You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/30 09:54:34 UTC

[incubator-dlab] branch DLAB-terraform updated: Added random secret for Keycloak client

This is an automated email from the ASF dual-hosted git repository.

omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git


The following commit(s) were added to refs/heads/DLAB-terraform by this push:
     new f5c75b9  Added random secret for Keycloak client
f5c75b9 is described below

commit f5c75b964388081b84fa944a9daf57dfa3a68f53
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Tue Jul 30 12:54:25 2019 +0300

    Added random secret for Keycloak client
---
 .../main/files/configure_keycloak.sh                |  2 +-
 .../terraform/aws/ssn-helm-charts/main/keycloak.tf  | 21 +++++++++++----------
 .../terraform/aws/ssn-helm-charts/main/secrets.tf   | 12 ++++++++++++
 3 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
index 88b3770..7a97546 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
@@ -58,7 +58,7 @@
           -s 'config."always.read.value.from.ldap"=["false"]' -s 'config."is.mandatory.in.ldap"=["false"]'
           # Create client
           /opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -s clientId=dlab-ui -s enabled=true -s \
-          'redirectUris=["http://${ssn_k8s_alb_dns_name}/"]'
+          'redirectUris=["http://${ssn_k8s_alb_dns_name}/"]' -s secret=${keycloak_client_secret}
       }
       main_func () {
           # Authentication
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
index 01c7794..1b6cd8c 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
@@ -22,16 +22,17 @@
 data "template_file" "configure_keycloak" {
   template = file("./files/configure_keycloak.sh")
   vars     = {
-    ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
-    keycloak_user        = var.keycloak_user
-    keycloak_password    = random_string.keycloak_password.result
-    ldap_usernameAttr    = var.ldap_usernameAttr
-    ldap_rdnAttr         = var.ldap_rdnAttr
-    ldap_uuidAttr        = var.ldap_uuidAttr
-    ldap_connection_url  = var.ldap_connection_url
-    ldap_users_dn        = var.ldap_users_dn
-    ldap_bind_dn         = var.ldap_bind_dn
-    ldap_bind_creds      = var.ldap_bind_creds
+    ssn_k8s_alb_dns_name   = var.ssn_k8s_alb_dns_name
+    keycloak_user          = var.keycloak_user
+    keycloak_password      = random_string.keycloak_password.result
+    keycloak_client_secret = random_uuid.keycloak_client_secret.result
+    ldap_usernameAttr      = var.ldap_usernameAttr
+    ldap_rdnAttr           = var.ldap_rdnAttr
+    ldap_uuidAttr          = var.ldap_uuidAttr
+    ldap_connection_url    = var.ldap_connection_url
+    ldap_users_dn          = var.ldap_users_dn
+    ldap_bind_dn           = var.ldap_bind_dn
+    ldap_bind_creds        = var.ldap_bind_creds
   }
 }
 
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
index 9a0284a..3cb1e1e 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
@@ -19,6 +19,18 @@
 #
 # ******************************************************************************
 
+resource "random_uuid" "keycloak_client_secret" {}
+
+resource "kubernetes_secret" "keycloak_client_secret" {
+  metadata {
+    name = "keycloak-client-secret"
+  }
+
+  data = {
+    client_secret = random_uuid.keycloak_client_secret.result
+  }
+}
+
 resource "random_string" "keycloak_password" {
   length = 16
   special = false


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org