bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/keycloak/realm-settings-job.yaml

113 lines
4.1 KiB
YAML
Raw Blame History

# services/keycloak/realm-settings-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-realm-settings-6
namespace: sso
spec:
backoffLimit: 2
template:
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: hardware
operator: In
values: ["rpi5","rpi4"]
- key: node-role.kubernetes.io/worker
operator: Exists
restartPolicy: OnFailure
containers:
- name: configure
image: python:3.11-alpine
env:
- name: KEYCLOAK_SERVER
value: http://keycloak.sso.svc.cluster.local
- name: KEYCLOAK_REALM
value: atlas
- name: KEYCLOAK_ADMIN_USER
valueFrom:
secretKeyRef:
name: keycloak-admin
key: username
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-admin
key: password
- name: KEYCLOAK_SMTP_HOST
value: mailu-front.mailu-mailserver.svc.cluster.local
- name: KEYCLOAK_SMTP_PORT
value: "25"
- name: KEYCLOAK_SMTP_FROM
value: no-reply@bstein.dev
- name: KEYCLOAK_SMTP_FROM_NAME
value: Atlas SSO
- name: KEYCLOAK_SMTP_REPLY_TO
value: no-reply@bstein.dev
- name: KEYCLOAK_SMTP_REPLY_TO_NAME
value: Atlas SSO
command: ["/bin/sh", "-c"]
args:
- |
set -euo pipefail
python - <<'PY'
import json
import os
import urllib.parse
import urllib.request
base_url = os.environ["KEYCLOAK_SERVER"].rstrip("/")
realm = os.environ["KEYCLOAK_REALM"]
admin_user = os.environ["KEYCLOAK_ADMIN_USER"]
admin_password = os.environ["KEYCLOAK_ADMIN_PASSWORD"]
token_data = urllib.parse.urlencode(
{
"grant_type": "password",
"client_id": "admin-cli",
"username": admin_user,
"password": admin_password,
}
).encode()
token_req = urllib.request.Request(
f"{base_url}/realms/master/protocol/openid-connect/token",
data=token_data,
headers={"Content-Type": "application/x-www-form-urlencoded"},
method="POST",
)
with urllib.request.urlopen(token_req, timeout=10) as resp:
token_body = json.loads(resp.read().decode())
access_token = token_body["access_token"]
payload = {
"resetPasswordAllowed": True,
"smtpServer": {
"host": os.environ["KEYCLOAK_SMTP_HOST"],
"port": os.environ["KEYCLOAK_SMTP_PORT"],
"from": os.environ["KEYCLOAK_SMTP_FROM"],
"fromDisplayName": os.environ["KEYCLOAK_SMTP_FROM_NAME"],
"replyTo": os.environ["KEYCLOAK_SMTP_REPLY_TO"],
"replyToDisplayName": os.environ["KEYCLOAK_SMTP_REPLY_TO_NAME"],
"auth": "false",
"starttls": "false",
"ssl": "false",
},
}
update_req = urllib.request.Request(
f"{base_url}/admin/realms/{realm}",
data=json.dumps(payload).encode(),
headers={
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json",
},
method="PUT",
)
with urllib.request.urlopen(update_req, timeout=10) as resp:
if resp.status not in (200, 204):
raise SystemExit(f"Unexpected response: {resp.status}")
PY
Reference in New Issue View Git Blame Copy Permalink