DevFW-CICD/stacks
12
0
Fork 1
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

extends keycloak-config.yaml

Browse source
This commit is contained in:
franz.germann 2025-02-27 13:32:12 +01:00
parent a2b3e0cbd3
commit b804f2293f
2 changed files with 36 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
template/stacks/core/forgejo/secret.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-credentials
name: forgejo-oidc
namespace: gitea
type: Opaque
stringData:
key: forgejo
secret: nEJ7tmVYLjwuycF4vhBzCY8BVfk9LHDY
secret: uWEGALJKmNyUojJaK5LAK0w4OCEEDpDu

39
template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
View file

@ -200,10 +200,10 @@ data:
"oidc.ciba.grant.enabled": false
},
"alwaysDisplayInConsole": false,
"rootUrl": "https://gitea.{{{ .Env.DOMAIN }}}",
"rootUrl": "https://{{{ .Env.DOMAIN_GITEA }}}:443",
"baseUrl": "",
"redirectUris": [
"https://gitea.{{{ .Env.DOMAIN }}}/*"
"https://{{{ .Env.DOMAIN_GITEA }}}/*"
],
"webOrigins": [
"/*"
@ -370,12 +370,39 @@ spec:
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "backstage") | .id')
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
BACKSTAGE_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
curl -sS -H "Content-Type: application/json" \
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
=$(curl -sS -H "Content-Type: application/json" \
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
echo "creating Forgejo client"
curl -sS -H "Content-Type: application/json" \
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X POST --data @/var/config/forgejo-client-payload.json \
${KEYCLOAK_URL}/admin/realms/cnoe/clients
CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "forgejo") | .id')
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
curl -sS -H "Content-Type: application/json" \
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
FORGEJO_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
ARGOCD_PASSWORD=$(./kubectl -n argocd get secret argocd-initial-admin-secret -o go-template='{{.data.password | base64decode }}')
@ -394,6 +421,8 @@ spec:
ARGOCD_SESSION_TOKEN: ${ARGOCD_SESSION_TOKEN}
BACKSTAGE_CLIENT_SECRET: ${BACKSTAGE_CLIENT_SECRET}
BACKSTAGE_CLIENT_ID: backstage
FORGEJO_CLIENT_SECRET: ${FORGEJO_CLIENT_SECRET}
FORGEJO_CLIENT_ID: forgejo
" > /tmp/secret.yaml
./kubectl apply -f /tmp/secret.yaml