Skip to content

Instantly share code, notes, and snippets.

@pdevito3
Last active July 8, 2022 04:08
Show Gist options
  • Save pdevito3/07a9e4a6becd1363d833e9cf860838de to your computer and use it in GitHub Desktop.
Save pdevito3/07a9e4a6becd1363d833e9cf860838de to your computer and use it in GitHub Desktop.
Pulumi Keycloak
namespace KeyAuth;
using Pulumi;
using Pulumi.Keycloak;
using Pulumi.Keycloak.OpenId;
class RealmBuild : Stack
{
public RealmBuild()
{
var realm = new Realm("auto-realm", new RealmArgs
{
RealmName = "AutoRealmOne",
});
var scopeName = "recipe_management";
var recipeScope = new ClientScope($"{scopeName}-scope", new ClientScopeArgs()
{
Name = scopeName,
RealmId = realm.Id
});
var recipeSwaggerClient = CreateCodeFlowClient(realm.Id,
"recipe_management.swagger",
Guid.NewGuid().ToString(),
"Recipe Management Swagger",
"https://localhost:5375/"
);
recipeSwaggerClient.AddScope(recipeScope.Name);
}
public static Client CreateCodeFlowClient(Output<string> realmId, string clientId, string clientSecret, string clientName, string baseUrl)
{
return new Client($"{clientName.ToLower()}-swagger", new ClientArgs()
{
RealmId = realmId,
ClientId = clientId,
Name = clientName,
StandardFlowEnabled = true,
Enabled = true,
AccessType = "CONFIDENTIAL",
ValidRedirectUris = new InputList<string>()
{
new Uri(new Uri(baseUrl), "*").ToString()
},
BaseUrl = baseUrl,
WebOrigins = new InputList<string>()
{
baseUrl
},
PkceCodeChallengeMethod = "S256",
ClientSecret = clientSecret,
BackchannelLogoutSessionRequired = true
});
}
public static Client CreateClientCredentialsFlowClient(Output<string> realmId, string clientId, string clientSecret, string clientName, string baseUrl)
{
return new Client($"{clientName.ToLower()}-swagger", new ClientArgs()
{
RealmId = realmId,
ClientId = clientId,
Name = clientName,
StandardFlowEnabled = false,
Enabled = true,
ServiceAccountsEnabled = true,
AccessType = "CONFIDENTIAL",
ValidRedirectUris = new InputList<string>()
{
new Uri(new Uri(baseUrl), "*").ToString()
},
BaseUrl = baseUrl,
WebOrigins = new InputList<string>()
{
baseUrl
},
PkceCodeChallengeMethod = "S256",
ClientSecret = clientSecret,
BackchannelLogoutSessionRequired = true
});
}
}
public static class ClientExtensions
{
public static void AddScope(this Client client, params Output<string>[] scopeName)
{
var defaultScopes = new ClientDefaultScopes("default-scopes-for_client", new ClientDefaultScopesArgs()
{
RealmId = client.RealmId,
ClientId = client.Id,
DefaultScopes =
{
"profile",
"email",
"roles",
"web-origins",
scopeName,
},
});
}
}
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Pulumi" Version="3.*" />
<PackageReference Include="Pulumi.Keycloak" Version="4.10.0" />
</ItemGroup>
</Project>
namespace KeyAuth;
using System.Threading.Tasks;
using Pulumi;
internal static class Program
{
static Task<int> Main() => Deployment.RunAsync<RealmBuild>();
}
config:
keycloak:url: http://localhost:3385
keycloak:clientId: admin-cli
keycloak:username: admin
keycloak:password: Panda5
name: KeyAuth
runtime: dotnet
description: Hello Keycloak
namespace KeyAuth;
using Pulumi;
using Pulumi.Keycloak;
using Pulumi.Keycloak.OpenId;
class RealmBuild : Stack
{
public RealmBuild()
{
var realm = new Realm("auto-realm", new RealmArgs
{
RealmName = "AutoRealm",
});
var recipeScope = new ClientScope("recipe-management-scope", new ClientScopeArgs()
{
Name = "recipe_management",
RealmId = realm.Id
});
var recipeSwaggerClient = new Client("recipe-management-swagger", new ClientArgs()
{
RealmId = realm.Id,
ClientId = "recipe_management.swagger",
Name = "Recipe Management Swagger",
StandardFlowEnabled = true,
Enabled = true,
AccessType = "CONFIDENTIAL",
ValidRedirectUris = new InputList<string>()
{
"https://localhost:5375/swagger/oauth2-redirect.html"
},
BaseUrl = "https://localhost:5375/",
WebOrigins = new InputList<string>()
{
"https://localhost:5375/"
},
PkceCodeChallengeMethod = "S256",
ClientSecret = Guid.NewGuid().ToString(),
BackchannelLogoutSessionRequired = true
});
var defaultScopes = new ClientDefaultScopes("default-scopes-for_client", new ClientDefaultScopesArgs()
{
RealmId = realm.Id,
ClientId = recipeSwaggerClient.Id,
DefaultScopes =
{
"profile",
"email",
"roles",
"web-origins",
recipeScope.Name,
},
});
// var resourceGroup = new ResourceGroup("resourceGroup");
//
// // Create an Azure resource (Storage Account)
// var storageAccount = new StorageAccount("sa", new StorageAccountArgs
// {
// ResourceGroupName = resourceGroup.Name,
// Sku = new SkuArgs
// {
// Name = SkuName.Standard_LRS
// },
// Kind = Kind.StorageV2
// });
//
// // Export the primary key of the Storage Account
// this.PrimaryStorageKey = Output.Tuple(resourceGroup.Name, storageAccount.Name).Apply(names =>
// Output.CreateSecret(GetStorageAccountPrimaryKey(names.Item1, names.Item2)));
}
// [Output]
// public Output<string> PrimaryStorageKey { get; set; }
//
// private static async Task<string> GetStorageAccountPrimaryKey(string resourceGroupName, string accountName)
// {
// var accountKeys = await ListStorageAccountKeys.InvokeAsync(new ListStorageAccountKeysArgs
// {
// ResourceGroupName = resourceGroupName,
// AccountName = accountName
// });
// return accountKeys.Keys[0].Value;
// }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment