bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

keycloak: make token exchange permissions job idempotent

Browse Source
This commit is contained in:
Brad Stein 2026-01-03 15:48:40 -03:00
parent cb37756f5f
commit 3f19d01d00
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
services/keycloak/portal-e2e-token-exchange-permissions-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-portal-e2e-token-exchange-permissions-3 name: keycloak-portal-e2e-token-exchange-permissions-4
namespace: sso namespace: sso
spec: spec:
backoffLimit: 6 backoffLimit: 6
@ -189,9 +189,23 @@ spec:
token, token,
create_rep, create_rep,
) )
if status != 201 or not isinstance(created, dict) or not created.get("id"): if status == 409:
raise SystemExit(f"Failed creating policy {policy_name!r} (status={status}) resp={created}") status, policies = http_json(
policy = created "GET",
f"{base_url}/admin/realms/{realm}/clients/{rm_uuid}/authz/resource-server/policy/search?name={urllib.parse.quote(policy_name)}&fields=id,name,type,config",
token,
)
if status == 200 and isinstance(policies, list):
for item in policies:
if isinstance(item, dict) and item.get("name") == policy_name:
policy = item
break
if policy is None:
raise SystemExit(f"Policy {policy_name!r} exists but could not be retrieved")
else:
if status != 201 or not isinstance(created, dict) or not created.get("id"):
raise SystemExit(f"Failed creating policy {policy_name!r} (status={status}) resp={created}")
policy = created
policy_id = policy.get("id") policy_id = policy.get("id")
if not isinstance(policy_id, str) or not policy_id: if not isinstance(policy_id, str) or not policy_id: