Last active
July 8, 2022 04:08
-
-
Save pdevito3/07a9e4a6becd1363d833e9cf860838de to your computer and use it in GitHub Desktop.
Pulumi Keycloak
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namespace KeyAuth; | |
using Pulumi; | |
using Pulumi.Keycloak; | |
using Pulumi.Keycloak.OpenId; | |
class RealmBuild : Stack | |
{ | |
public RealmBuild() | |
{ | |
var realm = new Realm("auto-realm", new RealmArgs | |
{ | |
RealmName = "AutoRealmOne", | |
}); | |
var scopeName = "recipe_management"; | |
var recipeScope = new ClientScope($"{scopeName}-scope", new ClientScopeArgs() | |
{ | |
Name = scopeName, | |
RealmId = realm.Id | |
}); | |
var recipeSwaggerClient = CreateCodeFlowClient(realm.Id, | |
"recipe_management.swagger", | |
Guid.NewGuid().ToString(), | |
"Recipe Management Swagger", | |
"https://localhost:5375/" | |
); | |
recipeSwaggerClient.AddScope(recipeScope.Name); | |
} | |
public static Client CreateCodeFlowClient(Output<string> realmId, string clientId, string clientSecret, string clientName, string baseUrl) | |
{ | |
return new Client($"{clientName.ToLower()}-swagger", new ClientArgs() | |
{ | |
RealmId = realmId, | |
ClientId = clientId, | |
Name = clientName, | |
StandardFlowEnabled = true, | |
Enabled = true, | |
AccessType = "CONFIDENTIAL", | |
ValidRedirectUris = new InputList<string>() | |
{ | |
new Uri(new Uri(baseUrl), "*").ToString() | |
}, | |
BaseUrl = baseUrl, | |
WebOrigins = new InputList<string>() | |
{ | |
baseUrl | |
}, | |
PkceCodeChallengeMethod = "S256", | |
ClientSecret = clientSecret, | |
BackchannelLogoutSessionRequired = true | |
}); | |
} | |
public static Client CreateClientCredentialsFlowClient(Output<string> realmId, string clientId, string clientSecret, string clientName, string baseUrl) | |
{ | |
return new Client($"{clientName.ToLower()}-swagger", new ClientArgs() | |
{ | |
RealmId = realmId, | |
ClientId = clientId, | |
Name = clientName, | |
StandardFlowEnabled = false, | |
Enabled = true, | |
ServiceAccountsEnabled = true, | |
AccessType = "CONFIDENTIAL", | |
ValidRedirectUris = new InputList<string>() | |
{ | |
new Uri(new Uri(baseUrl), "*").ToString() | |
}, | |
BaseUrl = baseUrl, | |
WebOrigins = new InputList<string>() | |
{ | |
baseUrl | |
}, | |
PkceCodeChallengeMethod = "S256", | |
ClientSecret = clientSecret, | |
BackchannelLogoutSessionRequired = true | |
}); | |
} | |
} | |
public static class ClientExtensions | |
{ | |
public static void AddScope(this Client client, params Output<string>[] scopeName) | |
{ | |
var defaultScopes = new ClientDefaultScopes("default-scopes-for_client", new ClientDefaultScopesArgs() | |
{ | |
RealmId = client.RealmId, | |
ClientId = client.Id, | |
DefaultScopes = | |
{ | |
"profile", | |
"email", | |
"roles", | |
"web-origins", | |
scopeName, | |
}, | |
}); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Project Sdk="Microsoft.NET.Sdk"> | |
<PropertyGroup> | |
<OutputType>Exe</OutputType> | |
<TargetFramework>net6.0</TargetFramework> | |
<Nullable>enable</Nullable> | |
<ImplicitUsings>enable</ImplicitUsings> | |
</PropertyGroup> | |
<ItemGroup> | |
<PackageReference Include="Pulumi" Version="3.*" /> | |
<PackageReference Include="Pulumi.Keycloak" Version="4.10.0" /> | |
</ItemGroup> | |
</Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namespace KeyAuth; | |
using System.Threading.Tasks; | |
using Pulumi; | |
internal static class Program | |
{ | |
static Task<int> Main() => Deployment.RunAsync<RealmBuild>(); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
config: | |
keycloak:url: http://localhost:3385 | |
keycloak:clientId: admin-cli | |
keycloak:username: admin | |
keycloak:password: Panda5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: KeyAuth | |
runtime: dotnet | |
description: Hello Keycloak |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namespace KeyAuth; | |
using Pulumi; | |
using Pulumi.Keycloak; | |
using Pulumi.Keycloak.OpenId; | |
class RealmBuild : Stack | |
{ | |
public RealmBuild() | |
{ | |
var realm = new Realm("auto-realm", new RealmArgs | |
{ | |
RealmName = "AutoRealm", | |
}); | |
var recipeScope = new ClientScope("recipe-management-scope", new ClientScopeArgs() | |
{ | |
Name = "recipe_management", | |
RealmId = realm.Id | |
}); | |
var recipeSwaggerClient = new Client("recipe-management-swagger", new ClientArgs() | |
{ | |
RealmId = realm.Id, | |
ClientId = "recipe_management.swagger", | |
Name = "Recipe Management Swagger", | |
StandardFlowEnabled = true, | |
Enabled = true, | |
AccessType = "CONFIDENTIAL", | |
ValidRedirectUris = new InputList<string>() | |
{ | |
"https://localhost:5375/swagger/oauth2-redirect.html" | |
}, | |
BaseUrl = "https://localhost:5375/", | |
WebOrigins = new InputList<string>() | |
{ | |
"https://localhost:5375/" | |
}, | |
PkceCodeChallengeMethod = "S256", | |
ClientSecret = Guid.NewGuid().ToString(), | |
BackchannelLogoutSessionRequired = true | |
}); | |
var defaultScopes = new ClientDefaultScopes("default-scopes-for_client", new ClientDefaultScopesArgs() | |
{ | |
RealmId = realm.Id, | |
ClientId = recipeSwaggerClient.Id, | |
DefaultScopes = | |
{ | |
"profile", | |
"email", | |
"roles", | |
"web-origins", | |
recipeScope.Name, | |
}, | |
}); | |
// var resourceGroup = new ResourceGroup("resourceGroup"); | |
// | |
// // Create an Azure resource (Storage Account) | |
// var storageAccount = new StorageAccount("sa", new StorageAccountArgs | |
// { | |
// ResourceGroupName = resourceGroup.Name, | |
// Sku = new SkuArgs | |
// { | |
// Name = SkuName.Standard_LRS | |
// }, | |
// Kind = Kind.StorageV2 | |
// }); | |
// | |
// // Export the primary key of the Storage Account | |
// this.PrimaryStorageKey = Output.Tuple(resourceGroup.Name, storageAccount.Name).Apply(names => | |
// Output.CreateSecret(GetStorageAccountPrimaryKey(names.Item1, names.Item2))); | |
} | |
// [Output] | |
// public Output<string> PrimaryStorageKey { get; set; } | |
// | |
// private static async Task<string> GetStorageAccountPrimaryKey(string resourceGroupName, string accountName) | |
// { | |
// var accountKeys = await ListStorageAccountKeys.InvokeAsync(new ListStorageAccountKeysArgs | |
// { | |
// ResourceGroupName = resourceGroupName, | |
// AccountName = accountName | |
// }); | |
// return accountKeys.Keys[0].Value; | |
// } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment