Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: add migration to keycloak startup to set client redirect uris #3640

Merged
merged 2 commits into from
Feb 6, 2024
Merged

refactor: add migration to keycloak startup to set client redirect uris #3640

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9173b0c
refactor: add migration to keycloak to change client redirect uris
shreddedbacon Jan 16, 2024
80f74f9
refactor: based on review comments
shreddedbacon Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 53 additions & 33 deletions services/keycloak/startup-scripts/00-configure-lagoon.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,58 @@ function sync_client_secrets {
fi
}

function configure_admin_email {
# Configure the admin user with an email address so that email configuration can be enabled in the lagoon realm
# this will always update the email address of the admin user if it is defined
if [ "$KEYCLOAK_ADMIN_EMAIL" != "" ]; then
echo Configuring admin user email to ${KEYCLOAK_ADMIN_EMAIL}
ADMIN_USER_ID=$(/opt/jboss/keycloak/bin/kcadm.sh get users -r master --config $CONFIG_PATH -q username=admin | jq -r '.[0]|.id')
/opt/jboss/keycloak/bin/kcadm.sh update users/${ADMIN_USER_ID} --config $CONFIG_PATH -s "email=${KEYCLOAK_ADMIN_EMAIL}"
fi

}

function configure_smtp_settings {
# this checks if the file containing the json data for email configuration exists
if [ "$KEYCLOAK_ADMIN_EMAIL" == "" ] && [ -f "/lagoon/keycloak/keycloak-smtp-settings.json" ]; then
echo "Admin email must be set to configure lagoon realm email server settings"
return 0
fi
if [ -f "/lagoon/keycloak/keycloak-smtp-settings.json" ]; then
echo Configuring lagoon realm email server settings
/opt/jboss/keycloak/bin/kcadm.sh update realms/lagoon --config $CONFIG_PATH -f /lagoon/keycloak/keycloak-smtp-settings.json
fi

}

function configure_realm_settings {
# this checks if the file containing the json data for realm settings exists
if [ -f "/lagoon/keycloak/keycloak-realm-settings.json" ]; then
echo Configuring lagoon realm settings
/opt/jboss/keycloak/bin/kcadm.sh update realms/lagoon --config $CONFIG_PATH -f /lagoon/keycloak/keycloak-realm-settings.json
fi

}

function configure_lagoon_redirect_uris {
# this will always run, and will always ensure that the redirect uris are up to date
# changes to redirect uris should be made via the chart/envvars
# the value of this variable is a comma separated list of redirect uris
# eg KEYCLOAK_LAGOON_UI_CLIENT_REDIRECT_URIS="http://localhost:8888/redirect1,http://localhost:8888/redirect2"
#
if [ "$KEYCLOAK_LAGOON_UI_CLIENT_REDIRECT_URIS" != "" ]; then
echo "Updating lagoon-ui redirect URIs"
redirect_uris=$(echo $KEYCLOAK_LAGOON_UI_CLIENT_REDIRECT_URIS | tr "," "\n")
update_redirect_uri="["
for addr in $redirect_uris;do
update_redirect_uri+="\"$addr\","
done
update_redirect_uri=$(echo $update_redirect_uri | sed 's/,*$//g')]
LAGOON_UI_CLIENT_ID=$(/opt/jboss/keycloak/bin/kcadm.sh get -r lagoon clients?clientId=lagoon-ui --config $CONFIG_PATH | jq -r '.[0]["id"]')
/opt/jboss/keycloak/bin/kcadm.sh update clients/${LAGOON_UI_CLIENT_ID} -s redirectUris=$update_redirect_uri --config "$CONFIG_PATH" -r ${KEYCLOAK_REALM:-master}
fi
}

##############
# Migrations #
##############
Expand Down Expand Up @@ -91,39 +143,6 @@ function configure_lagoon_realm {
fi
}

function configure_admin_email {
# Configure the admin user with an email address so that email configuration can be enabled in the lagoon realm
# this will always update the email address of the admin user if it is defined
if [ "$KEYCLOAK_ADMIN_EMAIL" != "" ]; then
echo Configuring admin user email to ${KEYCLOAK_ADMIN_EMAIL}
ADMIN_USER_ID=$(/opt/jboss/keycloak/bin/kcadm.sh get users -r master --config $CONFIG_PATH -q username=admin | jq -r '.[0]|.id')
/opt/jboss/keycloak/bin/kcadm.sh update users/${ADMIN_USER_ID} --config $CONFIG_PATH -s "email=${KEYCLOAK_ADMIN_EMAIL}"
fi

}

function configure_smtp_settings {
# this checks if the file containing the json data for email configuration exists
if [ "$KEYCLOAK_ADMIN_EMAIL" == "" ] && [ -f "/lagoon/keycloak/keycloak-smtp-settings.json" ]; then
echo "Admin email must be set to configure lagoon realm email server settings"
return 0
fi
if [ -f "/lagoon/keycloak/keycloak-smtp-settings.json" ]; then
echo Configuring lagoon realm email server settings
/opt/jboss/keycloak/bin/kcadm.sh update realms/lagoon --config $CONFIG_PATH -f /lagoon/keycloak/keycloak-smtp-settings.json
fi

}

function configure_realm_settings {
# this checks if the file containing the json data for realm settings exists
if [ -f "/lagoon/keycloak/keycloak-realm-settings.json" ]; then
echo Configuring lagoon realm settings
/opt/jboss/keycloak/bin/kcadm.sh update realms/lagoon --config $CONFIG_PATH -f /lagoon/keycloak/keycloak-realm-settings.json
fi

}

function configure_opendistro_security_client {

# delete old SearchGuard Clients
Expand Down Expand Up @@ -2510,6 +2529,7 @@ function configure_keycloak {
add_development_task_cancel
add_production_task_cancel
add_organization_viewall
configure_lagoon_redirect_uris


# always run last
Expand Down