Manages the configuration of RFID access controllers.
- Keycloak users are sync'd to the controller
- Fob swipes are scraped and stored in a postgres database
The access controller exposes an html forms-based web interface for managing access and viewing card swipes. We simply interact with that interface over http and parse the html without rendering it.
Doing so requires a lot of trickery because the interface is stateful — some operations must happen in a particular order. So there are a number of... unconventional concurrency controls throughout this project.
Builds are available as container images hosted by the Github registry.
Provide configuration in environment variables:
ACCESS_CONTROL_HOST: hostname:port of the access controller's web interfacePOSTGRES_HOST,POSTGRES_USER,POSTGRES_PASSWORD: Postgres configuration for fob swipe reportingKEYCLOAK_URL,KEYCLOAK_REALM: Keycloak connection infoAUTHORIZED_GROUP_ID: the UUID of the Keycloak group that should be granted building accessWEBHOOK_ADDR: Address to serve the Keycloak webhook server onCALLBACK_URL: The URL that Keycloak should use when sending webhooks
All configuration is optional. Omitting a value will disable the corresponding functionality. Assumes Keycloak client credentials are provided using keycloak-k8s-shim.
To avoid waiting for the next polling cycle, this service accepts webhooks from Keycloak using the keycloak-events plugin.
When WEBHOOK_ADDR and CALLBACK_URL are set, the service will register its own webhook with Keycloak. Beware that old webhooks will not be cleaned up if the CALLBACK_URL changes.