Skip to content

Commit

Permalink
feat: support changing more settings in keycloak
Browse files Browse the repository at this point in the history
  • Loading branch information
shreddedbacon committed Aug 1, 2023
1 parent 8c03d29 commit a85aaee
Show file tree
Hide file tree
Showing 5 changed files with 63 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,7 @@ api-development: build/api build/api-db build/local-api-data-watcher-pusher buil

.PHONY: ui-logs-development
ui-logs-development: build/actions-handler build/api build/api-db build/local-api-data-watcher-pusher build/keycloak build/keycloak-db build/broker-single build/api-redis build/logs2notifications build/local-minio
IMAGE_REPO=$(CI_BUILD_TAG) docker-compose -p $(CI_BUILD_TAG) --compatibility up -d api api-db actions-handler local-api-data-watcher-pusher ui keycloak keycloak-db broker api-redis logs2notifications local-minio local-minio-upload
IMAGE_REPO=$(CI_BUILD_TAG) docker-compose -p $(CI_BUILD_TAG) --compatibility up -d api api-db actions-handler local-api-data-watcher-pusher ui keycloak keycloak-db broker api-redis logs2notifications local-minio local-minio-upload mailhog

## CI targets

Expand Down
5 changes: 4 additions & 1 deletion docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ services:
mailhog:
image: mailhog/mailhog
ports:
- 8025
- '32025:8025'
webhooks2tasks:
image: ${IMAGE_REPO:-lagoon}/webhooks2tasks
command: yarn run dev
Expand Down Expand Up @@ -127,9 +127,12 @@ services:
- keycloak-db
ports:
- '8088:8080'
environment:
- KEYCLOAK_ADMIN_EMAIL=admin@example.com
volumes:
- "./services/keycloak/profile.properties:/opt/jboss/keycloak/standalone/configuration/profile.properties"
- "./services/keycloak/startup-scripts:/opt/jboss/startup-scripts"
- "./local-dev/keycloak:/lagoon/keycloak"
keycloak-db:
image: ${IMAGE_REPO:-lagoon}/keycloak-db
ports:
Expand Down
5 changes: 5 additions & 0 deletions local-dev/keycloak/keycloak-realm-settings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"rememberMe": true,
"resetPasswordAllowed": true,
"verifyEmail": false
}
16 changes: 16 additions & 0 deletions local-dev/keycloak/keycloak-smtp-settings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"smtpServer": {
"envelopeFrom": "lagoon@example.com",
"from": "lagoon@example.com",
"fromDisplayName": "Lagoon",
"host": "mailhog",
"port": "1025",
"replyTo": "lagoon@example.com",
"replyToDisplayName": "Lagoon No-Reply",
"ssl": "false",
"starttls": "false",
"auth": "false",
"user": "not-used-if-auth=false",
"password": "not-used-if-auth=false"
}
}
37 changes: 37 additions & 0 deletions services/keycloak/startup-scripts/00-configure-lagoon.sh
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ function configure_lagoon_realm {
CLIENT_ID=$(/opt/jboss/keycloak/bin/kcadm.sh get -r lagoon clients?clientId=lagoon-ui --config $CONFIG_PATH | jq -r '.[0]["id"]')
echo '{"protocol":"openid-connect","config":{"id.token.claim":"true","access.token.claim":"true","userinfo.token.claim":"true","user.attribute":"lagoon-uid","claim.name":"lagoon.user_id","jsonType.label":"int","multivalued":""},"name":"Lagoon User ID","protocolMapper":"oidc-usermodel-attribute-mapper"}' | /opt/jboss/keycloak/bin/kcadm.sh create -r ${KEYCLOAK_REALM:-master} clients/$CLIENT_ID/protocol-mappers/models --config $CONFIG_PATH -f -

# don't use KEYCLOAK_REALM_SETTINGS, use the 'configure_realm_settings' way to pass values from a file (inject by configmap/volume mount)
if [ "$KEYCLOAK_REALM_SETTINGS" ]; then
echo Applying extra Realm settings
echo $KEYCLOAK_REALM_SETTINGS | /opt/jboss/keycloak/bin/kcadm.sh update realms/${KEYCLOAK_REALM:-master} --config $CONFIG_PATH -f -
Expand All @@ -90,6 +91,39 @@ function configure_lagoon_realm {
fi
}

function configure_admin_email {
# Configure the admin user with an email address so that email configuration can be enabled in the lagoon realm
# this will always update the email address of the admin user if it is defined
if [ "$KEYCLOAK_ADMIN_EMAIL" != "" ]; then
echo Configuring admin user email to ${KEYCLOAK_ADMIN_EMAIL}
ADMIN_USER_ID=$(/opt/jboss/keycloak/bin/kcadm.sh get users -r master --config $CONFIG_PATH -q username=admin | jq -r '.[0]|.id')
/opt/jboss/keycloak/bin/kcadm.sh update users/${ADMIN_USER_ID} --config $CONFIG_PATH -s "email=${KEYCLOAK_ADMIN_EMAIL}"
fi

}

function configure_smtp_settings {
# this checks if the file containing the json data for email configuration exists
if [ "$KEYCLOAK_ADMIN_EMAIL" == "" ] && [ -f "/lagoon/keycloak/keycloak-smtp-settings.json" ]; then
echo "Admin email must be set to configure lagoon realm email server settings"
return 0
fi
if [ -f "/lagoon/keycloak/keycloak-smtp-settings.json" ]; then
echo Configuring lagoon realm email server settings
/opt/jboss/keycloak/bin/kcadm.sh update realms/lagoon --config $CONFIG_PATH -f /lagoon/keycloak/keycloak-smtp-settings.json
fi

}

function configure_realm_settings {
# this checks if the file containing the json data for realm settings exists
if [ -f "/lagoon/keycloak/keycloak-realm-settings.json" ]; then
echo Configuring lagoon realm settings
/opt/jboss/keycloak/bin/kcadm.sh update realms/lagoon --config $CONFIG_PATH -f /lagoon/keycloak/keycloak-realm-settings.json
fi

}

function configure_opendistro_security_client {

# delete old SearchGuard Clients
Expand Down Expand Up @@ -2346,6 +2380,9 @@ function configure_keycloak {

# Sets the order of migrations, add new ones at the end.
configure_lagoon_realm
configure_admin_email
configure_smtp_settings
configure_realm_settings
configure_opendistro_security_client
configure_api_client
add_group_viewall
Expand Down

0 comments on commit a85aaee

Please sign in to comment.