Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sig#578 - Enhancement keycloak seeding job to seed variables and secrets #438

Closed
Tracked by #578
jjeroch opened this issue Jan 24, 2024 · 3 comments · Fixed by #910
Closed
Tracked by #578

sig#578 - Enhancement keycloak seeding job to seed variables and secrets #438

jjeroch opened this issue Jan 24, 2024 · 3 comments · Fixed by #910
Assignees
@ntruchsess
Milestone
Release 24.12

Comments

@jjeroch
Copy link
Contributor

jjeroch commented Jan 24, 2024

Summary

Enhancement keycloak seeding job to seed variables and secrets

Please be aware of the changes done to the keycloak seeding in course of #346 (created as short term solution for 23.12.)
@jjeroch
Copy link
Contributor Author

jjeroch commented Mar 5, 2024

Last comment from norbert: as a first step in PR #363 all code referring to UserEntityId (companyUsers) respectivly ClientId (ServiceAccounts) has been refactored to make use of username / clientClientId instead. As with this change the keycloak's primary key of those entities doesn't matter any more it allows to seed keycloak-data via the api independently from the database-content.
For now the UserEntityId is left as a fallback to authenticate companyUsers that do not have the username set to their identityId. This refers to manually created test-data that needs to be cleaned up as a follow-up activity before removing the UserEntityId from the db-scheme entirely.

The PR is approved, merged and successfully tested on DEV

@jjeroch jjeroch added this to the Version CX Release 24.05 (dev) milestone Mar 5, 2024
@jjeroch jjeroch mentioned this issue Mar 24, 2024
Open
7 tasks
@evegufy evegufy mentioned this issue Apr 9, 2024
Closed
@ntruchsess
Copy link
Contributor

ntruchsess commented Jun 20, 2024
edited
Loading

implemented for Client-Secrets:
new config-element:

  "KeycloakSeeding": {
    "DataPaths": [ "..." ],
    "InstanceName": "...",
    "Secrets": {
      "Realm": "...",
      "Clients": [
        {
          "ClientId": "...",
          "Secret": "..."
        }
      ]
    }
  }

to be set from the helmchart as environments-variables:

KEYCLOAKSEEDING_SECRETS_0_REALM
KEYCLOAKSEEDING_SECRETS_0_CLIENTS_0_CLIENTID
KEYCLOAKSEEDING_SECRETS_0_CLIENTS_0_SECRET

@evegufy
Copy link
Contributor

evegufy commented Jun 20, 2024
edited
Loading

Examples for variables:

-- tokenUrl
https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L6635

-- jwksUrl
https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L6636

-- authorizationUrl
https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L6637

-- logoutUrl
https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L6639C10-L6639C19

@ntruchsess ntruchsess mentioned this issue Jun 24, 2024
Closed
6 tasks
@ntruchsess ntruchsess mentioned this issue Aug 8, 2024
Merged
6 tasks
@ntruchsess ntruchsess linked a pull request Aug 8, 2024 that will close this issue
feat(keycloak): add seeding data to configuration #910
Merged
6 tasks
@evegufy evegufy changed the title Enhancement keycloak seeding job to seed variables and secrets sig#578 - Enhancement keycloak seeding job to seed variables and secrets Sep 26, 2024
ntruchsess added a commit that referenced this issue Sep 26, 2024
@ntruchsess
feat(keycloak): add seeding data to configuration (#910)
f8c155c 
* feature(keycloak): add seeding data to configuration
* adjust handling of null dictionary-values in seeder-settings
update framework version
* allow update of existing urls and secret in client
* remove redundant keycloak notfound error-logging
* remove ExcludedUserAttributes, add startup-validation
* add credentials to user
* allow override of identityproviders urls on update
* create users by partial-import, fix client protocol-mappers
* add seeding of protocolmappers and clientscopes
* create clients via partialimport
* allow import of multiple files per realm, fix client-scope updates
* add error 500 messages, fix client protocolmapper creation
* fix keycloak-calls uppercase dictionary keys
* fix keycloak api-calls json-serialisation null-value handling
* update framework version
* Update src/keycloak/Keycloak.Seeding/appsettings.json
---------
Refs: #438
Co-authored-by: Evelyn Gurschler <evelyn.gurschler@bmw.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ntruchsess ntruchsess

Labels
None yet
Projects
Portal
Archived in project
Milestone
Release 24.12
Development

Successfully merging a pull request may close this issue.

feat(keycloak): add seeding data to configuration eclipse-tractusx/portal-backend
3 participants
@ntruchsess @evegufy @jjeroch