-
Notifications
You must be signed in to change notification settings - Fork 7
/
setup.yaml
79 lines (73 loc) · 3.84 KB
/
setup.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
tasks:
- name: k3d-test-cluster
inputs:
version:
description: The version of k3d-core-slim-dev to deploy
# renovate: datasource=github-tags depName=defenseunicorns/uds-core versioning=semver
default: 0.21.1
insecure_keycloak_admin:
description: Automatically set a keycloak admin username / password
default: "true"
actions:
- description: Create k3d cluster with slim UDS Core
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-slim-dev:${{ .inputs.version }} --set INSECURE_ADMIN_PASSWORD_GENERATION=${{ .inputs.insecure_keycloak_admin }} --confirm --no-progress --no-tea
- name: k3d-full-cluster
inputs:
version:
description: The version of k3d-core-demo to deploy
# renovate: datasource=github-tags depName=defenseunicorns/uds-core versioning=semver
default: 0.21.1
insecure_keycloak_admin:
description: Automatically set a keycloak admin username / password
default: "true"
actions:
- description: Deploy all of the UDS Core Package into the current cluster
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-demo:${{ .inputs.version }} --set INSECURE_ADMIN_PASSWORD_GENERATION=${{ .inputs.insecure_keycloak_admin }} --confirm --no-progress --no-tea
- name: print-keycloak-admin-password
actions:
- description: Print the default keycloak admin password to standard out (if available)
cmd: ./uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d
- name: create-doug-user
actions:
- description: Create a user named 'doug' in the uds realm of keycloak (using the default admin account)
cmd: |
KEYCLOAK_ADMIN_PASSWORD=$(./uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d)
KEYCLOAK_ADMIN_TOKEN=$(curl -s --location "https://keycloak.admin.uds.dev/realms/master/protocol/openid-connect/token" \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "username=admin" \
--data-urlencode "password=${KEYCLOAK_ADMIN_PASSWORD}" \
--data-urlencode "client_id=admin-cli" \
--data-urlencode "grant_type=password" | ./uds zarf tools yq .access_token)
# Create the doug user in the UDS Realm
curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/users" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
--data-raw '{
"username": "doug",
"firstName": "Doug",
"lastName": "Unicorn",
"email": "doug@uds.dev",
"attributes": {
"mattermostid": "1"
},
"emailVerified": true,
"enabled": true,
"requiredActions": [],
"credentials": [
{
"type": "password",
"value": "unicorn123!@#",
"temporary": false
}
]
}'
# Disable 2FA
CONDITIONAL_OTP_ID=$(curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" | ./uds zarf tools yq '.[] | select(.displayName == "Conditional OTP") | .id')
curl --location --request PUT "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
--data "{
\"id\": \"${CONDITIONAL_OTP_ID}\",
\"requirement\": \"DISABLED\"
}"