', | ||
'IDENTITY_PROVIDER_FIRST_LOGIN', | ||
'IDENTITY_PROVIDER_FIRST_LOGIN_ERROR', | ||
'IDENTITY_PROVIDER_POST_LOGIN', | ||
'IDENTITY_PROVIDER_POST_LOGIN_ERROR', | ||
'IMPERSONATE', | ||
'IMPERSONATE_ERROR', | ||
'CUSTOM_REQUIRED_ACTION', | ||
'CUSTOM_REQUIRED_ACTION_ERROR', | ||
'EXECUTE_ACTIONS', | ||
'EXECUTE_ACTIONS_ERROR', | ||
'EXECUTE_ACTION_TOKEN', | ||
'EXECUTE_ACTION_TOKEN_ERROR', | ||
'CLIENT_REGISTER', | ||
'CLIENT_REGISTER_ERROR', | ||
'CLIENT_UPDATE', | ||
'CLIENT_UPDATE_ERROR', | ||
'CLIENT_DELETE', | ||
'CLIENT_DELETE_ERROR', | ||
'CLIENT_INITIATED_ACCOUNT_LINKING', | ||
'CLIENT_INITIATED_ACCOUNT_LINKING_ERROR', | ||
'TOKEN_EXCHANGE', | ||
'TOKEN_EXCHANGE_ERROR', | ||
'OAUTH2_DEVICE_AUTH', | ||
'OAUTH2_DEVICE_AUTH_ERROR', | ||
'OAUTH2_DEVICE_VERIFY_USER_CODE', | ||
'OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR', | ||
'OAUTH2_DEVICE_CODE_TO_TOKEN', | ||
'OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR', | ||
'AUTHREQID_TO_TOKEN', | ||
'AUTHREQID_TO_TOKEN_ERROR', | ||
'PERMISSION_TOKEN', | ||
'DELETE_ACCOUNT', | ||
'DELETE_ACCOUNT_ERROR', | ||
]; | ||
|
||
const otherEvents = [ | ||
'REFRESH_TOKEN', | ||
'REFRESH_TOKEN_ERROR', | ||
'INTROSPECT_TOKEN', | ||
'INTROSPECT_TOKEN_ERROR', | ||
'INVALID_SIGNATURE', | ||
'INVALID_SIGNATURE_ERROR', | ||
'REGISTER_NODE', | ||
'REGISTER_NODE_ERROR', | ||
'UNREGISTER_NODE', | ||
'UNREGISTER_NODE_ERROR', | ||
'USER_INFO_REQUEST', | ||
'USER_INFO_REQUEST_ERROR', | ||
'IDENTITY_PROVIDER_LOGIN', | ||
'IDENTITY_PROVIDER_LOGIN_ERROR', | ||
'IDENTITY_PROVIDER_RESPONSE', | ||
'IDENTITY_PROVIDER_RESPONSE_ERROR', | ||
'IDENTITY_PROVIDER_RETRIEVE_TOKEN', | ||
'IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR', | ||
'CLIENT_INFO', | ||
'CLIENT_INFO_ERROR', | ||
'PERMISSION_TOKEN_ERROR', | ||
]; | ||
|
||
async function main() { | ||
try { | ||
await kcAdminClient.auth({ | ||
grantType: KEYCLOAK_CLIENT_SECRET ? 'client_credentials' : 'password', | ||
clientId: KEYCLOAK_CLIENT_ID, | ||
clientSecret: KEYCLOAK_CLIENT_SECRET, | ||
username: KEYCLOAK_USERNAME, | ||
password: KEYCLOAK_PASSWORD, | ||
totp: '<TOTP>', | ||
}); | ||
|
||
const realms = await kcAdminClient.realms.find({}); | ||
await Promise.all( | ||
realms.map(async (realm) => { | ||
await kcAdminClient.realms.updateConfigEvents( | ||
{ realm: realm.id }, | ||
{ | ||
eventsEnabled: true, | ||
eventsExpiration: 86400 * 365, // 365 days | ||
enabledEventTypes: defaultEvents.concat(otherEvents), | ||
} | ||
); | ||
}) | ||
); | ||
} catch (err) { | ||
console.log(err); | ||
} | ||
} | ||
|
||
main(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
{ | ||
"name": "scripts", | ||
"version": "0.1.0", | ||
"description": "Javascript scripts for minor updates and aggregations.", | ||
"author": "SSO Team", | ||
"license": "Apache-2.0", | ||
"dependencies": {}, | ||
"devDependencies": { | ||
"axios": "^0.21.4", | ||
"dotenv": "^10.0.0", | ||
"keycloak-admin": "^1.14.22", | ||
"lodash": "^4.17.21" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. | ||
# yarn lockfile v1 | ||
|
||
|
||
axios@^0.21.0, axios@^0.21.4: | ||
version "0.21.4" | ||
resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575" | ||
integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg== | ||
dependencies: | ||
follow-redirects "^1.14.0" | ||
|
||
base64-js@1.3.1: | ||
version "1.3.1" | ||
resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.1.tgz#58ece8cb75dd07e71ed08c736abc5fac4dbf8df1" | ||
integrity sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g== | ||
|
||
camelize@^1.0.0: | ||
version "1.0.0" | ||
resolved "https://registry.yarnpkg.com/camelize/-/camelize-1.0.0.tgz#164a5483e630fa4321e5af07020e531831b2609b" | ||
integrity sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs= | ||
|
||
decode-uri-component@^0.2.0: | ||
version "0.2.0" | ||
resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545" | ||
integrity sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU= | ||
|
||
dotenv@^10.0.0: | ||
version "10.0.0" | ||
resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-10.0.0.tgz#3d4227b8fb95f81096cdd2b66653fb2c7085ba81" | ||
integrity sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q== | ||
|
||
filter-obj@^1.1.0: | ||
version "1.1.0" | ||
resolved "https://registry.yarnpkg.com/filter-obj/-/filter-obj-1.1.0.tgz#9b311112bc6c6127a16e016c6c5d7f19e0805c5b" | ||
integrity sha1-mzERErxsYSehbgFsbF1/GeCAXFs= | ||
|
||
follow-redirects@^1.14.0: | ||
version "1.14.3" | ||
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.3.tgz#6ada78118d8d24caee595595accdc0ac6abd022e" | ||
integrity sha512-3MkHxknWMUtb23apkgz/83fDoe+y+qr0TdgacGIA7bew+QLBo3vdgEN2xEsuXNivpFy4CyDhBBZnNZOtalmenw== | ||
|
||
js-sha256@0.9.0: | ||
version "0.9.0" | ||
resolved "https://registry.yarnpkg.com/js-sha256/-/js-sha256-0.9.0.tgz#0b89ac166583e91ef9123644bd3c5334ce9d0966" | ||
integrity sha512-sga3MHh9sgQN2+pJ9VYZ+1LPwXOxuBJBA5nrR5/ofPfuiJBE2hnjsaN8se8JznOmGLN2p49Pe5U/ttafcs/apA== | ||
|
||
keycloak-admin@^1.14.22: | ||
version "1.14.22" | ||
resolved "https://registry.yarnpkg.com/keycloak-admin/-/keycloak-admin-1.14.22.tgz#dea8c5c662a8e0983128a6676c0d8382a6cbd1a0" | ||
integrity sha512-5OHoNKy0w2Z2ek6mZvSpWoJtKW78Tr2fC4VdkOMcj1QmlXqPhZ6Ltl8ar3Wl2JYecS72hMT0Qd4yrILRuDwW2Q== | ||
dependencies: | ||
axios "^0.21.0" | ||
camelize "^1.0.0" | ||
keycloak-js "^11.0.3" | ||
lodash "^4.17.21" | ||
query-string "^6.13.7" | ||
url-join "^4.0.0" | ||
url-template "^2.0.8" | ||
|
||
keycloak-js@^11.0.3: | ||
version "11.0.3" | ||
resolved "https://registry.yarnpkg.com/keycloak-js/-/keycloak-js-11.0.3.tgz#5f22f22662211e2bfa5327d3d2eb83020a5baa23" | ||
integrity sha512-e2OVyCiru25UhJz3aPj5irf//+vJzvAhHdcsCIWAcvF8Te22iUoZqEdNFji8D3zNzDehX4VpuIJwQOYCj6rqTA== | ||
dependencies: | ||
base64-js "1.3.1" | ||
js-sha256 "0.9.0" | ||
|
||
lodash@^4.17.21: | ||
version "4.17.21" | ||
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" | ||
integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== | ||
|
||
query-string@^6.13.7: | ||
version "6.14.1" | ||
resolved "https://registry.yarnpkg.com/query-string/-/query-string-6.14.1.tgz#7ac2dca46da7f309449ba0f86b1fd28255b0c86a" | ||
integrity sha512-XDxAeVmpfu1/6IjyT/gXHOl+S0vQ9owggJ30hhWKdHAsNPOcasn5o9BW0eejZqL2e4vMjhAxoW3jVHcD6mbcYw== | ||
dependencies: | ||
decode-uri-component "^0.2.0" | ||
filter-obj "^1.1.0" | ||
split-on-first "^1.0.0" | ||
strict-uri-encode "^2.0.0" | ||
|
||
split-on-first@^1.0.0: | ||
version "1.1.0" | ||
resolved "https://registry.yarnpkg.com/split-on-first/-/split-on-first-1.1.0.tgz#f610afeee3b12bce1d0c30425e76398b78249a5f" | ||
integrity sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw== | ||
|
||
strict-uri-encode@^2.0.0: | ||
version "2.0.0" | ||
resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546" | ||
integrity sha1-ucczDHBChi9rFC3CdLvMWGbONUY= | ||
|
||
url-join@^4.0.0: | ||
version "4.0.1" | ||
resolved "https://registry.yarnpkg.com/url-join/-/url-join-4.0.1.tgz#b642e21a2646808ffa178c4c5fda39844e12cde7" | ||
integrity sha512-jk1+QP6ZJqyOiuEI9AEWQfju/nB2Pw466kbA0LEZljHwKeMgd9WrAEgEGxjPDD2+TNbbb37rTyhEfrCXfuKXnA== | ||
|
||
url-template@^2.0.8: | ||
version "2.0.8" | ||
resolved "https://registry.yarnpkg.com/url-template/-/url-template-2.0.8.tgz#fc565a3cccbff7730c775f5641f9555791439f21" | ||
integrity sha1-/FZaPMy/93MMd19WQflVV5FDnyE= |