bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sso: retry mas secret lookup

Browse Source
This commit is contained in:
Brad Stein 2026-01-17 03:29:36 -03:00
parent acfab6a150
commit 268a1d9449
1 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
services/keycloak/mas-secrets-ensure-job.yaml
View File

@ -10,7 +10,7 @@ imagePullSecrets:
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: mas-secrets-ensure-20 name: mas-secrets-ensure-21
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0
@ -75,14 +75,31 @@ spec:
echo "Failed to fetch Keycloak admin token" >&2 echo "Failed to fetch Keycloak admin token" >&2
exit 1 exit 1
fi fi
CLIENT_ID="$(curl -sS -H "Authorization: Bearer ${ACCESS_TOKEN}" \ CLIENT_ID=""
"$KC_URL/admin/realms/atlas/clients?clientId=othrys-mas" | jq -r '.[0].id' 2>/dev/null || true)" for attempt in 1 2 3 4 5; do
CLIENT_QUERY="$(curl -sS -H "Authorization: Bearer ${ACCESS_TOKEN}" \
"$KC_URL/admin/realms/atlas/clients?clientId=othrys-mas" || true)"
CLIENT_ID="$(echo "$CLIENT_QUERY" | jq -r '.[0].id' 2>/dev/null || true)"
if [ -n "$CLIENT_ID" ] && [ "$CLIENT_ID" != "null" ]; then
break
fi
echo "Keycloak client lookup failed (attempt ${attempt})" >&2
sleep $((attempt * 2))
done
if [ -z "$CLIENT_ID" ] || [ "$CLIENT_ID" = "null" ]; then if [ -z "$CLIENT_ID" ] || [ "$CLIENT_ID" = "null" ]; then
echo "Keycloak client othrys-mas not found" >&2 echo "Keycloak client othrys-mas not found" >&2
exit 1 exit 1
fi fi
CLIENT_SECRET="$(curl -sS -H "Authorization: Bearer ${ACCESS_TOKEN}" \ CLIENT_SECRET=""
"$KC_URL/admin/realms/atlas/clients/${CLIENT_ID}/client-secret" | jq -r '.value' 2>/dev/null || true)" for attempt in 1 2 3 4 5; do
CLIENT_SECRET="$(curl -sS -H "Authorization: Bearer ${ACCESS_TOKEN}" \
"$KC_URL/admin/realms/atlas/clients/${CLIENT_ID}/client-secret" | jq -r '.value' 2>/dev/null || true)"
if [ -n "$CLIENT_SECRET" ] && [ "$CLIENT_SECRET" != "null" ]; then
break
fi
echo "Keycloak client secret lookup failed (attempt ${attempt})" >&2
sleep $((attempt * 2))
done
if [ -z "$CLIENT_SECRET" ] || [ "$CLIENT_SECRET" = "null" ]; then if [ -z "$CLIENT_SECRET" ] || [ "$CLIENT_SECRET" = "null" ]; then
echo "Keycloak client secret not found" >&2 echo "Keycloak client secret not found" >&2
exit 1 exit 1