@continuoussecuritytooling/keycloak-reporter 0.7.0 → 0.8.2

package/.github/FUNDING.yml

@@ -1,2 +1,3 @@
 # These are supported funding model platforms
-open_collective: m13t
+open_collective: m13t
+github: ContinuousSecurityTooling

package/.github/workflows/pipeline.yml

@@ -18,6 +18,7 @@ jobs:
         node_version:
           - 18
           - 20
+          - 21
         os:
           - ubuntu-latest
           - macOS-latest
@@ -49,18 +50,18 @@ jobs:
         with:
           version: v3.11.2
 
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.9'
           check-latest: true
 
       - name: Helm Chart Testing
-        uses: helm/chart-testing-action@v2.6.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          changed=$(ct list-changed --target-branch main)
           if [[ -n "$changed" ]]; then
             echo "changed=true" >> "$GITHUB_OUTPUT"
           fi
@@ -73,11 +74,15 @@ jobs:
         if: steps.list-changed.outputs.changed == 'true'
         uses: helm/kind-action@v1.8.0
 
-      - name: Run chart-testing (install)
+      - name: Run chart-testing (install - no further args)
         if: steps.list-changed.outputs.changed == 'true'
-        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.clientId=clientId' --set 'keycloak.config.clientSecret=clientSecret' --set 'keycloak.config.webhookType=test' --set 'keycloak.config.webhookUrl=http://localhost:8888'"
+        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.clientId=clientId' --set 'keycloak.config.clientSecret=clientSecret'"
 
-      - uses: actions/upload-artifact@v3
+      - name: Run chart-testing (install - with args)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "-f charts/keycloak-reporter/ci.values.yaml"
+
+      - uses: actions/upload-artifact@v4
         with:
           name: dist-folder
           path: dist
@@ -89,6 +94,8 @@ jobs:
       matrix:
         node_version:
           - 18
+          - 20
+          - 21
         os:
           - ubuntu-latest
     steps:
@@ -98,7 +105,7 @@ jobs:
         with:
           node-version: '${{ matrix.node_version }}'
       - name: Install Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'temurin' # See 'Supported distributions' for available options
           java-version: '17'
@@ -125,7 +132,7 @@ jobs:
           WEBHOOK_ADDITIONAL_MESSAGE: ${{ github.head_ref || github.ref_name }}
 
   package:
-    name: Build Container Image
+    name: Package Application
     runs-on: ubuntu-latest
     needs:
       - build
@@ -136,7 +143,7 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           # renovate: datasource=docker depName=node
-          node-version: '18'
+          node-version: '20'
       - name: 'Build Package'
         run: |
           npm run clean
@@ -145,10 +152,11 @@ jobs:
       - name: Write version vars
         run: |
           BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"`
-          VERSION=${GITHUB_REF_NAME#v}
-          echo Version: $VERSION
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
-          echo "APP_VERSION=$VERSION" >> $GITHUB_ENV
+          BRANCH=${GITHUB_REF_NAME#v}
+          APP_VERSION=$(cat package.json | grep version| head -1 | awk -F: '{ print $2 }' | sed 's/[",]//g')
+          echo Version: $APP_VERSION
+          echo "VERSION=$APP_VERSION" >> $GITHUB_ENV
+          echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV
           echo "BUILD_DATE=$BUILD_DATE" >> $GITHUB_ENV
 
       - name: Build Container Image
@@ -156,19 +164,28 @@ jobs:
         uses: redhat-actions/buildah-build@v2
         with:
           image: continuoussecuritytooling/keycloak-reporting-cli
-          tags: 'rc_build ${{ github.sha }}'
+          tags: 'latest next ${{env.APP_VERSION}} ${{env.APP_VERSION}}_rc'
           containerfiles: |
             ./Dockerfile
           build-args: |
             BUILD_DATE=${{env.BUILD_DATE}}
             APP_VERSION=${{env.APP_VERSION}}
 
+      - name: Push To NPM Registry
+        id: push-to-npm-tagged
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
+        run: |
+          echo "//registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN" >> ~/.npmrc
+          npm publish
+        if: github.ref_type == 'tag' || github.tag != ''
+
       - name: Push To Docker Hub
         id: push-to-dockerhub-preview
         uses: redhat-actions/push-to-registry@v2
         with:
           image: ${{ steps.build-image.outputs.image }}
-          tags: ${{ steps.build-image.outputs.tags }}
+          tags: 'next ${{env.APP_VERSION}}_rc'
           registry: registry.hub.docker.com
           username: continuoussecuritytooling
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
@@ -179,8 +196,8 @@ jobs:
         uses: redhat-actions/push-to-registry@v2
         with:
           image: ${{ steps.build-image.outputs.image }}
-          tags: latest ${VERSION}
+          tags: 'latest ${{env.APP_VERSION}}'
           registry: registry.hub.docker.com
           username: continuoussecuritytooling
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
-        if: github.ref_type == 'tag'
+        if: github.ref_type == 'tag' || github.tag != ''

package/.github/workflows/release.yml

@@ -26,22 +26,21 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@v3
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.9'
           check-latest: true
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Run chart-testing (lint)
-        run: ct lint --config .ct.yaml 
+        run: ct lint --config .ct.yaml
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.5.0
-        with:
-          charts_dir: charts/
+        uses: helm/chart-releaser-action@v1.6.0
         env:
           CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          CR_GENERATE_RELEASE_NOTES: true
 
       - name: Login to GitHub Container Registry
         run: |
@@ -49,6 +48,7 @@ jobs:
 
       - name: Push Charts to GHCR
         run: |
+          shopt -s nullglob
           for pkg in .cr-release-packages/*; do
             if [ -z "${pkg:-}" ]; then
               break

package/CHANGELOG.md

@@ -1,22 +1,115 @@
-# 0.2.0 (2023-06-02)
+## [0.8.1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.8.0...v0.8.1) (2023-12-15)
 
 
 ### Bug Fixes
 
-* **deps:** update dependency @json2csv/node to v7 ([42934da](https://github.com/ContinuousSecurityTooling/[object Object]/commit/42934da57a546b1a0db324183b3db51c27ff1cc2))
-* **deps:** update dependency @json2csv/node to v7.0.1 ([b0aeb36](https://github.com/ContinuousSecurityTooling/[object Object]/commit/b0aeb366b07a38d8b648b4a0c763bab578db653a))
-* Stick to NodeJS 16 ([595d799](https://github.com/ContinuousSecurityTooling/[object Object]/commit/595d799510e81de885430d7cc62549dd8a272aee))
+* **Config:** Allow env overwrites ([37e07b7](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/37e07b71595b9f52509e207c3ccb9e6d526b6320))
+* **Helm:** Correcting invalid indent ([80f4859](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/80f485946384aedaa6bfce25178f928b3fb1b96a))
+
+
+
+# [0.8.0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.7.2...v0.8.0) (2023-12-14)
+
+### Features
+
+* **Config:** Adding config validation and helm test hook ([c29e945](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/c29e945567b4dfcdc9a10e710efa2b1a8c00f970))
+
+### Bug Fixes
+
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.2 ([2b985d5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2b985d5daa4d271bf4a1219b6df71b16515b4106))
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.3 ([2ed9c0f](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2ed9c0faff14bc7d43b5e739a48e7175c1e74c4c))
+* **deps:** update dependency @json2csv/node to v7.0.4 ([2488240](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2488240525fd1d8c20cf5205be50c069e6ac0cd1))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v23 ([12e4485](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/12e4485a0e4c508cc90fe86d3ab39efb647486ce))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v23.0.1 ([babdf78](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/babdf78ce6b0f2736ce6703cb83338e37066639b))
+* **deps:** update dependency npm to v10.2.4 ([8529acf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8529acf82bf8ea1581c7510783087ba5d8d45dde))
+* **deps:** update dependency npm to v10.2.5 ([52a3c8b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/52a3c8b48cbf0ee0d795aa00a9af36291025ae05))
+
+
+## [0.7.2](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.7.1...v0.7.2) (2023-11-16)
+
+
+### Bug Fixes
+
+* Try to fix release ([ed7ebdf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ed7ebdf6ca9677621d19d8f829f611183602135f))
+
+
+
+## [0.7.1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.7.0...v0.7.1) (2023-11-16)
+
+
+### Bug Fixes
+
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.1 ([4fb7c58](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/4fb7c5801f8d5519d6c7132eabd29976e640cff3))
+* **deps:** update dependency @slack/webhook to v7.0.1 ([1c46ccf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1c46ccf7f9a91c4fc85464ddfe9aea8f8e588801))
+* **deps:** update dependency npm to v10.2.3 ([a42ac5c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/a42ac5c5df195d5e9b15595bb377261f53acca03))
+
+
+### Features
+
+* Using NodeJS 20 as default ([ba468cf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ba468cfa7e17615a38ea5ea7e81c859e1f734f67))
+
+
+
+# [0.7.0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.6.0...v0.7.0) (2023-11-02)
+
+
+
+# [0.6.0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/4c13fa0642d75b8e229091aca052a83fa8c7eb32...v0.6.0) (2023-11-01)
+
+
+### Bug Fixes
+
+* **Build:** ci health workflow network fix and setup JDK ([9878cac](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/9878cacd99b8c7a66c9c2f7e26d9087f48b809fe))
+* **Chart:** Add only non-empty strings to secret ([eef4332](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/eef433203f33a14a322ecb0a46cd2701ef454eec))
+* **Chart:** Correct default values for install ([50e9b5c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/50e9b5ccbaeec2661b16cf2d6d959fc66231f21e))
+* **Config:** Adding proper error handling for missing webhook URL ([1515b3d](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1515b3dde0ec387ec226f8d5fe1ffd4f3a4af00d))
+* **Config:** Correcting handling for auditor endpoint toogle ([d332e13](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/d332e13667e5ff770e2d5dcb1374730dcc896527))
+* **Config:** Let config file overwrite defaults ([2df34a0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2df34a047ef8c2275f8ae4ef0d06209c1619d74e))
+* Correct ref error ([2098b15](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2098b1531e20d2037252f706713e4dd54a620128))
+* Corrected missing variable ([3223ea3](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/3223ea31d33cad3ad7fd8d4b574ed88a737ced81))
+* Corrected renovate config ([af1bd4a](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/af1bd4a6c4c8678d4a4b2ffc97c41b583986f513))
+* **deps:** update dependency @json2csv/node to v7 ([42934da](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/42934da57a546b1a0db324183b3db51c27ff1cc2))
+* **deps:** update dependency @json2csv/node to v7.0.1 ([b0aeb36](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/b0aeb366b07a38d8b648b4a0c763bab578db653a))
+* **deps:** update dependency @json2csv/node to v7.0.2 ([bcca826](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/bcca8267291c79e13dc1bd563d80d59d1d6d0f27))
+* **deps:** update dependency @json2csv/node to v7.0.3 ([e61eaf2](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/e61eaf2b12243cc10903ac6235e03de78e6c4ae7))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v22 ([cf5caac](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/cf5caac67d0a35b56e7c7a16dd5ee815aaf96d6c))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v22.0.4 ([608703c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/608703ce5f7d6c05c76eb88296c19e34eee20137))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v22.0.5 ([e56d8ad](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/e56d8ada3b1b7e3ce0a456190f1d4a549309480c))
+* **deps:** update dependency @slack/webhook to v7 ([87872b5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/87872b5bf56877ace56b49e9b70ace6fd90778a2))
+* **deps:** update dependency npm to v10 ([ff38e4f](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ff38e4faa13b34d7794b9b36f46d11d61fdc90bf))
+* **deps:** update dependency npm to v10.1.0 ([48bf21a](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/48bf21ae8c251993295901f75150580f3b2a9988))
+* **deps:** update dependency npm to v10.2.0 ([203c3f0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/203c3f03a25838e52dea15eefd564490ba137c2f))
+* **deps:** update dependency npm to v10.2.1 ([1544ee5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1544ee58ce2cd0e6f1951d45ce77a4cbaf2b0fac))
+* **deps:** update dependency npm to v9.7.1 ([1eeaf8f](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1eeaf8fc51a643da62d46e0669751f732069ee3d))
+* **deps:** update dependency openid-client to v5.4.3 ([6cc9fba](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/6cc9fba92585393bb50cc586a8a7f994b8a6431c))
+* **deps:** update dependency openid-client to v5.5.0 ([efebce8](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/efebce81d16b95e9407bff874a62c5832bdc826e))
+* **deps:** update dependency openid-client to v5.6.0 ([b9020b8](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/b9020b82786a5f5ead45262b756c09a58ff4eb3a))
+* **deps:** update dependency openid-client to v5.6.1 ([ce75f52](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ce75f527b58f3b3e0de240a0933f3bec79ddd7e1))
+* **deps:** update dependency ramda to v0.29.1 ([015da4c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/015da4c065810d4aeb3d19b3fbc55633f39ba6af))
+* Fix chart deploy ([0f95f78](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/0f95f78cfcb98cac3da5b8c2bdf84c7bca324d57))
+* **Kubernetes:** Adjust helm chart config error ([f074b0e](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/f074b0eca275e8ee07e0dad6096cd64962dcae80))
+* Stick to NodeJS 16 ([595d799](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/595d799510e81de885430d7cc62549dd8a272aee))
+* **Webhooks:** Corrected error handling ([afe2c60](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/afe2c601852ef5564fcaafe6b959475a4271a9ec))
+* **Webhooks:** Correcting webhook additional message handling and improve error handling ([1fe6fdf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1fe6fdf3d93dd746c55ea3009a8414cfe3206d2f))
 
 
 ### Features
 
-* **Config:** Provide config file functionality ([f9097f9](https://github.com/ContinuousSecurityTooling/[object Object]/commit/f9097f966c2dfc5240111e9294742ad3821c36ad))
-* **Config:** Use config file in helm chart ([21e0512](https://github.com/ContinuousSecurityTooling/[object Object]/commit/21e051243df1a3000d2b57f6ee0feab5f6314910))
-* **Helm:** Initial chart version ([401c740](https://github.com/ContinuousSecurityTooling/[object Object]/commit/401c7401b1b34b479bb5a370c9d1077a36f653b0)), closes [#1](https://github.com/ContinuousSecurityTooling/[object Object]/issues/1)
-* **Report:** Adding id to report ([8dbc3d4](https://github.com/ContinuousSecurityTooling/[object Object]/commit/8dbc3d4deacba0a5e1729da93b8d933557ebd45b))
-* **Testing:** Adding end2end testing via keycloak local ([036202f](https://github.com/ContinuousSecurityTooling/[object Object]/commit/036202f47324e8b3e40764fdc3a43a270a2687cf))
-* **Users:** Adding user and client listing functionality ([4c13fa0](https://github.com/ContinuousSecurityTooling/[object Object]/commit/4c13fa0642d75b8e229091aca052a83fa8c7eb32))
-* **Webhooks:** Adding Support for Teams and Slack ([66da168](https://github.com/ContinuousSecurityTooling/[object Object]/commit/66da168d2cd234ebc6dd961cfe62a3c8191c0ccc)), closes [#2](https://github.com/ContinuousSecurityTooling/[object Object]/issues/2)
+* Adding report directory support for archiving ([9347ef1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/9347ef116b8d753b21e66826792865971ce7571d))
+* Allow chart to pass env vars ([37b19b4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/37b19b428a07c373f308aee529a1ff376b87156e))
+* **API:** Use audit endpoint ([8ed489a](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8ed489ae0c3e6b66f8506a6d6b87147e50b9a06c))
+* **Config:** Provide config file functionality ([f9097f9](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/f9097f966c2dfc5240111e9294742ad3821c36ad))
+* **Config:** Use config file in helm chart ([21e0512](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/21e051243df1a3000d2b57f6ee0feab5f6314910))
+* **Helm:** Adding OCI helm chart support ([4b3d433](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/4b3d433e2b94550541b821172c7d270abf2363fa))
+* **Helm:** Initial chart version ([401c740](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/401c7401b1b34b479bb5a370c9d1077a36f653b0)), closes [#1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/issues/1)
+* **OCI:** Use OCI standard labels for container image ([3371f13](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/3371f136f51fa0482c253602b281ed508473ed44))
+* **Report:** Adding id to report ([8dbc3d4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8dbc3d4deacba0a5e1729da93b8d933557ebd45b))
+* **Security:** apt-upgrade in docker image ([3ac8217](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/3ac82179fcdcec5ff72179e1f33f5e0e9c50c45f))
+* **Security:** Hardening deployment with security config ([3d9fdec](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/3d9fdec7174bc5287b7c382d4aec8207051d3a11))
+* **Testing:** Adding end2end testing via keycloak local ([036202f](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/036202f47324e8b3e40764fdc3a43a270a2687cf))
+* **Users:** Adding user and client listing functionality ([4c13fa0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/4c13fa0642d75b8e229091aca052a83fa8c7eb32))
+* **Webhook:** Allow custom text for message ([1707e24](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1707e249c1c9c4c22b1510c767470a2670a4b33b))
+* **Webhooks:** Adding Support for Teams and Slack ([66da168](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/66da168d2cd234ebc6dd961cfe62a3c8191c0ccc)), closes [#2](https://github.com/ContinuousSecurityTooling/keycloak-reporter/issues/2)
 
 
 

package/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18
+FROM node:20
 
 ARG BUILD_DATE
 ARG APP_VERSION

package/README.md

@@ -65,6 +65,9 @@ To install the Helm Chart use the [OCI Package Registry](https://github.com/orgs
 helm install keycloak-reporter oci://ghcr.io/cloudtooling/helm-charts
 ```
 
+>**NOTE**
+>Keep in mind, that you need a client/service account in keycloak with the appropriate rights. You can use this [template](.docs/realm-config.json) to deploy with [keycloak-config-cli](https://github.com/adorsys/keycloak-config-cli) a service account.
+
 ### Config file
 
 You can also provider a config file via env var `CONFIG_FILE` and then just provide the commands, e.g.:
@@ -86,4 +89,4 @@ And for Teams:
 kc-reporter listUsers <Keycloak_Root_URL> <Client_ID> <Client_Secret> --format=json --output=webhook --webhookType=teams --webhookUrl=$WEBHOOK_TESTING_TEAMS
 ```
 the following entry in slack will be created:
-![Team Sample](.docs/webhook-teams-sample.png)
+![Team Sample](.docs/webhook-teams-sample.png)

package/charts/keycloak-reporter/Chart.yaml

@@ -15,14 +15,14 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.0
+version: 1.2.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-# renovate: datasource=github-tags depName=ContinuousSecurityTooling/keycloak-reporter
-appVersion: '0.6.0'
+# renovate: datasource=docker depName=ContinuousSecurityTooling/keycloak-reporter
+appVersion: '0.8.2'
 maintainers:
   # Martin Reinhardt
   - name: hypery2k

package/charts/keycloak-reporter/README.md

@@ -1,6 +1,6 @@
 # keycloak-reporter
 
-![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
+![Version: 1.2.3](https://img.shields.io/badge/Version-1.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square)
 
 Keycloak user and client reporting tool for automated regular access checks.
 

package/charts/keycloak-reporter/ci.values.yaml

@@ -0,0 +1,13 @@
+env:
+  - name: CLIENT_ID
+    value: "clientId"
+  - name: CLIENT_SECRET
+    valueFrom:
+      secretKeyRef:
+        key: clientSecret
+        name: kc-reporter
+keycloak:
+  config:
+    url: http://localhost:8080
+    webhookType: test
+    webhookUrl: http://localhost:8888

package/charts/keycloak-reporter/templates/cronjob.yaml

@@ -18,7 +18,6 @@ spec:
           imagePullSecrets:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-          # automountServiceAccountToken: false # fix KubernetesClustersShouldDisableAutomountingAPICredentialsMonitoringEffect OPA policy
           serviceAccountName: {{ default "default" ($.Values.serviceAccount).name }}
           securityContext:
             {{- toYaml $.Values.podSecurityContext | nindent 12 }}
@@ -28,14 +27,14 @@ spec:
               imagePullPolicy: {{ $.Values.image.pullPolicy }}
               command:
                 - node
-                - /app/cli.js 
+                - /app/cli.js
                 - {{ $config.script }}
               env:
                 - name: CONFIG_FILE
                   value: "/app/config.json"
-              {{- with $.Values.env }}
-              {{- tpl (toYaml .) $  | nindent 12 }}
-              {{- end }}
+                {{- with $.Values.env }}
+                {{- tpl (toYaml .) $  | nindent 16 }}
+                {{- end }}
               {{- if $.Values.resources }}
               resources:
                 {{- toYaml $.Values.resources | nindent 16 }}

package/charts/keycloak-reporter/templates/tests/test-connection.yaml

@@ -0,0 +1,57 @@
+{{- $fullName := include "keycloak-reporter.fullname" . }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ printf "%s-test-connection" $fullName }}
+  annotations:
+    helm.sh/hook: test
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "5"
+spec:
+  containers:
+    - name: config-test
+      image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}"
+      imagePullPolicy: {{ $.Values.image.pullPolicy }}
+      command:
+        - node
+        - /app/cli.js
+        - configTest
+      env:
+        - name: CONFIG_FILE
+          value: "/app/config.json"
+      {{- with $.Values.env }}
+      {{- tpl (toYaml .) $  | nindent 8 }}
+      {{- end }}
+      {{- if $.Values.resources }}
+      resources:
+        {{- toYaml $.Values.resources | nindent 10 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml $.Values.securityContext | nindent 10 }}
+      volumeMounts:
+        - name: config-file
+          mountPath: "/app/config.json"
+          subPath: "config.json"
+          readOnly: true
+        {{- if ($.Values.keycloak.config.volumes).reports }}
+        - name: reports-dir
+          mountPath: "/app/reports"
+        {{- end }}
+    {{- if $.Values.nodeSelector }}
+  nodeSelector:
+    {{ toYaml $.Values.nodeSelector | nindent 4 }}
+  {{- end }}
+  {{- if $.Values.tolerations }}
+  tolerations:
+    {{ toYaml $.Values.tolerations | nindent 4 }}
+  {{- end }}
+  volumes:
+  - name: config-file
+    secret:
+      secretName: {{ $fullName }}
+  {{- if ($.Values.keycloak.config.volumes).reports }}
+  - name: reports-dir
+    persistentVolumeClaim:
+      claimName: {{ $fullName }}-reports
+  {{- end }}
+  restartPolicy: Never

package/cli.ts

@@ -4,7 +4,7 @@ import { writeFileSync } from 'node:fs';
 import path from 'path';
 import yargs from 'yargs/yargs';
 import { hideBin } from 'yargs/helpers';
-import { listUsers, listClients, Options, convertJSON2CSV, post2Webhook } from './index.js';
+import { configTest, listUsers, listClients, Options, convertJSON2CSV, post2Webhook } from './index.js';
 import config from './src/config.js';
 class WebhookConfig {
   type: string;
@@ -102,6 +102,7 @@ async function convert(format: string, output: string, reports: ReportConfig, co
 }
 
 yargs(hideBin(process.argv))
+  .env()
   .command(
     'listUsers [url] [clientId] [clientSecret]',
     'fetches all users in the realms.',
@@ -161,4 +162,11 @@ yargs(hideBin(process.argv))
     default: false,
     description: 'use auditior rest endpoint',
   })
+  .command(
+    'configTest [url] [clientId] [clientSecret]',
+    'validates keycloak configuration by reading data via REST API',
+    // eslint-disable-next-line @typescript-eslint/no-empty-function
+    () => {},
+    async (argv) => configTest(getKeycloakConfig(config, argv)),
+  )
   .parse();

package/dist/cli.js

@@ -0,0 +1,133 @@
+#!/usr/bin/env node
+import { writeFileSync } from 'node:fs';
+import path from 'path';
+import yargs from 'yargs/yargs';
+import { hideBin } from 'yargs/helpers';
+import { configTest, listUsers, listClients, convertJSON2CSV, post2Webhook } from './index.js';
+import config from './src/config.js';
+class WebhookConfig {
+    constructor(type, url, title, message) {
+        this.type = type;
+        this.url = url;
+        this.title = title;
+        this.message = message;
+    }
+}
+class ReportConfig {
+}
+function getKeycloakConfig(config, argv) {
+    return {
+        clientId: config.clientId ? config.clientId : argv.clientId,
+        clientSecret: config.clientSecret ? config.clientSecret : argv.clientSecret,
+        rootUrl: config.url ? config.url : argv.url,
+        useAuditingEndpoint: argv.useAuditingEndpoint == true || config.useAuditingEndpoint.toLowerCase() == 'true',
+    };
+}
+function convertData(config, argv, name, title, json) {
+    convert(config.format ? config.format : argv.format, config.output ? config.output : argv.output, {
+        name,
+        directory: argv.reports ? argv.reports : config.reports,
+    }, new WebhookConfig(config.webhookType ? config.webhookType : argv.webhookType, config.webhookUrl ? config.webhookUrl : argv.webhookUrl, title, config.webhookMessage ? config.webhookMessage : argv.webhookMessage), json);
+}
+async function convert(format, output, reports, config, json) {
+    let outputContent;
+    switch (format) {
+        case 'csv':
+            outputContent = (await convertJSON2CSV(json)).toString();
+            break;
+        // defaulting to JSON
+        default:
+            outputContent = JSON.stringify(json);
+    }
+    if (reports.directory) {
+        const date = new Date();
+        writeFileSync(path.join(`${reports.directory}`, `${reports.name}_${date.getFullYear()}-${date.getMonth() + 1}-${date.getDate()}.${format.toLowerCase()}`), outputContent);
+    }
+    switch (output) {
+        case 'webhook':
+            if (!config.url) {
+                console.error('No valid Webhook URL given');
+                throw new Error('Please provide a valid --webhookUrl parameter');
+            }
+            try {
+                console.log(`Sending report via webhook to ${config.type} ....`);
+                await post2Webhook(config.type, config.url, config.title, outputContent, config.message);
+                console.log('Done sending.');
+            }
+            catch (e) {
+                switch (e.code || e.message) {
+                    case 'Request failed with status code 400':
+                        console.error('Invalid Teams Webhook Payload. Check your params.');
+                        throw new Error('Invalid Teams Payload');
+                    case 'slack_webhook_http_error':
+                        console.error('Invalid Slack Webhook Payload. Check your params.');
+                        throw new Error('Invalid Slack Payload');
+                    default:
+                        console.error(`Error during sending webhook.(${e === null || e === void 0 ? void 0 : e.code})`, e === null || e === void 0 ? void 0 : e.original);
+                        throw e;
+                }
+            }
+            break;
+        // defaulting to standard out
+        default:
+            console.log(outputContent);
+    }
+}
+yargs(hideBin(process.argv))
+    .env()
+    .command('listUsers [url] [clientId] [clientSecret]', 'fetches all users in the realms.', 
+// eslint-disable-next-line @typescript-eslint/no-empty-function
+() => { }, async (argv) => {
+    const users = await listUsers(getKeycloakConfig(config, argv));
+    convertData(config, argv, 'user_listing', 'User Listing', users);
+})
+    .command('listClients [url] [clientId] [clientSecret]', 'fetches all clients in the realms.', 
+// eslint-disable-next-line @typescript-eslint/no-empty-function
+() => { }, async (argv) => {
+    const clients = await listClients(getKeycloakConfig(config, argv));
+    convertData(config, argv, 'client_listing', 'Client Listing', clients);
+})
+    .option('format', {
+    alias: 'f',
+    type: 'string',
+    default: 'json',
+    description: 'output format, e.g. JSON|CSV',
+})
+    .option('output', {
+    alias: 'o',
+    type: 'string',
+    default: 'stdout',
+    description: 'output channel',
+})
+    .option('webhookType', {
+    alias: 'w',
+    type: 'string',
+    default: 'slack',
+    description: 'Webhook Type',
+})
+    .option('webhookMessage', {
+    alias: 'm',
+    type: 'string',
+    description: 'Webhook Message',
+})
+    .option('webhookUrl', {
+    alias: 't',
+    type: 'string',
+    description: 'Webhook URL',
+})
+    .option('reports', {
+    alias: 'r',
+    type: 'string',
+    description: 'Reports directory',
+})
+    .option('useAuditingEndpoint', {
+    alias: 'a',
+    type: 'boolean',
+    default: false,
+    description: 'use auditior rest endpoint',
+})
+    .command('configTest [url] [clientId] [clientSecret]', 'validates keycloak configuration by reading data via REST API', 
+// eslint-disable-next-line @typescript-eslint/no-empty-function
+() => { }, async (argv) => configTest(getKeycloakConfig(config, argv)))
+    .parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,KAAK,MAAM,aAAa,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAW,eAAe,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AACxG,OAAO,MAAM,MAAM,iBAAiB,CAAC;AACrC,MAAM,aAAa;IAKjB,YAAY,IAAY,EAAE,GAAW,EAAE,KAAa,EAAE,OAAgB;QACpE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF;AAED,MAAM,YAAY;CAGjB;AAED,SAAS,iBAAiB,CAAC,MAAM,EAAE,IAAI;IACrC,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,QAAmB;QACvE,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAE,IAAI,CAAC,YAAuB;QACvF,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAE,IAAI,CAAC,GAAc;QACvD,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI,IAAI,MAAM,CAAC,mBAAmB,CAAC,WAAW,EAAE,IAAI,MAAM;KAC5G,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,IAAY,EAAE,KAAa,EAAE,IAAY;IAC1E,OAAO,CACL,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAE,IAAI,CAAC,MAAiB,EACvD,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAE,IAAI,CAAC,MAAiB,EACvD;QACE,IAAI;QACJ,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAE,IAAI,CAAC,OAAkB,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO;KACpE,EACD,IAAI,aAAa,CACf,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAE,IAAI,CAAC,WAAsB,EACtE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAE,IAAI,CAAC,UAAqB,EACnE,KAAK,EACL,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAE,IAAI,CAAC,cAAyB,CAChF,EACD,IAAI,CACL,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,MAAc,EAAE,MAAc,EAAE,OAAqB,EAAE,MAAqB,EAAE,IAAY;IAC/G,IAAI,aAAqB,CAAC;IAC1B,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,KAAK;YACR,aAAa,GAAG,CAAC,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACzD,MAAM;QACR,qBAAqB;QACrB;YACE,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACxB,aAAa,CACX,IAAI,CAAC,IAAI,CACP,GAAG,OAAO,CAAC,SAAS,EAAE,EACtB,GAAG,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,IAAI,MAAM,CAAC,WAAW,EAAE,EAAE,CACzG,EACD,aAAa,CACd,CAAC;IACJ,CAAC;IACD,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,SAAS;YACZ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAChB,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,iCAAiC,MAAM,CAAC,IAAI,OAAO,CAAC,CAAC;gBACjE,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,EAAE,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzF,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAC/B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,QAAQ,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;oBAC5B,KAAK,qCAAqC;wBACxC,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;wBACnE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;oBAC3C,KAAK,0BAA0B;wBAC7B,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;wBACnE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;oBAC3C;wBACE,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI,GAAG,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,QAAQ,CAAC,CAAC;wBACxE,MAAM,CAAC,CAAC;gBACZ,CAAC;YACH,CAAC;YACD,MAAM;QACR,6BAA6B;QAC7B;YACE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;KACzB,GAAG,EAAE;KACL,OAAO,CACN,2CAA2C,EAC3C,kCAAkC;AAClC,gEAAgE;AAChE,GAAG,EAAE,GAAE,CAAC,EACR,KAAK,EAAE,IAAI,EAAE,EAAE;IACb,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;IAC/D,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,cAAc,EAAE,KAAK,CAAC,CAAC;AACnE,CAAC,CACF;KACA,OAAO,CACN,6CAA6C,EAC7C,oCAAoC;AACpC,gEAAgE;AAChE,GAAG,EAAE,GAAE,CAAC,EACR,KAAK,EAAE,IAAI,EAAE,EAAE;IACb,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;IACnE,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;AACzE,CAAC,CACF;KACA,MAAM,CAAC,QAAQ,EAAE;IAChB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,MAAM;IACf,WAAW,EAAE,8BAA8B;CAC5C,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,QAAQ;IACjB,WAAW,EAAE,gBAAgB;CAC9B,CAAC;KACD,MAAM,CAAC,aAAa,EAAE;IACrB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,OAAO;IAChB,WAAW,EAAE,cAAc;CAC5B,CAAC;KACD,MAAM,CAAC,gBAAgB,EAAE;IACxB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,iBAAiB;CAC/B,CAAC;KACD,MAAM,CAAC,YAAY,EAAE;IACpB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,aAAa;CAC3B,CAAC;KACD,MAAM,CAAC,SAAS,EAAE;IACjB,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,mBAAmB;CACjC,CAAC;KACD,MAAM,CAAC,qBAAqB,EAAE;IAC7B,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,KAAK;IACd,WAAW,EAAE,4BAA4B;CAC1C,CAAC;KACD,OAAO,CACN,4CAA4C,EAC5C,+DAA+D;AAC/D,gEAAgE;AAChE,GAAG,EAAE,GAAE,CAAC,EACR,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAC5D;KACA,KAAK,EAAE,CAAC"}

package/dist/config/schema.json

@@ -0,0 +1,70 @@
+{
+  "$id": "https://github.com/ContinuousSecurityTooling/keycloak-reporter/blob/main/config/schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Keycloak Reporter Config",
+  "type": "object",
+  "definitions": {},
+  "required": ["url", "clientId", "clientSecret"],
+  "properties": {
+    "command": {
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": ["listClients", "listUsers"]
+      }
+    },
+    "url": {
+      "type": "string",
+      "description": "Keycloak Server URL"
+    },
+    "clientId": {
+      "type": "string",
+      "description": "Keycloak Client used for reporting"
+    },
+    "clientSecret": {
+      "type": "string",
+      "description": "Keycloak Client Secret used for reporting"
+    },
+    "output": {
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": ["webhook", "stdout"]
+      },
+      "description": "Output channel to use"
+    },
+    "format": {
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": ["json", "csv"]
+      },
+      "description": "Report format"
+    },
+    "webhookType": {
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": ["slack", "teams"]
+      },
+      "description": "Type of webhook"
+    },
+    "webhookMessage": {
+      "type": "string",
+      "description": "Message added to the webhook post"
+    },
+    "webhookUrl": {
+      "type": "string",
+      "description": "URL of the webhook"
+    },
+    "reports": {
+      "type": "string",
+      "description": "Reports directory"
+    },
+    "useAuditingEndpoint": {
+      "type": "boolean",
+      "default": "false",
+      "description": "Enable usage of keycloak reporter auditing endpoint"
+    }
+  }
+}

package/dist/index.js

@@ -0,0 +1,4 @@
+export { configTest, listUsers, listClients } from './src/commands.js';
+export { convertJSON2CSV } from './lib/convert.js';
+export { post2Webhook } from './lib/output.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEvE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/lib/client.js

@@ -0,0 +1,24 @@
+import KcAdminClient from '@keycloak/keycloak-admin-client';
+import { AuditClient } from '@continuoussecuritytooling/keycloak-auditor';
+export async function createClient(options) {
+    const kcAdminClient = options.useAuditingEndpoint
+        ? new AuditClient(options.rootUrl, 'master')
+        : new KcAdminClient({
+            baseUrl: options.rootUrl,
+            realmName: 'master',
+        });
+    try {
+        // client login
+        await kcAdminClient.auth({
+            clientId: options.clientId,
+            clientSecret: options.clientSecret,
+            grantType: 'client_credentials',
+        });
+    }
+    catch (e) {
+        console.error('Check Client Config:', e.response ? e.response.data.error_description : e);
+        return Promise.reject();
+    }
+    return new Promise((resolve) => resolve(kcAdminClient));
+}
+//# sourceMappingURL=client.js.map

package/dist/lib/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../lib/client.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,MAAM,iCAAiC,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,6CAA6C,CAAC;AAS1E,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAgB;IACjD,MAAM,aAAa,GAAG,OAAO,CAAC,mBAAmB;QAC/C,CAAC,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC;QAC5C,CAAC,CAAC,IAAI,aAAa,CAAC;YAChB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;IACP,IAAI,CAAC;QACH,eAAe;QACf,MAAM,aAAa,CAAC,IAAI,CAAC;YACvB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,SAAS,EAAE,oBAAoB;SAChC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1F,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;AAC1D,CAAC"}

package/dist/lib/convert.js

@@ -0,0 +1,9 @@
+import { AsyncParser } from '@json2csv/node';
+export async function convertJSON2CSV(json) {
+    const opts = {};
+    const transformOpts = {};
+    const asyncOpts = {};
+    const parser = new AsyncParser(opts, transformOpts, asyncOpts);
+    return await parser.parse(json).promise();
+}
+//# sourceMappingURL=convert.js.map

package/dist/lib/convert.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"convert.js","sourceRoot":"","sources":["../../lib/convert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAY;IAChD,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,MAAM,aAAa,GAAG,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,EAAE,CAAC;IACrB,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,IAAI,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;IAC/D,OAAO,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;AAC5C,CAAC"}

package/dist/lib/output.js

@@ -0,0 +1,113 @@
+import { IncomingWebhook as TeamsWebhook } from 'ms-teams-webhook';
+import { IncomingWebhook as SlackWebhook } from '@slack/webhook';
+var WebhookType;
+(function (WebhookType) {
+    WebhookType["SLACK"] = "slack";
+    WebhookType["TEAMS"] = "teams";
+})(WebhookType || (WebhookType = {}));
+export async function post2Webhook(type, url, title, reportContent, text) {
+    //const title= 'Keycloak Reporting';
+    const date = new Date();
+    switch (type) {
+        case WebhookType.TEAMS.toString():
+            return new TeamsWebhook(url).send({
+                type: 'message',
+                attachments: [
+                    {
+                        contentType: 'application/vnd.microsoft.card.adaptive',
+                        content: {
+                            $schema: 'https://adaptivecards.io/schemas/adaptive-card.json',
+                            type: 'AdaptiveCard',
+                            version: '1.2',
+                            body: [
+                                {
+                                    type: 'FactSet',
+                                    facts: [
+                                        {
+                                            title: 'Type',
+                                            value: title
+                                        },
+                                        {
+                                            title: 'Date',
+                                            value: `${date.getDate()}-${date.getMonth() + 1}-${date.getFullYear()}`
+                                        }
+                                    ]
+                                },
+                                {
+                                    type: 'TextBlock',
+                                    text: text != null ? text : '',
+                                    wrap: true
+                                }
+                            ],
+                            actions: [
+                                {
+                                    type: 'Action.ShowCard',
+                                    title: 'Show raw report data',
+                                    card: {
+                                        type: 'AdaptiveCard',
+                                        body: [
+                                            {
+                                                type: 'TextBlock',
+                                                text: reportContent,
+                                                wrap: true
+                                            }
+                                        ],
+                                        $schema: 'https://adaptivecards.io/schemas/adaptive-card.json'
+                                    }
+                                }
+                            ]
+                        }
+                    }
+                ]
+            });
+        // defaulting to Slack
+        default:
+            // eslint-disable-next-line no-case-declarations
+            const blockEntries = [
+                {
+                    type: 'section',
+                    fields: [
+                        { type: 'mrkdwn', text: `*Type*: ${title}` },
+                        {
+                            type: 'mrkdwn',
+                            text: `*Date*: ${date.getDate()}-${date.getMonth() + 1}-${date.getFullYear()}`
+                        }
+                    ]
+                },
+                {
+                    type: 'divider'
+                }
+            ];
+            if (text != null) {
+                blockEntries.push({
+                    type: 'context',
+                    elements: [{ type: 'plain_text', text: text }]
+                });
+                blockEntries.push({
+                    type: 'divider'
+                });
+            }
+            blockEntries.push({
+                type: 'context',
+                elements: [
+                    {
+                        type: 'mrkdwn',
+                        text: `
+\`\`\`
+${reportContent}
+\`\`\`
+`
+                    }
+                ]
+            }, {
+                type: 'context',
+                elements: [{ type: 'plain_text', text: 'Raw report data' }]
+            });
+            return new SlackWebhook(url).send({
+                blocks: blockEntries
+            });
+    }
+}
+/*
+ */
+//# sourceMappingURL=output.js.map

package/dist/lib/output.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"output.js","sourceRoot":"","sources":["../../lib/output.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,IAAI,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEnE,OAAO,EAAE,eAAe,IAAI,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEjE,IAAK,WAGJ;AAHD,WAAK,WAAW;IACd,8BAAe,CAAA;IACf,8BAAe,CAAA;AACjB,CAAC,EAHI,WAAW,KAAX,WAAW,QAGf;AAOD,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAAY,EACZ,GAAW,EACX,KAAa,EACb,aAAqB,EACrB,IAAa;IAEb,oCAAoC;IACpC,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IACxB,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE;YAC/B,OAAO,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAChC,IAAI,EAAE,SAAS;gBACf,WAAW,EAAE;oBACX;wBACE,WAAW,EAAE,yCAAyC;wBACtD,OAAO,EAAE;4BACP,OAAO,EAAE,qDAAqD;4BAC9D,IAAI,EAAE,cAAc;4BACpB,OAAO,EAAE,KAAK;4BACd,IAAI,EAAE;gCACJ;oCACE,IAAI,EAAE,SAAS;oCACf,KAAK,EAAE;wCACL;4CACE,KAAK,EAAE,MAAM;4CACb,KAAK,EAAE,KAAK;yCACb;wCACD;4CACE,KAAK,EAAE,MAAM;4CACb,KAAK,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,IACtB,IAAI,CAAC,QAAQ,EAAE,GAAG,CACpB,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE;yCACzB;qCACF;iCACF;gCACD;oCACE,IAAI,EAAE,WAAW;oCACjB,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;oCAC9B,IAAI,EAAE,IAAI;iCACX;6BACF;4BACD,OAAO,EAAE;gCACP;oCACE,IAAI,EAAE,iBAAiB;oCACvB,KAAK,EAAE,sBAAsB;oCAC7B,IAAI,EAAE;wCACJ,IAAI,EAAE,cAAc;wCACpB,IAAI,EAAE;4CACJ;gDACE,IAAI,EAAE,WAAW;gDACjB,IAAI,EAAE,aAAa;gDACnB,IAAI,EAAE,IAAI;6CACX;yCACF;wCACD,OAAO,EACL,qDAAqD;qCACxD;iCACF;6BACF;yBACF;qBACF;iBACF;aACF,CAAC,CAAC;QACL,sBAAsB;QACtB;YACE,gDAAgD;YAChD,MAAM,YAAY,GAA+C;gBAC/D;oBACE,IAAI,EAAE,SAAS;oBACf,MAAM,EAAE;wBACN,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,KAAK,EAAE,EAAE;wBAC5C;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,WAAW,IAAI,CAAC,OAAO,EAAE,IAC7B,IAAI,CAAC,QAAQ,EAAE,GAAG,CACpB,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE;yBACzB;qBACF;iBACF;gBACD;oBACE,IAAI,EAAE,SAAS;iBAChB;aACF,CAAC;YACF,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;gBACjB,YAAY,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,SAAS;oBACf,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;iBAC/C,CAAC,CAAC;gBACH,YAAY,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,SAAS;iBAChB,CAAC,CAAC;YACL,CAAC;YACD,YAAY,CAAC,IAAI,CACf;gBACE,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE;;EAElB,aAAa;;CAEd;qBACY;iBACF;aACF,EACD;gBACE,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;aAC5D,CACF,CAAC;YACF,OAAO,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAChC,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;IACP,CAAC;AACH,CAAC;AAED;GACG"}

package/dist/lib/user.js

@@ -0,0 +1,110 @@
+import KcAdminClient from '@keycloak/keycloak-admin-client';
+export async function clientListing(client) {
+    let allClients = new Array();
+    if (client instanceof KcAdminClient) {
+        const currentRealm = client.realmName;
+        let realms;
+        try {
+            // iterate over realms
+            realms = await client.realms.find();
+        }
+        catch (e) {
+            console.error('Check Client role:', e.response.statusText);
+            return Promise.reject();
+        }
+        for (const realm of realms) {
+            // switch realm
+            client.setConfig({
+                realmName: realm.realm,
+            });
+            const realmClients = new Array();
+            for (const user of await client.clients.find()) {
+                realmClients.push({
+                    client: user.clientId,
+                    id: user.id,
+                    description: user.description,
+                    realm: realm.realm,
+                    enabled: user.enabled,
+                    public: user.publicClient,
+                    allowedOrigins: JSON.stringify(user.webOrigins),
+                });
+            }
+            allClients = [...allClients, ...realmClients];
+        }
+        // switch back to realm
+        client.setConfig({
+            realmName: currentRealm,
+        });
+    }
+    else {
+        const clients = await client.clientListing();
+        for (const user of clients) {
+            allClients.push({
+                client: user.clientId,
+                id: user.id,
+                description: user.description,
+                realm: user.realm,
+                enabled: user.enabled,
+                public: user.publicClient,
+                lastLogin: user.lastLogin,
+                allowedOrigins: JSON.stringify(user.webOrigins),
+            });
+        }
+    }
+    return new Promise((resolve) => resolve(allClients));
+}
+export async function userListing(client) {
+    let allUsers = new Array();
+    if (client instanceof KcAdminClient) {
+        const currentRealm = client.realmName;
+        let realms;
+        // iterate over realms
+        try {
+            realms = await client.realms.find();
+        }
+        catch (e) {
+            console.error('Check Client role:', e.response.statusText);
+            return Promise.reject();
+        }
+        for (const realm of realms) {
+            // switch realm
+            client.setConfig({
+                realmName: realm.realm,
+            });
+            const realmUsers = new Array();
+            for (const user of await client.users.find()) {
+                realmUsers.push({
+                    username: user.username,
+                    id: user.id,
+                    firstName: user.firstName,
+                    lastName: user.lastName,
+                    email: user.email,
+                    realm: realm.realm,
+                    enabled: user.enabled,
+                });
+            }
+            allUsers = [...allUsers, ...realmUsers];
+        }
+        // switch back to realm
+        client.setConfig({
+            realmName: currentRealm,
+        });
+    }
+    else {
+        const users = await client.userListing();
+        for (const user of users) {
+            allUsers.push({
+                username: user.username,
+                id: user.id,
+                firstName: user.firstName,
+                lastName: user.lastName,
+                email: user.email,
+                realm: user.realm,
+                lastLogin: user.lastLogin,
+                enabled: user.enabled,
+            });
+        }
+    }
+    return new Promise((resolve) => resolve(allUsers));
+}
+//# sourceMappingURL=user.js.map

package/dist/lib/user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.js","sourceRoot":"","sources":["../../lib/user.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,MAAM,iCAAiC,CAAC;AA2B5D,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAmC;IAEnC,IAAI,UAAU,GAAG,IAAI,KAAK,EAAwC,CAAC;IACnE,IAAI,MAAM,YAAY,aAAa,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC;QACtC,IAAI,MAAM,CAAC;QACX,IAAI,CAAC;YACH,sBAAsB;YACtB,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,eAAe;YACf,MAAM,CAAC,SAAS,CAAC;gBACf,SAAS,EAAE,KAAK,CAAC,KAAK;aACvB,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,KAAK,EAAU,CAAC;YACzC,KAAK,MAAM,IAAI,IAAI,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBAC/C,YAAY,CAAC,IAAI,CAAC;oBAChB,MAAM,EAAE,IAAI,CAAC,QAAQ;oBACrB,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,MAAM,EAAE,IAAI,CAAC,YAAY;oBACzB,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC;iBAChD,CAAC,CAAC;YACL,CAAC;YACD,UAAU,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,YAAY,CAAC,CAAC;QAChD,CAAC;QACD,uBAAuB;QACvB,MAAM,CAAC,SAAS,CAAC;YACf,SAAS,EAAE,YAAY;SACxB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,EAAE,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,UAAU,CAAC,IAAI,CAAC;gBACd,MAAM,EAAE,IAAI,CAAC,QAAQ;gBACrB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,YAAY;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAmC;IAEnC,IAAI,QAAQ,GAAG,IAAI,KAAK,EAAoC,CAAC;IAC7D,IAAI,MAAM,YAAY,aAAa,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC;QACtC,IAAI,MAAM,CAAC;QACX,sBAAsB;QACtB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,eAAe;YACf,MAAM,CAAC,SAAS,CAAC;gBACf,SAAS,EAAE,KAAK,CAAC,KAAK;aACvB,CAAC,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,KAAK,EAAQ,CAAC;YACrC,KAAK,MAAM,IAAI,IAAI,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;gBAC7C,UAAU,CAAC,IAAI,CAAC;oBACd,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC,CAAC;YACL,CAAC;YACD,QAAQ,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,UAAU,CAAC,CAAC;QAC1C,CAAC;QACD,uBAAuB;QACvB,MAAM,CAAC,SAAS,CAAC;YACf,SAAS,EAAE,YAAY;SACxB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;QACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,OAAO,EAAE,IAAI,CAAC,OAAO;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;AACrD,CAAC"}

package/dist/src/commands.js

@@ -0,0 +1,30 @@
+import { createClient } from '../lib/client.js';
+import { userListing, clientListing } from '../lib/user.js';
+function kcClient(options) {
+    return createClient({
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+        rootUrl: options.rootUrl,
+        useAuditingEndpoint: options.useAuditingEndpoint,
+    });
+}
+export async function listUsers(options) {
+    const users = await userListing(await kcClient(options));
+    return new Promise((resolve) => resolve(users));
+}
+export async function listClients(options) {
+    const clients = await clientListing(await kcClient(options));
+    return new Promise((resolve) => resolve(clients));
+}
+/* eslint-disable @typescript-eslint/no-explicit-any */
+export async function configTest(options) {
+    try {
+        await userListing(await kcClient(options));
+        console.log(`Connection to ${options.rootUrl} was successfull`);
+    }
+    catch (e) {
+        console.error(`Connection to ${options.rootUrl} was not: successfull`, e.response);
+        return Promise.reject(e.response.statusText);
+    }
+}
+//# sourceMappingURL=commands.js.map

package/dist/src/commands.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commands.js","sourceRoot":"","sources":["../../src/commands.ts"],"names":[],"mappings":"AAMA,OAAO,EAAW,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAQ,WAAW,EAAE,aAAa,EAAU,MAAM,gBAAgB,CAAC;AAE1E,SAAS,QAAQ,CAAC,OAAgB;IAChC,OAAO,YAAY,CAAC;QAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;KACjD,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAAgB;IAC9C,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAAgB;IAChD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;AACpD,CAAC;AACD,uDAAuD;AACvD,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAgB;IAC/C,IAAI,CAAC;QACH,MAAM,WAAW,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,iBAAiB,OAAO,CAAC,OAAO,kBAAkB,CAAC,CAAC;IAClE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,iBAAiB,OAAO,CAAC,OAAO,uBAAuB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACnF,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC"}

package/dist/src/config.js

@@ -0,0 +1,48 @@
+import { assoc, pick, mergeAll, mergeDeepRight } from 'ramda';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import fs from 'fs';
+const schema = JSON.parse(fs.readFileSync(fileURLToPath(path.join(import.meta.url, '../../config/schema.json')), 'utf8'));
+// import the config file
+function buildConfigFromFile(filePath) {
+    if (!filePath)
+        return {};
+    const isAbsolutePath = filePath.charAt(0) === '/';
+    return JSON.parse(isAbsolutePath
+        ? fs.readFileSync(filePath, 'utf8')
+        : fs.readFileSync(fileURLToPath(path.join(import.meta.url, '../config', filePath)), 'utf8'));
+}
+// build an object using the defaults in the schema
+function buildDefaults(schema, definitions) {
+    return Object.keys(schema.properties).reduce((acc, prop) => {
+        let spec = schema.properties[prop];
+        if (spec.$ref) {
+            spec = definitions[spec.$ref.replace('#/definitions/', '')];
+            if (spec && spec.type === 'object') {
+                return assoc(prop, buildDefaults(spec, definitions), acc);
+            }
+        }
+        return assoc(prop, spec.default, acc);
+    }, {});
+}
+// build an object of config values taken from process.env
+function buildEnvironmentVariablesConfig(schema) {
+    const trueRx = /^true$/i;
+    const configKeys = Object.keys(schema.properties);
+    const env = pick(configKeys, process.env);
+    return Object.keys(env).reduce((acc, key) => {
+        const { type } = schema.properties[key];
+        switch (type) {
+            case 'integer':
+                return assoc(key, parseInt(env[key], 10), acc);
+            case 'boolean':
+                return assoc(key, trueRx.test(env[key]), acc);
+            default:
+                return assoc(key, env[key], acc);
+        }
+    }, {});
+}
+// merge the environment variables, config file values, and defaults
+const config = mergeAll(mergeDeepRight(buildDefaults(schema, schema.definitions), buildConfigFromFile(process.env.CONFIG_FILE)), buildEnvironmentVariablesConfig(schema));
+export default config;
+//# sourceMappingURL=config.js.map

package/dist/src/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AAC9D,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,0BAA0B,CAAC,CAAC,EAAE,MAAM,CAAC,CAC/F,CAAC;AAEF,yBAAyB;AACzB,SAAS,mBAAmB,CAAC,QAAQ;IACnC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;IAClD,OAAO,IAAI,CAAC,KAAK,CACf,cAAc;QACZ,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC;QACnC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAC9F,CAAC;AACJ,CAAC;AACD,mDAAmD;AACnD,SAAS,aAAa,CAAC,MAAM,EAAE,WAAW;IACxC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACzD,IAAI,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC;YAC5D,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED,0DAA0D;AAC1D,SAAS,+BAA+B,CAAC,MAAM;IAC7C,MAAM,MAAM,GAAG,SAAS,CAAC;IACzB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC1C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,SAAS;gBACZ,OAAO,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;YACjD,KAAK,SAAS;gBACZ,OAAO,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YAChD;gBACE,OAAO,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED,oEAAoE;AACpE,MAAM,MAAM,GAAG,QAAQ,CACrB,cAAc,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EACvG,+BAA+B,CAAC,MAAM,CAAC,CACxC,CAAC;AAEF,eAAe,MAAM,CAAC"}

package/e2e/spec/clients.js

@@ -21,7 +21,7 @@ test('Should list clients as JSON', { timeout: 3000 }, (t) => {
     }
   );
   cli.stdout.on('data', (chunk) => {
-    console.log(chunk.toString())
+    console.log('Response', JSON.parse(chunk.toString()));
     t.equal(JSON.parse(chunk.toString()).length, 24);
     t.end();
   });

package/e2e/spec/config.js

@@ -19,7 +19,7 @@ test('Should use config file', { timeout: 3000 }, (t) => {
     }
   );
   cli.stdout.on('data', (chunk) => {
-    console.log(chunk.toString())
+    console.log('Response', JSON.parse(chunk.toString()));
     t.equal(JSON.parse(chunk.toString()).length, 24);
     t.end();
   });
@@ -27,3 +27,27 @@ test('Should use config file', { timeout: 3000 }, (t) => {
     t.fail(msg)
   });
 });
+
+test('Should validate config', { timeout: 3000 }, (t) => {
+  const cli = spawn(
+    path.join(path.dirname('.'), 'node'),
+    [
+      'dist/cli.js',
+      'configTest'
+    ],
+    {
+      env: {
+        CONFIG_FILE: process.cwd() + '/e2e/fixtures/config.json',
+        ...process.env,
+      },
+    }
+  );
+  cli.stdout.on('data', (chunk) => {
+    console.log(chunk.toString())
+    t.equal(chunk.toString(), 'Connection to http://localhost:8080 was successfull\n');
+    t.end();
+  });
+  cli.stderr.on('data', (msg) => {
+    t.fail(msg)
+  });
+});

package/e2e/spec/users.js

@@ -21,7 +21,7 @@ test('Should list users as JSON', { timeout: 3000 }, (t) => {
     }
   );
   cli.stdout.on('data', (chunk) => {
-    console.log(chunk.toString())
+    console.log('Response', JSON.parse(chunk.toString()));
     t.equal(JSON.parse(chunk.toString()).length, 3);
     t.end();
   });

package/index.ts

@@ -1,4 +1,4 @@
-export { listUsers, listClients } from './src/commands.js';
+export { configTest, listUsers, listClients } from './src/commands.js';
 export { Options } from './lib/client.js';
 export { convertJSON2CSV } from './lib/convert.js';
-export { post2Webhook } from './lib/output.js';
+export { post2Webhook } from './lib/output.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@continuoussecuritytooling/keycloak-reporter",
-  "version": "0.7.0",
+  "version": "0.8.2",
   "description": "Reporting Tools for Keycloak",
   "main": "dist/index.js",
   "bin": {
@@ -27,7 +27,7 @@
   "dependencies": {
     "@continuoussecuritytooling/keycloak-auditor": "^1.1.0",
     "@json2csv/node": "^7.0.0",
-    "@keycloak/keycloak-admin-client": "^22.0.0",
+    "@keycloak/keycloak-admin-client": "^23.0.0",
     "@slack/webhook": "^7.0.0",
     "ajv": "^8.12.0",
     "install": "^0.13.0",

package/src/commands.ts

@@ -25,3 +25,13 @@ export async function listClients(options: Options): Promise<Array<Client | Audi
   const clients = await clientListing(await kcClient(options));
   return new Promise((resolve) => resolve(clients));
 }
+/* eslint-disable @typescript-eslint/no-explicit-any */
+export async function configTest(options: Options): Promise<any> {
+  try {
+    await userListing(await kcClient(options));
+    console.log(`Connection to ${options.rootUrl} was successfull`);
+  } catch (e) {
+    console.error(`Connection to ${options.rootUrl} was not: successfull`, e.response);
+    return Promise.reject(e.response.statusText);
+  }
+}

package/src/config.ts

@@ -48,6 +48,7 @@ function buildEnvironmentVariablesConfig(schema) {
     }
   }, {});
 }
+
 // merge the environment variables, config file values, and defaults
 const config = mergeAll(
   mergeDeepRight(buildDefaults(schema, schema.definitions), buildConfigFromFile(process.env.CONFIG_FILE)),