Skip to content

Commit f982b86

Browse files
zoran-sinnemazoran-sinnema
committed
feat: refactor accounts realm.json to use templates
1 parent bff42a6 commit f982b86

File tree

9 files changed

+363
-177
lines changed

9 files changed

+363
-177
lines changed

applications/accounts/deploy/resources/realm.json

Lines changed: 22 additions & 164 deletions
Original file line numberDiff line numberDiff line change
@@ -1,177 +1,24 @@
1-
{{- define "deploy_accounts_utils.role" }}
2-
{
3-
"id": {{ uuidv4 | quote }},
4-
"name": {{ .role| quote }},
5-
"composite": false,
6-
"clientRole": true,
7-
"containerId": {{ .app.harness.name | quote }},
8-
"attributes": {}
9-
}
10-
{{- end}}
11-
{{- define "deploy_accounts_utils.user" }}
12-
{
13-
"username": {{ .user.username | default .user.email | quote }},
14-
"email": {{ .user.email | default .user.username | quote }},
15-
"enabled": true,
16-
"firstName": {{ .user.firstName | default "Test" | quote }},
17-
"lastName": {{ .user.lastName | default "User" | quote }},
18-
"credentials": [
19-
{
20-
"type": "password",
21-
"value": {{ .user.password | default "test" | quote }}
22-
}
23-
],
24-
"realmRoles": {{ .user.realmRoles | toJson }},
25-
"clientRoles": {
26-
{{ .app.harness.name | quote }}: {{ .user.clientRoles | toJson }}
27-
}
28-
}
29-
30-
{{- end}}
311
{
322
"id": {{ .Values.namespace | quote }},
333
"realm": {{ .Values.namespace | quote }},
344
"enabled": true,
355
"sslRequired": {{ ternary "none" "external" (not .Values.tls) | quote }},
36-
"loginTheme": "keycloak",
37-
"accountTheme": "keycloak",
38-
"adminTheme": "keycloak",
39-
"emailTheme": "keycloak",
40-
"registrationAllowed": true,
41-
"registrationEmailAsUsername": false,
6+
"loginTheme": {{ .Values.apps.accounts.theme.login | default "keycloak" | quote }},
7+
"accountTheme": {{ .Values.apps.accounts.theme.account | default "keycloak" | quote }},
8+
"adminTheme": {{ .Values.apps.accounts.theme.admiin | default "keycloak" | quote }},
9+
"emailTheme": {{ .Values.apps.accounts.theme.email | default "keycloak" | quote }},
10+
"registrationAllowed": {{ .Values.apps.accounts.registrationAllowed | default true }},
11+
"registrationEmailAsUsername": {{ .Values.apps.accounts.registrationEmailAsUsername | default false }},
4212
"rememberMe": true,
4313
"verifyEmail": false,
4414
"loginWithEmailAllowed": true,
4515
"duplicateEmailsAllowed": false,
4616
"resetPasswordAllowed": true,
47-
"editUsernameAllowed": true,
48-
"components": {
49-
"org.keycloak.userprofile.UserProfileProvider": [
50-
{
51-
"id": "002b69df-9702-40dd-b73e-3a66d161bf11",
52-
"providerId": "declarative-user-profile",
53-
"subComponents": {},
54-
"config": {
55-
"kc.user.profile.config": [
56-
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
57-
]
58-
}
59-
}
60-
],
61-
"org.keycloak.keys.KeyProvider": [
62-
{
63-
"id": "e632ce46-36ad-421a-b1a5-776383cc1565",
64-
"name": "rsa-generated",
65-
"providerId": "rsa-generated",
66-
"subComponents": {},
67-
"config": {
68-
"priority": [
69-
"100"
70-
]
71-
}
72-
},
73-
{
74-
"id": "b68bee45-a8f0-46ca-b7d9-0df90189736a",
75-
"name": "hmac-generated-hs512",
76-
"providerId": "hmac-generated",
77-
"subComponents": {},
78-
"config": {
79-
"priority": [
80-
"100"
81-
],
82-
"algorithm": [
83-
"HS512"
84-
]
85-
}
86-
},
87-
{
88-
"id": "55960a57-af77-4f4c-8b6e-925c74bb44db",
89-
"name": "aes-generated",
90-
"providerId": "aes-generated",
91-
"subComponents": {},
92-
"config": {
93-
"priority": [
94-
"100"
95-
]
96-
}
97-
},
98-
{
99-
"id": "ce068675-5cae-434e-851f-09f653ccc604",
100-
"name": "rsa-enc-generated",
101-
"providerId": "rsa-enc-generated",
102-
"subComponents": {},
103-
"config": {
104-
"priority": [
105-
"100"
106-
],
107-
"algorithm": [
108-
"RSA-OAEP"
109-
]
110-
}
111-
}
112-
]
113-
},
114-
"users": [
115-
{{- $j := 0}}
116-
{{- range $app := .Values.apps }}
117-
{{- if (hasKey $app.harness "accounts") }}
118-
{{- if $j}},{{end}}
119-
{{- if $app.harness.accounts.users}}
120-
{{- $j = add1 $j }}
121-
{{- end }}
122-
{{- range $i, $user := $app.harness.accounts.users }}{{if $i}},{{end}}
123-
{{ include "deploy_accounts_utils.user" (dict "root" $ "app" $app "user" $user) }}
124-
{{- end }}
125-
{{- end }}
126-
127-
{{- end }}
128-
],
129-
"roles": {
130-
"realm": [
131-
{
132-
"id": "70835ad6-1454-4bc5-86a4-f1597e776b75",
133-
"name": {{ .Values.apps.accounts.admin.role | quote }},
134-
"composite": false,
135-
"clientRole": false,
136-
"containerId": {{ .Values.namespace | quote }},
137-
"attributes": {}
138-
},
139-
{
140-
"id": "498353dd-88eb-4a5e-99b8-d912e0f20f23",
141-
"name": "uma_authorization",
142-
"description": "${role_uma_authorization}",
143-
"composite": false,
144-
"clientRole": false,
145-
"containerId": {{ .Values.namespace | quote }},
146-
"attributes": {}
147-
},
148-
{
149-
"id": "f99970f1-958b-4bb8-8b39-0d7498b0ecc4",
150-
"name": "offline_access",
151-
"description": "${role_offline-access}",
152-
"composite": false,
153-
"clientRole": false,
154-
"containerId": {{ .Values.namespace | quote }},
155-
"attributes": {}
156-
}
157-
],
158-
"client": {
159-
{{- $k := 0}}
160-
{{- range $app := .Values.apps }}
161-
162-
{{- if (hasKey $app.harness "accounts") }}
163-
{{- if $k}},{{end}}
164-
{{ $app.harness.name | quote }}: [
165-
{{- range $i, $role := $app.harness.accounts.roles }}
166-
{{if $i}},{{end}}
167-
{{- include "deploy_accounts_utils.role" (dict "root" $ "app" $app "role" $role) }}
168-
{{- end }}
169-
]
170-
{{- $k = add1 $k }}
171-
{{- end }}
172-
{{- end }}
173-
}
174-
},
17+
"editUsernameAllowed": {{ .Values.apps.accounts.editUsernameAllowed }},
18+
{{- include "deploy_accounts_utils.events" (dict "app" .Values.apps.accounts) | indent 8 -}}
19+
{{- include "deploy_accounts_utils.identity_providers" (dict "app" .Values.apps.accounts) | indent 8 -}}
20+
{{- include "deploy_accounts_utils.components" . | indent 8 -}}
21+
{{- include "deploy_accounts_utils.users_roles" (dict "Values" .Values) | indent 8 -}}
17522
"clientScopeMappings": {
17623
"account": [
17724
{
@@ -775,6 +622,17 @@
775622
"jsonType.label": "String"
776623
}
777624
},
625+
{
626+
"id": "0b8d0cf7-eebc-4c51-892e-2b65212856b4",
627+
"name": "sub",
628+
"protocol": "openid-connect",
629+
"protocolMapper": "oidc-sub-mapper",
630+
"consentRequired": false,
631+
"config": {
632+
"introspection.token.claim": "true",
633+
"access.token.claim": "true"
634+
}
635+
},
778636
{
779637
"id": "3d763f84-d417-4b4e-99e4-2b0e05bf861a",
780638
"name": "family name",

applications/accounts/deploy/templates/_components.tpl

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
{{- define "deploy_accounts_utils.user_profile_provider_component" -}}
2+
"org.keycloak.userprofile.UserProfileProvider": [
3+
{
4+
"id": "002b69df-9702-40dd-b73e-3a66d161bf11",
5+
"providerId": "declarative-user-profile",
6+
"subComponents": {},
7+
"config": {
8+
"kc.user.profile.config": [
9+
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
10+
]
11+
}
12+
}
13+
]
14+
{{- end -}}
15+
{{- define "deploy_accounts_utils.key_provider_component" -}}
16+
"org.keycloak.keys.KeyProvider": [
17+
{
18+
"id": "e632ce46-36ad-421a-b1a5-776383cc1565",
19+
"name": "rsa-generated",
20+
"providerId": "rsa-generated",
21+
"subComponents": {},
22+
"config": {
23+
"priority": [
24+
"100"
25+
]
26+
}
27+
},
28+
{
29+
"id": "b68bee45-a8f0-46ca-b7d9-0df90189736a",
30+
"name": "hmac-generated-hs512",
31+
"providerId": "hmac-generated",
32+
"subComponents": {},
33+
"config": {
34+
"priority": [
35+
"100"
36+
],
37+
"algorithm": [
38+
"HS512"
39+
]
40+
}
41+
},
42+
{
43+
"id": "55960a57-af77-4f4c-8b6e-925c74bb44db",
44+
"name": "aes-generated",
45+
"providerId": "aes-generated",
46+
"subComponents": {},
47+
"config": {
48+
"priority": [
49+
"100"
50+
]
51+
}
52+
},
53+
{
54+
"id": "ce068675-5cae-434e-851f-09f653ccc604",
55+
"name": "rsa-enc-generated",
56+
"providerId": "rsa-enc-generated",
57+
"subComponents": {},
58+
"config": {
59+
"priority": [
60+
"100"
61+
],
62+
"algorithm": [
63+
"RSA-OAEP"
64+
]
65+
}
66+
}
67+
]
68+
{{- end -}}
69+
#
70+
{{- define "deploy_accounts_utils.components" -}}
71+
"components": {
72+
{{template "deploy_accounts_utils.user_profile_provider_component" }},
73+
{{template "deploy_accounts_utils.key_provider_component" }}
74+
},
75+
{{- end -}}

applications/accounts/deploy/templates/_events.tpl

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
# Accounts _helper.tpl
2+
{{- define "deploy_accounts_utils.event_listeners" -}}
3+
"eventsListeners": [
4+
"metacell-admin-event-listener",
5+
"jboss-logging"
6+
],
7+
{{- end -}}
8+
#
9+
{{- define "deploy_accounts_utils.event_types" -}}
10+
"enabledEventTypes": [
11+
"SEND_RESET_PASSWORD",
12+
"UPDATE_CONSENT_ERROR",
13+
"GRANT_CONSENT",
14+
"VERIFY_PROFILE_ERROR",
15+
"REMOVE_TOTP",
16+
"REVOKE_GRANT",
17+
"UPDATE_TOTP",
18+
"LOGIN_ERROR",
19+
"CLIENT_LOGIN",
20+
"RESET_PASSWORD_ERROR",
21+
"IMPERSONATE_ERROR",
22+
"CODE_TO_TOKEN_ERROR",
23+
"CUSTOM_REQUIRED_ACTION",
24+
"OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR",
25+
"RESTART_AUTHENTICATION",
26+
"IMPERSONATE",
27+
"UPDATE_PROFILE_ERROR",
28+
"LOGIN",
29+
"OAUTH2_DEVICE_VERIFY_USER_CODE",
30+
"UPDATE_PASSWORD_ERROR",
31+
"CLIENT_INITIATED_ACCOUNT_LINKING",
32+
"TOKEN_EXCHANGE",
33+
"AUTHREQID_TO_TOKEN",
34+
"LOGOUT",
35+
"REGISTER",
36+
"DELETE_ACCOUNT_ERROR",
37+
"CLIENT_REGISTER",
38+
"IDENTITY_PROVIDER_LINK_ACCOUNT",
39+
"DELETE_ACCOUNT",
40+
"UPDATE_PASSWORD",
41+
"CLIENT_DELETE",
42+
"FEDERATED_IDENTITY_LINK_ERROR",
43+
"IDENTITY_PROVIDER_FIRST_LOGIN",
44+
"CLIENT_DELETE_ERROR",
45+
"VERIFY_EMAIL",
46+
"CLIENT_LOGIN_ERROR",
47+
"RESTART_AUTHENTICATION_ERROR",
48+
"EXECUTE_ACTIONS",
49+
"REMOVE_FEDERATED_IDENTITY_ERROR",
50+
"TOKEN_EXCHANGE_ERROR",
51+
"PERMISSION_TOKEN",
52+
"SEND_IDENTITY_PROVIDER_LINK_ERROR",
53+
"EXECUTE_ACTION_TOKEN_ERROR",
54+
"SEND_VERIFY_EMAIL",
55+
"OAUTH2_DEVICE_AUTH",
56+
"EXECUTE_ACTIONS_ERROR",
57+
"REMOVE_FEDERATED_IDENTITY",
58+
"OAUTH2_DEVICE_CODE_TO_TOKEN",
59+
"IDENTITY_PROVIDER_POST_LOGIN",
60+
"IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR",
61+
"OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR",
62+
"UPDATE_EMAIL",
63+
"REGISTER_ERROR",
64+
"REVOKE_GRANT_ERROR",
65+
"EXECUTE_ACTION_TOKEN",
66+
"LOGOUT_ERROR",
67+
"UPDATE_EMAIL_ERROR",
68+
"CLIENT_UPDATE_ERROR",
69+
"AUTHREQID_TO_TOKEN_ERROR",
70+
"UPDATE_PROFILE",
71+
"CLIENT_REGISTER_ERROR",
72+
"FEDERATED_IDENTITY_LINK",
73+
"SEND_IDENTITY_PROVIDER_LINK",
74+
"SEND_VERIFY_EMAIL_ERROR",
75+
"RESET_PASSWORD",
76+
"CLIENT_INITIATED_ACCOUNT_LINKING_ERROR",
77+
"OAUTH2_DEVICE_AUTH_ERROR",
78+
"UPDATE_CONSENT",
79+
"REMOVE_TOTP_ERROR",
80+
"VERIFY_EMAIL_ERROR",
81+
"SEND_RESET_PASSWORD_ERROR",
82+
"CLIENT_UPDATE",
83+
"CUSTOM_REQUIRED_ACTION_ERROR",
84+
"IDENTITY_PROVIDER_POST_LOGIN_ERROR",
85+
"UPDATE_TOTP_ERROR",
86+
"CODE_TO_TOKEN",
87+
"VERIFY_PROFILE",
88+
"GRANT_CONSENT_ERROR",
89+
"IDENTITY_PROVIDER_FIRST_LOGIN_ERROR"
90+
],
91+
{{- end -}}
92+
#
93+
{{- define "deploy_accounts_utils.events" -}}
94+
{{- if eq .app.useEvents true }}
95+
{{template "deploy_accounts_utils.event_listeners" }}
96+
{{template "deploy_accounts_utils.event_types" }}
97+
"adminEventsEnabled": true,
98+
"adminEventsDetailsEnabled": true,
99+
{{- end }}
100+
{{- end -}}

applications/accounts/deploy/templates/_helpers.tpl

Whitespace-only changes.

0 commit comments

Comments
 (0)