Skip to content

Commit

Permalink
update to 1.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
SnuK87 committed Jul 14, 2021
1 parent 3911555 commit 9ee73a5
Show file tree
Hide file tree
Showing 10 changed files with 282 additions and 242 deletions.
8 changes: 4 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
FROM jboss/keycloak:10.0.1
FROM jboss/keycloak:14.0.0

ADD ./keycloak-kafka-1.0.0-jar-with-dependencies.jar /opt/jboss/keycloak/standalone/deployments/
ADD ./keycloak-kafka-1.1.0-jar-with-dependencies.jar /opt/jboss/keycloak/standalone/deployments/

ADD kafka-module.cli /opt/jboss/startup-scripts/
ADD add-kafka-config.cli /opt/jboss/startup-scripts/

#ADD realm-export.json /init/

Expand All @@ -17,4 +17,4 @@ EXPOSE 8443

ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]

CMD ["-b", "0.0.0.0", "-Dkeycloak.import=/init/realm-export.json"]
CMD ["-b", "0.0.0.0"]
77 changes: 55 additions & 22 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,38 +4,45 @@ Simple module for [Keycloak](https://www.keycloak.org/) to produce keycloak even
- [Keycloak Kafka Module](#keycloak-kafka-module)
* [Build](#build)
* [Installation](#installation)
* [Configuration](#configuration)
+ [Enable Events in keycloak](#enable-events-in-keycloak)
+ [Kafka module](#kafka-module)
* [Docker Container](#configuration)
* [Module Configuration](#module-configuration)
+ [Kafka client configuration](#kafka-client-configuration)
+ [Kafka client using secure connection](#kafka-client-using-secure-connection)
* [Module Deployment](#module-deployment)
* [Keycloak Configuration](#keycloak-configuration)
+ [Enable Events in keycloak](#enable-events-in-keycloak)
* [Docker Container](#docker-container)
* [Sample Client](#sample-client)

**Tested with**

Kafka version: `2.12-2.1.x`, `2.12-2.4.x`, `2.12-2.5.x`
Kafka version: `2.12-2.1.x`, `2.12-2.4.x`, `2.12-2.5.x`, `2.13-2.8`

Keycloak version: `4.8.3`, `6.0.x`, `7.0.0`, `9.0.x`, `10.0.x`
Keycloak version: `4.8.3`, `6.0.x`, `7.0.0`, `9.0.x`, `10.0.x`, `13.0.x`, `14.0.x`

Java version: `11`, `13`


## Build
You can simply use Maven to build the jar file. Thanks to the assembly plugin the build process will create a fat jar that includes all dependencies and makes the deployment quite easy.
Just use the following command to build the jar file.

`mvn clean package`
```bash
mvn clean package
```

## Installation
First you have to build or [download](https://github.com/SnuK87/keycloak-kafka/releases) the keycloak-kafka module.
First you need to build or [download](https://github.com/SnuK87/keycloak-kafka/releases) the keycloak-kafka module.

To install the module to your keycloak server first you have to configure the module and then deploy the it.
If you deploy the module without configuration your keycloak server will fail to start up with a NullPointerException.
To install the module to your keycloak server you have to configure the module and deploy it.
If you deploy the module without configuration, your keycloak server will fail to start throwing a `NullPointerException`.

If you want to install the module manually as described in the initial version you can follow this [guide](https://github.com/SnuK87/keycloak-kafka/wiki/Manual-Installation).

### Module configuration
Download the [CLI script](kafka-module.cli) from this repository and edit the properties to fit your environment. Also make sure that you use the right
server config (line 1). As a default the script will change the `standalone.xml`.
## Module Configuration
Download the [CLI script](add-kafka-config.cli) from this repository and edit the properties to fit your environment. Also make sure to use the right
server config (line 1). As default the script will configure the module in the `standalone.xml`. (Be aware that the docker image uses the `standalone-ha.xml` by default)

Currently the following properties are available and should be changed to fit your environemnt:
The following properties are mandatory and can be set via environment variables (e.g. `${env.KAFKA_TOPIC}`)

`topicEvents`: The name of the kafka topic to where the events will be produced to.

Expand All @@ -45,16 +52,41 @@ Currently the following properties are available and should be changed to fit y

`events`: (Optional; default=REGISTER) The events that will be send to kafka.

`topicAdminEvents`: (Optional) The name of the kafka topic to where the admin events will be produced to.
`topicAdminEvents`: (Optional) The name of the kafka topic to where the admin events will be produced to. No events will be produced when this property isn't set.

A list of available events can be found [here](https://www.keycloak.org/docs/latest/server_admin/#event-types)

Run the CLI script using the following command and check the output on the console. You should see some server logs and lines of `{"outcome" => "success"}`.

Run the CLI script using the following command and check the output on the console. You should see some server logs and 6 lines of `{"outcome" => "success"}`.
```bash
$KEYCLOAK_HOME/bin/jboss-cli.sh --file=/path/to/kafka-module.cli
$KEYCLOAK_HOME/bin/jboss-cli.sh --file=/path/to/add-kafka-config.cli
```

If you want to remove the configuration of the keycloak-kafka module from your server you can run [this](remove-kafka-config.cli).

### Kafka client configuration
It's also possible to configure the kafka client by adding parameters to the cli script. This makes it possible to connect this module to a kafka broker that requires SSL/TLS connections.
For example to change the timeout of how long the producer will block the thread to 10 seconds you just have to add the following line to the cli script.

```
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:map-put(name=properties,key=max.block.ms,value=10000)
```

Note the difference of `kafka:map-put` for kafka client parameters compared to `kafka:write-attribute` for module parameters.
A full list of available configurations can be found in the [official kafka docs](https://kafka.apache.org/documentation/#producerconfigs).

### Kafka client using secure connection
As mentioned above the kafka client can be configured through the cli script. To make the kafka open a SSL/TLS secured connection you can add the following lines to the script:

```
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:map-put(name=properties,key=security.protocol,value=SSL)
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:map-put(name=properties,key=ssl.truststore.location,value=kafka.client.truststore.jks)
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:map-put(name=properties,key=ssl.truststore.password,value=test1234)
```

### Module deployment
Copy the `keycloak-kafka-<version>-jar-with-dependencies.jar` into the $KEYCLOAK_HOME/standalone/deployments folder. Keycloak will automatically
install the module with all dependencies on start up. To verify that the deployment of the module was successful you can check if a new file
## Module Deployment
Copy the `keycloak-kafka-<version>-jar-with-dependencies.jar` into the `$KEYCLOAK_HOME/standalone/deployments` folder. Keycloak will automatically
install the module with all it's dependencies on start up. To verify that the deployment of the module was successful you can check if a new file
with the name `keycloak-kafka-<version>-jar-with-dependencies.jar.deployed` was created in the same folder.


Expand All @@ -66,16 +98,17 @@ with the name `keycloak-kafka-<version>-jar-with-dependencies.jar.deployed` was
3. Go to Events
4. Open `Config` tab and add `kafka` to Event Listeners.

![Admin console config](images/event_config.png)

## Docker Container
The simplest way to enable the kafka module in a docker container is to create a custom docker image from the [keycloak base image](https://hub.docker.com/r/jboss/keycloak/).
The `keycloak-kafka-<version>-jar-with-dependencies.jar` must be added to the `/standalone/deployments` folder and the CLI script must be added to the `/opt/jboss/startup-scripts/` folder
as explained in [Installation](#installation). The only difference is that the CLI script will be executed automatically in start up and doesn't have to be executed manually.
as explained in [Installation](#installation). The only difference is that the CLI script will be executed automatically on start up and doesn't have to be executed manually.
An example can be found in this [Dockerfile](Dockerfile).

## Sample Client

The following snippet shows a minimal Spring Boot Kafka client to consume keycloak events. Additional properties can be added to `KeycloakEvent`.
The following snippet shows a minimal Spring Boot Kafka client to consume keycloak events. Additional properties can be added to the `KeycloakEvent` class.

```java
@SpringBootApplication
Expand Down
9 changes: 5 additions & 4 deletions kafka-module.cli → add-kafka-config.cli
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@ embed-server --server-config=standalone.xml --std-out=echo
if (outcome != success) of /subsystem=keycloak-server/spi=eventsListener:read-resource()
/subsystem=keycloak-server/spi=eventsListener:add()
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:add(enabled=true)
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:write-attribute(name=properties.topicEvents,value=keycloak-events)
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:write-attribute(name=properties.clientId,value=keycloak)
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:write-attribute(name=properties.bootstrapServers,value=192.168.0.1:9092)
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:write-attribute(name=properties.events,value=REGISTER)
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:write-attribute(name=properties.topicEvents,value=${env.KAFKA_TOPIC})
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:write-attribute(name=properties.clientId,value=${env.KAFKA_CLIENT_ID})
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:write-attribute(name=properties.bootstrapServers,value=${env.KAFKA_BOOTSTRAP_SERVERS})
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:write-attribute(name=properties.events,value=${env.KAFKA_EVENTS})
/subsystem=keycloak-server/spi=eventsListener/provider=kafka:map-put(name=properties,key=max.block.ms,value=10000)
end-if
stop-embedded-server
Binary file added images/event_config.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
6 changes: 3 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.github.snuk87.keycloak</groupId>
<artifactId>keycloak-kafka</artifactId>
<version>1.0.0</version>
<version>1.1.0</version>

<properties>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<keycloak.version>10.0.1</keycloak.version>
<kafka.version>2.5.0</kafka.version>
<keycloak.version>14.0.0</keycloak.version>
<kafka.version>2.8.0</kafka.version>
</properties>

<dependencies>
Expand Down
6 changes: 6 additions & 0 deletions remove-kafka-config.cli
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
embed-server --server-config=standalone.xml --std-out=echo

if (outcome == success) of /subsystem=keycloak-server/spi=eventsListener:read-resource()
/subsystem=keycloak-server/spi=eventsListener:remove()
end-if
stop-embedded-server
Original file line number Diff line number Diff line change
Expand Up @@ -22,76 +22,76 @@

public class KafkaEventListenerProvider implements EventListenerProvider {

private static final Logger LOG = Logger.getLogger(KafkaEventListenerProvider.class);
private static final Logger LOG = Logger.getLogger(KafkaEventListenerProvider.class);

private String topicEvents;
private String topicEvents;

private List<EventType> events;
private List<EventType> events;

private String topicAdminEvents;
private String topicAdminEvents;

private Producer<String, String> producer;
private Producer<String, String> producer;

private ObjectMapper mapper;
private ObjectMapper mapper;

public KafkaEventListenerProvider(String bootstrapServers, String clientId, String topicEvents, String[] events,
public KafkaEventListenerProvider(String bootstrapServers, String clientId, String topicEvents, String[] events,
String topicAdminEvents, Map<String, Object> kafkaProducerProperties) {
this.topicEvents = topicEvents;
this.events = new ArrayList<>();
this.topicAdminEvents = topicAdminEvents;

for (String event : events) {
try {
EventType eventType = EventType.valueOf(event.toUpperCase());
this.events.add(eventType);
} catch (IllegalArgumentException e) {
LOG.debug("Ignoring event >" + event + "<. Event does not exist.");
}
this.topicEvents = topicEvents;
this.events = new ArrayList<>();
this.topicAdminEvents = topicAdminEvents;

for (String event : events) {
try {
EventType eventType = EventType.valueOf(event.toUpperCase());
this.events.add(eventType);
} catch (IllegalArgumentException e) {
LOG.debug("Ignoring event >" + event + "<. Event does not exist.");
}
}

producer = KafkaProducerFactory.createProducer(clientId, bootstrapServers, kafkaProducerProperties);
mapper = new ObjectMapper();
}

producer = KafkaProducerFactory.createProducer(clientId, bootstrapServers, kafkaProducerProperties);
mapper = new ObjectMapper();
}

private void produceEvent(String eventAsString, String topic)
private void produceEvent(String eventAsString, String topic)
throws InterruptedException, ExecutionException, TimeoutException {
LOG.debug("Produce to topic: " + topicEvents + " ...");
ProducerRecord<String, String> record = new ProducerRecord<>(topic, eventAsString);
Future<RecordMetadata> metaData = producer.send(record);
RecordMetadata recordMetadata = metaData.get(30, TimeUnit.SECONDS);
LOG.debug("Produced to topic: " + recordMetadata.topic());
}

@Override
public void onEvent(Event event) {
if (events.contains(event.getType())) {
try {
produceEvent(mapper.writeValueAsString(event), topicEvents);
} catch (JsonProcessingException | ExecutionException | TimeoutException e) {
LOG.error(e.getMessage(), e);
} catch (InterruptedException e) {
LOG.error(e.getMessage(), e);
Thread.currentThread().interrupt();
}
LOG.debug("Produce to topic: " + topicEvents + " ...");
ProducerRecord<String, String> record = new ProducerRecord<>(topic, eventAsString);
Future<RecordMetadata> metaData = producer.send(record);
RecordMetadata recordMetadata = metaData.get(30, TimeUnit.SECONDS);
LOG.debug("Produced to topic: " + recordMetadata.topic());
}
}

@Override
public void onEvent(AdminEvent event, boolean includeRepresentation) {
if (topicAdminEvents != null) {
try {
produceEvent(mapper.writeValueAsString(event), topicAdminEvents);
} catch (JsonProcessingException | ExecutionException | TimeoutException e) {
LOG.error(e.getMessage(), e);
} catch (InterruptedException e) {
LOG.error(e.getMessage(), e);
Thread.currentThread().interrupt();
}

@Override
public void onEvent(Event event) {
if (events.contains(event.getType())) {
try {
produceEvent(mapper.writeValueAsString(event), topicEvents);
} catch (JsonProcessingException | ExecutionException | TimeoutException e) {
LOG.error(e.getMessage(), e);
} catch (InterruptedException e) {
LOG.error(e.getMessage(), e);
Thread.currentThread().interrupt();
}
}
}
}

@Override
public void close() {
// ignore
}
@Override
public void onEvent(AdminEvent event, boolean includeRepresentation) {
if (topicAdminEvents != null) {
try {
produceEvent(mapper.writeValueAsString(event), topicAdminEvents);
} catch (JsonProcessingException | ExecutionException | TimeoutException e) {
LOG.error(e.getMessage(), e);
} catch (InterruptedException e) {
LOG.error(e.getMessage(), e);
Thread.currentThread().interrupt();
}
}
}

@Override
public void close() {
// ignore
}
}
Loading

0 comments on commit 9ee73a5

Please sign in to comment.