-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(compose): Configure Keycloak with OpenTofu #237
base: main
Are you sure you want to change the base?
feat(compose): Configure Keycloak with OpenTofu #237
Conversation
I'll try to implement the same functionality with Pulumi in Kotlin to have both alternatives suggested in #20 available. |
Somewhat unrelated, but it might also make sense to create a separate realm instead of making changes to |
f0a71df
to
15f9daa
Compare
This change replaces the import of master-realm.json during startup of the keycloak container with execution of an OpenTofu module in a separate container. Fixes eclipse-apoapsis#20. Signed-off-by: Haiko Schol <[email protected]>
15f9daa
to
d446aa5
Compare
I tweaked the config a bit more and managed to get rid of the error. This is the log output from ORT Server core regarding Keycloak that I see now:
However, log in via the UI still fails with a 401 response. |
I think you forgot to add the "react" client that was added here: |
It's at the bottom of the keycloak.tf file. |
Ok, but can we still close it to clean up the list of open PRs? Even for closed PRs the code is still maintained for reference. |
That's right, but a draft PR is more visible and could maybe even motivate someone to finish the work. |
High hopes; it didn't work for ORT, though. |
Shouldn't you look at closed PRs to determine whether someone has been motivated to close one? ;) |
Not necessarily. Looking at the number of long-pending draft PRs also tells you something. |
Absolutely! I have no strong opinions in any direction here - the open PR doesn't really bother me, but closing doesn't likely make anything worse either. |
This PR sets up automatic execution of OpenTofu code for configuring Keycloak in the docker-compose environment.
The actual configuration needs some tweaking as currently authentication of ort-server fails. I couldn't tell from the realm export which settings were important changes and which were default values. I picked a few, but apparently missed some. Maybe someone with a better understanding of the config applied in
master-realm.json
can point those out.The login in the UI fails as well, probably as a consequence of the former failure.
This is the log from the keycloak container: