keycloak_3scale_users 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7c2647c7ccacc50153428151e92ba38308d311dea2fdf2df956a81e7a9e552b7
+  data.tar.gz: 62ce9a03215a875db9f572ae020ab6f59e4643aa5e4a0f95a509ca8683af9df7
+SHA512:
+  metadata.gz: 51666a60549f903da5bfc41382ac07e43f7478050685edbd8bed3a9e800c5ef976fb859847d8003d08ca4da641b2773739becbd913f61161f4c7b443291413ec
+  data.tar.gz: ef5a8741e99d8fd08fe8f44bbe7fed3affb38795fc18377f6bc296c73f608b7b0691133154ce84dff9ee68159c931ac5de3e3eea35d54b56ac8763904a5fce70

data/.github/workflows/ci.yml

@@ -0,0 +1,22 @@
+name: CI (build & test)
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.2.0'
+      - name: Install dependencies
+        run: bundle install
+      - name: run tests suite
+        run: rspec
+

data/.gitignore

@@ -0,0 +1,56 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# Used by RuboCop. Remote config files pulled in from inherit_from directive.
+# .rubocop-https?--*
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.ruby-gemset

@@ -0,0 +1 @@
+3scale-migration

data/.ruby-version

@@ -0,0 +1 @@
+2.7.3

data/Gemfile

@@ -0,0 +1,8 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in keycloak_3scale_users.gemspec
+gemspec
+
+gem "rake", "~> 12.0"
+gem "rspec", "~> 3.0"
+gem 'nokogiri'

data/Gemfile.lock

@@ -0,0 +1,38 @@
+PATH
+  remote: .
+  specs:
+    keycloak_3scale_users (1.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.5.0)
+    nokogiri (1.14.3)
+      racc (~> 1.4)
+    racc (1.6.2)
+    rake (12.3.3)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.1)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  keycloak_3scale_users!
+  nokogiri
+  rake (~> 12.0)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   2.4.12

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Abdullah Barrak
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,46 @@
+# Keycloak 3scale Users Migration
+
+[![CI (build & test)](https://github.com/abarrak/3scale-keycloak-users-migration/actions/workflows/ci.yml/badge.svg)](https://github.com/abarrak/3scale-keycloak-users-migration/actions/workflows/ci.yml)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'keycloak_3scale_users'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install keycloak_3scale_users
+
+## Usage
+
+After installation, use the binary to apply the migrate operation.
+
+Pass the required arguments as follows:
+
+```bash
+keycloak_3scale_users <3scale-api-base-url> <3scale-token> <keycloak-url> <keycloak-realm-name> <keyclock_client_id> <keyclock-admin-user> <keycloak-admin-password> <main-redirect-url>
+```
+
+(Poor's man positional only).
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/keycloak_3scale_users.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "keycloak_3scale_users"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/keycloak_3scale_users

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "keycloak_3scale_users"
+
+Keycloak3scaleUsers::Core.run if __FILE__ == $0

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/keycloak_3scale_users.gemspec

@@ -0,0 +1,25 @@
+require_relative 'lib/keycloak_3scale_users/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "keycloak_3scale_users"
+  spec.version       = Keycloak3scaleUsers::VERSION
+  spec.authors       = ["Abdullah Barrak"]
+  spec.email         = ["abdullah@abarrak.com"]
+
+  spec.summary       = '3scale to Keycloak users migration.'
+  spec.description   = 'A CLI gem for migrating the end users accounts of 3scale to keycloak realm.'
+  spec.homepage      = "https://github.com/abarrak/3scale-keycloak-users-migration"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.7.0")
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/abarrak/3scale-keycloak-users-migration"
+  spec.metadata["changelog_uri"] = "https://github.com/abarrak/3scale-keycloak-users-migration/CHANGELOG"
+
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "bin"
+  spec.executables   << 'keycloak_3scale_users'
+  spec.require_paths = ["lib"]
+end

data/lib/keycloak_3scale_users/core.rb

@@ -0,0 +1,264 @@
+# frozen_string_literal: true
+require 'net/http'
+require 'openssl'
+require 'uri'
+require 'logger'
+require 'rubygems'
+require 'nokogiri'
+require 'csv'
+
+##
+# Parametes
+# -----
+# * <3scale-api-base-url>
+# * <3scale-token>
+# * <keycloak-url>
+# * <keycloak-realm-name>
+# * <keyclock_client_id>
+# * <keyclock-admin-user>
+# * <keycloak-admin-password>
+# * <main-redirect-url>
+#
+#
+module Keycloak3scaleUsers
+  module Core
+    User = Struct.new(:email, :username, :first_name, :last_name)
+
+    def self.run
+      print_welcome
+      set_parameters
+      import_current_users
+      migrate_to_sso
+      collect_keyclock_user_ids
+      send_email_notifications
+    rescue
+      p $!
+      raise
+      exit 1
+    end
+
+    class << self
+      protected
+
+      def print_welcome
+        puts ">> Starting Migration Script <<\n\n"
+      end
+
+      def set_parameters
+        param_keys = %w(
+          threescale_url threescale_token keyclock_url keyclock_realm keyclock_client_id
+          keyclock_admin_user keycloak_admin_password rabet_url
+        )
+        arguments = ARGV.collect { |arg| arg.chomp }
+
+        param_keys.zip(arguments).each do |key, arg|
+          instance_variable_set "@#{key}", arg
+          puts "> parameter #{key} is set to #{arg}"
+        end
+
+        param_keys.each do |key|
+          param = instance_variable_get "@#{key}"
+          if param.nil? || param.empty?
+            puts "\n> Error: input parameter #{key} is empty"
+            exit 1
+          end
+        end
+        puts "> All parameters are set!\n\n"
+      end
+
+      def import_current_users
+        puts ">> 1. Starting the import process .."
+        count = 0
+
+        base_url = instance_variable_get :@threescale_url
+        token = instance_variable_get :@threescale_token
+        pages = 500
+        endpoint = "/admin/api/accounts.xml?access_token=#{token}&page=1&per_page=#{pages}"
+
+        http = set_http_client URI.parse(base_url)
+        headers = authenticate
+        response = http.request Net::HTTP::Get.new(endpoint, headers)
+
+        unless Net::HTTPSuccess === response
+          puts "endpoint responded with non-success #{response.code} code.\nResponse: #{response.body}"
+          exit 1
+        end
+        @users = pares_users_from_xml response.body
+
+        puts ">> Imported #{@users.count} users successfully from 3scale system.\n>> Done.\n\n"
+      end
+
+      def migrate_to_sso
+        puts ">> 2. Starting the migration process .."
+
+        @users.each do |user|
+          import_user_to_sso user
+        end
+
+        puts "> Done.\n\n"
+      end
+
+      def send_email_notifications
+        puts ">> 4. Sending email notifications .."
+
+        @user_ids.each do |id|
+          send_email_to_user id
+        end
+
+        puts "> Done.\n\n"
+      end
+
+      def set_http_client uri
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = uri.scheme == 'https' ? true : false
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        http
+      end
+
+      def authenticate bearer_token = ''
+        headers = {}
+        headers['Authorization'] = "Bearer #{bearer_token}" unless bearer_token.empty?
+        headers['User-Agent'] = "SSO Migration Script"
+        headers
+      end
+
+      def pares_users_from_xml response_body
+        doc = Nokogiri::XML response_body
+        xpath_node = '//accounts//account//users//user'
+        users = doc.xpath
+        emails, usernames, first_names, last_names = ['//email', '//username', '//first_name', '//last_name'].collect { |path| doc.xpath path }
+        user_count = emails.count
+
+        users = []
+        1.upto(user_count).each do |i|
+          e = emails[i]&.text
+          u = usernames[i]&.text
+          f = first_names[i]&.text
+          l = last_names[i]&.text
+          users << User.new(e, u, f, l) unless e.nil?
+        end
+        puts "> All users dump:\n"
+        puts users, "\n"
+        users
+      end
+
+      def parse_as_json response
+        body = response.body
+        body = body.nil? || body.empty? ? body : JSON.parse(body)
+
+      rescue JSON::ParserError => error
+        puts "Parsing response body as JSON failed! Returning raw body. \nDetails: \n#{error.message}"
+        exit 1
+      end
+
+      def import_user_to_sso user
+        base_url = instance_variable_get :@keyclock_url
+        realm = instance_variable_get :@keyclock_realm
+        endpoint = "/auth/admin/realms/#{realm}/users"
+
+        http = set_http_client URI.parse(base_url)
+        headers = authenticate(generate_keycloak_bearer_token).merge({ "Content-Type" => "application/json" })
+        request = Net::HTTP::Post.new(endpoint, headers)
+        request.body = JSON.dump({
+          "createdTimestamp": 1588880747548,
+          "username": user.email,
+          "enabled": true,
+          "emailVerified": true,
+          "firstName": user.first_name,
+          "lastName": user.last_name,
+          "email": user.email,
+          "disableableCredentialTypes": [],
+          "requiredActions": [],
+          "notBefore": 0,
+          "access": {
+            "manageGroupMembership": false,
+            "view": true,
+            "mapRoles": false,
+            "impersonate": false,
+            "manage": false
+          }
+        })
+        response = http.request request
+
+        unless Net::HTTPSuccess === response
+          puts "endpoint responded with non-success #{response.code} code.\nResponse: #{response.body}"
+          puts "Error: failed to import user #{user.email} .."
+        else
+          puts "> importing user #{user.email} to keyclock successfully.\n\n"
+        end
+      end
+
+      def generate_keycloak_bearer_token
+        return @token if @token_time && (Time.now - @token_time < 40.to_f)
+
+        base_url = instance_variable_get :@keyclock_url
+        realm = instance_variable_get :@keyclock_realm
+        admin_user = instance_variable_get :@keyclock_admin_user
+        admin_pass = instance_variable_get :@keycloak_admin_password
+
+        endpoint = "/auth/realms/master/protocol/openid-connect/token"
+        @token_time = Time.now
+
+        http = set_http_client URI.parse(base_url)
+        headers = authenticate.merge({ "Content-Type" => "application/x-www-form-urlencoded" })
+        request = Net::HTTP::Post.new endpoint, headers
+        response = http.request request
+        request.body = "client_id=admin-cli&username=#{admin_user}&password=#{admin_pass}&grant_type=password"
+
+        response = http.request request
+        @token = parse_as_json(response)['access_token']
+        puts "> [[ Keyclock token is regenerated ]], #{@token.slice(30, 40)}..."
+        @token
+      end
+
+      def collect_keyclock_user_ids
+        puts ">> 3. Getting ids for all imported users to keyclock .."
+        base_url = instance_variable_get :@keyclock_url
+        realm = instance_variable_get :@keyclock_realm
+        users_count = 1000
+        endpoint = "/auth/admin/realms/#{realm}/users?count=#{users_count}"
+
+        http = set_http_client URI.parse(base_url)
+        headers = authenticate(generate_keycloak_bearer_token).merge({ "Content-Type" => "application/json" })
+        request = Net::HTTP::Get.new(endpoint, headers)
+        response = http.request request
+
+        @user_ids = parse_as_json(response).collect { |user| user['id'] }
+        puts "> All users dump:"
+        puts @user_ids, "\n"
+
+        unless Net::HTTPSuccess === response
+          puts "endpoint responded with non-success #{response.code} code.\nResponse: #{response.body}"
+          puts "Error: failed to get users list from Keyclock .."
+          exit 1
+        else
+          puts "> Reterived all users (total: #{@user_ids.count}) from keyclok successfully.\n\n"
+        end
+        @user_ids
+      end
+
+      def send_email_to_user user_id
+        base_url = instance_variable_get :@keyclock_url
+        realm = instance_variable_get :@keyclock_realm
+        client_id = instance_variable_get :@keyclock_client_id
+        rabet_url = instance_variable_get :@rabet_url
+        endpoint = "/auth/admin/realms/#{realm}/users/#{user_id}/execute-actions-email"
+        endpoint = endpoint.dup + "?redirect_uri=#{rabet_url}&client_id=#{client_id}"
+
+
+        http = set_http_client URI.parse(base_url)
+        headers = authenticate(generate_keycloak_bearer_token).merge({ "Content-Type" => "application/json" })
+        request = Net::HTTP::Put.new(endpoint, headers)
+        request.body = JSON.dump [ "UPDATE_PASSWORD" ]
+        response = http.request request
+
+        unless Net::HTTPSuccess === response
+          puts "endpoint responded with non-success #{response.code} code.\nResponse: #{response.body}"
+          puts "Error: failed to send set actions email to user id #{user_id} .."
+        else
+          puts "> Restet password email to user id #{user_id} is sent successfully."
+        end
+      end
+    end
+  end
+end

data/lib/keycloak_3scale_users/version.rb

@@ -0,0 +1,3 @@
+module Keycloak3scaleUsers
+  VERSION = "1.0.0"
+end

data/lib/keycloak_3scale_users.rb

@@ -0,0 +1,5 @@
+require_relative 'keycloak_3scale_users/core'
+require_relative 'keycloak_3scale_users/version'
+
+module Keycloak3scaleUsers
+end

metadata

@@ -0,0 +1,65 @@
+--- !ruby/object:Gem::Specification
+name: keycloak_3scale_users
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Abdullah Barrak
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-04-18 00:00:00.000000000 Z
+dependencies: []
+description: A CLI gem for migrating the end users accounts of 3scale to keycloak
+  realm.
+email:
+- abdullah@abarrak.com
+executables:
+- keycloak_3scale_users
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/ci.yml"
+- ".gitignore"
+- ".rspec"
+- ".ruby-gemset"
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/keycloak_3scale_users
+- bin/setup
+- keycloak_3scale_users.gemspec
+- lib/keycloak_3scale_users.rb
+- lib/keycloak_3scale_users/core.rb
+- lib/keycloak_3scale_users/version.rb
+homepage: https://github.com/abarrak/3scale-keycloak-users-migration
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/abarrak/3scale-keycloak-users-migration
+  source_code_uri: https://github.com/abarrak/3scale-keycloak-users-migration
+  changelog_uri: https://github.com/abarrak/3scale-keycloak-users-migration/CHANGELOG
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: 3scale to Keycloak users migration.
+test_files: []