keycloak: do not recreate an existing client, create roles for admin

single-dockerfile
Ubuntu 2 years ago
parent 9b909fe572
commit 62fcccf0c7
  1. 1
      keycloak.yaml
  2. 19
      keycloak/client-create
  3. 14
      keycloak/client-get
  4. 5
      mastodon/keycloak.sh
  5. 4
      pixelfed/keycloak.sh

@ -38,6 +38,7 @@ services:
- ./data/keycloak/certs:/etc/x509/https - ./data/keycloak/certs:/etc/x509/https
- ./data/keycloak/keycloak:/opt/keycloak/data - ./data/keycloak/keycloak:/opt/keycloak/data
- ./keycloak/client-create:/bin/client-create:ro - ./keycloak/client-create:/bin/client-create:ro
- ./keycloak/client-get:/bin/client-get:ro
- ./keycloak/create-user:/bin/create-user:ro - ./keycloak/create-user:/bin/create-user:ro
- ./keycloak/remind-user:/bin/remind-user:ro - ./keycloak/remind-user:/bin/remind-user:ro
- ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro - ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro

@ -5,22 +5,19 @@ client_name="$1"
hostname="$2" hostname="$2"
secret="$3" secret="$3"
client_id="$(kcadm.sh get clients \ client_id="$(client-get $client_name)"
-r "$REALM" \
--fields id \
-q clientId="$client_name" \
--format csv \
--noquotes \
)"
if [ -n "$client_id" ]; then if [ -n "$client_id" ]; then
kcadm.sh delete "clients/$client_id" -r "$REALM" || die "$client_id: unable to delete" #kcadm.sh delete "clients/$client_id" -r "$REALM" || die "$client_id: unable to delete"
echo >&2 "$client_name: $client_id already exists"
echo "$client_id"
exit 0
fi fi
# remember to add a leading , if adding extra data # remember to add a leading , if adding extra data
extra="$(cat -)" extra="$(cat -)"
kcadm.sh create clients -r "$REALM" -f - <<EOF || die "$client_id: unable to create" kcadm.sh create clients -r "$REALM" -f - <<EOF || die "$client_name: unable to create"
{ {
"clientId": "$client_name", "clientId": "$client_name",
"rootUrl": "https://$hostname", "rootUrl": "https://$hostname",
@ -32,3 +29,7 @@ kcadm.sh create clients -r "$REALM" -f - <<EOF || die "$client_id: unable to cr
$extra $extra
} }
EOF EOF
client_id=$(client-get "$client_name")
echo >&2 "$client_name: $client_id created"
echo "$client_id"

@ -0,0 +1,14 @@
#!/bin/sh
client_name="$1"
if [ -z "$client_name" ]; then
echo >&2 "usage: $0 client-name"
exit 1
fi
kcadm.sh get clients \
-r "$REALM" \
-q "clientId=$client_name" \
--fields id \
--format csv \
--noquotes

@ -1,3 +1,6 @@
#!/bin/bash -x #!/bin/bash -x
client-create mastodon "$MASTODON_HOSTNAME.$DOMAIN_NAME" "$MASTODON_CLIENT_SECRET" </dev/null client_id=$(client-create mastodon "$MASTODON_HOSTNAME.$DOMAIN_NAME" "$MASTODON_CLIENT_SECRET" </dev/null)
echo '{"name":"admin"}' | kcadm.sh create -r "$REALM" "clients/$client_id/roles" -f -
echo '{"name":"moderator"}' | kcadm.sh create -r "$REALM" "clients/$client_id/roles" -f -

@ -1,2 +1,4 @@
#!/bin/bash -x #!/bin/bash -x
client-create pixelfed "$PIXELFED_HOSTNAME.$DOMAIN_NAME" "$PIXELFED_CLIENT_SECRET" </dev/null client_id=$(client-create pixelfed "$PIXELFED_HOSTNAME.$DOMAIN_NAME" "$PIXELFED_CLIENT_SECRET" </dev/null)
echo '{"name":"admin"}' | kcadm.sh create -r "$REALM" "clients/$client_id/roles" -f -

Loading…
Cancel
Save