bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(portal): sync e2e client secret

Browse Source
This commit is contained in:
Brad Stein 2026-01-04 03:35:26 -03:00
parent c53d310c59
commit 17a9a7e245
6 changed files with 113 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
scripts/sso_portal_e2e_client_secret_sync.sh Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -euo pipefail
SOURCE_NAMESPACE="${SOURCE_NAMESPACE:-sso}"
DEST_NAMESPACE="${DEST_NAMESPACE:-bstein-dev-home}"
SECRET_NAME="${SECRET_NAME:-portal-e2e-client}"
client_id="$(kubectl -n "${SOURCE_NAMESPACE}" get secret "${SECRET_NAME}" -o jsonpath='{.data.client_id}')"
client_secret="$(kubectl -n "${SOURCE_NAMESPACE}" get secret "${SECRET_NAME}" -o jsonpath='{.data.client_secret}')"
cat <<EOF | kubectl -n "${DEST_NAMESPACE}" apply -f - >/dev/null
apiVersion: v1
kind: Secret
metadata:
name: ${SECRET_NAME}
type: Opaque
data:
client_id: ${client_id}
client_secret: ${client_secret}
EOF

1
services/bstein-dev-home/kustomization.yaml
View File

@ -6,6 +6,7 @@ resources:
- namespace.yaml - namespace.yaml
- image.yaml - image.yaml
- rbac.yaml - rbac.yaml
- portal-e2e-client-secret-sync-rbac.yaml
- chat-ai-gateway-configmap.yaml - chat-ai-gateway-configmap.yaml
- chat-ai-gateway-deployment.yaml - chat-ai-gateway-deployment.yaml
- chat-ai-gateway-service.yaml - chat-ai-gateway-service.yaml

24
services/bstein-dev-home/portal-e2e-client-secret-sync-rbac.yaml Normal file
View File

@ -0,0 +1,24 @@
# services/bstein-dev-home/portal-e2e-client-secret-sync-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: portal-e2e-client-secret-sync-target
namespace: bstein-dev-home
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: portal-e2e-client-secret-sync-target
namespace: bstein-dev-home
subjects:
- kind: ServiceAccount
name: portal-e2e-client-secret-sync
namespace: sso
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: portal-e2e-client-secret-sync-target

5
services/keycloak/kustomization.yaml
View File

@ -8,6 +8,8 @@ resources:
- deployment.yaml - deployment.yaml
- realm-settings-job.yaml - realm-settings-job.yaml
- portal-e2e-client-job.yaml - portal-e2e-client-job.yaml
- portal-e2e-client-secret-sync-rbac.yaml
- portal-e2e-client-secret-sync-cronjob.yaml
- portal-e2e-target-client-job.yaml - portal-e2e-target-client-job.yaml
- portal-e2e-token-exchange-permissions-job.yaml - portal-e2e-token-exchange-permissions-job.yaml
- portal-e2e-token-exchange-test-job.yaml - portal-e2e-token-exchange-test-job.yaml
@ -23,3 +25,6 @@ configMapGenerator:
files: files:
- test_portal_token_exchange.py=../../scripts/tests/test_portal_token_exchange.py - test_portal_token_exchange.py=../../scripts/tests/test_portal_token_exchange.py
- test_keycloak_execute_actions_email.py=../../scripts/tests/test_keycloak_execute_actions_email.py - test_keycloak_execute_actions_email.py=../../scripts/tests/test_keycloak_execute_actions_email.py
- name: portal-e2e-client-secret-sync-script
files:
- sso_portal_e2e_client_secret_sync.sh=../../scripts/sso_portal_e2e_client_secret_sync.sh

32
services/keycloak/portal-e2e-client-secret-sync-cronjob.yaml Normal file
View File

@ -0,0 +1,32 @@
# services/keycloak/portal-e2e-client-secret-sync-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: portal-e2e-client-secret-sync
namespace: sso
spec:
schedule: "*/10 * * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 3
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
serviceAccountName: portal-e2e-client-secret-sync
restartPolicy: Never
containers:
- name: sync
image: bitnami/kubectl:1.33.1
command: ["/usr/bin/env", "bash"]
args: ["/scripts/sso_portal_e2e_client_secret_sync.sh"]
volumeMounts:
- name: script
mountPath: /scripts
readOnly: true
volumes:
- name: script
configMap:
name: portal-e2e-client-secret-sync-script
defaultMode: 0555

31
services/keycloak/portal-e2e-client-secret-sync-rbac.yaml Normal file
View File

@ -0,0 +1,31 @@
# services/keycloak/portal-e2e-client-secret-sync-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: portal-e2e-client-secret-sync
namespace: sso
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: portal-e2e-client-secret-sync-source
namespace: sso
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["portal-e2e-client"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: portal-e2e-client-secret-sync-source
namespace: sso
subjects:
- kind: ServiceAccount
name: portal-e2e-client-secret-sync
namespace: sso
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: portal-e2e-client-secret-sync-source