bcgov · arcshiftsolutions · Sep 15, 2021 · Sep 15, 2021
diff --git a/scripts/.env.example b/scripts/.env.example
@@ -0,0 +1,5 @@
+KEYCLOAK_CLIENT_ID=
+KEYCLOAK_CLIENT_SECRET=
+KEYCLOAK_URL=
+KEYCLOAK_USERNAME=
+KEYCLOAK_PASSWORD=
diff --git a/scripts/.gitignore b/scripts/.gitignore
@@ -0,0 +1,3 @@
+node_modules
+yarn-error.log
+.env
diff --git a/scripts/README.md b/scripts/README.md
@@ -0,0 +1 @@
+# Scripts
diff --git a/scripts/keycloak-active-sessions.js b/scripts/keycloak-active-sessions.js
@@ -0,0 +1,52 @@
+const _ = require('lodash');
+const axios = require('axios');
+const dotenv = require('dotenv');
+const KcAdminClient = require('keycloak-admin').default;
+
+dotenv.config();
+
+const KEYCLOAK_URL = 'https://oidc.gov.bc.ca';
+const KEYCLOAK_CLIENT_ID = process.env.KEYCLOAK_CLIENT_ID || 'admin-cli';
+const KEYCLOAK_CLIENT_SECRET = process.env.KEYCLOAK_CLIENT_SECRET;
+const KEYCLOAK_USERNAME = process.env.KEYCLOAK_USERNAME;
+const KEYCLOAK_PASSWORD = process.env.KEYCLOAK_PASSWORD;
+
+const kcAdminClient = new KcAdminClient({
+  baseUrl: `${KEYCLOAK_URL}/auth`,
+  realmName: 'master',
+});
+
+async function main() {
+  try {
+    await kcAdminClient.auth({
+      grantType: KEYCLOAK_CLIENT_SECRET ? 'client_credentials' : 'password',
+      clientId: KEYCLOAK_CLIENT_ID,
+      clientSecret: KEYCLOAK_CLIENT_SECRET,
+      username: KEYCLOAK_USERNAME,
+      password: KEYCLOAK_PASSWORD,
+      totp: '<TOTP>',
+    });
+
+    const realms = await kcAdminClient.realms.find({});
+    let realmsData = await Promise.all(
+      realms.map(async (realm) => {
+        const sessions = await kcAdminClient.sessions.find({
+          realm: realm.realm,
+        });
+        const totalActive = _.sum(_.map(sessions, 'active').map(Number));
+
+        return { realm, totalActive };
+      })
+    );
+
+    realmsData = _.orderBy(realmsData, ['totalActive'], ['desc']);
+    realmsData.forEach(({ realm, totalActive }) => {
+      console.log(`${realm.realm} (${realm.displayName})`);
+      console.log(totalActive);
+    });
+  } catch (err) {
+    console.log(err);
+  }
+}
+
+main();
diff --git a/scripts/keycloak-count-users.js b/scripts/keycloak-count-users.js
@@ -0,0 +1,44 @@
+const _ = require('lodash');
+const axios = require('axios');
+const dotenv = require('dotenv');
+const KcAdminClient = require('keycloak-admin').default;
+
+dotenv.config();
+
+const KEYCLOAK_URL = 'https://oidc.gov.bc.ca';
+const KEYCLOAK_CLIENT_ID = process.env.KEYCLOAK_CLIENT_ID || 'admin-cli';
+const KEYCLOAK_CLIENT_SECRET = process.env.KEYCLOAK_CLIENT_SECRET;
+const KEYCLOAK_USERNAME = process.env.KEYCLOAK_USERNAME;
+const KEYCLOAK_PASSWORD = process.env.KEYCLOAK_PASSWORD;
+
+const kcAdminClient = new KcAdminClient({
+  baseUrl: `${KEYCLOAK_URL}/auth`,
+  realmName: 'master',
+});
+
+async function main() {
+  try {
+    await kcAdminClient.auth({
+      grantType: KEYCLOAK_CLIENT_SECRET ? 'client_credentials' : 'password',
+      clientId: KEYCLOAK_CLIENT_ID,
+      clientSecret: KEYCLOAK_CLIENT_SECRET,
+      username: KEYCLOAK_USERNAME,
+      password: KEYCLOAK_PASSWORD,
+      totp: '<TOTP>',
+    });
+
+    const realms = await kcAdminClient.realms.find({});
+    const realmsData = await Promise.all(
+      realms.map(async (realm) => {
+        const count = await kcAdminClient.users.count({ realm: realm.realm });
+        return { realm: realm.realm, displayName: realm.displayName, count };
+      })
+    );
+
+    console.log(_.orderBy(realmsData, ['count'], ['desc']));
+  } catch (err) {
+    console.log(err);
+  }
+}
+
+main();
diff --git a/scripts/keycloak-update-config-events.js b/scripts/keycloak-update-config-events.js
@@ -0,0 +1,153 @@
+const _ = require('lodash');
+const axios = require('axios');
+const dotenv = require('dotenv');
+const KcAdminClient = require('keycloak-admin').default;
+
+dotenv.config();
+
+const KEYCLOAK_URL = 'https://dev.oidc.gov.bc.ca';
+const KEYCLOAK_CLIENT_ID = process.env.KEYCLOAK_CLIENT_ID || 'admin-cli';
+const KEYCLOAK_CLIENT_SECRET = process.env.KEYCLOAK_CLIENT_SECRET;
+const KEYCLOAK_USERNAME = process.env.KEYCLOAK_USERNAME;
+const KEYCLOAK_PASSWORD = process.env.KEYCLOAK_PASSWORD;
+
+const kcAdminClient = new KcAdminClient({
+  baseUrl: `${KEYCLOAK_URL}/auth`,
+  realmName: 'master',
+});
+
+// see https://github.com/keycloak/keycloak/blob/master/server-spi-private/src/main/java/org/keycloak/events/EventType.java#L23
+const defaultEvents = [
+  'LOGIN',
+  'LOGIN_ERROR',
+  'REGISTER',
+  'REGISTER_ERROR',
+  'LOGOUT',
+  'LOGOUT_ERROR',
+  'CODE_TO_TOKEN',
+  'CODE_TO_TOKEN_ERROR',
+  'CLIENT_LOGIN',
+  'CLIENT_LOGIN_ERROR',
+  'FEDERATED_IDENTITY_LINK',
+  'FEDERATED_IDENTITY_LINK_ERROR',
+  'REMOVE_FEDERATED_IDENTITY',
+  'REMOVE_FEDERATED_IDENTITY_ERROR',
+  'UPDATE_EMAIL',
+  'UPDATE_EMAIL_ERROR',
+  'UPDATE_PROFILE',
+  'UPDATE_PROFILE_ERROR',
+  'UPDATE_PASSWORD',
+  'UPDATE_PASSWORD_ERROR',
+  'UPDATE_TOTP',
+  'UPDATE_TOTP_ERROR',
+  'VERIFY_EMAIL',
+  'VERIFY_EMAIL_ERROR',
+  'REMOVE_TOTP',
+  'REMOVE_TOTP_ERROR',
+  'GRANT_CONSENT',
+  'GRANT_CONSENT_ERROR',
+  'UPDATE_CONSENT',
+  'UPDATE_CONSENT_ERROR',
+  'REVOKE_GRANT',
+  'REVOKE_GRANT_ERROR',
+  'SEND_VERIFY_EMAIL',
+  'SEND_VERIFY_EMAIL_ERROR',
+  'SEND_RESET_PASSWORD',
+  'SEND_RESET_PASSWORD_ERROR',
+  'SEND_IDENTITY_PROVIDER_LINK',
+  'SEND_IDENTITY_PROVIDER_LINK_ERROR',
+  'RESET_PASSWORD',
+  'RESET_PASSWORD_ERROR',
+  'RESTART_AUTHENTICATION',
+  'RESTART_AUTHENTICATION_ERROR',
+  'IDENTITY_PROVIDER_LINK_ACCOUNT',
+  'IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR',
+  'IDENTITY_PROVIDER_FIRST_LOGIN',
+  'IDENTITY_PROVIDER_FIRST_LOGIN_ERROR',
+  'IDENTITY_PROVIDER_POST_LOGIN',
+  'IDENTITY_PROVIDER_POST_LOGIN_ERROR',
+  'IMPERSONATE',
+  'IMPERSONATE_ERROR',
+  'CUSTOM_REQUIRED_ACTION',
+  'CUSTOM_REQUIRED_ACTION_ERROR',
+  'EXECUTE_ACTIONS',
+  'EXECUTE_ACTIONS_ERROR',
+  'EXECUTE_ACTION_TOKEN',
+  'EXECUTE_ACTION_TOKEN_ERROR',
+  'CLIENT_REGISTER',
+  'CLIENT_REGISTER_ERROR',
+  'CLIENT_UPDATE',
+  'CLIENT_UPDATE_ERROR',
+  'CLIENT_DELETE',
+  'CLIENT_DELETE_ERROR',
+  'CLIENT_INITIATED_ACCOUNT_LINKING',
+  'CLIENT_INITIATED_ACCOUNT_LINKING_ERROR',
+  'TOKEN_EXCHANGE',
+  'TOKEN_EXCHANGE_ERROR',
+  'OAUTH2_DEVICE_AUTH',
+  'OAUTH2_DEVICE_AUTH_ERROR',
+  'OAUTH2_DEVICE_VERIFY_USER_CODE',
+  'OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR',
+  'OAUTH2_DEVICE_CODE_TO_TOKEN',
+  'OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR',
+  'AUTHREQID_TO_TOKEN',
+  'AUTHREQID_TO_TOKEN_ERROR',
+  'PERMISSION_TOKEN',
+  'DELETE_ACCOUNT',
+  'DELETE_ACCOUNT_ERROR',
+];
+
+const otherEvents = [
+  'REFRESH_TOKEN',
+  'REFRESH_TOKEN_ERROR',
+  'INTROSPECT_TOKEN',
+  'INTROSPECT_TOKEN_ERROR',
+  'INVALID_SIGNATURE',
+  'INVALID_SIGNATURE_ERROR',
+  'REGISTER_NODE',
+  'REGISTER_NODE_ERROR',
+  'UNREGISTER_NODE',
+  'UNREGISTER_NODE_ERROR',
+  'USER_INFO_REQUEST',
+  'USER_INFO_REQUEST_ERROR',
+  'IDENTITY_PROVIDER_LOGIN',
+  'IDENTITY_PROVIDER_LOGIN_ERROR',
+  'IDENTITY_PROVIDER_RESPONSE',
+  'IDENTITY_PROVIDER_RESPONSE_ERROR',
+  'IDENTITY_PROVIDER_RETRIEVE_TOKEN',
+  'IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR',
+  'CLIENT_INFO',
+  'CLIENT_INFO_ERROR',
+  'PERMISSION_TOKEN_ERROR',
+];
+
+async function main() {
+  try {
+    await kcAdminClient.auth({
+      grantType: KEYCLOAK_CLIENT_SECRET ? 'client_credentials' : 'password',
+      clientId: KEYCLOAK_CLIENT_ID,
+      clientSecret: KEYCLOAK_CLIENT_SECRET,
+      username: KEYCLOAK_USERNAME,
+      password: KEYCLOAK_PASSWORD,
+      totp: '<TOTP>',
+    });
+
+    const realms = await kcAdminClient.realms.find({});
+    await Promise.all(
+      realms.map(async (realm) => {
+        await kcAdminClient.realms.updateConfigEvents(
+          { realm: realm.id },
+          {
+            eventsEnabled: true,
+            eventsExpiration: 86400 * 365, // 365 days
+            enabledEventTypes: defaultEvents.concat(otherEvents),
+          }
+        );
+      })
+    );
+  } catch (err) {
+    console.log(err);
+  }
+}
+
+main();
diff --git a/scripts/package.json b/scripts/package.json
@@ -0,0 +1,14 @@
+{
+  "name": "scripts",
+  "version": "0.1.0",
+  "description": "Javascript scripts for minor updates and aggregations.",
+  "author": "SSO Team",
+  "license": "Apache-2.0",
+  "dependencies": {},
+  "devDependencies": {
+    "axios": "^0.21.4",
+    "dotenv": "^10.0.0",
+    "keycloak-admin": "^1.14.22",
+    "lodash": "^4.17.21"
+  }
+}
diff --git a/scripts/yarn.lock b/scripts/yarn.lock
@@ -0,0 +1,101 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+axios@^0.21.0, axios@^0.21.4:
+  version "0.21.4"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575"
+  integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==
+  dependencies:
+    follow-redirects "^1.14.0"
+
+base64-js@1.3.1:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.1.tgz#58ece8cb75dd07e71ed08c736abc5fac4dbf8df1"
+  integrity sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==
+
+camelize@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/camelize/-/camelize-1.0.0.tgz#164a5483e630fa4321e5af07020e531831b2609b"
+  integrity sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs=
+
+decode-uri-component@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545"
+  integrity sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=
+
+dotenv@^10.0.0:
+  version "10.0.0"
+  resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-10.0.0.tgz#3d4227b8fb95f81096cdd2b66653fb2c7085ba81"
+  integrity sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==
+
+filter-obj@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/filter-obj/-/filter-obj-1.1.0.tgz#9b311112bc6c6127a16e016c6c5d7f19e0805c5b"
+  integrity sha1-mzERErxsYSehbgFsbF1/GeCAXFs=
+
+follow-redirects@^1.14.0:
+  version "1.14.3"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.3.tgz#6ada78118d8d24caee595595accdc0ac6abd022e"
+  integrity sha512-3MkHxknWMUtb23apkgz/83fDoe+y+qr0TdgacGIA7bew+QLBo3vdgEN2xEsuXNivpFy4CyDhBBZnNZOtalmenw==
+
+js-sha256@0.9.0:
+  version "0.9.0"
+  resolved "https://registry.yarnpkg.com/js-sha256/-/js-sha256-0.9.0.tgz#0b89ac166583e91ef9123644bd3c5334ce9d0966"
+  integrity sha512-sga3MHh9sgQN2+pJ9VYZ+1LPwXOxuBJBA5nrR5/ofPfuiJBE2hnjsaN8se8JznOmGLN2p49Pe5U/ttafcs/apA==
+
+keycloak-admin@^1.14.22:
+  version "1.14.22"
+  resolved "https://registry.yarnpkg.com/keycloak-admin/-/keycloak-admin-1.14.22.tgz#dea8c5c662a8e0983128a6676c0d8382a6cbd1a0"
+  integrity sha512-5OHoNKy0w2Z2ek6mZvSpWoJtKW78Tr2fC4VdkOMcj1QmlXqPhZ6Ltl8ar3Wl2JYecS72hMT0Qd4yrILRuDwW2Q==
+  dependencies:
+    axios "^0.21.0"
+    camelize "^1.0.0"
+    keycloak-js "^11.0.3"
+    lodash "^4.17.21"
+    query-string "^6.13.7"
+    url-join "^4.0.0"
+    url-template "^2.0.8"
+
+keycloak-js@^11.0.3:
+  version "11.0.3"
+  resolved "https://registry.yarnpkg.com/keycloak-js/-/keycloak-js-11.0.3.tgz#5f22f22662211e2bfa5327d3d2eb83020a5baa23"
+  integrity sha512-e2OVyCiru25UhJz3aPj5irf//+vJzvAhHdcsCIWAcvF8Te22iUoZqEdNFji8D3zNzDehX4VpuIJwQOYCj6rqTA==
+  dependencies:
+    base64-js "1.3.1"
+    js-sha256 "0.9.0"
+
+lodash@^4.17.21:
+  version "4.17.21"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
+  integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
+
+query-string@^6.13.7:
+  version "6.14.1"
+  resolved "https://registry.yarnpkg.com/query-string/-/query-string-6.14.1.tgz#7ac2dca46da7f309449ba0f86b1fd28255b0c86a"
+  integrity sha512-XDxAeVmpfu1/6IjyT/gXHOl+S0vQ9owggJ30hhWKdHAsNPOcasn5o9BW0eejZqL2e4vMjhAxoW3jVHcD6mbcYw==
+  dependencies:
+    decode-uri-component "^0.2.0"
+    filter-obj "^1.1.0"
+    split-on-first "^1.0.0"
+    strict-uri-encode "^2.0.0"
+
+split-on-first@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/split-on-first/-/split-on-first-1.1.0.tgz#f610afeee3b12bce1d0c30425e76398b78249a5f"
+  integrity sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw==
+
+strict-uri-encode@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546"
+  integrity sha1-ucczDHBChi9rFC3CdLvMWGbONUY=
+
+url-join@^4.0.0:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/url-join/-/url-join-4.0.1.tgz#b642e21a2646808ffa178c4c5fda39844e12cde7"
+  integrity sha512-jk1+QP6ZJqyOiuEI9AEWQfju/nB2Pw466kbA0LEZljHwKeMgd9WrAEgEGxjPDD2+TNbbb37rTyhEfrCXfuKXnA==
+
+url-template@^2.0.8:
+  version "2.0.8"
+  resolved "https://registry.yarnpkg.com/url-template/-/url-template-2.0.8.tgz#fc565a3cccbff7730c775f5641f9555791439f21"
+  integrity sha1-/FZaPMy/93MMd19WQflVV5FDnyE=