2 #############################################################################
3 # Copyright 2023 highstreet technologies GmbH
5 # Licensed under the Apache License, Version 2.0 (the 'License');
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an 'AS IS' BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
18 # importing the sys, json, requests library
27 from jproperties import Properties
28 from typing import List
29 warnings.filterwarnings('ignore', message='Unverified HTTPS request')
30 # global configurations
33 def get_environment_variable(name):
34 configs = Properties()
35 path = pathlib.Path(os.path.dirname(os.path.abspath(__file__)))
36 env_file = str(path.parent.absolute()) + '/.env'
37 with open(env_file, "rb") as read_prop:
38 configs.load(read_prop)
39 return configs.get(name).data
42 def load_arguments(args: List[str]) -> tuple:
43 realm_file = os.path.dirname(os.path.abspath(
44 __file__)) + '/o-ran-sc-realm.json'
45 auth_file = os.path.dirname(os.path.abspath(
46 __file__)) + '/authentication.json'
51 if arg == '--auth' and len(args) > 0:
52 auth_file = args.pop(0)
53 print('overwriting auth file: {}'.format(auth_file))
54 elif arg == '--realm' and len(args) > 0:
55 realm_file = args.pop(0)
56 print('overwriting realm file: {}'.format(realm_file))
57 elif arg == '--timeout' and len(args) > 0:
58 ready_timeout = int(args.pop(0))
59 print('waiting for ready {} seconds'.format(ready_timeout))
61 return (realm_file, auth_file, ready_timeout)
64 def isReady(timeoutSeconds=180):
66 while timeoutSeconds > 0:
68 response = requests.get(url, verify=False, headers={})
71 if response is not None and response.status_code == 200:
79 return get_environment_variable("IDENTITY_PROVIDER_URL")
81 # Request a token for further communication
85 url = base + '/realms/master/protocol/openid-connect/token'
87 'content-type': 'application/x-www-form-urlencoded',
88 'accept': 'application/json'
91 'client_id': 'admin-cli',
92 'grant_type': 'password',
97 response = requests.post(url, verify=False, auth=(
98 username, password), data=body, headers=headers)
99 except requests.exceptions.Timeout:
100 sys.exit('HTTP request failed, please check you internet connection.')
101 except requests.exceptions.TooManyRedirects:
102 sys.exit('HTTP request failed, please check your proxy settings.')
103 except requests.exceptions.RequestException as e:
104 # catastrophic error. bail.
107 if response.status_code >= 200 and response.status_code < 300:
109 return response.json()['access_token']
111 sys.exit('Getting token failed.')
113 # create the default realm from file
116 def createRealm(token, realm):
117 url = base + '/admin/realms'
118 auth = 'bearer ' + token
120 'content-type': 'application/json',
121 'accept': 'application/json',
122 'authorization': auth
125 response = requests.post(
126 url, verify=False, json=realm, headers=headers)
127 except requests.exceptions.Timeout:
128 sys.exit('HTTP request failed, please check you internet connection.')
129 except requests.exceptions.TooManyRedirects:
130 sys.exit('HTTP request failed, please check your proxy settings.')
131 except requests.exceptions.RequestException as e:
132 # catastrophic error. bail.
135 return response.status_code >= 200 and response.status_code < 300
137 # Check if default realm exists
140 def checkRealmExists(token, realmId):
141 url = base + '/admin/realms/' + realmId
142 auth = 'bearer ' + token
144 'accept': 'application/json',
145 'authorization': auth
148 response = requests.get(url, verify=False, headers=headers)
149 except requests.exceptions.Timeout:
150 sys.exit('HTTP request failed, please check you internet connection.')
151 except requests.exceptions.TooManyRedirects:
152 sys.exit('HTTP request failed, please check your proxy settings.')
153 except requests.exceptions.RequestException as e:
154 # catastrophic error. bail.
157 if response.status_code >= 200 and response.status_code < 300:
158 return realmId == response.json()['id']
160 # sys.exit('Getting realm failed.')
163 # create a user in default realm
166 def createUser(token, realmConfig, user):
167 realmId = realmConfig['id']
168 url = base + '/admin/realms/' + realmId + '/users'
169 auth = 'bearer ' + token
171 'accept': 'application/json',
172 'authorization': auth
175 response = requests.post(url, verify=False, json=user, headers=headers)
176 except requests.exceptions.Timeout:
177 sys.exit('HTTP request failed, please check you internet connection.')
178 except requests.exceptions.TooManyRedirects:
179 sys.exit('HTTP request failed, please check your proxy settings.')
180 except requests.exceptions.RequestException as e:
181 # catastrophic error. bail.
184 if response.status_code >= 200 and response.status_code < 300:
185 print('User', user['username'], 'created!')
187 print('User creation', user['username'], 'failed!\n', response.text)
189 # creates User accounts in realm based a file
192 def createUsers(token, realmConfig, authConfig):
193 for user in authConfig['users']:
194 createUser(token, realmConfig, user)
196 # create a user based on system user
198 "firstName": getpass.getuser(),
200 "email": getpass.getuser() + "@sdnr.onap.org",
202 "username": getpass.getuser(),
214 createUser(token, realmConfig, systemUser)
216 # Grants a role to a user
219 def addUserRole(user: dict, role: dict, options: dict):
220 url = options['url'] + '/' + user['id'] + '/role-mappings/realm'
222 response = requests.post(url, verify=False, json=[
223 {'id': role['id'], 'name':role['name']}],
224 headers=options['headers'])
225 except requests.exceptions.Timeout:
226 sys.exit('HTTP request failed, please check you internet connection.')
227 except requests.exceptions.TooManyRedirects:
228 sys.exit('HTTP request failed, please check your proxy settings.')
229 except requests.exceptions.RequestException as e:
230 # catastrophic error. bail.
233 if response.status_code >= 200 and response.status_code < 300:
234 print('User role', user['username'], role['name'], 'created!')
236 print('Creation of user role',
237 user['username'], role['name'], 'failed!\n', response.text)
239 # searches for the role of a given user
242 def findRole(username: str, authConfig: dict, realmConfig: dict) -> dict:
243 roleName = 'administration'
244 for grant in authConfig['grants']:
245 if grant['username'] == username:
246 roleName = grant['role']
247 for role in realmConfig['roles']['realm']:
248 if role['name'] == roleName:
252 # adds roles to users
255 def addUserRoles(token, realmConfig, authConfig):
256 realmId = realmConfig['id']
257 url = base + '/admin/realms/' + realmId + '/users'
258 auth = 'bearer ' + token
260 'content-type': 'application/json',
261 'accept': 'application/json',
262 'authorization': auth
265 response = requests.get(url, verify=False, headers=headers)
266 except requests.exceptions.Timeout:
267 sys.exit('HTTP request failed, please check you internet connection.')
268 except requests.exceptions.TooManyRedirects:
269 sys.exit('HTTP request failed, please check your proxy settings.')
270 except requests.exceptions.RequestException as e:
271 # catastrophic error. bail.
274 if response.status_code >= 200 and response.status_code < 300:
275 users = response.json()
282 role = findRole(user['username'], authConfig, realmConfig)
283 addUserRole(user, role, options)
285 sys.exit('Getting users failed.')
290 (realmFile, authFile, readyTimeout) = load_arguments(sys.argv)
291 username = get_environment_variable('ADMIN_USERNAME')
292 password = get_environment_variable('ADMIN_PASSWORD')
294 isReady(readyTimeout)
297 with open(realmFile) as file:
298 realmConfig = json.load(file)
299 if not checkRealmExists(token, realmConfig['id']):
300 createRealm(token, realmConfig)
302 with open(authFile) as authConfig:
303 authConfig = json.load(authConfig)
304 createUsers(token, realmConfig, authConfig)
305 addUserRoles(token, realmConfig, authConfig)