Skip to content

Commit

Permalink
feat: using local admin user of keycloak
Browse files Browse the repository at this point in the history
  • Loading branch information
@NithinKuruba
NithinKuruba committed Jan 11, 2024
1 parent fd1425a commit 0956f5e
Show file tree
Hide file tree
Showing 8 changed files with 199 additions and 193 deletions.
27 changes: 18 additions & 9 deletions .github/workflows/terraform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,12 @@ jobs:
KEYCLOAK_V2_DEV_URL=https://dev.sandbox.loginproxy.gov.bc.ca
KEYCLOAK_V2_TEST_URL=https://test.sandbox.loginproxy.gov.bc.ca
KEYCLOAK_V2_PROD_URL=https://sandbox.loginproxy.gov.bc.ca
KEYCLOAK_V2_DEV_CLIENT_SECRET=${{ secrets.DEV_KEYCLOAK_V2_DEV_CLIENT_SECRET }}
KEYCLOAK_V2_TEST_CLIENT_SECRET=${{ secrets.DEV_KEYCLOAK_V2_TEST_CLIENT_SECRET }}
KEYCLOAK_V2_PROD_CLIENT_SECRET=${{ secrets.DEV_KEYCLOAK_V2_PROD_CLIENT_SECRET }}
KEYCLOAK_V2_DEV_USERNAME=${{ secrets.PROD_KEYCLOAK_V2_DEV_USERNAME }}
KEYCLOAK_V2_DEV_PASSWORD=${{ secrets.PROD_KEYCLOAK_V2_DEV_PASSWORD }}
KEYCLOAK_V2_TEST_USERNAME=${{ secrets.PROD_KEYCLOAK_V2_TEST_USERNAME }}
KEYCLOAK_V2_TEST_PASSWORD=${{ secrets.PROD_KEYCLOAK_V2_TEST_PASSWORD }}
KEYCLOAK_V2_PROD_USERNAME=${{ secrets.PROD_KEYCLOAK_V2_PROD_USERNAME }}
KEYCLOAK_V2_PROD_PASSWORD=${{ secrets.PROD_KEYCLOAK_V2_PROD_PASSWORD }}
REALM_REGISTRY_API=${{ secrets.DEV_REALM_REGISTRY_API }}
CHES_TOKEN_ENDPOINT=https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
CHES_API_ENDPOINT=https://ches.api.gov.bc.ca/api/v1/email
Expand Down Expand Up @@ -84,9 +87,12 @@ jobs:
KEYCLOAK_V2_DEV_URL=https://dev.loginproxy.gov.bc.ca
KEYCLOAK_V2_TEST_URL=https://test.loginproxy.gov.bc.ca
KEYCLOAK_V2_PROD_URL=https://loginproxy.gov.bc.ca
KEYCLOAK_V2_DEV_CLIENT_SECRET=${{ secrets.PROD_KEYCLOAK_V2_DEV_CLIENT_SECRET }}
KEYCLOAK_V2_TEST_CLIENT_SECRET=${{ secrets.PROD_KEYCLOAK_V2_TEST_CLIENT_SECRET }}
KEYCLOAK_V2_PROD_CLIENT_SECRET=${{ secrets.PROD_KEYCLOAK_V2_PROD_CLIENT_SECRET }}
KEYCLOAK_V2_DEV_USERNAME=${{ secrets.DEV_KEYCLOAK_V2_DEV_USERNAME }}
KEYCLOAK_V2_DEV_PASSWORD=${{ secrets.DEV_KEYCLOAK_V2_DEV_PASSWORD }}
KEYCLOAK_V2_TEST_USERNAME=${{ secrets.DEV_KEYCLOAK_V2_TEST_USERNAME }}
KEYCLOAK_V2_TEST_PASSWORD=${{ secrets.DEV_KEYCLOAK_V2_TEST_PASSWORD }}
KEYCLOAK_V2_PROD_USERNAME=${{ secrets.DEV_KEYCLOAK_V2_PROD_USERNAME }}
KEYCLOAK_V2_PROD_PASSWORD=${{ secrets.DEV_KEYCLOAK_V2_PROD_PASSWORD }}
REALM_REGISTRY_API=${{ secrets.PROD_REALM_REGISTRY_API }}
CHES_TOKEN_ENDPOINT=https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
CHES_API_ENDPOINT=https://ches.api.gov.bc.ca/api/v1/email
Expand Down Expand Up @@ -199,9 +205,12 @@ jobs:
keycloak_v2_dev_url="${{ env.KEYCLOAK_V2_DEV_URL }}"
keycloak_v2_test_url="${{ env.KEYCLOAK_V2_TEST_URL }}"
keycloak_v2_prod_url="${{ env.KEYCLOAK_V2_PROD_URL }}"
keycloak_v2_dev_client_secret="${{ env.KEYCLOAK_V2_DEV_CLIENT_SECRET }}"
keycloak_v2_test_client_secret="${{ env.KEYCLOAK_V2_TEST_CLIENT_SECRET }}"
keycloak_v2_prod_client_secret="${{ env.KEYCLOAK_V2_PROD_CLIENT_SECRET }}"
keycloak_v2_dev_username="${{ env.KEYCLOAK_V2_DEV_USERNAME }}"
keycloak_v2_test_username="${{ env.KEYCLOAK_V2_TEST_USERNAME }}"
keycloak_v2_prod_username="${{ env.KEYCLOAK_V2_PROD_USERNAME }}"
keycloak_v2_dev_password="${{ env.KEYCLOAK_V2_DEV_PASSWORD }}"
keycloak_v2_test_password="${{ env.KEYCLOAK_V2_TEST_PASSWORD }}"
keycloak_v2_prod_password="${{ env.KEYCLOAK_V2_PROD_PASSWORD }}"
realm_registry_api="${{ env.REALM_REGISTRY_API }}"
ches_username="${{ env.CHES_USERNAME }}"
ches_password="${{ env.CHES_PASSWORD }}"
Expand Down
23 changes: 12 additions & 11 deletions lambda/app/src/keycloak/adminClient.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,21 @@ export const getAdminClient = async (data: { serviceType: string; environment: s
const { environment } = data;

let keycloakUrl;
let keycloakClientId;
let keycloakClientSecret;
let keycloakUsername;
let keycloakPassword;

if (environment === 'dev') {
keycloakUrl = process.env.KEYCLOAK_V2_DEV_URL;
keycloakClientId = process.env.KEYCLOAK_V2_DEV_CLIENT_ID || 'terraform-cli';
keycloakClientSecret = process.env.KEYCLOAK_V2_DEV_CLIENT_SECRET;
keycloakUsername = process.env.KEYCLOAK_V2_DEV_USERNAME;
keycloakPassword = process.env.KEYCLOAK_V2_DEV_PASSWORD;
} else if (environment === 'test') {
keycloakUrl = process.env.KEYCLOAK_V2_TEST_URL;
keycloakClientId = process.env.KEYCLOAK_V2_TEST_CLIENT_ID || 'terraform-cli';
keycloakClientSecret = process.env.KEYCLOAK_V2_TEST_CLIENT_SECRET;
keycloakUsername = process.env.KEYCLOAK_V2_TEST_USERNAME;
keycloakPassword = process.env.KEYCLOAK_V2_TEST_PASSWORD;
} else if (environment === 'prod') {
keycloakUrl = process.env.KEYCLOAK_V2_PROD_URL;
keycloakClientId = process.env.KEYCLOAK_V2_PROD_CLIENT_ID || 'terraform-cli';
keycloakClientSecret = process.env.KEYCLOAK_V2_PROD_CLIENT_SECRET;
keycloakUsername = process.env.KEYCLOAK_V2_PROD_USERNAME;
keycloakPassword = process.env.KEYCLOAK_V2_PROD_PASSWORD;
} else {
throw Error('invalid environment');
}
Expand All @@ -30,9 +30,10 @@ export const getAdminClient = async (data: { serviceType: string; environment: s
});

await kcAdminClient.auth({
grantType: 'client_credentials',
clientId: keycloakClientId,
clientSecret: keycloakClientSecret,
grantType: 'password',
clientId: 'admin-cli',
username: keycloakUsername,
password: keycloakPassword,
});

return { kcAdminClient, authServerUrl };
Expand Down
120 changes: 60 additions & 60 deletions loadtests/lambdas/lambda.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,36 +19,36 @@ resource "aws_lambda_function" "app_test" {

environment {
variables = {
APP_URL = var.app_url
API_URL = "https://${aws_api_gateway_rest_api.sso_backend_test.id}.execute-api.ca-central-1.amazonaws.com/test/app"
APP_ENV = var.app_env
NODE_ENV = "production"
LOCAL_DEV = var.local_dev
DB_HOSTNAME = var.db_hostname
DB_USERNAME = var.db_username
DB_PASSWORD = var.db_password
DB_NAME = var.db_name
SSO_CLIENT_ID = var.sso_client_id
SSO_CONFIGURATION_ENDPOINT = var.sso_configuration_endpoint
KEYCLOAK_V2_DEV_URL = var.keycloak_v2_dev_url
KEYCLOAK_V2_DEV_CLIENT_ID = var.keycloak_v2_dev_client_id
KEYCLOAK_V2_DEV_CLIENT_SECRET = var.keycloak_v2_dev_client_secret
KEYCLOAK_V2_TEST_URL = var.keycloak_v2_test_url
KEYCLOAK_V2_TEST_CLIENT_ID = var.keycloak_v2_test_client_id
KEYCLOAK_V2_TEST_CLIENT_SECRET = var.keycloak_v2_test_client_secret
KEYCLOAK_V2_PROD_URL = var.keycloak_v2_prod_url
KEYCLOAK_V2_PROD_CLIENT_ID = var.keycloak_v2_prod_client_id
KEYCLOAK_V2_PROD_CLIENT_SECRET = var.keycloak_v2_prod_client_secret
REALM_REGISTRY_API = var.realm_registry_api
GH_ACCESS_TOKEN = var.gh_access_token
GH_REPO = var.gh_repo
GH_WORKFLOW_ID = var.gh_workflow_id
GH_BRANCH = var.gh_branch
GH_OWNER = var.gh_owner
CHES_API_ENDPOINT = var.ches_api_endpoint
CHES_TOKEN_ENDPOINT = var.ches_token_endpoint
CHES_PASSWORD = var.ches_password
CHES_USERNAME = var.ches_username
APP_URL = var.app_url
API_URL = "https://${aws_api_gateway_rest_api.sso_backend_test.id}.execute-api.ca-central-1.amazonaws.com/test/app"
APP_ENV = var.app_env
NODE_ENV = "production"
LOCAL_DEV = var.local_dev
DB_HOSTNAME = var.db_hostname
DB_USERNAME = var.db_username
DB_PASSWORD = var.db_password
DB_NAME = var.db_name
SSO_CLIENT_ID = var.sso_client_id
SSO_CONFIGURATION_ENDPOINT = var.sso_configuration_endpoint
KEYCLOAK_V2_DEV_URL = var.keycloak_v2_dev_url
KEYCLOAK_V2_TEST_URL = var.keycloak_v2_test_url
KEYCLOAK_V2_PROD_URL = var.keycloak_v2_prod_url
KEYCLOAK_V2_DEV_USERNAME = var.keycloak_v2_dev_username
KEYCLOAK_V2_DEV_PASSWORD = var.keycloak_v2_dev_password
KEYCLOAK_V2_TEST_USERNAME = var.keycloak_v2_test_username
KEYCLOAK_V2_TEST_PASSWORD = var.keycloak_v2_test_password
KEYCLOAK_V2_PROD_USERNAME = var.keycloak_v2_prod_username
KEYCLOAK_V2_PROD_PASSWORD = var.keycloak_v2_prod_password
REALM_REGISTRY_API = var.realm_registry_api
GH_ACCESS_TOKEN = var.gh_access_token
GH_REPO = var.gh_repo
GH_WORKFLOW_ID = var.gh_workflow_id
GH_BRANCH = var.gh_branch
GH_OWNER = var.gh_owner
CHES_API_ENDPOINT = var.ches_api_endpoint
CHES_TOKEN_ENDPOINT = var.ches_token_endpoint
CHES_PASSWORD = var.ches_password
CHES_USERNAME = var.ches_username
}
}

Expand Down Expand Up @@ -84,36 +84,36 @@ resource "aws_lambda_function" "css_api_test" {

environment {
variables = {
APP_URL = var.app_url
API_URL = "https://${aws_api_gateway_rest_api.sso_backend_test.id}.execute-api.ca-central-1.amazonaws.com/test/api"
APP_ENV = var.app_env
NODE_ENV = "production"
LOCAL_DEV = var.local_dev
DB_HOSTNAME = var.db_hostname
DB_USERNAME = var.db_username
DB_PASSWORD = var.db_password
DB_NAME = var.db_name
SSO_CLIENT_ID = var.sso_client_id
SSO_CONFIGURATION_ENDPOINT = var.sso_configuration_endpoint
KEYCLOAK_V2_DEV_URL = var.keycloak_v2_dev_url
KEYCLOAK_V2_DEV_CLIENT_ID = var.keycloak_v2_dev_client_id
KEYCLOAK_V2_DEV_CLIENT_SECRET = var.keycloak_v2_dev_client_secret
KEYCLOAK_V2_TEST_URL = var.keycloak_v2_test_url
KEYCLOAK_V2_TEST_CLIENT_ID = var.keycloak_v2_test_client_id
KEYCLOAK_V2_TEST_CLIENT_SECRET = var.keycloak_v2_test_client_secret
KEYCLOAK_V2_PROD_URL = var.keycloak_v2_prod_url
KEYCLOAK_V2_PROD_CLIENT_ID = var.keycloak_v2_prod_client_id
KEYCLOAK_V2_PROD_CLIENT_SECRET = var.keycloak_v2_prod_client_secret
REALM_REGISTRY_API = var.realm_registry_api
GH_ACCESS_TOKEN = var.gh_access_token
GH_REPO = var.gh_repo
GH_WORKFLOW_ID = var.gh_workflow_id
GH_BRANCH = var.gh_branch
GH_OWNER = var.gh_owner
CHES_API_ENDPOINT = var.ches_api_endpoint
CHES_TOKEN_ENDPOINT = var.ches_token_endpoint
CHES_PASSWORD = var.ches_password
CHES_USERNAME = var.ches_username
APP_URL = var.app_url
API_URL = "https://${aws_api_gateway_rest_api.sso_backend_test.id}.execute-api.ca-central-1.amazonaws.com/test/api"
APP_ENV = var.app_env
NODE_ENV = "production"
LOCAL_DEV = var.local_dev
DB_HOSTNAME = var.db_hostname
DB_USERNAME = var.db_username
DB_PASSWORD = var.db_password
DB_NAME = var.db_name
SSO_CLIENT_ID = var.sso_client_id
SSO_CONFIGURATION_ENDPOINT = var.sso_configuration_endpoint
KEYCLOAK_V2_DEV_URL = var.keycloak_v2_dev_url
KEYCLOAK_V2_TEST_URL = var.keycloak_v2_test_url
KEYCLOAK_V2_PROD_URL = var.keycloak_v2_prod_url
KEYCLOAK_V2_DEV_USERNAME = var.keycloak_v2_dev_username
KEYCLOAK_V2_DEV_PASSWORD = var.keycloak_v2_dev_password
KEYCLOAK_V2_TEST_USERNAME = var.keycloak_v2_test_username
KEYCLOAK_V2_TEST_PASSWORD = var.keycloak_v2_test_password
KEYCLOAK_V2_PROD_USERNAME = var.keycloak_v2_prod_username
KEYCLOAK_V2_PROD_PASSWORD = var.keycloak_v2_prod_password
REALM_REGISTRY_API = var.realm_registry_api
GH_ACCESS_TOKEN = var.gh_access_token
GH_REPO = var.gh_repo
GH_WORKFLOW_ID = var.gh_workflow_id
GH_BRANCH = var.gh_branch
GH_OWNER = var.gh_owner
CHES_API_ENDPOINT = var.ches_api_endpoint
CHES_TOKEN_ENDPOINT = var.ches_token_endpoint
CHES_PASSWORD = var.ches_password
CHES_USERNAME = var.ches_username
}
}

Expand Down
35 changes: 15 additions & 20 deletions loadtests/lambdas/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,43 +162,38 @@ variable "keycloak_v2_prod_url" {
default = ""
}

variable "keycloak_v2_dev_client_id" {
variable "keycloak_v2_dev_username" {
type = string
description = "Keycloak v2 service account client id in customer dev environment"
default = "terraform-cli"
description = "The username of the user used by the provider for authentication via the password grant"
default = ""
}

variable "keycloak_v2_test_client_id" {
variable "keycloak_v2_dev_password" {
type = string
description = "Keycloak v2 service account client id in customer test environment"
default = "terraform-cli"
description = "The password of the user used by the provider for authentication via the password grant"
default = ""
}

variable "keycloak_v2_prod_client_id" {
variable "keycloak_v2_test_username" {
type = string
description = "Keycloak v2 service account client id in customer prod environment"
default = "terraform-cli"
description = "The username of the user used by the provider for authentication via the password grant"
default = ""
}

variable "keycloak_v2_dev_client_secret" {
variable "keycloak_v2_test_password" {
type = string
description = "Keycloak v2 service account client secret in customer dev environment"
description = "The password of the user used by the provider for authentication via the password grant"
default = ""
sensitive = true
}

variable "keycloak_v2_test_client_secret" {
variable "keycloak_v2_prod_username" {
type = string
description = "Keycloak v2 service account client secret in customer test environment"
description = "The username of the user used by the provider for authentication via the password grant"
default = ""
sensitive = true
}

variable "keycloak_v2_prod_client_secret" {
variable "keycloak_v2_prod_password" {
type = string
description = "Keycloak v2 service account client secret in customer prod environment"
description = "The password of the user used by the provider for authentication via the password grant"
default = ""
sensitive = true
}

variable "realm_registry_api" {
Expand Down
60 changes: 30 additions & 30 deletions terraform/lambda-app.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,36 +19,36 @@ resource "aws_lambda_function" "app" {

environment {
variables = {
APP_URL = var.app_url
API_URL = var.api_url
API_AUTH_SECRET = var.api_auth_secret
APP_ENV = var.app_env
NODE_ENV = "production"
LOCAL_DEV = var.local_dev
DB_HOSTNAME = module.db.this_rds_cluster_endpoint
DB_USERNAME = var.db_username
DB_PASSWORD = random_password.db_password.result
DB_NAME = var.db_name
SSO_CLIENT_ID = var.sso_client_id
SSO_CONFIGURATION_ENDPOINT = var.sso_configuration_endpoint
KEYCLOAK_V2_DEV_URL = var.keycloak_v2_dev_url
KEYCLOAK_V2_DEV_CLIENT_ID = var.keycloak_v2_dev_client_id
KEYCLOAK_V2_DEV_CLIENT_SECRET = var.keycloak_v2_dev_client_secret
KEYCLOAK_V2_TEST_URL = var.keycloak_v2_test_url
KEYCLOAK_V2_TEST_CLIENT_ID = var.keycloak_v2_test_client_id
KEYCLOAK_V2_TEST_CLIENT_SECRET = var.keycloak_v2_test_client_secret
KEYCLOAK_V2_PROD_URL = var.keycloak_v2_prod_url
KEYCLOAK_V2_PROD_CLIENT_ID = var.keycloak_v2_prod_client_id
KEYCLOAK_V2_PROD_CLIENT_SECRET = var.keycloak_v2_prod_client_secret
REALM_REGISTRY_API = var.realm_registry_api
GH_ACCESS_TOKEN = var.gh_access_token
CHES_API_ENDPOINT = var.ches_api_endpoint
CHES_TOKEN_ENDPOINT = var.ches_token_endpoint
CHES_PASSWORD = var.ches_password
CHES_USERNAME = var.ches_username
INCLUDE_DIGITAL_CREDENTIAL = var.include_digital_credential
GRAFANA_API_TOKEN = var.grafana_api_token
GRAFANA_API_URL = var.grafana_api_url
APP_URL = var.app_url
API_URL = var.api_url
API_AUTH_SECRET = var.api_auth_secret
APP_ENV = var.app_env
NODE_ENV = "production"
LOCAL_DEV = var.local_dev
DB_HOSTNAME = module.db.this_rds_cluster_endpoint
DB_USERNAME = var.db_username
DB_PASSWORD = random_password.db_password.result
DB_NAME = var.db_name
SSO_CLIENT_ID = var.sso_client_id
SSO_CONFIGURATION_ENDPOINT = var.sso_configuration_endpoint
KEYCLOAK_V2_DEV_URL = var.keycloak_v2_dev_url
KEYCLOAK_V2_TEST_URL = var.keycloak_v2_test_url
KEYCLOAK_V2_PROD_URL = var.keycloak_v2_prod_url
KEYCLOAK_V2_DEV_USERNAME = var.keycloak_v2_dev_username
KEYCLOAK_V2_DEV_PASSWORD = var.keycloak_v2_dev_password
KEYCLOAK_V2_TEST_USERNAME = var.keycloak_v2_test_username
KEYCLOAK_V2_TEST_PASSWORD = var.keycloak_v2_test_password
KEYCLOAK_V2_PROD_USERNAME = var.keycloak_v2_prod_username
KEYCLOAK_V2_PROD_PASSWORD = var.keycloak_v2_prod_password
REALM_REGISTRY_API = var.realm_registry_api
GH_ACCESS_TOKEN = var.gh_access_token
CHES_API_ENDPOINT = var.ches_api_endpoint
CHES_TOKEN_ENDPOINT = var.ches_token_endpoint
CHES_PASSWORD = var.ches_password
CHES_USERNAME = var.ches_username
INCLUDE_DIGITAL_CREDENTIAL = var.include_digital_credential
GRAFANA_API_TOKEN = var.grafana_api_token
GRAFANA_API_URL = var.grafana_api_url
}
}

Expand Down
Loading

0 comments on commit 0956f5e

Please sign in to comment.