You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/19 14:53:22 UTC

[incubator-dlab] branch DLAB-terraform updated: added configuration part of Keycloak

This is an automated email from the ASF dual-hosted git repository.

omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git


The following commit(s) were added to refs/heads/DLAB-terraform by this push:
     new c901cf1  added configuration part of Keycloak
     new f6a5a6e  Merge remote-tracking branch 'origin/DLAB-terraform' into DLAB-terraform
c901cf1 is described below

commit c901cf143008db205447934d02b0c16c6a231c36
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Fri Jul 19 17:53:08 2019 +0300

    added configuration part of Keycloak
---
 .../main/files/keycloak_values.yaml                | 95 +++++++++++++++++++++-
 1 file changed, 94 insertions(+), 1 deletion(-)

diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
index 8edea7e..2bac0fd 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
@@ -23,4 +23,97 @@ keycloak:
       nginx.ingress.kubernetes.io/rewrite-target: /auth
     path: /auth
     hosts:
-      - ${ssn_k8s_alb_dns_name}
\ No newline at end of file
+      - ${ssn_k8s_alb_dns_name}
+
+startupScripts:
+  mystartup.sh: |
+    #!/bin/bash
+
+    set -x
+
+    auth () {
+        RUN=`/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://127.0.0.1:8080/auth --realm master \
+        --user dlab-admin --password 12345o > /dev/null && echo "true" || echo "false"`
+    }
+
+    check_realm () {
+            RUN=`/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab > /dev/null && echo "true" || echo "false"
+    }
+
+    configure_keycloak () {
+        # Create Realm
+        /opt/jboss/keycloak/bin/kcadm.sh create realms -f - << EOF
+        { "realm": "dlab", "enabled": true }
+        EOF
+
+        # Get realm ID
+        dlab_realm_id=`/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab | jq -r '.id'`
+
+        # Create user federation
+        /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=dlab-ldap -s providerId=ldap \
+        -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=$dlab_realm_id  -s 'config.priority=["1"]' \
+        -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' \
+        -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s \
+        'config.batchSizeForSync=["1000"]' -s 'config.editMode=["WRITABLE"]' -s 'config.syncRegistrations=["false"]' \
+        -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["uid"]' -s 'config.rdnLDAPAttribute=["uid"]' \
+        -s 'config.uuidLDAPAttribute=["entryUUID"]' -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' \
+        -s 'config.connectionUrl=["ldap://52.36.63.161:389"]'  -s 'config.usersDn=["ou=People,dc=example,dc=com"]' \
+        -s 'config.authType=["simple"]' -s 'config.bindDn=["cn=admin,dc=example,dc=com"]' \
+        -s 'config.bindCredential=["LdaPStr0ngPaSSw0rd123"]' -s 'config.searchScope=["1"]' \
+        -s 'config.useTruststoreSpi=["ldapsOnly"]' -s 'config.connectionPooling=["true"]' -s 'config.pagination=["true"]'  \
+        --server http://127.0.0.1:8080/auth
+
+        # Get user federation ID
+        user_f_id=`/opt/jboss/keycloak/bin/kcadm.sh get components -r dlab --query name=dlab-ldap | jq -er '.[].id'`
+
+        # Create user federation mapper
+        /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=uid-attribute-to-email-mapper \
+        -s providerId=user-attribute-ldap-mapper -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper \
+        -s parentId=$user_f_id -s 'config."user.model.attribute"=["email"]' \
+        -s 'config."ldap.attribute"=["uid"]' -s 'config."read.only"=["false"]' \
+        -s 'config."always.read.value.from.ldap"=["false"]' -s 'config."is.mandatory.in.ldap"=["false"]'
+
+        # Create client
+        /opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -f - << EOF
+        { "clientId": "dlab-ui", "enabled": true, "redirectUris": ["http://dlab-ui:58080/"] }
+        EOF
+    }
+
+    main_func () {
+        # Authentication
+        count=0
+        while auth
+        do
+        if [[ $RUN == "false" ]] && [[ $count < 120 ]];
+        then
+            echo "Waiting for Keycloak..."
+            sleep 5
+            count=$((count + 1))
+        elif [[ $RUN == "true" ]];
+        then
+            echo "Authenticated!"
+            break
+        else
+            echo "Timeout error!"
+            exit 1
+        fi
+        done
+
+        # Check if resource is already exist
+        check_realm
+
+        # Create resource if it isn't created
+        if [[ $RUN == "false" ]];
+        then
+            configure_keycloak
+        else
+            echo "Realm is already exist!"
+        fi
+
+
+    }
+
+    main_func &
+
+
+


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org