bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Roll Veles auth-scoped app images

Browse Source
This commit is contained in:
jenkins 2026-06-09 18:00:57 -03:00
parent 9aec012c42
commit adc9601228
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
services/keycloak/oneoffs/veles-realm-ensure-job.yaml
View File

@ -157,7 +157,7 @@ spec:
create_payload = { create_payload = {
"realm": realm, "realm": realm,
"enabled": True, "enabled": True,
"registrationAllowed": False, "registrationAllowed": True,
"resetPasswordAllowed": True, "resetPasswordAllowed": True,
"verifyEmail": True, "verifyEmail": True,
"loginWithEmailAllowed": True, "loginWithEmailAllowed": True,
@ -174,7 +174,7 @@ spec:
realm_rep.update( realm_rep.update(
{ {
"enabled": True, "enabled": True,
"registrationAllowed": False, "registrationAllowed": True,
"resetPasswordAllowed": True, "resetPasswordAllowed": True,
"verifyEmail": True, "verifyEmail": True,
"loginWithEmailAllowed": True, "loginWithEmailAllowed": True,
@ -246,6 +246,17 @@ spec:
if status not in (200, 204): if status not in (200, 204):
raise SystemExit(f"Group role mapping failed for {role['name']}: status={status} body={body}") raise SystemExit(f"Group role mapping failed for {role['name']}: status={status} body={body}")
def ensure_default_group(group_id, name):
status, groups = request("GET", f"{base_url}/admin/realms/{realm}/default-groups", token)
if status != 200:
raise SystemExit(f"Default group lookup failed: status={status}")
for group in groups or []:
if group.get("id") == group_id or group.get("name") == name:
return
status, body = request("PUT", f"{base_url}/admin/realms/{realm}/default-groups/{group_id}", token)
if status not in (200, 204):
raise SystemExit(f"Default group update failed for {name}: status={status} body={body}")
alpha_group_id = ensure_group("alpha") alpha_group_id = ensure_group("alpha")
admin_group_id = ensure_group("admin") admin_group_id = ensure_group("admin")
alpha_role = ensure_role("alpha") alpha_role = ensure_role("alpha")
@ -253,6 +264,7 @@ spec:
ensure_group_role(alpha_group_id, alpha_role) ensure_group_role(alpha_group_id, alpha_role)
ensure_group_role(admin_group_id, alpha_role) ensure_group_role(admin_group_id, alpha_role)
ensure_group_role(admin_group_id, admin_role) ensure_group_role(admin_group_id, admin_role)
ensure_default_group(alpha_group_id, "alpha")
status, clients = request( status, clients = request(
"GET", "GET",

2
services/veles/backend-deployment.yaml
View File

@ -33,7 +33,7 @@ spec:
type: RuntimeDefault type: RuntimeDefault
containers: containers:
- name: backend - name: backend
image: registry.bstein.dev/veles/veles-backend:0.1.0-4 # {"$imagepolicy": "veles:veles-backend"} image: registry.bstein.dev/veles/veles-backend:0.1.0-5 # {"$imagepolicy": "veles:veles-backend"}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

2
services/veles/frontend-deployment.yaml
View File

@ -48,7 +48,7 @@ spec:
type: RuntimeDefault type: RuntimeDefault
containers: containers:
- name: frontend - name: frontend
image: registry.bstein.dev/veles/veles-frontend:0.1.0-1 # {"$imagepolicy": "veles:veles-frontend"} image: registry.bstein.dev/veles/veles-frontend:0.1.0-2 # {"$imagepolicy": "veles:veles-frontend"}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http