Roll Veles auth-scoped app images

2026-06-09 18:00:57 -03:00 · 2026-06-09 18:00:57 -03:00 · adc9601228
commit adc9601228
parent 9aec012c42
3 changed files with 16 additions and 4 deletions
--- a/services/keycloak/oneoffs/veles-realm-ensure-job.yaml
+++ b/services/keycloak/oneoffs/veles-realm-ensure-job.yaml
@ -157,7 +157,7 @@ spec:
                  create_payload = {
                      "realm": realm,
                      "enabled": True,
-                      "registrationAllowed": False,
+                      "registrationAllowed": True,
                      "resetPasswordAllowed": True,
                      "verifyEmail": True,
                      "loginWithEmailAllowed": True,
@ -174,7 +174,7 @@ spec:
              realm_rep.update(
                  {
                      "enabled": True,
-                      "registrationAllowed": False,
+                      "registrationAllowed": True,
                      "resetPasswordAllowed": True,
                      "verifyEmail": True,
                      "loginWithEmailAllowed": True,
@ -246,6 +246,17 @@ spec:
                  if status not in (200, 204):
                      raise SystemExit(f"Group role mapping failed for {role['name']}: status={status} body={body}")

+              def ensure_default_group(group_id, name):
+                  status, groups = request("GET", f"{base_url}/admin/realms/{realm}/default-groups", token)
+                  if status != 200:
+                      raise SystemExit(f"Default group lookup failed: status={status}")
+                  for group in groups or []:
+                      if group.get("id") == group_id or group.get("name") == name:
+                          return
+                  status, body = request("PUT", f"{base_url}/admin/realms/{realm}/default-groups/{group_id}", token)
+                  if status not in (200, 204):
+                      raise SystemExit(f"Default group update failed for {name}: status={status} body={body}")
+
              alpha_group_id = ensure_group("alpha")
              admin_group_id = ensure_group("admin")
              alpha_role = ensure_role("alpha")
@ -253,6 +264,7 @@ spec:
              ensure_group_role(alpha_group_id, alpha_role)
              ensure_group_role(admin_group_id, alpha_role)
              ensure_group_role(admin_group_id, admin_role)
+              ensure_default_group(alpha_group_id, "alpha")

              status, clients = request(
                  "GET",
--- a/services/veles/backend-deployment.yaml
+++ b/services/veles/backend-deployment.yaml
@ -33,7 +33,7 @@ spec:
          type: RuntimeDefault
      containers:
        - name: backend
-          image: registry.bstein.dev/veles/veles-backend:0.1.0-4 # {"$imagepolicy": "veles:veles-backend"}
+          image: registry.bstein.dev/veles/veles-backend:0.1.0-5 # {"$imagepolicy": "veles:veles-backend"}
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
--- a/services/veles/frontend-deployment.yaml
+++ b/services/veles/frontend-deployment.yaml
@ -48,7 +48,7 @@ spec:
          type: RuntimeDefault
      containers:
        - name: frontend
-          image: registry.bstein.dev/veles/veles-frontend:0.1.0-1 # {"$imagepolicy": "veles:veles-frontend"}
+          image: registry.bstein.dev/veles/veles-frontend:0.1.0-2 # {"$imagepolicy": "veles:veles-frontend"}
          imagePullPolicy: IfNotPresent
          ports:
            - name: http