diff --git a/template/stacks/core/forgejo/secret.yaml b/template/stacks/core/forgejo/secret.yaml index 231a7f0..7d33fd6 100644 --- a/template/stacks/core/forgejo/secret.yaml +++ b/template/stacks/core/forgejo/secret.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: gitea-credentials + name: forgejo-oidc namespace: gitea type: Opaque stringData: key: forgejo - secret: nEJ7tmVYLjwuycF4vhBzCY8BVfk9LHDY \ No newline at end of file + secret: uWEGALJKmNyUojJaK5LAK0w4OCEEDpDu \ No newline at end of file diff --git a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml index c6b407e..baff0ef 100644 --- a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml +++ b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml @@ -200,10 +200,10 @@ data: "oidc.ciba.grant.enabled": false }, "alwaysDisplayInConsole": false, - "rootUrl": "https://gitea.{{{ .Env.DOMAIN }}}", + "rootUrl": "https://{{{ .Env.DOMAIN_GITEA }}}:443", "baseUrl": "", "redirectUris": [ - "https://gitea.{{{ .Env.DOMAIN }}}/*" + "https://{{{ .Env.DOMAIN_GITEA }}}/*" ], "webOrigins": [ "/*" @@ -370,12 +370,39 @@ spec: -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "backstage") | .id') - CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id') - curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID} + CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id') - BACKSTAGE_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \ + curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID} + + =$(curl -sS -H "Content-Type: application/json" \ -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret') + + echo "creating Forgejo client" + curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X POST --data @/var/config/forgejo-client-payload.json \ + ${KEYCLOAK_URL}/admin/realms/cnoe/clients + + CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "forgejo") | .id') + + CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id') + + curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID} + + FORGEJO_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret') ARGOCD_PASSWORD=$(./kubectl -n argocd get secret argocd-initial-admin-secret -o go-template='{{.data.password | base64decode }}') @@ -394,6 +421,8 @@ spec: ARGOCD_SESSION_TOKEN: ${ARGOCD_SESSION_TOKEN} BACKSTAGE_CLIENT_SECRET: ${BACKSTAGE_CLIENT_SECRET} BACKSTAGE_CLIENT_ID: backstage + FORGEJO_CLIENT_SECRET: ${FORGEJO_CLIENT_SECRET} + FORGEJO_CLIENT_ID: forgejo " > /tmp/secret.yaml ./kubectl apply -f /tmp/secret.yaml