+func installSecurity(rapp Rapp) error {
+ var url string
+ var params string
+ role := rapp.Roles[0].Role
+ grants := rapp.Roles[0].Grants[0]
+ realm := rapp.Realm
+ client := rapp.Client
+ authenticator := rapp.Authenticator
+ caCrt := rapp.CaCrt
+ tlsCrt := rapp.TlsCrt
+ tlsKey := rapp.TlsKey
+ email := rapp.Email
+ subjectDN := rapp.SubjectDN
+ mappingSource := rapp.MappingSource
+
+ httpClient := &http.Client{
+ Timeout: time.Second * 10,
+ }
+
+ if !rapp.SecurityEnabled {
+ return nil
+ }
+ // Different security requirements depending on the rapp type
+ if rapp.Type == "provider" {
+ // keycloak client setup
+ fmt.Println("Setting up keycloak")
+ url = "http://rapps-keycloak-mgr.default/create"
+ values := map[string]string{"realm": realm, "name": client, "role": role, "authType": authenticator,
+ "tlsCrt": tlsCrt, "email": email, "subjectDN": subjectDN, "mappingSource": mappingSource}
+ jsonValue, _ := json.Marshal(values)
+ req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonValue))
+ if err != nil {
+ fmt.Printf("Got error %s", err.Error())
+ }
+ req.Header.Set("Content-type", "application/json")
+ resp, err := httpClient.Do(req)
+ fmt.Println("Keycloak response status:", resp.Status)
+ if err != nil {
+ fmt.Printf("Got error %s", err.Error())
+ return err
+ } else {
+ fmt.Println("Setting up istio")
+ url = "http://rapps-istio-mgr.default/create-policy?"
+ params = "name=" + chartName + "&realm=" + realm + "&role=" + role + "&method=" + grants
+ url += params
+
+ _, err := http.Get(url)
+ if err != nil {
+ return err
+ }
+ }
+ } else {
+ fmt.Println("Setting up istio")
+ url = "http://rapps-istio-mgr.default/create-filter?"
+ params = "name=" + chartName + "&realm=" + realm + "&client=" + client + "&authType=" + authenticator +
+ "&tlsCrt=" + tlsCrt + "&tlsKey=" + tlsKey + "&caCrt=" + caCrt
+ url += params
+ _, err := http.Get(url)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+
+}
+