bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature/sso-hardening #9

Merged
bstein merged 685 commits from feature/sso-hardening into main 2026-01-13 20:23:26 +00:00
Conversation 0 Commits 685 Files Changed 325 +18 -4
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3f19d01d00 - Show all commits

16
services/keycloak/portal-e2e-token-exchange-permissions-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-portal-e2e-token-exchange-permissions-3 name: keycloak-portal-e2e-token-exchange-permissions-4
namespace: sso namespace: sso
spec: spec:
backoffLimit: 6 backoffLimit: 6
@ -189,6 +189,20 @@ spec:
token, token,
create_rep, create_rep,
) )
if status == 409:
status, policies = http_json(
"GET",
f"{base_url}/admin/realms/{realm}/clients/{rm_uuid}/authz/resource-server/policy/search?name={urllib.parse.quote(policy_name)}&fields=id,name,type,config",
token,
)
if status == 200 and isinstance(policies, list):
for item in policies:
if isinstance(item, dict) and item.get("name") == policy_name:
policy = item
break
if policy is None:
raise SystemExit(f"Policy {policy_name!r} exists but could not be retrieved")
else:
if status != 201 or not isinstance(created, dict) or not created.get("id"): if status != 201 or not isinstance(created, dict) or not created.get("id"):
raise SystemExit(f"Failed creating policy {policy_name!r} (status={status}) resp={created}") raise SystemExit(f"Failed creating policy {policy_name!r} (status={status}) resp={created}")
policy = created policy = created