2024-05-21 19:40:25 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
import base64
|
|
|
|
import json
|
|
|
|
import os
|
|
|
|
import re
|
|
|
|
import sys
|
|
|
|
from typing import Any
|
|
|
|
|
|
|
|
import requests
|
|
|
|
|
|
|
|
|
|
|
|
def get_argv(index: int, default: Any = None) -> Any:
|
|
|
|
try:
|
|
|
|
return sys.argv[index]
|
|
|
|
except IndexError:
|
|
|
|
return default
|
|
|
|
|
|
|
|
|
|
|
|
username = get_argv(1, "admin")
|
|
|
|
password = get_argv(2, "admin")
|
|
|
|
realm_name = get_argv(3, "spiffworkflow")
|
|
|
|
|
|
|
|
OPEN_ID_CODE = ":this_is_not_secure_do_not_use_in_production"
|
|
|
|
|
|
|
|
backend_base_url = os.getenv("BACKEND_BASE_URL", "http://localhost:7000")
|
|
|
|
backend_client_id = os.getenv("BACKEND_CLIENT_ID", "spiffworkflow-backend")
|
|
|
|
backend_client_secret = os.getenv("BACKEND_CLIENT_secret", "JXeQExm0JhQPLumgHtIIqf52bDalHz0q")
|
|
|
|
|
|
|
|
openid_token_url = os.getenv("OPENID_TOKEN_URL")
|
|
|
|
keycloak_base_url = os.getenv("KEYCLOAK_BASE_URL")
|
|
|
|
if openid_token_url is None:
|
|
|
|
if keycloak_base_url is None:
|
|
|
|
if "spiffworkflow.org" in backend_base_url:
|
|
|
|
pattern = r".*api\.(\w+\.spiffworkflow.org).*"
|
|
|
|
match = re.search(pattern, backend_base_url)
|
|
|
|
if match is None:
|
|
|
|
raise Exception("Could not determine openid url based on backend url")
|
|
|
|
env_domain = match.group(1)
|
|
|
|
keycloak_base_url = "https://keycloak.${env_domain}"
|
|
|
|
elif "localhost:7000" in backend_base_url:
|
|
|
|
keycloak_base_url = "http://localhost:7002"
|
|
|
|
openid_token_url = f"{keycloak_base_url}/realms/{realm_name}/protocol/openid-connect/token"
|
|
|
|
|
|
|
|
|
|
|
|
def get_auth_token_object() -> dict:
|
|
|
|
backend_basic_auth_string = f"{backend_client_id}:{backend_client_secret}"
|
|
|
|
backend_basic_auth_bytes = bytes(backend_basic_auth_string, encoding="ascii")
|
|
|
|
backend_basic_auth = base64.b64encode(backend_basic_auth_bytes)
|
|
|
|
headers = {
|
|
|
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
|
|
"Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",
|
|
|
|
}
|
|
|
|
data = {
|
|
|
|
"grant_type": "password",
|
|
|
|
"code": username + OPEN_ID_CODE,
|
|
|
|
"username": username,
|
|
|
|
"password": password,
|
|
|
|
"client_id": backend_client_id,
|
|
|
|
}
|
|
|
|
|
|
|
|
if openid_token_url is None:
|
|
|
|
raise Exception("Please specify the OPENID_TOKEN_URL")
|
|
|
|
|
|
|
|
response = requests.post(openid_token_url, data=data, headers=headers, timeout=15)
|
|
|
|
auth_token_object: dict = json.loads(response.text)
|
|
|
|
return auth_token_object
|
|
|
|
|
|
|
|
|
|
|
|
# ruff: noqa: T201
|
|
|
|
|
|
|
|
for token_identifier, token in get_auth_token_object().items():
|
|
|
|
# if the k is access_token, print just it to stdout
|
|
|
|
print(f"{token_identifier}:", file=sys.stderr)
|
|
|
|
if token_identifier == "access_token": # noqa: S105
|
|
|
|
# print token with no newline
|
|
|
|
print(token, end="")
|
|
|
|
# flush the buffer to stdout
|
|
|
|
sys.stdout.flush()
|
|
|
|
print("\n", file=sys.stderr)
|
|
|
|
else:
|
|
|
|
# print the rest of the key value pairs to stderr
|
|
|
|
print(f"{token}\n", file=sys.stderr)
|