keycloak: scripts to create a new user

keycloak.yaml

@@ -38,6 +38,8 @@ services:
         - ./data/keycloak/certs:/etc/x509/https
         - ./data/keycloak/keycloak:/opt/keycloak/data
         - ./keycloak/client-create:/bin/client-create:ro
+        - ./keycloak/create-user:/bin/create-user:ro
+        - ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro
         - ./keycloak/entrypoint-setup.sh:/setup.sh:ro
         - ./keycloak/mail-setup.sh:/keycloak-setup/mail-setup.sh:ro
         - ./data/keycloak/secrets:/run/secrets/keycloak-secrets:ro

keycloak/create-user

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+die() { echo >&2 "$@" ; exit 1 ; }
+PATH=$PATH:/opt/local/keycloak/bin
+
+USERNAME="$1"
+EMAIL="$2"
+
+if [ -z "$USERNAME" ] || [ -z "$EMAIL" ]; then
+	die "usage: $0 username email"
+fi
+
+ID=$(kcadm.sh create users \
+	-r $REALM \
+	-s enabled=true \
+	-s "username=$USERNAME" \
+	-s "email=$EMAIL" \
+)
+if [ -z "$ID" ]; then
+	die "$USERNAME: unable to create"
+fi
+
+echo "$USERNAME: $ID"
+
+echo -n '["UPDATE_PASSWORD"]' | \
+kcadm.sh update \
+	"users/$ID/execute-actions-email" \
+	-r $REALM \
+	-q client_id=hedgedoc \
+	-q redirect_uri="https://${HEDGEDOC_HOSTNAME}.${DOMAIN_NAME}/s/Getting_started" \
+	-f -
+

keycloak/keycloak-login.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -x
+# perform an authentication as admin so that all other scripts can
+# use the cached credentials
+
+export PATH=$PATH:/opt/keycloak/bin
+kcadm.sh \
+	config credentials \
+	--server http://keycloak:8080/ \
+	--user admin \
+	--password "$KEYCLOAK_ADMIN_PASSWORD" \
+	--realm master \
+|| exit 1