Cloaksmith is a CLI tool designed to interact with a Keycloak server using OAuth 2.0 Device Authorization Grant. It allows you to import roles from a CSV file and create role mappings, with a focus on simplicity and extensibility.
- Python 3.7 or higher
- Keycloak server
- Keycloak client with OAuth 2.0 Device Authorization Grant enabled
-
Clone the repository:
git clone https://git.ellri.ch/c.ellrich/cloaksmith
-
Change to the project directory:
cd cloaksmith -
Install Cloaksmith using
pip:pip install .
-
Create a Keycloak client with OAuth 2.0 Device Authorization Grant enabled. No other features are required. Refer to the Keycloak documentation for detailed instructions.
-
Initialize the configuration by running:
cloaksmith init-env
This will prompt you to enter the following values:
KEYCLOAK_URL(e.g.https://your-keycloak/)KEYCLOAK_REALM(e.g.master)KEYCLOAK_CLIENT_ID(e.g.your-app-client-id)
The
.envfile will be saved to the appropriate config directory:- Linux/macOS:
~/.config/cloaksmith/.env - Windows:
%APPDATA%\cloaksmith\.env
-
Alternatively, you can specify a custom
.envfile using the--env-fileoption for any command:cloaksmith import-roles --env-file /path/to/.env ...
Once installed, you can use the cloaksmith command to interact with your Keycloak server.
To see the available commands and options, run:
cloaksmith --helpCreate a CSV file based on the role_mappings.csv.example file provided.
Run the following command to import roles and map them to groups:
cloaksmith import-roles --client-id <target_client_id> --realm <target_client_realm> <path_to_csv>Add this to ~/.zshrc:
eval "$(_CLOAKSMITH_COMPLETE=zsh_source cloaksmith)"Add this to ~/.bashrc:
eval "$(_CLOAKSMITH_COMPLETE=bash_source cloaksmith)"Cloaksmith is designed to be easily extensible. You can add new commands or functionality by modifying the CLI or the underlying modules.
This project is licensed under the terms specified in the LICENSE file.