You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/30 09:54:34 UTC
[incubator-dlab] branch DLAB-terraform updated: Added random secret
for Keycloak client
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-terraform by this push:
new f5c75b9 Added random secret for Keycloak client
f5c75b9 is described below
commit f5c75b964388081b84fa944a9daf57dfa3a68f53
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Tue Jul 30 12:54:25 2019 +0300
Added random secret for Keycloak client
---
.../main/files/configure_keycloak.sh | 2 +-
.../terraform/aws/ssn-helm-charts/main/keycloak.tf | 21 +++++++++++----------
.../terraform/aws/ssn-helm-charts/main/secrets.tf | 12 ++++++++++++
3 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
index 88b3770..7a97546 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
@@ -58,7 +58,7 @@
-s 'config."always.read.value.from.ldap"=["false"]' -s 'config."is.mandatory.in.ldap"=["false"]'
# Create client
/opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -s clientId=dlab-ui -s enabled=true -s \
- 'redirectUris=["http://${ssn_k8s_alb_dns_name}/"]'
+ 'redirectUris=["http://${ssn_k8s_alb_dns_name}/"]' -s secret=${keycloak_client_secret}
}
main_func () {
# Authentication
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
index 01c7794..1b6cd8c 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
@@ -22,16 +22,17 @@
data "template_file" "configure_keycloak" {
template = file("./files/configure_keycloak.sh")
vars = {
- ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
- keycloak_user = var.keycloak_user
- keycloak_password = random_string.keycloak_password.result
- ldap_usernameAttr = var.ldap_usernameAttr
- ldap_rdnAttr = var.ldap_rdnAttr
- ldap_uuidAttr = var.ldap_uuidAttr
- ldap_connection_url = var.ldap_connection_url
- ldap_users_dn = var.ldap_users_dn
- ldap_bind_dn = var.ldap_bind_dn
- ldap_bind_creds = var.ldap_bind_creds
+ ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
+ keycloak_user = var.keycloak_user
+ keycloak_password = random_string.keycloak_password.result
+ keycloak_client_secret = random_uuid.keycloak_client_secret.result
+ ldap_usernameAttr = var.ldap_usernameAttr
+ ldap_rdnAttr = var.ldap_rdnAttr
+ ldap_uuidAttr = var.ldap_uuidAttr
+ ldap_connection_url = var.ldap_connection_url
+ ldap_users_dn = var.ldap_users_dn
+ ldap_bind_dn = var.ldap_bind_dn
+ ldap_bind_creds = var.ldap_bind_creds
}
}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
index 9a0284a..3cb1e1e 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
@@ -19,6 +19,18 @@
#
# ******************************************************************************
+resource "random_uuid" "keycloak_client_secret" {}
+
+resource "kubernetes_secret" "keycloak_client_secret" {
+ metadata {
+ name = "keycloak-client-secret"
+ }
+
+ data = {
+ client_secret = random_uuid.keycloak_client_secret.result
+ }
+}
+
resource "random_string" "keycloak_password" {
length = 16
special = false
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org