Added Forgejo to Keycloak config
This commit is contained in:
Richard Robert Reitz
parent
7a5e29e47d
commit
2532958de8
1 changed files with 104 additions and 45 deletions
|
|
@ -181,34 +181,6 @@ data:
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
forgejo-client-payload.json: |
|
|
||||||
{
|
|
||||||
"protocol": "openid-connect",
|
|
||||||
"clientId": "forgejo",
|
|
||||||
"name": "Forgejo Client",
|
|
||||||
"description": "Used for Forgejo SSO",
|
|
||||||
"publicClient": false,
|
|
||||||
"authorizationServicesEnabled": false,
|
|
||||||
"serviceAccountsEnabled": false,
|
|
||||||
"implicitFlowEnabled": false,
|
|
||||||
"directAccessGrantsEnabled": true,
|
|
||||||
"standardFlowEnabled": true,
|
|
||||||
"frontchannelLogout": true,
|
|
||||||
"attributes": {
|
|
||||||
"saml_idp_initiated_sso_url_name": "",
|
|
||||||
"oauth2.device.authorization.grant.enabled": false,
|
|
||||||
"oidc.ciba.grant.enabled": false
|
|
||||||
},
|
|
||||||
"alwaysDisplayInConsole": false,
|
|
||||||
"rootUrl": "https://{{{ .Env.DOMAIN_GITEA }}}:443",
|
|
||||||
"baseUrl": "",
|
|
||||||
"redirectUris": [
|
|
||||||
"https://{{{ .Env.DOMAIN_GITEA }}}/*"
|
|
||||||
],
|
|
||||||
"webOrigins": [
|
|
||||||
"/*"
|
|
||||||
]
|
|
||||||
|
|
||||||
grafana-client-payload.json: |
|
grafana-client-payload.json: |
|
||||||
{
|
{
|
||||||
"clientId": "grafana",
|
"clientId": "grafana",
|
||||||
|
|
@ -247,6 +219,64 @@ data:
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
argocd-client-payload.json: |
|
||||||
|
{
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"clientId": "argocd",
|
||||||
|
"name": "ArgoCD Client",
|
||||||
|
"description": "Used for ArgoCD SSO",
|
||||||
|
"publicClient": false,
|
||||||
|
"authorizationServicesEnabled": false,
|
||||||
|
"serviceAccountsEnabled": false,
|
||||||
|
"implicitFlowEnabled": false,
|
||||||
|
"directAccessGrantsEnabled": true,
|
||||||
|
"standardFlowEnabled": true,
|
||||||
|
"frontchannelLogout": true,
|
||||||
|
"attributes": {
|
||||||
|
"saml_idp_initiated_sso_url_name": "",
|
||||||
|
"oauth2.device.authorization.grant.enabled": false,
|
||||||
|
"oidc.ciba.grant.enabled": false
|
||||||
|
},
|
||||||
|
"alwaysDisplayInConsole": false,
|
||||||
|
"rootUrl": "",
|
||||||
|
"baseUrl": "",
|
||||||
|
"redirectUris": [
|
||||||
|
"https://{{{ .Env.DOMAIN }}}/*"
|
||||||
|
],
|
||||||
|
"webOrigins": [
|
||||||
|
"/*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
forgejo-client-payload.json: |
|
||||||
|
{
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"clientId": "forgejo",
|
||||||
|
"name": "Forgejo Client",
|
||||||
|
"description": "Used for Forgejo SSO",
|
||||||
|
"publicClient": false,
|
||||||
|
"authorizationServicesEnabled": false,
|
||||||
|
"serviceAccountsEnabled": false,
|
||||||
|
"implicitFlowEnabled": false,
|
||||||
|
"directAccessGrantsEnabled": true,
|
||||||
|
"standardFlowEnabled": true,
|
||||||
|
"frontchannelLogout": true,
|
||||||
|
"attributes": {
|
||||||
|
"saml_idp_initiated_sso_url_name": "",
|
||||||
|
"oauth2.device.authorization.grant.enabled": false,
|
||||||
|
"oidc.ciba.grant.enabled": false
|
||||||
|
},
|
||||||
|
"alwaysDisplayInConsole": false,
|
||||||
|
"rootUrl": "",
|
||||||
|
"baseUrl": "",
|
||||||
|
"redirectUris": [
|
||||||
|
"https://{{{ .Env.DOMAIN }}}/*"
|
||||||
|
],
|
||||||
|
"webOrigins": [
|
||||||
|
"/*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
|
|
@ -411,8 +441,13 @@ spec:
|
||||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "grafana") | .id')
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "grafana") | .id')
|
||||||
|
|
||||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||||
curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||||
|
|
||||||
|
curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||||
|
|
||||||
GRAFANA_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
GRAFANA_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
||||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
|
@ -440,6 +475,28 @@ spec:
|
||||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||||
|
|
||||||
|
echo "creating ArgoCD client"
|
||||||
|
curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X POST --data @/var/config/argocd-client-payload.json \
|
||||||
|
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||||
|
|
||||||
|
CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "argocd") | .id')
|
||||||
|
|
||||||
|
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||||
|
|
||||||
|
curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||||
|
|
||||||
|
ARGOCD_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||||
|
|
||||||
echo "creating Forgejo client"
|
echo "creating Forgejo client"
|
||||||
curl -sS -H "Content-Type: application/json" \
|
curl -sS -H "Content-Type: application/json" \
|
||||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
|
@ -479,10 +536,12 @@ spec:
|
||||||
ARGOCD_SESSION_TOKEN: ${ARGOCD_SESSION_TOKEN}
|
ARGOCD_SESSION_TOKEN: ${ARGOCD_SESSION_TOKEN}
|
||||||
BACKSTAGE_CLIENT_SECRET: ${BACKSTAGE_CLIENT_SECRET}
|
BACKSTAGE_CLIENT_SECRET: ${BACKSTAGE_CLIENT_SECRET}
|
||||||
BACKSTAGE_CLIENT_ID: backstage
|
BACKSTAGE_CLIENT_ID: backstage
|
||||||
FORGEJO_CLIENT_SECRET: ${FORGEJO_CLIENT_SECRET}
|
|
||||||
FORGEJO_CLIENT_ID: forgejo
|
|
||||||
GRAFANA_CLIENT_SECRET: ${GRAFANA_CLIENT_SECRET}
|
GRAFANA_CLIENT_SECRET: ${GRAFANA_CLIENT_SECRET}
|
||||||
GRAFANA_CLIENT_ID: grafana
|
GRAFANA_CLIENT_ID: grafana
|
||||||
|
ARGOCD_CLIENT_SECRET: ${ARGOCD_CLIENT_SECRET}
|
||||||
|
ARGOCD_CLIENT_ID: argocd
|
||||||
|
FORGEJO_CLIENT_SECRET: ${FORGEJO_CLIENT_SECRET}
|
||||||
|
FORGEJO_CLIENT_ID: forgejo
|
||||||
" > /tmp/secret.yaml
|
" > /tmp/secret.yaml
|
||||||
|
|
||||||
./kubectl apply -f /tmp/secret.yaml
|
./kubectl apply -f /tmp/secret.yaml
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue