From 1ae7652fbb3b69f0943161573cdb01de99712560 Mon Sep 17 00:00:00 2001 From: darta Date: Sat, 29 May 2021 14:23:20 +0000 Subject: [PATCH] added adminer --- admin/src/tests/keycloak_client.py | 102 ------------------------- admin/src/tests/keycloak_client_exc.py | 5 -- admin/src/tests/test_lib.py | 34 --------- docker-compose-parts/adminer.yml | 9 +++ docker/haproxy/haproxy.conf | 14 ++++ 5 files changed, 23 insertions(+), 141 deletions(-) delete mode 100644 admin/src/tests/keycloak_client.py delete mode 100644 admin/src/tests/keycloak_client_exc.py delete mode 100644 admin/src/tests/test_lib.py create mode 100644 docker-compose-parts/adminer.yml diff --git a/admin/src/tests/keycloak_client.py b/admin/src/tests/keycloak_client.py deleted file mode 100644 index 9a1912e..0000000 --- a/admin/src/tests/keycloak_client.py +++ /dev/null @@ -1,102 +0,0 @@ -import os,time,requests,json,getpass,pprint -import traceback - -from keycloak_client_exc import * - -class ApiClient(): - def __init__(self,realm='master'): - ##server=os.environ['KEYCLOAK_HOST'] - server='isard-sso-keycloak' - self.base_url="http://"+server+":8080/auth/realms/"+realm - self.headers={"Content-Type": "application/x-www-form-urlencoded"} - self.payload={'username':'admin', - 'password':'keycloakkeycloak', - 'grant_type':'password', - 'client_id':'admin-cli'} - self.token=self.get_token() - self.admin_url="http://"+server+":8080/auth/admin/realms/"+realm - # /admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}" - self.admin_headers={"Accept": "application/json", - "Authorization": "Bearer "+self.token} - - def get_token(self): - path="/protocol/openid-connect/token" - resp = requests.post(self.base_url+path, data=self.payload, headers=self.headers) - if resp.status_code == 200: return json.loads(resp.text)['access_token'] - print(" URL: "+self.base_url+path) - print("STATUS CODE: "+str(resp.status_code)) - print(" RESPONSE: "+resp.text) - exit(1) - - def get(self,path,status_code=200,data={},params={}): - resp = requests.get(self.admin_url+path, data=data, params=params, headers=self.admin_headers) - if resp.status_code == status_code: return json.loads(resp.text) - print(" URL: "+self.admin_url+path) - print("STATUS CODE: "+str(resp.status_code)) - print(" RESPONSE: "+resp.text) - raise - - def post(self,path,status_code=200,data={},params={},json={}): - resp = requests.post(self.admin_url+path, data=data, params=params, json=json, headers=self.admin_headers) - #if resp.status_code == status_code: return True - print(" URL: "+self.admin_url+path) - print("STATUS CODE: "+str(resp.status_code)) - print(" RESPONSE: "+resp.text) - if resp.status_code == 409: raise keycloakUsernameEmailExists - raise keycloakError - -class KeycloakClient(): - def __init__(self,realm='master'): - ## REFERENCE: https://www.keycloak.org/docs-api/13.0/rest-api/index.html - self.api=ApiClient() - - def get_users(self,username=False,exact=True): - path='/users' - if not username: return self.api.get(path) - return self.api.get(path,params={"username":username,'exact':exact}) - - def add_user(self,username,first,last,email,password): - user={"firstName":first, - "lastName":last, - "email":last, - "enabled":"true", - "username":username, - "credentials":[{"type":"password", - "value":password, - "temporary":False}]} - try: - self.api.post('/users',status_code=201,json=user) - return True - except keycloakExists: - print('Username or email already exists') - except: - traceback.format_exc() - return False - - def get_groups(self,name=False): - path='/groups' - if not name: return self.api.get(path) - return self.api.get(path,params={"name":name}) - - def add_group(self,name,subgroups=False): - group={"name":name} - try: - self.api.post('/groups',status_code=201,json=group) - return True - except keycloakExists: - print('Group name already exists') - except: - traceback.format_exc() - return False - -kapi=KeycloakClient() -# print('GET USERS') -# pprint.pprint(kapi.get_users()) -# print('GET ADMIN USER') -# pprint.pprint(kapi.get_users(username='admin')) -# print('ADD USER') -# print(kapi.add_user('pepito','Pepito','Grillo','info@info.com','añlsdkjf')) -# print('GET GROUPS') -# pprint.pprint(kapi.get_groups()) -print('ADD GROUP') -pprint.pprint(kapi.add_group('pepito')) \ No newline at end of file diff --git a/admin/src/tests/keycloak_client_exc.py b/admin/src/tests/keycloak_client_exc.py deleted file mode 100644 index 21d9b7c..0000000 --- a/admin/src/tests/keycloak_client_exc.py +++ /dev/null @@ -1,5 +0,0 @@ -class keycloakError(Exception): - pass - -class keycloakExists(Exception): - pass diff --git a/admin/src/tests/test_lib.py b/admin/src/tests/test_lib.py deleted file mode 100644 index 57cef0d..0000000 --- a/admin/src/tests/test_lib.py +++ /dev/null @@ -1,34 +0,0 @@ -from keycloak import KeycloakOpenID - -# Configure client -keycloak_openid = KeycloakOpenID(server_url="http://isard-sso-keycloak:8080/auth/", - client_id="admin-cli", - realm_name="master", - client_secret_key="secret") - -# Get WellKnow -config_well_know = keycloak_openid.well_know() - -# Get Token -token = keycloak_openid.token("admin", "keycloakkeycloak") -#token = keycloak_openid.token("user", "password", totp="012345") -print(token) - -from keycloak import KeycloakAdmin - -keycloak_admin = KeycloakAdmin(server_url="http://isard-sso-keycloak:8080/auth/", - username='admin', - password='keycloakkeycloak', - realm_name="master", - verify=True) - -# Add user -new_user = keycloak_admin.create_user({"email": "example@example.com", - "username": "example@example.com", - "enabled": True, - "firstName": "Example", - "lastName": "Example"}) -print(new_user) - -user_id_keycloak = keycloak_admin.get_user_id("admin") -print(user_id_keycloak) \ No newline at end of file diff --git a/docker-compose-parts/adminer.yml b/docker-compose-parts/adminer.yml new file mode 100644 index 0000000..d4d5368 --- /dev/null +++ b/docker-compose-parts/adminer.yml @@ -0,0 +1,9 @@ +--- +version: '3.7' +services: + isard-sso-adminer: + image: adminer + container_name: isard-sso-adminer + restart: always + networks: + isard_net: {} diff --git a/docker/haproxy/haproxy.conf b/docker/haproxy/haproxy.conf index 7d8c210..f18862d 100644 --- a/docker/haproxy/haproxy.conf +++ b/docker/haproxy/haproxy.conf @@ -51,6 +51,7 @@ frontend website use_backend be_oof if is_oof use_backend be_wp if is_wp use_backend be_etherpad if is_pad + use_backend be_adminer if is_sso { path_beg /isard-sso-adminer } use_backend be_admin if is_sso { path_beg /isard-sso-admin } use_backend be_sso if is_sso use_backend be_ipa if is_ipa @@ -95,6 +96,19 @@ backend be_admin http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto server isard-sso-admin isard-sso-admin:9000 check port 9000 inter 5s rise 2 fall 10 resolvers mydns init-addr none +backend be_adminer + mode http + acl authorized http_auth(AuthUsers) + http-request auth realm AuthUsers unless authorized + http-request redirect scheme http drop-query append-slash if { path -m str /isard-sso-adminer } + http-request replace-path /isard-sso-adminer/(.*) /\1 + http-request del-header Authorization + acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found + acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found + http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host + http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto + server isard-sso-adminer isard-sso-adminer:8080 check port 8080 inter 5s rise 2 fall 10 resolvers mydns init-addr none + ## APPS backend be_moodle mode http