Skip to content

Commit

Permalink
chore: add a default to setup to create an admin keycloak user (#111)
Browse files Browse the repository at this point in the history 
Co-authored-by: zamaz <71521611+zachariahmiller@users.noreply.github.com>
  • Loading branch information
@Racer159 @zachariahmiller
Racer159 and zachariahmiller committed Apr 19, 2024
1 parent b604d2e commit 7fe0dd4
Showing 1 changed file with 58 additions and 2 deletions.
60 changes: 58 additions & 2 deletions tasks/setup.yaml
View file
Expand Up @@ -5,16 +5,72 @@ tasks:
description: The version of k3d-core-slim-dev to deploy
# renovate: datasource=github-tags depName=defenseunicorns/uds-core versioning=semver
default: 0.18.0
insecure_keycloak_admin:
description: Automatically set a keycloak admin username / password
default: "true"
actions:
- description: Create k3d cluster with slim UDS Core
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-slim-dev:${{ .inputs.version }} --confirm --no-progress --no-tea
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-slim-dev:${{ .inputs.version }} --set INSECURE_ADMIN_PASSWORD_GENERATION=${{ .inputs.insecure_keycloak_admin }} --confirm --no-progress --no-tea

- name: k3d-full-cluster
inputs:
version:
description: The version of k3d-core-demo to deploy
# renovate: datasource=github-tags depName=defenseunicorns/uds-core versioning=semver
default: 0.18.0
insecure_keycloak_admin:
description: Automatically set a keycloak admin username / password
default: "true"
actions:
- description: Deploy all of the UDS Core Package into the current cluster
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-demo:${{ .inputs.version }} --confirm --no-progress --no-tea
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-demo:${{ .inputs.version }} --set INSECURE_ADMIN_PASSWORD_GENERATION=${{ .inputs.insecure_keycloak_admin }} --confirm --no-progress --no-tea

- name: print-keycloak-admin-password
actions:
- description: Print the default keycloak admin password to standard out (if available)
cmd: ./uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d

- name: create-doug-user
actions:
- description: Create a user named 'doug' in the uds realm of keycloak (using the default admin account)
cmd: |
KEYCLOAK_ADMIN_PASSWORD=$(./uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d)
KEYCLOAK_ADMIN_TOKEN=$(curl -s --location "https://keycloak.admin.uds.dev/realms/master/protocol/openid-connect/token" \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "username=admin" \
--data-urlencode "password=${KEYCLOAK_ADMIN_PASSWORD}" \
--data-urlencode "client_id=admin-cli" \
--data-urlencode "grant_type=password" | ./uds zarf tools yq .access_token)
# Create the doug user in the UDS Realm
curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/users" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
--data-raw '{
"username": "doug",
"firstName": "Doug",
"lastName": "Unicorn",
"email": "doug@uds.dev",
"emailVerified": true,
"enabled": true,
"requiredActions": [],
"credentials": [
{
"type": "password",
"value": "unicorn123!@#",
"temporary": false
}
]
}'
# Disable 2FA
CONDITIONAL_OTP_ID=$(curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" | ./uds zarf tools yq '.[] | select(.displayName == "Conditional OTP") | .id')
curl --location --request PUT "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
--data "{
\"id\": \"${CONDITIONAL_OTP_ID}\",
\"requirement\": \"DISABLED\"
}"

0 comments on commit 7fe0dd4

Please sign in to comment.