@continuoussecuritytooling/keycloak-reporter 0.4.0 → 0.5.1

package/.bin/wait-for-server.sh

@@ -7,6 +7,7 @@ until $(curl --output /dev/null --silent --head --fail http://localhost:8080/rea
     sleep 5
     if [[ "$counter" -gt 24 ]]; then
         printf "Keycloak server failed to start. Timeout!"
+        curl --head --fail http://localhost:8080/realms/master/.well-known/openid-configuration
         exit 1
     fi
     counter=$((counter + 1))

package/.ct.yaml

@@ -2,5 +2,5 @@ chart-dirs:
   - charts/keycloak-reporter/
 debug: true
 target-branch: main
-check-version-increment: true
+check-version-increment: false
 validate-maintainers: false

package/.eslintrc.cjs

@@ -2,13 +2,13 @@
 module.exports = {
   env: {
     node: true,
-    commonjs: true,
+    commonjs: true
   },
   extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended'],
   parser: '@typescript-eslint/parser',
   plugins: ['@typescript-eslint'],
   root: true,
   rules: {
-    quotes: [2, 'single', { avoidEscape: true }],
-  },
+    quotes: [2, 'single', { avoidEscape: true }]
+  }
 };

package/.github/CONTRIBUTING.md

@@ -3,10 +3,10 @@
 We'd love for you to contribute to our source code and to make this package even better than it is
 today! Here are the guidelines we'd like you to follow:
 
- - [Issues and Bugs](#issue)
- - [Feature Requests](#feature)
- - [Coding Rules](#rules)
- - [Commit Message Guidelines](#commit)
+- [ Found an Issue?](#-found-an-issue)
+- [ Want a Feature?](#-want-a-feature)
+- [ Coding Rules](#-coding-rules)
+- [ Git Commit Guidelines](#-git-commit-guidelines)
 
 ## <a name="issue"></a> Found an Issue?
 
@@ -17,7 +17,7 @@ with a fix. But first search if the issue is already described!
 If not create a new issue:
 
 * Tell about your environment:
-  * java version
+  * NodeJS version
   * used platform and version
 * Describe your issue
   * describe your steps leading to the issue

package/.github/workflows/pipeline.yml

@@ -1,17 +1,19 @@
 name: Build
 
 on:
+  pull_request:
   merge_group:
   push:
+    branches:
+      - develop
 
 jobs:
   build:
-    name: "Build and Test on Node ${{ matrix.node_version }} and ${{ matrix.os }}"
-    runs-on: "${{ matrix.os }}"
+    name: 'Build and Test on Node ${{ matrix.node_version }} and ${{ matrix.os }}'
+    runs-on: '${{ matrix.os }}'
     strategy:
       matrix:
         node_version:
-          - 16
           - 18
           - 20
         os:
@@ -20,10 +22,10 @@ jobs:
           - windows-latest
     steps:
       - uses: actions/checkout@v4
-      - name: "Use Node.js ${{ matrix.node_version }}"
+      - name: 'Use Node.js ${{ matrix.node_version }}'
         uses: actions/setup-node@v3
         with:
-          node-version: "${{ matrix.node_version }}"
+          node-version: '${{ matrix.node_version }}'
       - name: npm build and test
         run: |
           npm run clean
@@ -31,7 +33,7 @@ jobs:
           npm run test
 
   chart:
-    name: "Build and Test Helm Chart"
+    name: 'Build and Test Helm Chart'
     runs-on: ubuntu-latest
 
     steps:
@@ -63,7 +65,7 @@ jobs:
 
       - name: Run chart-testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --check-version-increment false
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
 
       - name: Create kind cluster
         if: steps.list-changed.outputs.changed == 'true'
@@ -79,30 +81,31 @@ jobs:
           path: dist
 
   end2end:
-    name: "End2End Test on Node ${{ matrix.node_version }} and ${{ matrix.os }}"
-    runs-on: "${{ matrix.os }}"
-    needs:
-      - build
-      - chart
+    name: 'End2End Test on Node ${{ matrix.node_version }} and ${{ matrix.os }}'
+    runs-on: '${{ matrix.os }}'
     strategy:
       matrix:
         node_version:
-          - 16
-          # TODO: Support Node 16+
-          #- 18
-          #- 20
+          - 18
         os:
           - ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: "Use Node.js ${{ matrix.node_version }}"
+      - name: 'Use Node.js ${{ matrix.node_version }}'
         uses: actions/setup-node@v3
         with:
-          node-version: "${{ matrix.node_version }}"
+          node-version: '${{ matrix.node_version }}'
+      - name: Install Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin' # See 'Supported distributions' for available options
+          java-version: '17'
       - name: npm build and test
         run: |
           npm run clean
           npm run build
+      - name: Tune GitHub-hosted runner network
+        uses: smorimoto/tune-github-hosted-runner-network@v1
 
       - name: Start Keycloak server
         run: npm run end2end:start-server &
@@ -111,23 +114,28 @@ jobs:
         run: .bin/wait-for-server.sh
 
       - name: Run end2end tests
-        run: npm run end2end:test
+        run: |
+          env
+          npm run end2end:test
         env:
           WEBHOOK_TESTING_TEAMS: ${{ secrets.WEBHOOK_TESTING_TEAMS }}
           WEBHOOK_TESTING_SLACK: ${{ secrets.WEBHOOK_TESTING_SLACK }}
+          WEBHOOK_ADDITIONAL_MESSAGE: ${{ github.head_ref || github.ref_name }}
 
   package:
     name: Build Container Image
     runs-on: ubuntu-latest
     needs:
+      - build
+      - chart
       - end2end
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v3
-      # TODO: Support Node 16+
+        # TODO: Support Node 16+
         with:
-          node-version: "16"
-      - name: "Build Package"
+          node-version: '16'
+      - name: 'Build Package'
         run: |
           npm run clean
           npm run build
@@ -136,7 +144,7 @@ jobs:
         uses: redhat-actions/buildah-build@v2
         with:
           image: continuoussecuritytooling/keycloak-reporting-cli
-          tags: "v1 ${{ github.sha }}"
+          tags: 'v1 ${{ github.sha }}'
           containerfiles: |
             ./Dockerfile
       - name: Push To Docker Hub

package/.github/workflows/release.yml

@@ -25,13 +25,33 @@ jobs:
 
       - name: Install Helm
         uses: azure/setup-helm@v3
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.4.0
 
       - name: Run chart-testing (lint)
-        run: ct lint --target-branch
+        run: ct lint --config .ct.yaml 
 
       - name: Run chart-releaser
         uses: helm/chart-releaser-action@v1.5.0
         with:
-            charts_dir: charts/
+          charts_dir: charts/
         env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+
+      - name: Login to GitHub Container Registry
+        run: |
+          echo ${{ secrets.CT_OCI_GITHUB_TOKEN }} | helm registry login ghcr.io -u $ --password-stdin
+
+      - name: Push Charts to GHCR
+        run: |
+          for pkg in .cr-release-packages/*; do
+            if [ -z "${pkg:-}" ]; then
+              break
+            fi
+            helm push "${pkg}" oci://ghcr.io/cloudtooling/helm-charts
+          done

package/.prettierrc

@@ -0,0 +1,6 @@
+{
+  "semi": true,
+  "trailingComma": "none",
+  "singleQuote": true,
+  "printWidth": 80
+}

package/Dockerfile

@@ -1,4 +1,6 @@
-FROM node:16
+FROM node:18
+
+LABEL org.opencontainers.image.source https://github.com/ContinuousSecurityTooling/keycloak-reporter
 
 ENV CONFIG_FILE=/app/config.json
 
@@ -6,6 +8,6 @@ COPY dist/ docker_entrypoint.sh package.json /app
 
 WORKDIR /app
 
-RUN cd /app &&  npm i
+RUN cd /app && npm i
 
 ENTRYPOINT ["/app/docker_entrypoint.sh"]

package/README.md

@@ -3,9 +3,8 @@
 
 [![License](https://img.shields.io/github/license/ContinuousSecurityTooling/keycloak-reporter.svg)](LICENSE)
 [![CI](https://github.com/ContinuousSecurityTooling/keycloak-reporter/actions/workflows/pipeline.yml/badge.svg)](https://github.com/ContinuousSecurityTooling/keycloak-reporter/actions/workflows/pipeline.yml)
-[![npm version](https://badge.fury.io/js/%40ContinuousSecurityTooling%2Fkeycloak-reporter.svg)](https://www.npmjs.com/package/@continuoussecuritytooling/keycloak-reporter)
-[![npm downloads](https://img.shields.io/npm/dm/%40ContinuousSecurityTooling%2Fkeycloak-reporter.svg)](https://www.npmjs.com/package/@continuoussecuritytooling/keycloak-reporter)
-[![npm downloads](https://img.shields.io/npm/dt/%40ContinuousSecurityTooling%2Fkeycloak-reporter.svg)](https://www.npmjs.com/package/@continuoussecuritytooling/keycloak-reporter)
+[![npm version](https://badge.fury.io/js/@continuoussecuritytooling%2Fkeycloak-reporter.svg)](https://www.npmjs.com/package/@continuoussecuritytooling/keycloak-reporter)
+[![npm downloads](https://img.shields.io/npm/dm/@continuoussecuritytooling%2Fkeycloak-reporter.svg)](https://www.npmjs.com/package/@continuoussecuritytooling/keycloak-reporter)
 [![Docker Stars](https://img.shields.io/docker/stars/continuoussecuritytooling/keycloak-reporting-cli.svg)](https://hub.docker.com/r/continuoussecuritytooling/keycloak-reporting-cli/)
 [![Known Vulnerabilities](https://snyk.io/test/github/ContinuousSecurityTooling/keycloak-reporter/badge.svg)](https://snyk.io/test/github/ContinuousSecurityTooling/keycloak-reporter)
 
@@ -57,13 +56,13 @@ Valid commands are:
 
 ## Advanced
 
-
 ### Helm
-~
 
-helm repo add cloud-tooling https://cloudtooling.github.io/helm-charts/
+To install the Helm Chart use the OCI Package:
 
-cloud-tooling/keycloak-reporter
+```
+helm install keycloak-reporter oci://cloudtooling/helm-charts
+```
 
 ### Config file
 

package/charts/keycloak-reporter/Chart.yaml

@@ -15,13 +15,14 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.1
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.0"
+# renovate: datasource=github-tags depName=ContinuousSecurityTooling/keycloak-reporter
+appVersion: "0.5.0"
 maintainers:
   # Martin Reinhardt
   - name: hypery2k

package/charts/keycloak-reporter/README.md

@@ -1,6 +1,6 @@
 # keycloak-reporter
 
-![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square)
+![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square)
 
 A Helm chart for Kubernetes
 
@@ -31,7 +31,7 @@ A Helm chart for Kubernetes
 | keycloak.config.clientSecret | string | `""` |  |
 | keycloak.config.output | string | `"webhook"` |  |
 | keycloak.config.url | string | `""` |  |
-| keycloak.config.webhookMessage | string | `""` |  |
+| keycloak.config.webhookMessage | string | `""` | optional message for the webhook post |
 | keycloak.config.webhookType | string | `""` |  |
 | keycloak.config.webhookUrl | string | `""` |  |
 | keycloak.volumes.reports | string | `""` |  |

package/charts/keycloak-reporter/templates/_helpers.tpl

@@ -60,3 +60,24 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "keycloak-reporter.cronJobs" }}
+{{- $cronJobs := list -}}
+{{- if .Values.cronjobs.users }}
+{{- $userCron := dict "name" "users" "script" "listUsers" "schedule" .Values.cronjobs.users }}
+{{-   $cronJobs = printf "%s" $userCron . | append $cronJobs -}}
+{{- end }}
+{{- if .Values.cronjobs.clients }}
+{{- $clientCron := dict "name" "users" "script" "listClients" "schedule" .Values.cronjobs.clients }}
+{{-   $cronJobs = printf "%s" $clientCron . | append $cronJobs -}}
+{{- end }}
+{{ join "," $cronJobs }}
+{{- end }}
+
+
+

package/charts/keycloak-reporter/templates/cronjob.yaml

@@ -1,5 +1,5 @@
-{{- $fullName := include "keycloak-reporter.fullname" . -}}
-{{- range .Values.cronjobs }}
+{{- $fullName := include "keycloak-reporter.fullname" . }}
+{{- range include "keycloak-reporter.cronJobs" $ | split "," }}
 apiVersion: batch/v1
 kind: CronJob
 metadata:
@@ -25,7 +25,8 @@ spec:
               command:
                 - /bin/sh
                 - -c
-                - {{ .script }}
+                - |
+                  node /app/cli.js {{ .script }}
               env:
                 - name: CONFIG_FILE
                   value: "/app/config.json"
@@ -35,6 +36,7 @@ spec:
               volumeMounts:
                 - name: config-file
                   mountPath: "/app/config.json"
+                  subPath: "config.json"
                   readOnly: true
                 {{- if ($.Values.keycloak.config.volumes).reports }}
                 - name: reports-dir

package/charts/keycloak-reporter/values.yaml

@@ -8,7 +8,7 @@ image:
   repository: continuoussecuritytooling/keycloak-reporting-cli
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
+  #tag: "latest"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -46,17 +46,14 @@ keycloak:
     output: "webhook"
     webhookType: ""
     webhookUrl: ""
+    # -- optional message for the webhook post
     webhookMessage: ""
   volumes:
     reports: ""
 
 cronjobs:
-  - name: clients
-    script: /app/index.js listClients
-    schedule: 0 0 1 */3 *
-  - name: users
-    script: /app/index.js listUsers
-    schedule: 0 0 1 */3 *
+  clients: "0 0 1 */3 *"
+  users: "0 0 1 */3 *"
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious

package/cli.ts

@@ -9,11 +9,10 @@ import {
   listClients,
   Options,
   convertJSON2CSV,
-  post2Webhook,
+  post2Webhook
 } from './index.js';
 import config from './src/config.js';
 
-
 class WebhookConfig {
   type: string;
   url: string;
@@ -50,7 +49,15 @@ async function convert(
   }
   if (reports.directory) {
     const date = new Date();
-    writeFileSync(path.join(`${reports.directory}`,`${reports.name}_${date.getFullYear()}-${date.getMonth() + 1}-${date.getDate()}.${format.toLowerCase()}`), outputContent);
+    writeFileSync(
+      path.join(
+        `${reports.directory}`,
+        `${reports.name}_${date.getFullYear()}-${
+          date.getMonth() + 1
+        }-${date.getDate()}.${format.toLowerCase()}`
+      ),
+      outputContent
+    );
   }
   switch (output) {
     case 'webhook':
@@ -60,11 +67,23 @@ async function convert(
           config.url,
           config.title,
           outputContent,
-          config.message,
+          config.message
         );
       } catch (e) {
-        console.error('Error during sending webhook: ', e);
-        throw e;
+        switch (e.code || e.message) {
+          case 'Request failed with status code 400':
+            console.error('Invalid Teams Webhook Payload. Check your params.');
+            throw new Error('Invalid Teams Payload');
+          case 'slack_webhook_http_error':
+            console.error('Invalid Slack Webhook Payload. Check your params.');
+            throw new Error('Invalid Slack Payload');
+          default:
+            console.error(
+              `Error during sending webhook.(${e?.code})`,
+              e?.original
+            );
+            throw e;
+        }
       }
       break;
     // defaulting to standard out
@@ -81,22 +100,28 @@ yargs(hideBin(process.argv))
     () => {},
     async (argv) => {
       const users = await listUsers(<Options>{
-        clientId: argv.clientId ? argv.clientId as string: config.clientId,
-        clientSecret: argv.clientSecret ? argv.clientSecret as string: config.clientSecret,
-        rootUrl:argv.url ? argv.url as string: config.url,
+        clientId: config.clientId ? config.clientId : (argv.clientId as string),
+        clientSecret: config.clientSecret
+          ? config.clientSecret
+          : (argv.clientSecret as string),
+        rootUrl: config.url ? config.url : (argv.url as string)
       });
       await convert(
-        argv.format as string,
-        argv.output as string,
+        config.format ? config.format : (argv.format as string),
+        config.output ? config.output : (argv.output as string),
         {
           name: 'user_listing',
-          directory: argv.reports as string,
+          directory: argv.reports ? (argv.reports as string) : config.reports
         },
         new WebhookConfig(
-          argv.webhookType as string,
-          argv.webhookUrl as string,
+          config.webhookType
+            ? config.webhookType
+            : (argv.webhookType as string),
+          config.webhookUrl ? config.webhookUrl : (argv.webhookUrl as string),
           'User Listing',
-          argv.webhookMessage ? argv.webhookMessage as string: config.webhookMessage
+          config.webhookMessage
+            ? config.webhookMessage
+            : (argv.webhookMessage as string)
         ),
         users
       );
@@ -109,22 +134,28 @@ yargs(hideBin(process.argv))
     () => {},
     async (argv) => {
       const clients = await listClients(<Options>{
-        clientId: argv.clientId ? argv.clientId as string: config.clientId,
-        clientSecret: argv.clientSecret ? argv.clientSecret as string: config.clientSecret,
-        rootUrl:argv.url ? argv.url as string: config.url,
+        clientId: config.clientId ? config.clientId : (argv.clientId as string),
+        clientSecret: config.clientSecret
+          ? config.clientSecret
+          : (argv.clientSecret as string),
+        rootUrl: config.url ? config.url : (argv.url as string)
       });
       await convert(
-        argv.format as string,
-        argv.output as string,
+        config.format ? config.format : (argv.format as string),
+        config.output ? config.output : (argv.output as string),
         {
           name: 'client_listing',
-          directory: argv.reports as string,
+          directory: argv.reports ? (argv.reports as string) : config.reports
         },
         new WebhookConfig(
-          argv.webhookType as string,
-          argv.webhookUrl as string,
+          config.webhookType
+            ? config.webhookType
+            : (argv.webhookType as string),
+          config.webhookUrl ? config.webhookUrl : (argv.webhookUrl as string),
           'Client Listing',
-          argv.webhookMessage ? argv.webhookMessage as string: config.webhookMessage
+          config.webhookMessage
+            ? config.webhookMessage
+            : (argv.webhookMessage as string)
         ),
         clients
       );
@@ -134,33 +165,33 @@ yargs(hideBin(process.argv))
     alias: 'f',
     type: 'string',
     default: 'json',
-    description: 'output format, e.g. JSON|CSV',
+    description: 'output format, e.g. JSON|CSV'
   })
   .option('output', {
     alias: 'o',
     type: 'string',
     default: 'stdout',
-    description: 'output channel',
+    description: 'output channel'
   })
   .option('webhookType', {
     alias: 'w',
     type: 'string',
     default: 'slack',
-    description: 'Webhook Type',
+    description: 'Webhook Type'
   })
   .option('webhookMessage', {
     alias: 'm',
     type: 'string',
-    description: 'Webhook Message',
+    description: 'Webhook Message'
   })
   .option('webhookUrl', {
     alias: 't',
     type: 'string',
-    description: 'Webhook URL',
+    description: 'Webhook URL'
   })
   .option('reports', {
     alias: 'r',
     type: 'string',
-    description: 'Reports directory',
+    description: 'Reports directory'
   })
   .parse();

package/config.json

@@ -0,0 +1,9 @@
+{ 
+    "url": "https://id.m13t.de",
+    "clientId": "admin-cli",
+    "clientSecret": "PWkJ98Atq36QFP5Z25YXJDWs4tvsGvkI",
+    "output": "webhook",
+    "webhookType": "teams",
+    "webhookUrl": "https://m13t4mgmt.webhook.office.com/webhookb2/02950819-c8ca-4c83-9751-808d801e8810@09f6f098-3af9-474c-a398-d17786fff1bf/IncomingWebhook/b06222e267a04255aaa32a341acb1749/a4f92b5b-01c7-40a8-91ff-0695e08d76ff",
+    "webhookMessage": "TEST"
+}