@continuoussecuritytooling/keycloak-reporter 0.6.0 → 0.8.0

package/dist/lib/user.js

@@ -1,75 +1,110 @@
+import KcAdminClient from '@keycloak/keycloak-admin-client';
 export async function clientListing(client) {
-    const currentRealm = client.realmName;
-    let realms;
-    try {
-        // iterate over realms
-        realms = await client.realms.find();
-    }
-    catch (e) {
-        console.error('Check Client role:', e.response.statusText);
-        return Promise.reject();
-    }
     let allClients = new Array();
-    for (const realm of realms) {
-        // switch realm
+    if (client instanceof KcAdminClient) {
+        const currentRealm = client.realmName;
+        let realms;
+        try {
+            // iterate over realms
+            realms = await client.realms.find();
+        }
+        catch (e) {
+            console.error('Check Client role:', e.response.statusText);
+            return Promise.reject();
+        }
+        for (const realm of realms) {
+            // switch realm
+            client.setConfig({
+                realmName: realm.realm,
+            });
+            const realmClients = new Array();
+            for (const user of await client.clients.find()) {
+                realmClients.push({
+                    client: user.clientId,
+                    id: user.id,
+                    description: user.description,
+                    realm: realm.realm,
+                    enabled: user.enabled,
+                    public: user.publicClient,
+                    allowedOrigins: JSON.stringify(user.webOrigins),
+                });
+            }
+            allClients = [...allClients, ...realmClients];
+        }
+        // switch back to realm
         client.setConfig({
-            realmName: realm.realm,
+            realmName: currentRealm,
         });
-        const realmClients = new Array();
-        for (const user of await client.clients.find()) {
-            realmClients.push({
+    }
+    else {
+        const clients = await client.clientListing();
+        for (const user of clients) {
+            allClients.push({
                 client: user.clientId,
                 id: user.id,
                 description: user.description,
-                realm: realm.realm,
+                realm: user.realm,
                 enabled: user.enabled,
                 public: user.publicClient,
+                lastLogin: user.lastLogin,
                 allowedOrigins: JSON.stringify(user.webOrigins),
             });
         }
-        allClients = [...allClients, ...realmClients];
     }
-    // switch back to realm
-    client.setConfig({
-        realmName: currentRealm,
-    });
     return new Promise((resolve) => resolve(allClients));
 }
 export async function userListing(client) {
-    const currentRealm = client.realmName;
-    let realms;
-    // iterate over realms
-    try {
-        realms = await client.realms.find();
-    }
-    catch (e) {
-        console.error('Check Client role:', e.response.statusText);
-        return Promise.reject();
-    }
     let allUsers = new Array();
-    for (const realm of realms) {
-        // switch realm
+    if (client instanceof KcAdminClient) {
+        const currentRealm = client.realmName;
+        let realms;
+        // iterate over realms
+        try {
+            realms = await client.realms.find();
+        }
+        catch (e) {
+            console.error('Check Client role:', e.response.statusText);
+            return Promise.reject();
+        }
+        for (const realm of realms) {
+            // switch realm
+            client.setConfig({
+                realmName: realm.realm,
+            });
+            const realmUsers = new Array();
+            for (const user of await client.users.find()) {
+                realmUsers.push({
+                    username: user.username,
+                    id: user.id,
+                    firstName: user.firstName,
+                    lastName: user.lastName,
+                    email: user.email,
+                    realm: realm.realm,
+                    enabled: user.enabled,
+                });
+            }
+            allUsers = [...allUsers, ...realmUsers];
+        }
+        // switch back to realm
         client.setConfig({
-            realmName: realm.realm,
+            realmName: currentRealm,
         });
-        const realmUsers = new Array();
-        for (const user of await client.users.find()) {
-            realmUsers.push({
+    }
+    else {
+        const users = await client.userListing();
+        for (const user of users) {
+            allUsers.push({
                 username: user.username,
                 id: user.id,
                 firstName: user.firstName,
                 lastName: user.lastName,
                 email: user.email,
-                realm: realm.realm,
+                realm: user.realm,
+                lastLogin: user.lastLogin,
                 enabled: user.enabled,
             });
         }
-        allUsers = [...allUsers, ...realmUsers];
     }
-    // switch back to realm
-    client.setConfig({
-        realmName: currentRealm,
-    });
     return new Promise((resolve) => resolve(allUsers));
 }
 //# sourceMappingURL=user.js.map

package/dist/lib/user.js.map

@@ -1 +1 @@
-{"version":3,"file":"user.js","sourceRoot":"","sources":["../../lib/user.ts"],"names":[],"mappings":"AAsBA,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAqB;IAErB,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC;IACtC,IAAI,MAAM,CAAC;IACX,IAAI;QACF,sBAAsB;QACtB,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;KACrC;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC3D,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;KACzB;IACD,IAAI,UAAU,GAAG,IAAI,KAAK,EAAU,CAAC;IACrC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;QAC1B,eAAe;QACf,MAAM,CAAC,SAAS,CAAC;YACf,SAAS,EAAE,KAAK,CAAC,KAAK;SACvB,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,KAAK,EAAU,CAAC;QACzC,KAAK,MAAM,IAAI,IAAI,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE;YAC9C,YAAY,CAAC,IAAI,CAAC;gBAChB,MAAM,EAAE,IAAI,CAAC,QAAQ;gBACrB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,YAAY;gBACzB,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC;aAChD,CAAC,CAAC;SACJ;QACD,UAAU,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,YAAY,CAAC,CAAC;KAC/C;IACD,uBAAuB;IACvB,MAAM,CAAC,SAAS,CAAC;QACf,SAAS,EAAE,YAAY;KACxB,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAqB;IACrD,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC;IACtC,IAAI,MAAM,CAAC;IACX,sBAAsB;IACtB,IAAI;QACF,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;KACrC;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC3D,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;KACzB;IACD,IAAI,QAAQ,GAAG,IAAI,KAAK,EAAQ,CAAC;IACjC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;QAC1B,eAAe;QACf,MAAM,CAAC,SAAS,CAAC;YACf,SAAS,EAAE,KAAK,CAAC,KAAK;SACvB,CAAC,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,KAAK,EAAQ,CAAC;QACrC,KAAK,MAAM,IAAI,IAAI,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE;YAC5C,UAAU,CAAC,IAAI,CAAC;gBACd,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;aACtB,CAAC,CAAC;SACJ;QACD,QAAQ,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,UAAU,CAAC,CAAC;KACzC;IACD,uBAAuB;IACvB,MAAM,CAAC,SAAS,CAAC;QACf,SAAS,EAAE,YAAY;KACxB,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;AACrD,CAAC"}
+{"version":3,"file":"user.js","sourceRoot":"","sources":["../../lib/user.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,MAAM,iCAAiC,CAAC;AA2B5D,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAmC;IAEnC,IAAI,UAAU,GAAG,IAAI,KAAK,EAAwC,CAAC;IACnE,IAAI,MAAM,YAAY,aAAa,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC;QACtC,IAAI,MAAM,CAAC;QACX,IAAI,CAAC;YACH,sBAAsB;YACtB,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,eAAe;YACf,MAAM,CAAC,SAAS,CAAC;gBACf,SAAS,EAAE,KAAK,CAAC,KAAK;aACvB,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,KAAK,EAAU,CAAC;YACzC,KAAK,MAAM,IAAI,IAAI,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBAC/C,YAAY,CAAC,IAAI,CAAC;oBAChB,MAAM,EAAE,IAAI,CAAC,QAAQ;oBACrB,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,MAAM,EAAE,IAAI,CAAC,YAAY;oBACzB,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC;iBAChD,CAAC,CAAC;YACL,CAAC;YACD,UAAU,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,YAAY,CAAC,CAAC;QAChD,CAAC;QACD,uBAAuB;QACvB,MAAM,CAAC,SAAS,CAAC;YACf,SAAS,EAAE,YAAY;SACxB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,EAAE,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,UAAU,CAAC,IAAI,CAAC;gBACd,MAAM,EAAE,IAAI,CAAC,QAAQ;gBACrB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,YAAY;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAmC;IAEnC,IAAI,QAAQ,GAAG,IAAI,KAAK,EAAoC,CAAC;IAC7D,IAAI,MAAM,YAAY,aAAa,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC;QACtC,IAAI,MAAM,CAAC;QACX,sBAAsB;QACtB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,eAAe;YACf,MAAM,CAAC,SAAS,CAAC;gBACf,SAAS,EAAE,KAAK,CAAC,KAAK;aACvB,CAAC,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,KAAK,EAAQ,CAAC;YACrC,KAAK,MAAM,IAAI,IAAI,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;gBAC7C,UAAU,CAAC,IAAI,CAAC;oBACd,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC,CAAC;YACL,CAAC;YACD,QAAQ,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,UAAU,CAAC,CAAC;QAC1C,CAAC;QACD,uBAAuB;QACvB,MAAM,CAAC,SAAS,CAAC;YACf,SAAS,EAAE,YAAY;SACxB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;QACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,OAAO,EAAE,IAAI,CAAC,OAAO;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;AACrD,CAAC"}

package/dist/src/commands.js

@@ -0,0 +1,30 @@
+import { createClient } from '../lib/client.js';
+import { userListing, clientListing } from '../lib/user.js';
+function kcClient(options) {
+    return createClient({
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+        rootUrl: options.rootUrl,
+        useAuditingEndpoint: options.useAuditingEndpoint,
+    });
+}
+export async function listUsers(options) {
+    const users = await userListing(await kcClient(options));
+    return new Promise((resolve) => resolve(users));
+}
+export async function listClients(options) {
+    const clients = await clientListing(await kcClient(options));
+    return new Promise((resolve) => resolve(clients));
+}
+/* eslint-disable @typescript-eslint/no-explicit-any */
+export async function configTest(options) {
+    try {
+        await userListing(await kcClient(options));
+        console.log(`Connection to ${options.rootUrl} was successfull`);
+    }
+    catch (e) {
+        console.error(`Connection to ${options.rootUrl} was not: successfull`, e.response);
+        return Promise.reject(e.response.statusText);
+    }
+}
+//# sourceMappingURL=commands.js.map

package/dist/src/commands.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commands.js","sourceRoot":"","sources":["../../src/commands.ts"],"names":[],"mappings":"AAMA,OAAO,EAAW,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAQ,WAAW,EAAE,aAAa,EAAU,MAAM,gBAAgB,CAAC;AAE1E,SAAS,QAAQ,CAAC,OAAgB;IAChC,OAAO,YAAY,CAAC;QAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;KACjD,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAAgB;IAC9C,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAAgB;IAChD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;AACpD,CAAC;AACD,uDAAuD;AACvD,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAgB;IAC/C,IAAI,CAAC;QACH,MAAM,WAAW,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,iBAAiB,OAAO,CAAC,OAAO,kBAAkB,CAAC,CAAC;IAClE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,iBAAiB,OAAO,CAAC,OAAO,uBAAuB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACnF,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC"}

package/dist/src/config.js

@@ -1,11 +1,8 @@
 import { assoc, pick, mergeAll, mergeDeepRight } from 'ramda';
-import Ajv from 'ajv';
 import path from 'path';
 import { fileURLToPath } from 'url';
 import fs from 'fs';
 const schema = JSON.parse(fs.readFileSync(fileURLToPath(path.join(import.meta.url, '../../config/schema.json')), 'utf8'));
-const ajv = new Ajv.default();
-const ajvValidate = ajv.compile(schema);
 // import the config file
 function buildConfigFromFile(filePath) {
     if (!filePath)
@@ -45,12 +42,6 @@ function buildEnvironmentVariablesConfig(schema) {
         }
     }, {});
 }
-function validate(data) {
-    const valid = ajvValidate(data);
-    if (valid)
-        return true;
-    throw new Error(ajv.errorsText());
-}
 // merge the environment variables, config file values, and defaults
 const config = mergeAll(mergeDeepRight(buildDefaults(schema, schema.definitions), buildConfigFromFile(process.env.CONFIG_FILE)), buildEnvironmentVariablesConfig(schema));
 export default config;

package/dist/src/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AAC9D,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,0BAA0B,CAAC,CAAC,EAAE,MAAM,CAAC,CAC/F,CAAC;AAEF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;AAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;AAExC,yBAAyB;AACzB,SAAS,mBAAmB,CAAC,QAAQ;IACnC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;IAClD,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc;QAC9B,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC;QACnC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AACjG,CAAC;AACD,mDAAmD;AACnD,SAAS,aAAa,CAAC,MAAM,EAAE,WAAW;IACxC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACzD,IAAI,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,IAAI,EAAE;YACb,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC;YAC5D,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE;gBAClC,OAAO,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3D;SACF;QACD,OAAO,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED,0DAA0D;AAC1D,SAAS,+BAA+B,CAAC,MAAM;IAC7C,MAAM,MAAM,GAAG,SAAS,CAAC;IACzB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC1C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxC,QAAQ,IAAI,EAAE;YACZ,KAAK,SAAS;gBACZ,OAAO,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;YACjD,KAAK,SAAS;gBACZ,OAAO,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YAChD;gBACE,OAAO,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;SACpC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED,SAAS,QAAQ,CAAC,IAAI;IACpB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,KAAK;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,oEAAoE;AACpE,MAAM,MAAM,GAAG,QAAQ,CACrB,cAAc,CACZ,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,EACzC,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAC7C,EACD,+BAA+B,CAAC,MAAM,CAAC,CACxC,CAAC;AAEF,eAAe,MAAM,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AAC9D,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,0BAA0B,CAAC,CAAC,EAAE,MAAM,CAAC,CAC/F,CAAC;AAEF,yBAAyB;AACzB,SAAS,mBAAmB,CAAC,QAAQ;IACnC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;IAClD,OAAO,IAAI,CAAC,KAAK,CACf,cAAc;QACZ,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC;QACnC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAC9F,CAAC;AACJ,CAAC;AACD,mDAAmD;AACnD,SAAS,aAAa,CAAC,MAAM,EAAE,WAAW;IACxC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACzD,IAAI,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC;YAC5D,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED,0DAA0D;AAC1D,SAAS,+BAA+B,CAAC,MAAM;IAC7C,MAAM,MAAM,GAAG,SAAS,CAAC;IACzB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC1C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,SAAS;gBACZ,OAAO,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;YACjD,KAAK,SAAS;gBACZ,OAAO,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YAChD;gBACE,OAAO,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED,oEAAoE;AACpE,MAAM,MAAM,GAAG,QAAQ,CACrB,cAAc,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EACvG,+BAA+B,CAAC,MAAM,CAAC,CACxC,CAAC;AAEF,eAAe,MAAM,CAAC"}

package/e2e/spec/clients.js

@@ -21,7 +21,7 @@ test('Should list clients as JSON', { timeout: 3000 }, (t) => {
     }
   );
   cli.stdout.on('data', (chunk) => {
-    console.log(chunk.toString())
+    console.log('Response', JSON.parse(chunk.toString()));
     t.equal(JSON.parse(chunk.toString()).length, 24);
     t.end();
   });

package/e2e/spec/config.js

@@ -19,7 +19,7 @@ test('Should use config file', { timeout: 3000 }, (t) => {
     }
   );
   cli.stdout.on('data', (chunk) => {
-    console.log(chunk.toString())
+    console.log('Response', JSON.parse(chunk.toString()));
     t.equal(JSON.parse(chunk.toString()).length, 24);
     t.end();
   });
@@ -27,3 +27,27 @@ test('Should use config file', { timeout: 3000 }, (t) => {
     t.fail(msg)
   });
 });
+
+test('Should validate config', { timeout: 3000 }, (t) => {
+  const cli = spawn(
+    path.join(path.dirname('.'), 'node'),
+    [
+      'dist/cli.js',
+      'configTest'
+    ],
+    {
+      env: {
+        CONFIG_FILE: process.cwd() + '/e2e/fixtures/config.json',
+        ...process.env,
+      },
+    }
+  );
+  cli.stdout.on('data', (chunk) => {
+    console.log(chunk.toString())
+    t.equal(chunk.toString(), 'Connection to http://localhost:8080 was successfull\n');
+    t.end();
+  });
+  cli.stderr.on('data', (msg) => {
+    t.fail(msg)
+  });
+});

package/e2e/spec/users.js

@@ -21,7 +21,7 @@ test('Should list users as JSON', { timeout: 3000 }, (t) => {
     }
   );
   cli.stdout.on('data', (chunk) => {
-    console.log(chunk.toString())
+    console.log('Response', JSON.parse(chunk.toString()));
     t.equal(JSON.parse(chunk.toString()).length, 3);
     t.end();
   });

package/index.ts

@@ -1,4 +1,4 @@
-export { listUsers, listClients } from './src/cli.js';
+export { configTest, listUsers, listClients } from './src/commands.js';
 export { Options } from './lib/client.js';
 export { convertJSON2CSV } from './lib/convert.js';
-export { post2Webhook } from './lib/output.js';
+export { post2Webhook } from './lib/output.js';

package/lib/client.ts

@@ -1,21 +1,20 @@
-import { Issuer } from 'openid-client';
 import KcAdminClient from '@keycloak/keycloak-admin-client';
-
-// Token refresh interval 60 seconds
-const TOKEN_REFRESH = 60;
+import { AuditClient } from '@continuoussecuritytooling/keycloak-auditor';
 
 export interface Options {
   clientId: string;
   clientSecret: string;
   rootUrl: string;
+  useAuditingEndpoint: boolean;
 }
 
-export async function createClient(options: Options): Promise<KcAdminClient> {
-  const kcAdminClient = new KcAdminClient({
-    baseUrl: options.rootUrl,
-    realmName: 'master',
-  });
-
+export async function createClient(options: Options): Promise<KcAdminClient | AuditClient> {
+  const kcAdminClient = options.useAuditingEndpoint
+    ? new AuditClient(options.rootUrl, 'master')
+    : new KcAdminClient({
+        baseUrl: options.rootUrl,
+        realmName: 'master',
+      });
   try {
     // client login
     await kcAdminClient.auth({
@@ -24,35 +23,9 @@ export async function createClient(options: Options): Promise<KcAdminClient> {
       grantType: 'client_credentials',
     });
   } catch (e) {
-    console.error(
-      'Check Client Config:',
-      e.response ? e.response.data.error_description : e
-    );
+    console.error('Check Client Config:', e.response ? e.response.data.error_description : e);
     return Promise.reject();
   }
 
-  const keycloakIssuer = await Issuer.discover(
-    `${options.rootUrl}/realms/master`
-  );
-
-  const client = new keycloakIssuer.Client({
-    client_id: options.clientId,
-    token_endpoint_auth_method: 'none', // to send only client_id in the header
-  });
-
-  // Use the grant type 'password'
-  const tokenSet = await client.grant({
-    client_id: options.clientId,
-    client_secret: options.clientSecret,
-    grant_type: 'client_credentials',
-  });
-
-  /*
-  // TODO: FIXME - Periodically using refresh_token grant flow to get new access token here
-  setInterval(async () => {
-    const refreshToken = tokenSet.refresh_token;
-    kcAdminClient.setAccessToken((await client.refresh(refreshToken)).access_token);
-  }, TOKEN_REFRESH * 1000); */
-
   return new Promise((resolve) => resolve(kcAdminClient));
 }

package/lib/output.ts

@@ -29,7 +29,7 @@ export async function post2Webhook(
           {
             contentType: 'application/vnd.microsoft.card.adaptive',
             content: {
-              $schema: 'http://adaptivecards.io/schemas/adaptive-card.json',
+              $schema: 'https://adaptivecards.io/schemas/adaptive-card.json',
               type: 'AdaptiveCard',
               version: '1.2',
               body: [
@@ -68,7 +68,7 @@ export async function post2Webhook(
                       }
                     ],
                     $schema:
-                      'http://adaptivecards.io/schemas/adaptive-card.json'
+                      'https://adaptivecards.io/schemas/adaptive-card.json'
                   }
                 }
               ]

package/lib/user.ts

@@ -1,4 +1,9 @@
 import KcAdminClient from '@keycloak/keycloak-admin-client';
+import {
+  AuditClient,
+  AuditedClientRepresentation,
+  AuditedUserRepresentation,
+} from '@continuoussecuritytooling/keycloak-auditor';
 
 export interface User {
   username: string;
@@ -21,79 +26,111 @@ export interface Client {
 }
 
 export async function clientListing(
-  client: KcAdminClient
-): Promise<Array<Client>> {
-  const currentRealm = client.realmName;
-  let realms;
-  try {
-    // iterate over realms
-    realms = await client.realms.find();
-  } catch (e) {
-    console.error('Check Client role:', e.response.statusText);
-    return Promise.reject();
-  }
-  let allClients = new Array<Client>();
-  for (const realm of realms) {
-    // switch realm
+  client: KcAdminClient | AuditClient
+): Promise<Array<Client | AuditedClientRepresentation>> {
+  let allClients = new Array<Client | AuditedClientRepresentation>();
+  if (client instanceof KcAdminClient) {
+    const currentRealm = client.realmName;
+    let realms;
+    try {
+      // iterate over realms
+      realms = await client.realms.find();
+    } catch (e) {
+      console.error('Check Client role:', e.response.statusText);
+      return Promise.reject();
+    }
+    for (const realm of realms) {
+      // switch realm
+      client.setConfig({
+        realmName: realm.realm,
+      });
+      const realmClients = new Array<Client>();
+      for (const user of await client.clients.find()) {
+        realmClients.push({
+          client: user.clientId,
+          id: user.id,
+          description: user.description,
+          realm: realm.realm,
+          enabled: user.enabled,
+          public: user.publicClient,
+          allowedOrigins: JSON.stringify(user.webOrigins),
+        });
+      }
+      allClients = [...allClients, ...realmClients];
+    }
+    // switch back to realm
     client.setConfig({
-      realmName: realm.realm,
+      realmName: currentRealm,
     });
-    const realmClients = new Array<Client>();
-    for (const user of await client.clients.find()) {
-      realmClients.push({
+  } else {
+    const clients = await client.clientListing();
+    for (const user of clients) {
+      allClients.push({
         client: user.clientId,
         id: user.id,
         description: user.description,
-        realm: realm.realm,
+        realm: user.realm,
         enabled: user.enabled,
         public: user.publicClient,
+        lastLogin: user.lastLogin,
         allowedOrigins: JSON.stringify(user.webOrigins),
       });
     }
-    allClients = [...allClients, ...realmClients];
   }
-  // switch back to realm
-  client.setConfig({
-    realmName: currentRealm,
-  });
-
   return new Promise((resolve) => resolve(allClients));
 }
 
-export async function userListing(client: KcAdminClient): Promise<Array<User>> {
-  const currentRealm = client.realmName;
-  let realms;
-  // iterate over realms
-  try {
-    realms = await client.realms.find();
-  } catch (e) {
-    console.error('Check Client role:', e.response.statusText);
-    return Promise.reject();
-  }
-  let allUsers = new Array<User>();
-  for (const realm of realms) {
-    // switch realm
+export async function userListing(
+  client: KcAdminClient | AuditClient
+): Promise<Array<User | AuditedUserRepresentation>> {
+  let allUsers = new Array<User | AuditedUserRepresentation>();
+  if (client instanceof KcAdminClient) {
+    const currentRealm = client.realmName;
+    let realms;
+    // iterate over realms
+    try {
+      realms = await client.realms.find();
+    } catch (e) {
+      console.error('Check Client role:', e.response.statusText);
+      return Promise.reject();
+    }
+    for (const realm of realms) {
+      // switch realm
+      client.setConfig({
+        realmName: realm.realm,
+      });
+      const realmUsers = new Array<User>();
+      for (const user of await client.users.find()) {
+        realmUsers.push({
+          username: user.username,
+          id: user.id,
+          firstName: user.firstName,
+          lastName: user.lastName,
+          email: user.email,
+          realm: realm.realm,
+          enabled: user.enabled,
+        });
+      }
+      allUsers = [...allUsers, ...realmUsers];
+    }
+    // switch back to realm
     client.setConfig({
-      realmName: realm.realm,
+      realmName: currentRealm,
     });
-    const realmUsers = new Array<User>();
-    for (const user of await client.users.find()) {
-      realmUsers.push({
+  } else {
+    const users = await client.userListing();
+    for (const user of users) {
+      allUsers.push({
         username: user.username,
         id: user.id,
         firstName: user.firstName,
         lastName: user.lastName,
         email: user.email,
-        realm: realm.realm,
+        realm: user.realm,
+        lastLogin: user.lastLogin,
         enabled: user.enabled,
       });
     }
-    allUsers = [...allUsers, ...realmUsers];
   }
-  // switch back to realm
-  client.setConfig({
-    realmName: currentRealm,
-  });
-
   return new Promise((resolve) => resolve(allUsers));
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@continuoussecuritytooling/keycloak-reporter",
-  "version": "0.6.0",
+  "version": "0.8.0",
   "description": "Reporting Tools for Keycloak",
   "main": "dist/index.js",
   "bin": {
@@ -25,8 +25,9 @@
   },
   "homepage": "https://github.com/ContinuousSecurityTooling/keycloak-reporter#readme",
   "dependencies": {
+    "@continuoussecuritytooling/keycloak-auditor": "^1.1.0",
     "@json2csv/node": "^7.0.0",
-    "@keycloak/keycloak-admin-client": "^22.0.0",
+    "@keycloak/keycloak-admin-client": "^23.0.0",
     "@slack/webhook": "^7.0.0",
     "ajv": "^8.12.0",
     "install": "^0.13.0",
@@ -41,8 +42,8 @@
     "@types/jest": "^29.5.1",
     "@types/node": "^20.1.5",
     "@types/yargs": "^17.0.24",
-    "@typescript-eslint/eslint-plugin": "^5.59.6",
-    "@typescript-eslint/parser": "^5.59.6",
+    "@typescript-eslint/eslint-plugin": "^6.0.0",
+    "@typescript-eslint/parser": "^6.0.0",
     "eslint": "^8.40.0",
     "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-prettier": "^5.0.0",

package/renovate.json

@@ -1,6 +1,9 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["config:base", ":rebaseStalePrs"],
+  "labels": ["dependencies"],
+  "extends": ["config:base", ":dependencyDashboard", ":rebaseStalePrs"],
+  "automergeSchedule": ["after 5am and before 5pm every weekday"],
+  "separateMinorPatch": true,
   "platformAutomerge": true,
   "packageRules": [
     {
@@ -12,12 +15,16 @@
   ],
   "regexManagers": [
     {
-      "description": "Update version entries in YAML files",
-      "fileMatch": [".*y[a]?ml$"],
+      "description": "Update image variables in YAML files",
+      "fileMatch": ["\\.y[a]?ml$", "\\.y[a]?ml\\.tpl$"],
       "matchStrings": [
-        "# renovate: datasource=(?<datasource>[a-z-]+?)(?: lookupName=(?<lookupName>.+?))?(?: versioning=(?<versioning>[a-z-]+?))?\\sRUN install-[a-z]+? (?<depName>[a-z-]+?) (?<currentValue>.+?)\\s"
+        "# renovate: datasource=(?<datasource>[a-z-]+?) depName=(?<depName>[^\\s]+?)(?: (lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?\\s.+?_version: (?<currentValue>.+?)\\s",
+        "# renovate: datasource=(?<datasource>[a-z-]+?) depName=(?<depName>[^\\s]+?)(?: (lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?\\s.+?-version: (?<currentValue>.+?)\\s",
+        "# renovate: datasource=(?<datasource>[a-z-]+?) depName=(?<depName>[^\\s]+?)(?: (lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?\\simage: (?<currentValue>.+?)\\s",
+        "# renovate: datasource=(?<datasource>[a-z-]+?) depName=(?<depName>.+?) versioning=(?<versioning>.+?)\\s\\s*image: (?<currentValue>.*)",
+        "# renovate: datasource=(?<datasource>[a-z-]+?) depName=(?<depName>.+?) \\s\\s*image: (?<currentValue>.*)"
       ],
-      "versioningTemplate": "{{#if versioning}}{{versioning}}{{else}}semver{{/if}}"
+      "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^v?(?<version>.+)${{/if}}"
     }
   ],
   "prHourlyLimit": 10