Merge pull request #378 from Progress1/fix_keycloak

Fix keycloak secrets

docker/docker-compose-keycloak.yml

@@ -11,11 +11,9 @@ services:
       TARANIS_NG_KEYCLOAK_INTERNAL_URL: "https://keycloak.int.example.com"
       TARANIS_NG_KEYCLOAK_CLIENT_ID: "taranis-ng"
       KEYCLOAK_REALM_NAME: "taranis-ng"
-      KEYCLOAK_CLIENT_SECRET_KEY_FILE: /run/secrets/keycloak_client_secret_key
       KEYCLOAK_USER_MANAGEMENT: "false"
       # needed if KEYCLOAK_USER_MANAGEMENT = true
       KEYCLOAK_ADMIN_USERNAME: "admin"
-      KEYCLOAK_ADMIN_PASSWORD_FILE: /run/secrets/keycloak_admin_password
       KEYCLOAK_VERIFY: "true"
     secrets:
       - keycloak_client_secret_key

src/core/README.md

@@ -58,13 +58,24 @@ KEYCLOAK_REALM_NAME: "taranis-ng"
 KEYCLOAK_USER_MANAGEMENT: "false"
 ```
 
-update Keycloak CLIENT_SECRET_KEY value inside keycloak_client_secret_key.txt file. Path is defined in this section:
+If you configure keycloak only as client (not administration) please comment (#) or delete this value:
 ```
 secrets:
-  keycloak_client_secret_key:
-    file: ./secrets/keycloak_client_secret_key.txt
+    - keycloak_admin_password
 ```
 
+
+and update key inside file:
+```
+./secrets/keycloak_client_secret_key.txt
+```
+
+If you configure keycloak for administration please update password inside file:
+```
+./secrets/keycloak_admin_password.txt
+```
+
+
 **taranis-ng-gui** section:
 ```
 VUE_APP_TARANIS_NG_LOGOUT_URL: "${TARANIS_NG_HTTPS_URI}/api/v1/auth/logout?gotoUrl=TARANIS_GUI_URI"

src/core/managers/external_auth_manager.py

@@ -17,7 +17,7 @@
 
 import os
 from keycloak import KeycloakAdmin
-
+from config import Config
 
 def keycloak_user_management_enabled():
     """Check if Keycloak user management is enabled.
@@ -34,37 +34,23 @@ def keycloak_user_management_enabled():
 def get_keycloak_client_secret_key():
     """Get the Keycloak client_secret_key.
 
-    This function retrieves the Keycloak client_secret_key from the file
-    specified by the environment variable KEYCLOAK_CLIENT_SECRET_KEY_FILE.
+    This function retrieves the Keycloak client_secret_key from the Docker secrets file.
 
     Returns:
         str: The Keycloak client_secret_key.
     """
-    try:
-        with open(os.getenv("KEYCLOAK_CLIENT_SECRET_KEY_FILE"), "r") as file:
-            client_secret_key = file.read()
-    except FileNotFoundError:
-        print("KEYCLOAK_CLIENT_SECRET_KEY_FILE not found. Please check this variable and verify the path of the file containing the secret.", flush=True)
-        client_secret_key = "not-really-a-secret"
-    return client_secret_key
+    return Config.read_secret("keycloak_client_secret_key")
 
 
 def get_keycloak_admin_password():
     """Get the Keycloak admin password.
 
-    This function retrieves the Keycloak admin password from the file
-    specified by the environment variable KEYCLOAK_ADMIN_PASSWORD_FILE.
+    This function retrieves the Keycloak admin password from the Docker secrets file.
 
     Returns:
         str: The Keycloak admin password.
     """
-    try:
-        with open(os.getenv("KEYCLOAK_ADMIN_PASSWORD_FILE"), "r") as file:
-            keycloak_admin_password = file.read()
-    except FileNotFoundError:
-        print("KEYCLOAK_ADMIN_PASSWORD_FILE not found. Please check this variable and verify the path of the file containing the Keycloak admin password.", flush=True)
-        keycloak_admin_password = "not-really-a-password"
-    return keycloak_admin_password
+    return Config.read_secret("keycloak_admin_password")
 
 
 def get_keycloak_admin():