Skip to content

Commit

Permalink
Bump keycloak operator + enable auto-updates (#525)
Browse files Browse the repository at this point in the history
* Bump keycloak operator + enable auto-updates

* Enable master realm to work without TLS

* Bokeh example is not maintained
  • Loading branch information
mkjpryor authored Jun 13, 2024
1 parent 8b66b56 commit eee3c24
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 25 deletions.
7 changes: 7 additions & 0 deletions .github/workflows/update-dependencies.yml
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,12 @@ jobs:
repository: k3s-io/k3s
version_jsonpath: k3s_version

- key: keycloak-operator
path: ./roles/keycloak/defaults/main.yml
repository: keycloak/keycloak-k8s-resources
tags: "yes"
version_jsonpath: keycloak_operator_version

- key: kustomize
path: ./roles/kustomize/defaults/main.yml
repository: kubernetes-sigs/kustomize
Expand Down Expand Up @@ -152,6 +158,7 @@ jobs:
with:
repository: ${{ matrix.repository }}
prereleases: ${{ matrix.prereleases || 'no' }}
tags: ${{ matrix.tags || 'no' }}

- name: Update dependency key
uses: stackhpc/github-actions/config-update@master
Expand Down
2 changes: 1 addition & 1 deletion roles/generate_tests/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ generate_tests_caas_test_case_slurm_service_monitoring_expected_title: Grafana
# Configuration for the repo2docker test case, if enabled
# The repository to use to build the image
# We pick a repository that has some meat but is relatively quick to build
generate_tests_caas_test_case_repo2docker_param_cluster_repository: https://github.com/binder-examples/bokeh.git
generate_tests_caas_test_case_repo2docker_param_cluster_repository: https://github.com/binder-examples/demo-julia.git
# Expected titles for the repo2docker services
generate_tests_caas_test_case_repo2docker_service_repo2docker_expected_title: JupyterLab
generate_tests_caas_test_case_repo2docker_service_monitoring_expected_title: Grafana
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ keycloak_ingress_spec: >-
}}
# The version of the Keycloak operator to install
keycloak_operator_version: 20.0.1
keycloak_operator_version: 24.0.4
# The base URL for the Keycloak operator manifests
keycloak_operator_base_url: https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources

Expand Down
59 changes: 36 additions & 23 deletions roles/keycloak/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -217,31 +217,31 @@
}}
when: keycloak_admin_creds_secret_cmd.rc != 0

- name: Update Keycloak admin password
block:
- name: Get Keycloak admin token
uri:
url: "{{ keycloak_base_url }}/realms/master/protocol/openid-connect/token"
method: POST
body_format: form-urlencoded
body:
grant_type: password
client_id: admin-cli
username: "{{ keycloak_admin_username }}"
password: "{{ keycloak_admin_password_current }}"
ca_path: "{{ keycloak_ca_path or omit }}"
validate_certs: "{{ keycloak_validate_certs }}"
register: keycloak_admin_token_req
# This is the first task that tries to access the Keycloak API, so retry when
# there is an SSL error (reported as -1)
retries: 60
delay: 10
until: keycloak_admin_token_req.status != -1
- name: Get Keycloak admin token
uri:
url: "{{ keycloak_base_url }}/realms/master/protocol/openid-connect/token"
method: POST
body_format: form-urlencoded
body:
grant_type: password
client_id: admin-cli
username: "{{ keycloak_admin_username }}"
password: "{{ keycloak_admin_password_current }}"
ca_path: "{{ keycloak_ca_path or omit }}"
validate_certs: "{{ keycloak_validate_certs }}"
register: keycloak_admin_token_req
# This is the first task that tries to access the Keycloak API, so retry when
# there is an SSL error (reported as -1)
retries: 60
delay: 10
until: keycloak_admin_token_req.status != -1

- name: Set Keycloak admin token fact
set_fact:
keycloak_admin_token: "{{ keycloak_admin_token_req.json.access_token }}"
- name: Set Keycloak admin token fact
set_fact:
keycloak_admin_token: "{{ keycloak_admin_token_req.json.access_token }}"

- name: Update Keycloak admin password
block:
- name: Get Keycloak master realm users
uri:
url: "{{ keycloak_base_url }}/admin/realms/master/users"
Expand Down Expand Up @@ -293,3 +293,16 @@
username: "{{ keycloak_admin_username }}"
password: "{{ keycloak_admin_password }}"
when: keycloak_admin_password != keycloak_admin_password_current

- name: Configure SSL requirement for master realm
uri:
url: "{{ keycloak_base_url }}/admin/realms/master"
method: PUT
headers:
authorization: "Bearer {{ keycloak_admin_token }}"
body_format: json
body:
sslRequired: "{{ 'external' if keycloak_ingress_tls_enabled else 'none' }}"
ca_path: "{{ keycloak_ca_path or omit }}"
validate_certs: "{{ keycloak_validate_certs }}"
status_code: [204]

0 comments on commit eee3c24

Please sign in to comment.