...
Code Block | ||||
---|---|---|---|---|
| ||||
package main
import (
"context"
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"net"
"net/http"
"net/url"
"os/exec"
"strings"
"time"
)
func main() {
caCert, _ := ioutil.ReadFile("/mnt/c/Users/ktimoney/keycloak-certs/rootCA.crt")
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
cert, _ := tls.LoadX509KeyPair("/mnt/c/Users/ktimoney/keycloak-certs/client.crt",
"/mnt/c/Users/ktimoney/keycloak-certs/client.key")
dialer := &net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
DualStack: true,
}
keycloakAlias := "keycloak.est.tech"
cmd := exec.Command("minikube", "ip")
stdout, err := cmd.Output()
ingressHost := strings.TrimSpace(string(stdout))
cmd = exec.Command("kubectl", "-n", "default", "get", "service", "istio-ingressgateway", "-n", "istio-system",
"-o", "jsonpath={.spec.ports[?(@.name==\"https\")].nodePort}")
stdout, err = cmd.Output()
secureIngressPort := strings.TrimSpace(string(stdout))
fmt.Println("secureIngressPort = " + secureIngressPort)
client := &http.Client{
Transport: &http.Transport{
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
fmt.Println("address original =", addr)
if addr == keycloakAlias+":"+secureIngressPort {
addr = ingressHost + ":" + secureIngressPort
fmt.Println("address modified =", addr)
}
return dialer.DialContext(ctx, network, addr)
},
TLSClientConfig: &tls.Config{
RootCAs: caCertPool,
Certificates: []tls.Certificate{cert},
},
},
}
realmName := "x509provider"
keycloakUrl := "https://" + keycloakAlias + ":" + secureIngressPort + "/auth/realms/" +
realmName + "/protocol/openid-connect/token"
clientId := "x509provider-cli"
clientId = "myclient"
scope := "email openid"
resp, err := client.PostForm(keycloakUrl,
url.Values{"grant_type": {"password"}, "client_id": {clientId}, "scope": {scope}})
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("response Status:", resp.Status)
fmt.Println("response Headers:", resp.Header)
body, _ := ioutil.ReadAll(resp.Body)
fmt.Println("response Body:", string(body))
} |
...