Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add a default to setup to create an admin keycloak user #111

Merged
merged 9 commits into from
Apr 19, 2024
Merged

chore: add a default to setup to create an admin keycloak user #111

Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
f91bae3
chore: add a default to setup to create an admin keycloak user
Racer159 Apr 18, 2024
c8195a1
Merge branch 'main' into add-keycloak-admin-default
Racer159 Apr 18, 2024
f25981f
fix lint
Racer159 Apr 18, 2024
d9de861
fix input
Racer159 Apr 18, 2024
93205d8
add way to print password and a way to make a test user
Racer159 Apr 19, 2024
911e667
fix lint
Racer159 Apr 19, 2024
d7d29b4
Merge branch 'main' into add-keycloak-admin-default
Racer159 Apr 19, 2024
22c0f90
Update tasks/setup.yaml
Racer159 Apr 19, 2024
1e2723e
add ./uds zarf tools
Racer159 Apr 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
60 changes: 58 additions & 2 deletions tasks/setup.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,72 @@ tasks:
description: The version of k3d-core-slim-dev to deploy
# renovate: datasource=github-tags depName=defenseunicorns/uds-core versioning=semver
default: 0.18.0
insecure_keycloak_admin:
description: Automatically set a keycloak admin username / password
default: "true"
actions:
- description: Create k3d cluster with slim UDS Core
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-slim-dev:${{ .inputs.version }} --confirm --no-progress --no-tea
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-slim-dev:${{ .inputs.version }} --set INSECURE_ADMIN_PASSWORD_GENERATION=${{ .inputs.insecure_keycloak_admin }} --confirm --no-progress --no-tea

- name: k3d-full-cluster
inputs:
version:
description: The version of k3d-core-demo to deploy
# renovate: datasource=github-tags depName=defenseunicorns/uds-core versioning=semver
default: 0.18.0
insecure_keycloak_admin:
description: Automatically set a keycloak admin username / password
default: "true"
actions:
- description: Deploy all of the UDS Core Package into the current cluster
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-demo:${{ .inputs.version }} --confirm --no-progress --no-tea
cmd: ./uds deploy oci://defenseunicorns/uds/bundles/k3d-core-demo:${{ .inputs.version }} --set INSECURE_ADMIN_PASSWORD_GENERATION=${{ .inputs.insecure_keycloak_admin }} --confirm --no-progress --no-tea

- name: print-keycloak-admin-password
actions:
- description: Print the default keycloak admin password to standard out (if available)
cmd: ./uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d

- name: create-doug-user
actions:
- description: Create a user named 'doug' in the uds realm of keycloak (using the default admin account)
cmd: |
KEYCLOAK_ADMIN_PASSWORD=$(./uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d)
KEYCLOAK_ADMIN_TOKEN=$(curl -s --location "https://keycloak.admin.uds.dev/realms/master/protocol/openid-connect/token" \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "username=admin" \
--data-urlencode "password=${KEYCLOAK_ADMIN_PASSWORD}" \
--data-urlencode "client_id=admin-cli" \
--data-urlencode "grant_type=password" | yq .access_token)
Racer159 marked this conversation as resolved.
Show resolved Hide resolved

# Create the doug user in the UDS Realm
curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/users" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
--data-raw '{
"username": "doug",
"firstName": "Doug",
"lastName": "Unicorn",
"email": "doug@defenseunicorns.com",
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
"emailVerified": true,
"enabled": true,
"requiredActions": [],
"credentials": [
{
"type": "password",
"value": "unicorn123!@#",
"temporary": false
}
]
}'

# Disable 2FA
CONDITIONAL_OTP_ID=$(curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" | yq '.[] | select(.displayName == "Conditional OTP") | .id')
Racer159 marked this conversation as resolved.
Show resolved Hide resolved

curl --location --request PUT "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
--data "{
\"id\": \"${CONDITIONAL_OTP_ID}\",
\"requirement\": \"DISABLED\"
}"