|
| 1 | +#!/usr/bin/env bash |
| 2 | + |
| 3 | +KEYCLOAK_SERVICE_NAME="keycloak" |
| 4 | + |
| 5 | +# Note: the single arg is a nameref, which this function sets to an array |
| 6 | +# containing items of the form "KEY=VAL". |
| 7 | +function _hydrate_keycloak_env_args() { |
| 8 | + local -n arr=$1 |
| 9 | + local keycloak_items |
| 10 | + |
| 11 | + readarray -t keycloak_items < <( |
| 12 | + set -o pipefail |
| 13 | + # Note: This prints all lines that look like: |
| 14 | + # KEYCLOAK_XXX=someval |
| 15 | + docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} printenv | awk '/KEYCLOAK/' |
| 16 | + ) |
| 17 | + |
| 18 | + # shellcheck disable=SC2034 |
| 19 | + arr=( |
| 20 | + "${keycloak_items[@]}" |
| 21 | + "PROVIDER_URI=https://keycloak:8443/auth/realms/master" |
| 22 | + "PROVIDER_INTERNAL_URI=http://keycloak:8080/auth/realms/master/protocol/openid-connect" |
| 23 | + "PROVIDER_ISSUER=http://keycloak:8080/auth/realms/master" |
| 24 | + "ID_TOKEN_USER_PROPERTY=preferred_username" |
| 25 | + ) |
| 26 | +} |
| 27 | + |
| 28 | +# The arguments must be unexpanded variable names. Eg: |
| 29 | +# |
| 30 | +# _create_keycloak_user '$APP_USER' '$APP_PW' '$APP_EMAIL' |
| 31 | +# |
| 32 | +# This is because those variables are not available to this script. They are |
| 33 | +# available to bash commands run via "docker-compose exec keycloak bash |
| 34 | +# -c...", since they're defined in the docker-compose.yml. |
| 35 | +function _create_keycloak_user() { |
| 36 | + local user_var=$1 |
| 37 | + local pw_var=$2 |
| 38 | + local email_var=$3 |
| 39 | + |
| 40 | + docker-compose exec -T \ |
| 41 | + ${KEYCLOAK_SERVICE_NAME} \ |
| 42 | + bash -c "/scripts/create_user \"$user_var\" \"$pw_var\" \"$email_var\"" |
| 43 | +} |
| 44 | + |
| 45 | +function create_keycloak_users() { |
| 46 | + echo "Defining keycloak client" |
| 47 | + |
| 48 | + docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} /scripts/create_client |
| 49 | + |
| 50 | + echo "Creating user 'alice' in Keycloak" |
| 51 | + |
| 52 | + # Note: We want to pass the bash command thru without expansion here. |
| 53 | + # shellcheck disable=SC2016 |
| 54 | + _create_keycloak_user \ |
| 55 | + '$KEYCLOAK_APP_USER' \ |
| 56 | + '$KEYCLOAK_APP_USER_PASSWORD' \ |
| 57 | + '$KEYCLOAK_APP_USER_EMAIL' |
| 58 | +} |
| 59 | + |
| 60 | +function wait_for_keycloak_server() { |
| 61 | + docker-compose exec -T \ |
| 62 | + ${KEYCLOAK_SERVICE_NAME} /scripts/wait_for_server |
| 63 | +} |
| 64 | + |
| 65 | +function fetch_keycloak_certificate() { |
| 66 | + # there's a dep on the docker-compose.yml volumes. |
| 67 | + # Fetch SSL cert to communicate with keycloak (OIDC provider). |
| 68 | + echo "Initialize keycloak certificate in conjur server" |
| 69 | + docker-compose exec -T \ |
| 70 | + conjur_5 /scripts/fetch_certificate |
| 71 | +} |
0 commit comments