@continuoussecuritytooling/keycloak-reporter 0.1.0

package/.bin/start-server.mjs

@@ -0,0 +1,87 @@
+#!/usr/bin/env node
+// @ts-check
+import { Octokit } from '@octokit/rest'
+import gunzip from 'gunzip-maybe'
+import fetch from 'node-fetch'
+import { spawn } from 'node:child_process'
+import fs from 'node:fs'
+import path from 'node:path'
+import { pipeline } from 'node:stream'
+import { fileURLToPath } from 'node:url'
+import { promisify } from 'node:util'
+import tar from 'tar-fs'
+
+const DIR_NAME = path.dirname(fileURLToPath(import.meta.url))
+const SERVER_DIR = path.resolve(DIR_NAME, '../tmp/server')
+const SCRIPT_EXTENSION = process.platform === 'win32' ? '.bat' : '.sh'
+
+// TODO: Once support for Node.js 14 has been dropped this can be replaced with an import from 'node:stream/promises'.
+// More information: https://nodejs.org/api/stream.html#streams-promises-api
+const pipelineAsync = promisify(pipeline)
+
+await startServer()
+
+async function startServer () {
+  await downloadServer()
+
+  console.info('Starting server…')
+
+  const args = process.argv.slice(2)
+  const child = spawn(
+    path.join(SERVER_DIR, `bin/kc${SCRIPT_EXTENSION}`),
+    ['start-dev', ...args],
+    {
+      env: {
+        KEYCLOAK_ADMIN: 'admin',
+        KEYCLOAK_ADMIN_PASSWORD: 'admin',
+        ...process.env
+      }
+    }
+  )
+
+  child.stdout.pipe(process.stdout)
+  child.stderr.pipe(process.stderr)
+}
+
+async function downloadServer () {
+  const directoryExists = fs.existsSync(SERVER_DIR)
+
+  if (directoryExists) {
+    console.info('Server installation found, skipping download.')
+    return
+  }
+
+  console.info('Downloading and extracting server…')
+
+  const nightlyAsset = await getNightlyAsset()
+  const assetStream = await getAssetAsStream(nightlyAsset)
+
+  await extractTarball(assetStream, SERVER_DIR, { strip: 1 })
+}
+
+async function getNightlyAsset () {
+  const api = new Octokit()
+  const release = await api.repos.getReleaseByTag({
+    owner: 'keycloak',
+    repo: 'keycloak',
+    tag: 'nightly'
+  })
+
+  return release.data.assets.find(
+    ({ name }) => name === 'keycloak-999.0.0-SNAPSHOT.tar.gz'
+  )
+}
+
+async function getAssetAsStream (asset) {
+  const response = await fetch(asset.browser_download_url)
+
+  if (!response.ok) {
+    throw new Error('Something went wrong requesting the nightly release.')
+  }
+
+  return response.body
+}
+
+function extractTarball (stream, path, options) {
+  return pipelineAsync(stream, gunzip(), tar.extract(path, options))
+}

package/.bin/wait-for-server.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# For debugging purposes to make sure the image was started
+counter=0
+printf 'Waiting for Keycloak server to start'
+until $(curl --output /dev/null --silent --head --fail http://localhost:8080/realms/master/.well-known/openid-configuration); do
+    printf '.'
+    sleep 5
+    if [[ "$counter" -gt 24 ]]; then
+        printf "Keycloak server failed to start. Timeout!"
+        exit 1
+    fi
+    counter=$((counter + 1))
+done

package/.editorconfig

@@ -0,0 +1,23 @@
+# EditorConfig helps developers define and maintain consistent
+# coding styles between different editors and IDEs
+# editorconfig.org
+
+root = true
+
+[*]
+
+# Change these settings to your own preference
+indent_style = space
+indent_size = 2
+
+# We recommend you to keep these unchanged
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.ts,*.js]
+quote_type = single

package/.eslintignore

@@ -0,0 +1 @@
+dist/**

package/.eslintrc.cjs

@@ -0,0 +1,14 @@
+/* eslint-env node */
+module.exports = {
+  env: {
+    node: true,
+    commonjs: true,
+  },
+  extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended'],
+  parser: '@typescript-eslint/parser',
+  plugins: ['@typescript-eslint'],
+  root: true,
+  rules: {
+    quotes: [2, 'single', { avoidEscape: true }],
+  },
+};

package/.github/FUNDING.yml

@@ -0,0 +1,2 @@
+# These are supported funding model platforms
+open_collective: m13t

package/.github/workflows/pipeline.yml

@@ -0,0 +1,101 @@
+name: Build
+"on":
+  - push
+jobs:
+  build:
+    name: "Build and Test on Node ${{ matrix.node_version }} and ${{ matrix.os }}"
+    runs-on: "${{ matrix.os }}"
+    strategy:
+      matrix:
+        node_version:
+          - 16
+          - 18
+          - 20
+        os:
+          - ubuntu-latest
+          - macOS-latest
+          - windows-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: "Use Node.js ${{ matrix.node_version }}"
+        uses: actions/setup-node@v3
+        with:
+          node-version: "${{ matrix.node_version }}"
+      - name: npm build and test
+        run: |
+          npm run clean
+          npm run build
+          npm run test
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: dist-folder
+          path: dist
+
+  end2end:
+    name: "End2End Test on Node ${{ matrix.node_version }} and ${{ matrix.os }}"
+    runs-on: "${{ matrix.os }}"
+    needs:
+      - build
+    strategy:
+      matrix:
+        node_version:
+          - 16
+          - 18
+          - 20
+        os:
+          - ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: "Use Node.js ${{ matrix.node_version }}"
+        uses: actions/setup-node@v3
+        with:
+          node-version: "${{ matrix.node_version }}"
+      - name: npm build and test
+        run: |
+          npm run clean
+          npm run build
+
+      - name: Start Keycloak server
+        run: npm run end2end:start-server &
+
+      - name: Wait for Keycloak server
+        run: .bin/wait-for-server.sh
+
+      - name: Run end2end tests
+        run: npm run end2end:test
+        env:
+          WEBHOOK_TESTING_TEAMS: ${{ secrets.WEBHOOK_TESTING_TEAMS }}
+          WEBHOOK_TESTING_SLACK: ${{ secrets.WEBHOOK_TESTING_SLACK }}
+
+  package:
+    name: Build Container Image
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - end2end
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+      - name: "Build Package"
+        run: |
+          npm run clean
+          npm run build
+      - name: Buildah Action
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: continuoussecuritytooling/keycloak-reporting-cli
+          tags: "v1 ${{ github.sha }}"
+          containerfiles: |
+            ./Dockerfile
+      - name: Push To Docker Hub
+        id: push-to-dockerhub
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: registry.hub.docker.com
+          username: continuoussecuritytooling
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+        if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/main'

package/Dockerfile

@@ -0,0 +1,9 @@
+FROM node:20
+
+COPY dist/ docker_entrypoint.sh /app
+
+WORKDIR /app
+
+RUN cd /app &&  npm i
+
+ENTRYPOINT ["/app/docker_entrypoint.sh"]

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Continuous Security Tools
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,43 @@
+# Keycloak Reporter
+
+[![Docker Stars](https://img.shields.io/docker/stars/continuoussecuritytooling/keycloak-reporting-cli.svg)](https://hub.docker.com/r/continuoussecuritytooling/keycloak-reporting-cli/)
+
+## Usage
+
+```
+docker run continuoussecuritytooling/keycloak-reporting-cli listClients <Keycloak_Root_URL> <Client_ID> <Client_Secret> --format=csv
+```
+
+The output looks for CSV, like that:
+```
+"client","description","realm","enabled","public","allowedOrigins"
+"account",,"bunge",true,true,"[]"
+"account-console",,"bunge",true,true,"[]"
+"admin-cli",,"bunge",true,true,"[]"
+"broker",,"bunge",true,false,"[]"
+"portal",,"bunge",true,false,"[]"
+"realm-management",,"bunge",true,false,"[]"
+"security-admin-console",,"bunge",true,true,"[""+""]"
+```
+
+Valid commands are:
+- `listClients`
+- `listUsers`
+
+## Advanced
+
+### Post to Slack or Teams
+
+When using this command:
+```
+node dist/index.js listUsers <Keycloak_Root_URL> <Client_ID> <Client_Secret> --format=json --output=webhook --webhookType=slack --webhookUrl=$WEBHOOK_TESTING_SLACK
+```
+the following entry in slack will be created:
+![Slack Sample](.docs/webhook-slack-sample.png)
+
+And for Teams:
+```
+node dist/index.js listUsers <Keycloak_Root_URL> <Client_ID> <Client_Secret> --format=json --output=webhook --webhookType=teams --webhookUrl=$WEBHOOK_TESTING_TEAMS
+```
+the following entry in slack will be created:
+![Team Sample](.docs/webhook-teams-sample.png)

package/cli.ts

@@ -0,0 +1,125 @@
+#!/usr/bin/env node
+
+import yargs from 'yargs/yargs';
+import { hideBin } from 'yargs/helpers';
+import { listUsers, listClients } from './src/cli.js';
+import { Options } from './lib/client.js';
+import { convertJSON2CSV } from './lib/convert.js';
+import { post2Webhook } from './lib/output.js';
+
+class WebhookConfig {
+  type: string;
+  url: string;
+  title: string;
+  constructor(type: string, url: string, title: string) {
+    this.type = type;
+    this.url = url;
+    this.title = title;
+  }
+}
+
+async function convert(
+  format: string,
+  output: string,
+  config: WebhookConfig,
+  json: object
+) {
+  let outputContent: string;
+  switch (format) {
+    case 'csv':
+      outputContent = (await convertJSON2CSV(json)).toString();
+      break;
+    // defaulting to JSON
+    default:
+      outputContent = JSON.stringify(json);
+  }
+  switch (output) {
+    case 'webhook':
+      try {
+        await post2Webhook(
+          config.type,
+          config.url,
+          config.title,
+          outputContent
+        );
+      } catch (e) {
+        console.error('Error during sending webhook: ', e);
+      }
+      break;
+    // defaulting to standard out
+    default:
+      console.log(outputContent);
+  }
+}
+
+yargs(hideBin(process.argv))
+  .command(
+    'listUsers [url] [clientId] [clientSecret]',
+    'fetches all users in the realms.',
+    // eslint-disable-next-line @typescript-eslint/no-empty-function
+    () => {},
+    async (argv) => {
+      const users = await listUsers(<Options>{
+        clientId: argv.clientId as string,
+        clientSecret: argv.clientSecret as string,
+        rootUrl: argv.url as string,
+      });
+      await convert(
+        argv.format as string,
+        argv.output as string,
+        new WebhookConfig(
+          argv.webhookType as string,
+          argv.webhookUrl as string,
+          'User Listing'
+        ),
+        users
+      );
+    }
+  )
+  .command(
+    'listClients [url] [clientId] [clientSecret]',
+    'fetches all clients in the realms.',
+    // eslint-disable-next-line @typescript-eslint/no-empty-function
+    () => {},
+    async (argv) => {
+      const clients = await listClients(<Options>{
+        clientId: argv.clientId as string,
+        clientSecret: argv.clientSecret as string,
+        rootUrl: argv.url as string,
+      });
+      await convert(
+        argv.format as string,
+        argv.output as string,
+        new WebhookConfig(
+          argv.webhookType as string,
+          argv.webhookUrl as string,
+          'Client Listing'
+        ),
+        clients
+      );
+    }
+  )
+  .option('format', {
+    alias: 'f',
+    type: 'string',
+    default: 'json',
+    description: 'output format, e.g. JSON|CSV',
+  })
+  .option('output', {
+    alias: 'o',
+    type: 'string',
+    default: 'stdout',
+    description: 'output channel',
+  })
+  .option('webhookType', {
+    alias: 'w',
+    type: 'string',
+    default: 'slack',
+    description: 'Webhook Type',
+  })
+  .option('webhookUrl', {
+    alias: 't',
+    type: 'string',
+    description: 'Webhook URL',
+  })
+  .parse();

package/dist/cli.js

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+import yargs from 'yargs/yargs';
+import { hideBin } from 'yargs/helpers';
+import { listUsers, listClients } from './src/cli.js';
+import { convertJSON2CSV } from './lib/convert.js';
+import { post2Webhook } from './lib/output.js';
+class WebhookConfig {
+    constructor(type, url, title) {
+        this.type = type;
+        this.url = url;
+        this.title = title;
+    }
+}
+async function convert(format, output, config, json) {
+    let outputContent;
+    switch (format) {
+        case 'csv':
+            outputContent = (await convertJSON2CSV(json)).toString();
+            break;
+        // defaulting to JSON
+        default:
+            outputContent = JSON.stringify(json);
+    }
+    switch (output) {
+        case 'webhook':
+            try {
+                await post2Webhook(config.type, config.url, config.title, outputContent);
+            }
+            catch (e) {
+                console.error('Error during sending webhook: ', e);
+            }
+            break;
+        // defaulting to standard out
+        default:
+            console.log(outputContent);
+    }
+}
+yargs(hideBin(process.argv))
+    .command('listUsers [url] [clientId] [clientSecret]', 'fetches all users in the realms.', 
+// eslint-disable-next-line @typescript-eslint/no-empty-function
+() => { }, async (argv) => {
+    const users = await listUsers({
+        clientId: argv.clientId,
+        clientSecret: argv.clientSecret,
+        rootUrl: argv.url,
+    });
+    await convert(argv.format, argv.output, new WebhookConfig(argv.webhookType, argv.webhookUrl, 'User Listing'), users);
+})
+    .command('listClients [url] [clientId] [clientSecret]', 'fetches all clients in the realms.', 
+// eslint-disable-next-line @typescript-eslint/no-empty-function
+() => { }, async (argv) => {
+    const clients = await listClients({
+        clientId: argv.clientId,
+        clientSecret: argv.clientSecret,
+        rootUrl: argv.url,
+    });
+    await convert(argv.format, argv.output, new WebhookConfig(argv.webhookType, argv.webhookUrl, 'Client Listing'), clients);
+})
+    .option('format', {
+    alias: 'f',
+    type: 'string',
+    default: 'json',
+    description: 'output format, e.g. JSON|CSV',
+})
+    .option('output', {
+    alias: 'o',
+    type: 'string',
+    default: 'stdout',
+    description: 'output channel',
+})
+    .option('webhookType', {
+    alias: 'w',
+    type: 'string',
+    default: 'slack',
+    description: 'Webhook Type',
+})
+    .option('webhookUrl', {
+    alias: 't',
+    type: 'string',
+    description: 'Webhook URL',
+})
+    .parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../cli.ts"],"names":[],"mappings":";AAEA,OAAO,KAAK,MAAM,aAAa,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,aAAa;IAIjB,YAAY,IAAY,EAAE,GAAW,EAAE,KAAa;QAClD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;CACF;AAED,KAAK,UAAU,OAAO,CACpB,MAAc,EACd,MAAc,EACd,MAAqB,EACrB,IAAY;IAEZ,IAAI,aAAqB,CAAC;IAC1B,QAAQ,MAAM,EAAE;QACd,KAAK,KAAK;YACR,aAAa,GAAG,CAAC,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACzD,MAAM;QACR,qBAAqB;QACrB;YACE,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;KACxC;IACD,QAAQ,MAAM,EAAE;QACd,KAAK,SAAS;YACZ,IAAI;gBACF,MAAM,YAAY,CAChB,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,GAAG,EACV,MAAM,CAAC,KAAK,EACZ,aAAa,CACd,CAAC;aACH;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,CAAC,CAAC,CAAC;aACpD;YACD,MAAM;QACR,6BAA6B;QAC7B;YACE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC;AAED,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;KACzB,OAAO,CACN,2CAA2C,EAC3C,kCAAkC;AAClC,gEAAgE;AAChE,GAAG,EAAE,GAAE,CAAC,EACR,KAAK,EAAE,IAAI,EAAE,EAAE;IACb,MAAM,KAAK,GAAG,MAAM,SAAS,CAAU;QACrC,QAAQ,EAAE,IAAI,CAAC,QAAkB;QACjC,YAAY,EAAE,IAAI,CAAC,YAAsB;QACzC,OAAO,EAAE,IAAI,CAAC,GAAa;KAC5B,CAAC,CAAC;IACH,MAAM,OAAO,CACX,IAAI,CAAC,MAAgB,EACrB,IAAI,CAAC,MAAgB,EACrB,IAAI,aAAa,CACf,IAAI,CAAC,WAAqB,EAC1B,IAAI,CAAC,UAAoB,EACzB,cAAc,CACf,EACD,KAAK,CACN,CAAC;AACJ,CAAC,CACF;KACA,OAAO,CACN,6CAA6C,EAC7C,oCAAoC;AACpC,gEAAgE;AAChE,GAAG,EAAE,GAAE,CAAC,EACR,KAAK,EAAE,IAAI,EAAE,EAAE;IACb,MAAM,OAAO,GAAG,MAAM,WAAW,CAAU;QACzC,QAAQ,EAAE,IAAI,CAAC,QAAkB;QACjC,YAAY,EAAE,IAAI,CAAC,YAAsB;QACzC,OAAO,EAAE,IAAI,CAAC,GAAa;KAC5B,CAAC,CAAC;IACH,MAAM,OAAO,CACX,IAAI,CAAC,MAAgB,EACrB,IAAI,CAAC,MAAgB,EACrB,IAAI,aAAa,CACf,IAAI,CAAC,WAAqB,EAC1B,IAAI,CAAC,UAAoB,EACzB,gBAAgB,CACjB,EACD,OAAO,CACR,CAAC;AACJ,CAAC,CACF;KACA,MAAM,CAAC,QAAQ,EAAE;IAChB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,MAAM;IACf,WAAW,EAAE,8BAA8B;CAC5C,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,QAAQ;IACjB,WAAW,EAAE,gBAAgB;CAC9B,CAAC;KACD,MAAM,CAAC,aAAa,EAAE;IACrB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,OAAO;IAChB,WAAW,EAAE,cAAc;CAC5B,CAAC;KACD,MAAM,CAAC,YAAY,EAAE;IACpB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,aAAa;CAC3B,CAAC;KACD,KAAK,EAAE,CAAC"}

package/dist/index.js

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+import yargs from 'yargs/yargs';
+import { hideBin } from 'yargs/helpers';
+import { listUsers, listClients } from './src/cli.js';
+import { convertJSON2CSV } from './lib/convert.js';
+import { post2Webhook } from './lib/output.js';
+class WebhookConfig {
+    constructor(type, url, title) {
+        this.type = type;
+        this.url = url;
+        this.title = title;
+    }
+}
+async function convert(format, output, config, json) {
+    let outputContent;
+    switch (format) {
+        case 'csv':
+            outputContent = (await convertJSON2CSV(json)).toString();
+            break;
+        // defaulting to JSON
+        default:
+            outputContent = JSON.stringify(json);
+    }
+    switch (output) {
+        case 'webhook':
+            try {
+                await post2Webhook(config.type, config.url, config.title, outputContent);
+            }
+            catch (e) {
+                console.error('Error during sending webhook: ', e);
+            }
+            break;
+        // defaulting to standard out
+        default:
+            console.log(outputContent);
+    }
+}
+yargs(hideBin(process.argv))
+    .command('listUsers [url] [clientId] [clientSecret]', 'fetches all users in the realms.', 
+// eslint-disable-next-line @typescript-eslint/no-empty-function
+() => { }, async (argv) => {
+    const users = await listUsers({
+        clientId: argv.clientId,
+        clientSecret: argv.clientSecret,
+        rootUrl: argv.url,
+    });
+    await convert(argv.format, argv.output, new WebhookConfig(argv.webhookType, argv.webhookUrl, 'User Listing'), users);
+})
+    .command('listClients [url] [clientId] [clientSecret]', 'fetches all clients in the realms.', 
+// eslint-disable-next-line @typescript-eslint/no-empty-function
+() => { }, async (argv) => {
+    const clients = await listClients({
+        clientId: argv.clientId,
+        clientSecret: argv.clientSecret,
+        rootUrl: argv.url,
+    });
+    await convert(argv.format, argv.output, new WebhookConfig(argv.webhookType, argv.webhookUrl, 'Client Listing'), clients);
+})
+    .option('format', {
+    alias: 'f',
+    type: 'string',
+    default: 'json',
+    description: 'output format, e.g. JSON|CSV',
+})
+    .option('output', {
+    alias: 'o',
+    type: 'string',
+    default: 'stdout',
+    description: 'output channel',
+})
+    .option('webhookType', {
+    alias: 'w',
+    type: 'string',
+    default: 'slack',
+    description: 'Webhook Type',
+})
+    .option('webhookUrl', {
+    alias: 't',
+    type: 'string',
+    description: 'Webhook URL',
+})
+    .parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";AAEA,OAAO,KAAK,MAAM,aAAa,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,aAAa;IAIjB,YAAY,IAAY,EAAE,GAAW,EAAE,KAAa;QAClD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;CACF;AAED,KAAK,UAAU,OAAO,CACpB,MAAc,EACd,MAAc,EACd,MAAqB,EACrB,IAAY;IAEZ,IAAI,aAAqB,CAAC;IAC1B,QAAQ,MAAM,EAAE;QACd,KAAK,KAAK;YACR,aAAa,GAAG,CAAC,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACzD,MAAM;QACR,qBAAqB;QACrB;YACE,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;KACxC;IACD,QAAQ,MAAM,EAAE;QACd,KAAK,SAAS;YACZ,IAAI;gBACF,MAAM,YAAY,CAChB,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,GAAG,EACV,MAAM,CAAC,KAAK,EACZ,aAAa,CACd,CAAC;aACH;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,CAAC,CAAC,CAAC;aACpD;YACD,MAAM;QACR,6BAA6B;QAC7B;YACE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC;AAED,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;KACzB,OAAO,CACN,2CAA2C,EAC3C,kCAAkC;AAClC,gEAAgE;AAChE,GAAG,EAAE,GAAE,CAAC,EACR,KAAK,EAAE,IAAI,EAAE,EAAE;IACb,MAAM,KAAK,GAAG,MAAM,SAAS,CAAU;QACrC,QAAQ,EAAE,IAAI,CAAC,QAAkB;QACjC,YAAY,EAAE,IAAI,CAAC,YAAsB;QACzC,OAAO,EAAE,IAAI,CAAC,GAAa;KAC5B,CAAC,CAAC;IACH,MAAM,OAAO,CACX,IAAI,CAAC,MAAgB,EACrB,IAAI,CAAC,MAAgB,EACrB,IAAI,aAAa,CACf,IAAI,CAAC,WAAqB,EAC1B,IAAI,CAAC,UAAoB,EACzB,cAAc,CACf,EACD,KAAK,CACN,CAAC;AACJ,CAAC,CACF;KACA,OAAO,CACN,6CAA6C,EAC7C,oCAAoC;AACpC,gEAAgE;AAChE,GAAG,EAAE,GAAE,CAAC,EACR,KAAK,EAAE,IAAI,EAAE,EAAE;IACb,MAAM,OAAO,GAAG,MAAM,WAAW,CAAU;QACzC,QAAQ,EAAE,IAAI,CAAC,QAAkB;QACjC,YAAY,EAAE,IAAI,CAAC,YAAsB;QACzC,OAAO,EAAE,IAAI,CAAC,GAAa;KAC5B,CAAC,CAAC;IACH,MAAM,OAAO,CACX,IAAI,CAAC,MAAgB,EACrB,IAAI,CAAC,MAAgB,EACrB,IAAI,aAAa,CACf,IAAI,CAAC,WAAqB,EAC1B,IAAI,CAAC,UAAoB,EACzB,gBAAgB,CACjB,EACD,OAAO,CACR,CAAC;AACJ,CAAC,CACF;KACA,MAAM,CAAC,QAAQ,EAAE;IAChB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,MAAM;IACf,WAAW,EAAE,8BAA8B;CAC5C,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,QAAQ;IACjB,WAAW,EAAE,gBAAgB;CAC9B,CAAC;KACD,MAAM,CAAC,aAAa,EAAE;IACrB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,OAAO;IAChB,WAAW,EAAE,cAAc;CAC5B,CAAC;KACD,MAAM,CAAC,YAAY,EAAE;IACpB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,aAAa;CAC3B,CAAC;KACD,KAAK,EAAE,CAAC"}

package/dist/lib/client.js

@@ -0,0 +1,41 @@
+import { Issuer } from 'openid-client';
+import KcAdminClient from '@keycloak/keycloak-admin-client';
+// Token refresh interval 60 seconds
+const TOKEN_REFRESH = 60;
+export async function createClient(options) {
+    const kcAdminClient = new KcAdminClient({
+        baseUrl: options.rootUrl,
+        realmName: 'master',
+    });
+    try {
+        // client login
+        await kcAdminClient.auth({
+            clientId: options.clientId,
+            clientSecret: options.clientSecret,
+            grantType: 'client_credentials',
+        });
+    }
+    catch (e) {
+        console.error('Check Client Config:', e.response.data.error_description);
+        return Promise.reject();
+    }
+    const keycloakIssuer = await Issuer.discover(`${options.rootUrl}/realms/master`);
+    const client = new keycloakIssuer.Client({
+        client_id: options.clientId,
+        token_endpoint_auth_method: 'none', // to send only client_id in the header
+    });
+    // Use the grant type 'password'
+    const tokenSet = await client.grant({
+        client_id: options.clientId,
+        client_secret: options.clientSecret,
+        grant_type: 'client_credentials',
+    });
+    /*
+    // TODO: FIXME - Periodically using refresh_token grant flow to get new access token here
+    setInterval(async () => {
+      const refreshToken = tokenSet.refresh_token;
+      kcAdminClient.setAccessToken((await client.refresh(refreshToken)).access_token);
+    }, TOKEN_REFRESH * 1000); */
+    return new Promise((resolve) => resolve(kcAdminClient));
+}
+//# sourceMappingURL=client.js.map

package/dist/lib/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../lib/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,aAAa,MAAM,iCAAiC,CAAC;AAE5D,oCAAoC;AACpC,MAAM,aAAa,GAAG,EAAE,CAAC;AAQzB,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAgB;IACjD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;QACtC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE,QAAQ;KACpB,CAAC,CAAC;IAEH,IAAI;QACF,eAAe;QACf,MAAM,aAAa,CAAC,IAAI,CAAC;YACvB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,SAAS,EAAE,oBAAoB;SAChC,CAAC,CAAC;KACJ;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACxE,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;KACzB;IAED,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,QAAQ,CAC1C,GAAG,OAAO,CAAC,OAAO,gBAAgB,CACnC,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC;QACvC,SAAS,EAAE,OAAO,CAAC,QAAQ;QAC3B,0BAA0B,EAAE,MAAM,EAAE,uCAAuC;KAC5E,CAAC,CAAC;IAEH,gCAAgC;IAChC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC;QAClC,SAAS,EAAE,OAAO,CAAC,QAAQ;QAC3B,aAAa,EAAE,OAAO,CAAC,YAAY;QACnC,UAAU,EAAE,oBAAoB;KACjC,CAAC,CAAC;IAEH;;;;;gCAK4B;IAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;AAC1D,CAAC"}