First stab at keycloak automation

This commit is contained in:
decentral1se 2021-05-07 09:29:08 +02:00
parent 723da48c9d
commit e739ee8add
Signed by: decentral1se
GPG Key ID: 92DAD76BD9567B8A
2 changed files with 66 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
emails.txt

65
add-users-keycloak.py Executable file
View File

@ -0,0 +1,65 @@
#!/usr/bin/env python3
# See https://www.keycloak.org/docs/latest/server_admin/#user-operations
# The following command must be run beforehand to log into the keycloak:
# /opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin
from os.path import exists
from pathlib import Path
from shlex import split
from subprocess import run
from sys import exit
KCADM = "/opt/jboss/keycloak/bin/kcadm.sh"
REALM = "lumbung-space"
def confirm():
answer = ""
while answer not in ["y", "n"]:
answer = input("OK to create account [Y/N]? ").lower()
return answer == "y"
if not exists(Path("emails.txt").absolute()):
print("Missing emails.txt!")
exit(1)
with open("emails.txt") as handle:
emails = handle.readlines()
for email in emails:
username = email.split("@")[0].strip()
print(f"processing {email} now...")
print(f"deriving {username} from {email} for account creation...")
create_command = split(
f"""
{KCADM} create users
-r {REALM}
-s enabled=true
-s username={username}
-s 'requiredActions=["VERIFY_EMAIL","UPDATE_PROFILE","UPDATE_PASSWORD"]'
"""
)
password_command = split(
f"""
{KCADM} set-password \
-r {REALM} \
--username {username}
--new-password lumbung
--temporary
"""
)
print(f"Intending to run {create_command}...")
print(f"And then {password_command}...")
if not confirm():
print("Bailing out on request...")
exit(1)
run(create_command)
run(password_command)