Merge pull request #2 from vymalo/features/rabbitmq-webhook

Add rabbitmq listener client config

Author: stephane-segning

.github/workflows/releases.yml

@@ -55,4 +55,4 @@ jobs:
           prerelease: false
           allowUpdates: true
           bodyFile: CHANGELOG.md
-          tag: v0.1.0
+          tag: v0.2.0

CHANGELOG.md

@@ -1,9 +1,6 @@
 # Changelog
 
-## v0.1.0
+## v0.2.0
 
-- Used Gradle because of performance, used the latest version (8) at time of writing this
-- Developed a plugin using Kotlin, OpenApi with Kotlin generator
-- A keycloak plugin to handle sending requests on new events
-- Used shadow to filter required dependencies for the final jar (hence the second jar ending in `-all`)
-- Setup Github Ci
+- Added RabbitMQ client
+- Use Gson as Serialization lib for http

Dev.Dockerfile

@@ -2,7 +2,7 @@ ARG TAG=21.0.2
 
 FROM quay.io/keycloak/keycloak:${TAG}
 
-ENV WEBHOOK_PLUGIN_VERSION 0.1.0
+ENV WEBHOOK_PLUGIN_VERSION 0.2.0
 
 ENV KEYCLOAK_DIR /opt/keycloak
 ENV KC_PROXY edge

Dockerfile

@@ -1,5 +1,5 @@
 ARG TAG=21.0.2
-ARG PLUGIN_VERSION=0.1.0
+ARG PLUGIN_VERSION=0.2.0
 
 FROM curlimages/curl AS DOWNLOADER
 

README.md

@@ -4,8 +4,19 @@ This plugin call a webhook whenever an event is created from within Keycloak.
 
 
 ## Configuration
+- `WEBHOOK_EVENTS_TAKEN (optional)` is the list of events created from Keycloak, that are listened by the plugin. Example: `"LOGIN,REGISTER,LOGOUT"`. If not specified, will take all.
 
-- `WEBHOOK_BASE_PATH` is the endpoint where the webhook request is going to be sent. Example: https://localhost:3000
-- `WEBHOOK_TAKE_EVENTS (optional)` is the list of events created from Keycloak, that are listened by the plugin. Example: `"LOGIN,REGISTER,LOGOUT"`
-- `WEBHOOK_AUTH_USERNAME (optional)` is the basic auth username. Example "admin".
-- `WEBHOOK_AUTH_PASSWORD (optional)` is the basic auth password. Example "password".
+### Using the http client
+- `WEBHOOK_HTTP_BASE_PATH` is the endpoint where the webhook request is going to be sent. Example: https://localhost:3000
+- `WEBHOOK_HTTP_AUTH_USERNAME (optional)` is the basic auth username. Example "admin".
+- `WEBHOOK_HTTP_AUTH_PASSWORD (optional)` is the basic auth password. Example "password".
+
+### Using the AMQP client
+This part is heavily inspired from the [keycloak-event-listener-rabbitmq](https://github.com/aznamier/keycloak-event-listener-rabbitmq) plugin.
+- `WEBHOOK_AMQP_HOST` is the host url of the rabbitmq server. This key will indicate that the amqp client is being used.
+- `WEBHOOK_AMQP_USERNAME` is the username of the rabbitmq server 
+- `WEBHOOK_AMQP_PASSWORD` is the password of the rabbitmq server
+- `WEBHOOK_AMQP_PORT` is the port of the rabbitmq server
+- `WEBHOOK_AMQP_VHOST (optional)` is the vhost of the rabbitmq server
+- `WEBHOOK_AMQP_EXCHANGE` is the exchange of the rabbitmq server
+- `WEBHOOK_AMQP_SSL (optional)` is to indicate if we're using SSL or not. Values are "yes" or "no"

build.gradle.kts

@@ -8,7 +8,11 @@ plugins {
 }
 
 group = "com.vymalo.keycloak.webhook"
-version = "0.1.0"
+version = "0.2.0"
+
+val gsonVersion = "2.10.1"
+val amqpVersion = "5.17.0"
+val okhttp3Version = "4.10.0"
 
 repositories {
     mavenCentral()
@@ -23,9 +27,9 @@ dependencies {
     implementation("org.keycloak", "keycloak-server-spi", "21.0.2")
     implementation("org.keycloak", "keycloak-server-spi-private", "21.0.2")
 
-    api("com.squareup.moshi", "moshi-kotlin", "1.13.0")
-    api("com.squareup.moshi", "moshi-adapters", "1.13.0")
-    api("com.squareup.okhttp3", "okhttp", "4.10.0")
+    api("com.squareup.okhttp3", "okhttp", okhttp3Version)
+    api("com.rabbitmq", "amqp-client", amqpVersion)
+    api("com.google.code.gson", "gson", gsonVersion)
 
     api("org.slf4j", "slf4j-log4j12", "1.7.36")
 }
@@ -56,7 +60,8 @@ openApiGenerate {
 
     configOptions.set(
         mutableMapOf(
-            "dateLibrary" to "java8"
+            "dateLibrary" to "java8",
+            "serializationLibrary" to "gson"
         )
     )
 }
@@ -78,9 +83,10 @@ tasks {
 
     val shadowJar by existing(ShadowJar::class) {
         dependencies {
-            include(dependency("com.squareup.moshi:.*"))
-            include(dependency("com.squareup.okhttp3:.*"))
-            include(dependency("org.jetbrains.kotlin:kotlin-reflect:.*"))
+            include(dependency("com.squareup.okhttp3:okhttp:$okhttp3Version"))
+            include(dependency("org.jetbrains.kotlin:kotlin-reflect:1.8.0"))
+            include(dependency("com.rabbitmq:amqp-client:$amqpVersion"))
+            include(dependency("com.google.code.gson:gson:$gsonVersion"))
         }
     }
 }

docker-compose.yaml

@@ -6,19 +6,52 @@ services:
       context: .
       dockerfile: Dev.Dockerfile
     ports:
-      - '9100:9100'
+      - '9200:9200'
     environment:
-      WEBHOOK_TAKE_EVENTS: "LOGIN,REGISTER,LOGOUT"
-      WEBHOOK_BASE_PATH: "https://localhost:3000"
-      WEBHOOK_AUTH_USERNAME: "admin"
-      WEBHOOK_AUTH_PASSWORD: "password"
+      # WEBHOOK_EVENTS_TAKEN: "LOGIN,REGISTER,LOGOUT"
+
+      WEBHOOK_HTTP_BASE_PATH: "http://watcher:3000/api"
+      WEBHOOK_HTTP_AUTH_USERNAME: "admin"
+      WEBHOOK_HTTP_AUTH_PASSWORD: "password"
+
+      WEBHOOK_AMQP_HOST: rabbitmq
+      WEBHOOK_AMQP_USERNAME: username
+      WEBHOOK_AMQP_PASSWORD: password
+      WEBHOOK_AMQP_PORT: 5672
+      WEBHOOK_AMQP_EXCHANGE: keycloak
+      WEBHOOK_AMQP_VHOST: "/"
 
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: password
       KEYCLOAK_FRONTEND_URL: http://localhost:9100/auth
+
       KC_HTTP_PORT: 9100
       KC_METRICS_ENABLED: 'true'
       KC_LOG_CONSOLE_COLOR: 'true'
       KC_HEALTH_ENABLED: 'true'
     command:
-      - start-dev
+      - start-dev
+
+  rabbitmq:
+    image: docker.io/bitnami/rabbitmq
+    ports:
+      - '4369:4369'
+      - '5551:5551'
+      - '5552:5552'
+      - '5672:5672'
+      - '25672:25672'
+      - '15672:15672'
+    environment:
+      - RABBITMQ_USERNAME=username
+      - RABBITMQ_PASSWORD=password
+
+  watcher:
+    image: ssegning/api-watcher
+    ports:
+      - "3000:3000"
+    volumes:
+      - watcher_data:/app/data
+
+volumes:
+  watcher_data:
+

openapi/webhook.open-api.yml

@@ -9,7 +9,7 @@ info:
     email: [email protected]
   license:
     name: MIT
-  version: 0.1.0
+  version: 0.2.0
 externalDocs:
   description: Find out more about calling setting up an external service to verify phone number
   url: https://blog.ssegning.com

src/main/kotlin/com/vymalo/keycloak/webhook/WebhookEventListenerProvider.kt

@@ -1,15 +1,83 @@
 package com.vymalo.keycloak.webhook
 
-import com.vymalo.keycloak.webhook.service.WebhookService
+import com.vymalo.keycloak.openapi.client.model.WebhookRequest
+import com.vymalo.keycloak.webhook.service.WebhookHandler
 import org.keycloak.events.Event
 import org.keycloak.events.EventListenerProvider
 import org.keycloak.events.admin.AdminEvent
+import org.slf4j.LoggerFactory
+import java.math.BigDecimal
+
+class WebhookEventListenerProvider(
+    private val handlers: Set<WebhookHandler>?,
+    private val takeList: Set<String>?
+) : EventListenerProvider {
+    companion object {
+        private val LOG = LoggerFactory.getLogger(WebhookEventListenerProvider::class.java)
+    }
 
-class WebhookEventListenerProvider(private val service: WebhookService) : EventListenerProvider {
     override fun close() {
     }
 
-    override fun onEvent(event: Event) = service.send(event)
+    override fun onEvent(event: Event) = send(
+        event.id,
+        event.time,
+        event.realmId,
+        event.clientId,
+        event.userId,
+        event.ipAddress,
+        event.type.toString(),
+        event.error,
+        event.details
+    )
+
+    override fun onEvent(event: AdminEvent, includeRepresentation: Boolean) = send(
+        event.id,
+        event.time,
+        event.realmId,
+        event.authDetails?.clientId,
+        event.authDetails?.userId,
+        event.authDetails?.ipAddress,
+        "${event.resourceType}-${event.operationType}",
+        event.error,
+        null,
+    )
 
-    override fun onEvent(event: AdminEvent, includeRepresentation: Boolean) = service.send(event)
+    private fun send(
+        id: String,
+        time: Long?,
+        realmId: String,
+        clientId: String?,
+        userId: String?,
+        ipAddress: String?,
+        type: String,
+        error: String?,
+        details: Map<String, Any>?
+    ) {
+        if (takeList != null && type !in takeList) {
+            LOG.debug("Event {} not in the taken list. Will be skipped ({}).", type, takeList)
+            return
+        }
+
+        val request = WebhookRequest(
+            id = id,
+            time = if (time == null) null else BigDecimal(time),
+            clientId = clientId,
+            userId = userId,
+            realmId = realmId,
+            ipAddress = ipAddress,
+            type = type,
+            details = details,
+            error = error,
+        )
+
+        handlers?.forEach {
+            try {
+                LOG.debug("Sending [{}] webhook for event type {}: {}", it.handler(), type, request)
+                it.sendWebhook(request)
+            } catch (e: Throwable) {
+                LOG.error("Could not send webhook", e)
+            }
+        }
+    }
 }

src/main/kotlin/com/vymalo/keycloak/webhook/WebhookEventListenerProviderFactory.kt

@@ -1,9 +1,10 @@
 package com.vymalo.keycloak.webhook
 
-import com.vymalo.keycloak.openapi.client.handler.WebhookApi
-import com.vymalo.keycloak.openapi.client.infrastructure.ApiClient
-import com.vymalo.keycloak.webhook.helper.getConfig
-import com.vymalo.keycloak.webhook.service.HttpWebhookService
+import com.vymalo.keycloak.webhook.helper.*
+import com.vymalo.keycloak.webhook.model.ClientConfig
+import com.vymalo.keycloak.webhook.service.AmqpWebhookHandler
+import com.vymalo.keycloak.webhook.service.HttpWebhookHandler
+import com.vymalo.keycloak.webhook.service.WebhookHandler
 import org.keycloak.Config
 import org.keycloak.events.EventListenerProvider
 import org.keycloak.events.EventListenerProviderFactory
@@ -19,43 +20,89 @@ class WebhookEventListenerProviderFactory : EventListenerProviderFactory, Server
         private val LOG = LoggerFactory.getLogger(WebhookEventListenerProviderFactory::class.java)
 
         const val PROVIDER_ID = "listener-webhook"
-
-        private const val takeListKey = "WEBHOOK_TAKE_EVENTS"
-        private const val baseBathKey = "WEBHOOK_BASE_PATH"
-        private const val authUsernameKey = "WEBHOOK_AUTH_USERNAME"
-        private const val authPasswordKey = "WEBHOOK_AUTH_PASSWORD"
     }
 
-    private var takeList: Set<String>? = null
-    private var basePath: String = "scheme://fake-host:3290"
+    private var clientConfig: ClientConfig = ClientConfig()
+    private var handlers: HashSet<WebhookHandler>? = null
 
     override fun create(session: KeycloakSession): EventListenerProvider {
-        val api = WebhookApi(basePath)
-        val service = HttpWebhookService(api, takeList)
-        return WebhookEventListenerProvider(service)
+        ensureParametersInit()
+        return WebhookEventListenerProvider(handlers, clientConfig.takeList)
+    }
+
+    @Synchronized
+    private fun ensureParametersInit() {
+        synchronized(clientConfig) {
+            if (handlers == null) {
+                val handlers = HashSet<WebhookHandler>()
+                val amqpConfig = clientConfig.amqp
+                if (amqpConfig != null) {
+                    try {
+                        val handler = AmqpWebhookHandler(amqp = amqpConfig)
+                        handlers.add(handler)
+                    } catch (e: Throwable) {
+                        LOG.error("Error while creating AMQP handler", e)
+                    }
+                }
+
+                val httpConfig = clientConfig.http
+                if (httpConfig != null) {
+                    val handler = HttpWebhookHandler(httpConfig)
+                    handlers.add(handler)
+                }
+
+                LOG.info("Added {} listener webhook handler", handlers.map { it.handler() })
+                this.handlers = handlers
+            }
+        }
     }
 
     override fun init(config: Config.Scope) {
-        val tl = getConfig(takeListKey)
+        val tl = eventsTakenKey.cf()
         if (tl != null) {
-            takeList = tl.trim().split(",").toSet()
-            LOG.debug("Will handle these events : {}", takeList)
+            clientConfig.takeList = tl.trim().split(",").toSet()
+            LOG.debug("Will handle these events : {}", clientConfig.takeList)
         }
 
-        basePath = getConfig(baseBathKey)!!
-        LOG.debug("Will send events to this endpoint : {}", basePath)
+        val basePath = httpBaseBathKey.cf()
+        if (basePath != null) {
+            LOG.debug("Will send http requests to {}", basePath)
+            clientConfig.http = ClientConfig.Companion.Http(
+                username = httpAuthUsernameKey.cf(),
+                password = httpAuthPasswordKey.cf(),
+                baseUrl = basePath,
+            )
+        }
 
-        ApiClient.username = getConfig(authUsernameKey)
-        ApiClient.password = getConfig(authPasswordKey)
+        val amqpHost = amqpHostKey.cf()
+        if (amqpHost != null) {
+            clientConfig.amqp = ClientConfig.Companion.Amqp(
+                username = amqpUsernameKey.cff(),
+                password = amqpPasswordKey.cff(),
+                host = amqpHost,
+                port = amqpPortKey.cff(),
+                vHost = amqpVHostKey.cf(),
+                ssl = amqpSsl.bf(),
+                exchange = amqpExchangeKey.cff()
+            )
+        }
+        LOG.info("Webhook plugin init!")
     }
 
-    override fun postInit(factory: KeycloakSessionFactory?) = noop()
+    override fun postInit(factory: KeycloakSessionFactory) {}
 
-    override fun close() = noop()
+    override fun close() {
+        handlers?.forEach {
+            try {
+                it.close()
+            } catch (e: Throwable) {
+                LOG.error("Could not close correctly", e)
+            }
+        }
+    }
 
     override fun getId(): String = PROVIDER_ID
 
-    override fun getOperationalInfo() = mapOf("version" to "0.1.0")
+    override fun getOperationalInfo() = mapOf("version" to "0.2.0")
 
-    private fun noop() {}
 }