Fix: OpenRemote token with admin-cli password grant, add OR_TOKEN_REALM, fix FROST_URL

2026-05-03 08:47:47 -04:00
parent 4325d5735d
commit e8270b7d73
1 changed files with 16 additions and 13 deletions
--- a/simulator.py
+++ b/simulator.py
@@ -41,7 +41,9 @@ ENABLE_FROST   = os.environ.get("ENABLE_FROST", "1") == "1"
 ENABLE_OPENREMOTE = os.environ.get("ENABLE_OPENREMOTE", "1") == "1"
 OR_ADMIN_USER = os.environ.get("OR_ADMIN_USER", "admin")
 OR_ADMIN_PASS = os.environ.get("OR_ADMIN_PASS", "Digitribe972")
-OR_REALM     = os.environ.get("OR_REALM", "master")
+OR_REALM     = os.environ.get("OR_REALM", "smartcity")
+OR_TOKEN_REALM = os.environ.get("OR_TOKEN_REALM", "master")  # Realm pour obtention token
+FROST_URL    = os.environ.get("FROST_URL", "http://frost_allinone-web-1:8080/FROST-Server/v1.1")

 SENSOR_COUNTS = {
    "traffic":    int(os.environ.get("SENSOR_COUNT_traffic",    "3")),
@@ -363,8 +365,8 @@ STELLIO_URL = "http://stellio-api-gateway:8080"
 # Configuration OpenRemote (URLs dynamiques)
 OR_URL      = os.environ.get("OR_URL", "http://192.168.192.10:8080")  # IP directe (évite DNS)
 OR_REALM    = os.environ.get("OR_REALM", "smartcity")  # Default: smartcity
-OR_TOKEN_URL = f"{OR_URL}/auth/realms/{OR_REALM}/protocol/openid-connect/token"
-OR_TOKEN_TTL = 3600  # Refresh token every hour
+OR_TOKEN_URL = os.environ.get("OR_TOKEN_URL", f"http://openremote-keycloak-1:8080/auth/realms/{OR_TOKEN_REALM}/protocol/openid-connect/token")
+OR_TOKEN_TTL = int(os.environ.get("OR_TOKEN_TTL", "3600"))  # Refresh token every hour
 def publish_stellio(sid: str, sensor: dict) -> bool:
    """Publie sur Stellio (gère le 409)."""
    entity = _ngsi_payload(sid, sensor)
@@ -545,21 +547,22 @@ def publish_frost(sid: str, sensor: dict, field: str, value: float) -> bool:
 _or_token_cache = {"token": "", "expires": 0}

 def _get_or_token() -> str:
-    """Obtient un token OpenRemote via client credentials (service account)."""
-    import time
+    """Obtain an OpenRemote token via password grant (admin-cli, directAccessGrants enabled)."""
+    import time, urllib.parse
    if _or_token_cache["token"] and _or_token_cache["expires"] > time.time() + 60:
        return _or_token_cache["token"]
    try:
-        # Utiliser HTTP Basic Auth (client_secret_basic)
-        import base64
-        creds = base64.b64encode(f"{os.environ.get('OR_CLIENT_ID')}:{os.environ.get('OR_CLIENT_SECRET')}".encode()).decode()
+        # Use password grant with admin-cli client (directAccessGrants enabled)
+        data = urllib.parse.urlencode({
+            "grant_type": "password",
+            "username": os.environ.get("OR_ADMIN_USER", "admin"),
+            "password": os.environ.get("OR_ADMIN_PASS", "Digitribe972"),
+            "client_id": "admin-cli"
+        }).encode()
        req = urllib.request.Request(
            OR_TOKEN_URL,
-            data=urllib.parse.urlencode({"grant_type": "client_credentials"}).encode(),
-            headers={
-                "Content-Type": "application/x-www-form-urlencoded",
-                "Authorization": f"Basic {creds}"
-            }
+            data=data,
+            headers={"Content-Type": "application/x-www-form-urlencoded"}
        )
        with urllib.request.urlopen(req, timeout=5) as r:
            token_data = json.loads(r.read().decode())