You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/19 14:53:22 UTC
[incubator-dlab] branch DLAB-terraform updated: added configuration
part of Keycloak
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-terraform by this push:
new c901cf1 added configuration part of Keycloak
new f6a5a6e Merge remote-tracking branch 'origin/DLAB-terraform' into DLAB-terraform
c901cf1 is described below
commit c901cf143008db205447934d02b0c16c6a231c36
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Fri Jul 19 17:53:08 2019 +0300
added configuration part of Keycloak
---
.../main/files/keycloak_values.yaml | 95 +++++++++++++++++++++-
1 file changed, 94 insertions(+), 1 deletion(-)
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
index 8edea7e..2bac0fd 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
@@ -23,4 +23,97 @@ keycloak:
nginx.ingress.kubernetes.io/rewrite-target: /auth
path: /auth
hosts:
- - ${ssn_k8s_alb_dns_name}
\ No newline at end of file
+ - ${ssn_k8s_alb_dns_name}
+
+startupScripts:
+ mystartup.sh: |
+ #!/bin/bash
+
+ set -x
+
+ auth () {
+ RUN=`/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://127.0.0.1:8080/auth --realm master \
+ --user dlab-admin --password 12345o > /dev/null && echo "true" || echo "false"`
+ }
+
+ check_realm () {
+ RUN=`/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab > /dev/null && echo "true" || echo "false"
+ }
+
+ configure_keycloak () {
+ # Create Realm
+ /opt/jboss/keycloak/bin/kcadm.sh create realms -f - << EOF
+ { "realm": "dlab", "enabled": true }
+ EOF
+
+ # Get realm ID
+ dlab_realm_id=`/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab | jq -r '.id'`
+
+ # Create user federation
+ /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=dlab-ldap -s providerId=ldap \
+ -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=$dlab_realm_id -s 'config.priority=["1"]' \
+ -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' \
+ -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s \
+ 'config.batchSizeForSync=["1000"]' -s 'config.editMode=["WRITABLE"]' -s 'config.syncRegistrations=["false"]' \
+ -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["uid"]' -s 'config.rdnLDAPAttribute=["uid"]' \
+ -s 'config.uuidLDAPAttribute=["entryUUID"]' -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' \
+ -s 'config.connectionUrl=["ldap://52.36.63.161:389"]' -s 'config.usersDn=["ou=People,dc=example,dc=com"]' \
+ -s 'config.authType=["simple"]' -s 'config.bindDn=["cn=admin,dc=example,dc=com"]' \
+ -s 'config.bindCredential=["LdaPStr0ngPaSSw0rd123"]' -s 'config.searchScope=["1"]' \
+ -s 'config.useTruststoreSpi=["ldapsOnly"]' -s 'config.connectionPooling=["true"]' -s 'config.pagination=["true"]' \
+ --server http://127.0.0.1:8080/auth
+
+ # Get user federation ID
+ user_f_id=`/opt/jboss/keycloak/bin/kcadm.sh get components -r dlab --query name=dlab-ldap | jq -er '.[].id'`
+
+ # Create user federation mapper
+ /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=uid-attribute-to-email-mapper \
+ -s providerId=user-attribute-ldap-mapper -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper \
+ -s parentId=$user_f_id -s 'config."user.model.attribute"=["email"]' \
+ -s 'config."ldap.attribute"=["uid"]' -s 'config."read.only"=["false"]' \
+ -s 'config."always.read.value.from.ldap"=["false"]' -s 'config."is.mandatory.in.ldap"=["false"]'
+
+ # Create client
+ /opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -f - << EOF
+ { "clientId": "dlab-ui", "enabled": true, "redirectUris": ["http://dlab-ui:58080/"] }
+ EOF
+ }
+
+ main_func () {
+ # Authentication
+ count=0
+ while auth
+ do
+ if [[ $RUN == "false" ]] && [[ $count < 120 ]];
+ then
+ echo "Waiting for Keycloak..."
+ sleep 5
+ count=$((count + 1))
+ elif [[ $RUN == "true" ]];
+ then
+ echo "Authenticated!"
+ break
+ else
+ echo "Timeout error!"
+ exit 1
+ fi
+ done
+
+ # Check if resource is already exist
+ check_realm
+
+ # Create resource if it isn't created
+ if [[ $RUN == "false" ]];
+ then
+ configure_keycloak
+ else
+ echo "Realm is already exist!"
+ fi
+
+
+ }
+
+ main_func &
+
+
+
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org