bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

keycloak(atlas): retry realm settings job

Browse Source
This commit is contained in:
Brad Stein 2026-01-02 20:04:47 -03:00
parent 54d324f555
commit 21d8fc3788
1 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
services/keycloak/realm-settings-job.yaml
View File

@ -2,10 +2,10 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-realm-settings-7 name: keycloak-realm-settings-8
namespace: sso namespace: sso
spec: spec:
backoffLimit: 2 backoffLimit: 0
template: template:
spec: spec:
affinity: affinity:
@ -18,7 +18,7 @@ spec:
values: ["rpi5","rpi4"] values: ["rpi5","rpi4"]
- key: node-role.kubernetes.io/worker - key: node-role.kubernetes.io/worker
operator: Exists operator: Exists
restartPolicy: OnFailure restartPolicy: Never
containers: containers:
- name: configure - name: configure
image: python:3.11-alpine image: python:3.11-alpine
@ -57,6 +57,7 @@ spec:
import json import json
import os import os
import urllib.parse import urllib.parse
import urllib.error
import urllib.request import urllib.request
base_url = os.environ["KEYCLOAK_SERVER"].rstrip("/") base_url = os.environ["KEYCLOAK_SERVER"].rstrip("/")
@ -71,11 +72,20 @@ spec:
data = json.dumps(payload).encode() data = json.dumps(payload).encode()
headers["Content-Type"] = "application/json" headers["Content-Type"] = "application/json"
req = urllib.request.Request(url, data=data, headers=headers, method=method) req = urllib.request.Request(url, data=data, headers=headers, method=method)
with urllib.request.urlopen(req, timeout=30) as resp: try:
body = resp.read() with urllib.request.urlopen(req, timeout=30) as resp:
if not body: body = resp.read()
return resp.status, None if not body:
return resp.status, json.loads(body.decode()) return resp.status, None
return resp.status, json.loads(body.decode())
except urllib.error.HTTPError as exc:
raw = exc.read()
if not raw:
return exc.code, None
try:
return exc.code, json.loads(raw.decode())
except Exception:
return exc.code, {"raw": raw.decode(errors="replace")}
token_data = urllib.parse.urlencode( token_data = urllib.parse.urlencode(
{ {
@ -91,8 +101,12 @@ spec:
headers={"Content-Type": "application/x-www-form-urlencoded"}, headers={"Content-Type": "application/x-www-form-urlencoded"},
method="POST", method="POST",
) )
with urllib.request.urlopen(token_req, timeout=10) as resp: try:
token_body = json.loads(resp.read().decode()) with urllib.request.urlopen(token_req, timeout=10) as resp:
token_body = json.loads(resp.read().decode())
except urllib.error.HTTPError as exc:
body = exc.read().decode(errors="replace")
raise SystemExit(f"Token request failed: status={exc.code} body={body}")
access_token = token_body["access_token"] access_token = token_body["access_token"]
# Update realm settings safely by fetching the full realm representation first. # Update realm settings safely by fetching the full realm representation first.