Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
19 changed files
with
239 additions
and
139 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,5 +2,6 @@ | |
*~ | ||
\#*\# | ||
.\#* | ||
.idea | ||
lua_install | ||
luacov.stats.out |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,18 @@ | ||
ARG KONG_BASE_TAG | ||
FROM kong${KONG_BASE_TAG} | ||
USER root | ||
|
||
ENV LUA_PATH /usr/local/share/lua/5.1/?.lua;/usr/local/kong-oidc/?.lua;; | ||
# For lua-cjson | ||
ENV LUA_CPATH /usr/local/lib/lua/5.1/?.so;; | ||
|
||
# Install unzip for luarocks, gcc for lua-cjson | ||
RUN yum install -y unzip gcc | ||
RUN yum install -y unzip gcc curl | ||
RUN luarocks install luacov | ||
RUN luarocks install luaunit | ||
RUN luarocks install lua-cjson | ||
|
||
# Change openidc version when version in rockspec changes | ||
RUN luarocks install lua-resty-openidc 1.6.0 | ||
RUN luarocks install lua-resty-openidc 1.7.4-1 | ||
|
||
COPY . /usr/local/kong-oidc | ||
COPY . /usr/local/kong-oidc |
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
import requests | ||
|
||
class KeycloakClient: | ||
def __init__(self, url, realm, username, password): | ||
self._endpoint = url | ||
self._realm = realm | ||
self._session = requests.session() | ||
self._username = username | ||
self._password = password | ||
|
||
def discover(self, config_type = "openid-configuration"): | ||
res = self._session.get("{}/auth/realms/{}/.well-known/{}".format(self._endpoint, self._realm, config_type)) | ||
res.raise_for_status() | ||
return res.json() | ||
|
||
def create_client(self, name, secret): | ||
url = "{}/auth/admin/realms/master/clients".format(self._endpoint) | ||
payload = { | ||
"clientId": name, | ||
"secret": secret, | ||
"redirectUris": ["*"], | ||
} | ||
|
||
headers = self.get_auth_header() | ||
res = self._session.post(url, json=payload, headers=headers) | ||
|
||
if res.status_code not in [201, 409]: | ||
raise Exception("Cannot Keycloak create client") | ||
|
||
def get_auth_header(self): | ||
return { | ||
"Authorization": f'Bearer {self.get_token("admin-cli")}' | ||
} | ||
|
||
def get_token(self, client_id): | ||
url = "{}/auth/realms/{}/protocol/openid-connect/token".format(self._endpoint, self._realm) | ||
|
||
payload = f'client_id={client_id}&grant_type=password' + \ | ||
f'&username={self._username}&password={self._password}' | ||
|
||
headers = { | ||
"Content-Type": "application/x-www-form-urlencoded" | ||
} | ||
|
||
res = self._session.post(url, data=payload, headers=headers) | ||
res.raise_for_status() | ||
|
||
return res.json()["access_token"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
import requests | ||
|
||
class KongClient: | ||
def __init__(self, url): | ||
self._endpoint = url | ||
self._session = requests.session() | ||
|
||
def create_service(self, name, upstream_url): | ||
url = "{}/services".format(self._endpoint) | ||
payload = { | ||
"name": name, | ||
"url": upstream_url, | ||
} | ||
res = self._session.post(url, json=payload) | ||
res.raise_for_status() | ||
return res.json() | ||
|
||
def create_route(self, service_name, paths): | ||
url = "{}/services/{}/routes".format(self._endpoint, service_name) | ||
payload = { | ||
"paths": paths, | ||
} | ||
res = self._session.post(url, json=payload) | ||
res.raise_for_status() | ||
return res.json() | ||
|
||
def create_plugin(self, plugin_name, service_name, config): | ||
url = "{}/services/{}/plugins".format(self._endpoint, service_name) | ||
payload = { | ||
"name": plugin_name, | ||
"config": config, | ||
} | ||
res = self._session.post(url, json=payload) | ||
try: | ||
res.raise_for_status() | ||
except Exception as e: | ||
print(res.text) | ||
raise e | ||
return res.json() | ||
|
||
def delete_service(self, name): | ||
try: | ||
routes = self.get_routes(name) | ||
for route in routes: | ||
self.delete_route(route) | ||
except requests.exceptions.HTTPError: | ||
pass | ||
url = "{}/services/{}".format(self._endpoint, name) | ||
self._session.delete(url).raise_for_status() | ||
|
||
def delete_route(self, route_id): | ||
url = "{}/routes/{}".format(self._endpoint, route_id) | ||
self._session.delete(url).raise_for_status() | ||
|
||
def get_routes(self, service_name): | ||
url = "{}/services/{}/routes".format(self._endpoint, service_name) | ||
res = self._session.get(url) | ||
res.raise_for_status() | ||
return map(lambda x: x['id'], res.json()['data']) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
set $session_storage redis; | ||
set $session_redis_prefix sessions; | ||
set $session_redis_host kong-session-store; | ||
set $session_redis_port 6379; |
Oops, something went wrong.