diff --git a/tasks/setup.yaml b/tasks/setup.yaml index f8decec..7f3abf8 100644 --- a/tasks/setup.yaml +++ b/tasks/setup.yaml @@ -5,9 +5,12 @@ tasks: description: The version of k3d-core-slim-dev to deploy # renovate: datasource=github-tags depName=defenseunicorns/uds-core versioning=semver default: 0.18.0 + insecure_keycloak_admin: + description: Automatically set a keycloak admin username / password + default: "true" actions: - description: Create k3d cluster with slim UDS Core - cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-slim-dev:${{ .inputs.version }} --confirm --no-progress --no-tea + cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-slim-dev:${{ .inputs.version }} --set INSECURE_ADMIN_PASSWORD_GENERATION=${{ .inputs.insecure_keycloak_admin }} --confirm --no-progress --no-tea - name: k3d-full-cluster inputs: @@ -15,6 +18,59 @@ tasks: description: The version of k3d-core-demo to deploy # renovate: datasource=github-tags depName=defenseunicorns/uds-core versioning=semver default: 0.18.0 + insecure_keycloak_admin: + description: Automatically set a keycloak admin username / password + default: "true" actions: - description: Deploy all of the UDS Core Package into the current cluster - cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-demo:${{ .inputs.version }} --confirm --no-progress --no-tea + cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-demo:${{ .inputs.version }} --set INSECURE_ADMIN_PASSWORD_GENERATION=${{ .inputs.insecure_keycloak_admin }} --confirm --no-progress --no-tea + + - name: print-keycloak-admin-password + actions: + - description: Print the default keycloak admin password to standard out (if available) + cmd: ./uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d + + - name: create-doug-user + actions: + - description: Create a user named 'doug' in the uds realm of keycloak (using the default admin account) + cmd: | + KEYCLOAK_ADMIN_PASSWORD=$(./uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d) + KEYCLOAK_ADMIN_TOKEN=$(curl -s --location "https://keycloak.admin.uds.dev/realms/master/protocol/openid-connect/token" \ + --header "Content-Type: application/x-www-form-urlencoded" \ + --data-urlencode "username=admin" \ + --data-urlencode "password=${KEYCLOAK_ADMIN_PASSWORD}" \ + --data-urlencode "client_id=admin-cli" \ + --data-urlencode "grant_type=password" | ./uds zarf tools yq .access_token) + + # Create the doug user in the UDS Realm + curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/users" \ + --header "Content-Type: application/json" \ + --header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \ + --data-raw '{ + "username": "doug", + "firstName": "Doug", + "lastName": "Unicorn", + "email": "doug@uds.dev", + "emailVerified": true, + "enabled": true, + "requiredActions": [], + "credentials": [ + { + "type": "password", + "value": "unicorn123!@#", + "temporary": false + } + ] + }' + + # Disable 2FA + CONDITIONAL_OTP_ID=$(curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \ + --header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" | ./uds zarf tools yq '.[] | select(.displayName == "Conditional OTP") | .id') + + curl --location --request PUT "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \ + --header "Content-Type: application/json" \ + --header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \ + --data "{ + \"id\": \"${CONDITIONAL_OTP_ID}\", + \"requirement\": \"DISABLED\" + }"