d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7cd7022f6e0d6ff4232c47cbf4c19cfbc704e102
Sankofa/gitops/apps/keycloak/keycloak-clients.yaml
defiQUG 9daf1fd378 Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements 
- Add comprehensive database migrations (001-024) for schema evolution
- Enhance API schema with expanded type definitions and resolvers
- Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth
- Implement new services: AI optimization, billing, blockchain, compliance, marketplace
- Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage)
- Update Crossplane provider with enhanced VM management capabilities
- Add comprehensive test suite for API endpoints and services
- Update frontend components with improved GraphQL subscriptions and real-time updates
- Enhance security configurations and headers (CSP, CORS, etc.)
- Update documentation and configuration files
- Add new CI/CD workflows and validation scripts
- Implement design system improvements and UI enhancements
2025-12-12 18:01:35 -08:00

88 lines
2.9 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-client-config
namespace: keycloak
data:
# Client configuration script for Keycloak
configure-clients.sh: |
#!/bin/bash
# Configure Keycloak clients via REST API
# This should be run after Keycloak is deployed
KEYCLOAK_URL="${KEYCLOAK_URL:-http://localhost:8080}"
ADMIN_USER="${KEYCLOAK_ADMIN:-admin}"
ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-admin}"
REALM="${REALM:-master}"
# Get admin token
TOKEN=$(curl -s -X POST "${KEYCLOAK_URL}/realms/${REALM}/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=${ADMIN_USER}" \
-d "password=${ADMIN_PASSWORD}" \
-d "grant_type=password" \
-d "client_id=admin-cli" | jq -r '.access_token')
if [ "$TOKEN" == "null" ] || [ -z "$TOKEN" ]; then
echo "Failed to get admin token"
exit 1
fi
# Create sankofa-api client (confidential)
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"clientId": "sankofa-api",
"name": "Sankofa API Client",
"description": "GraphQL API backend client",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "'${SANKOFA_API_CLIENT_SECRET:-generate-me}'",
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"publicClient": false,
"protocol": "openid-connect",
"attributes": {
"access.token.lifespan": "300",
"client.secret.creation.time": "'$(date +%s)'"
}
}'
# Create portal-client (confidential)
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"clientId": "portal-client",
"name": "Sankofa Portal Client",
"description": "Portal frontend client",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "'${PORTAL_CLIENT_SECRET:-generate-me}'",
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"protocol": "openid-connect",
"redirectUris": [
"http://localhost:3000/*",
"https://portal.sankofa.nexus/*",
"https://*.sankofa.nexus/*"
],
"webOrigins": [
"http://localhost:3000",
"https://portal.sankofa.nexus",
"https://*.sankofa.nexus"
],
"attributes": {
"access.token.lifespan": "1800"
}
}'
echo "Keycloak clients configured successfully"
Reference in New Issue View Git Blame Copy Permalink