122 minify keycloak realm json so kubernetes clusters have easier way to load it (#123)

longshuicy · web-flow · commit a4de316630f0 · 2022-11-07T09:30:26.000-06:00
* deleting too much

* delete more

* rename the minified keycloak setting

* add back original configuration
diff --git a/scripts/keycloak/clowder-realm-dev.json b/scripts/keycloak/clowder-realm-dev.json
@@ -1870,4 +1870,4 @@
   "clientPolicies": {
     "policies": []
   }
-}
+}
diff --git a/scripts/keycloak/clowder-realm-prod.json b/scripts/keycloak/clowder-realm-prod.json
@@ -2174,4 +2174,4 @@
   "clientPolicies": {
     "policies": []
   }
-}
+}
diff --git a/scripts/keycloak/mini-clowder-realm-dev.json b/scripts/keycloak/mini-clowder-realm-dev.json
@@ -0,0 +1,126 @@
+{
+  "realm": "clowder",
+  "accessTokenLifespan": 300,
+  "enabled": true,
+  "registrationAllowed": true,
+  "registrationEmailAsUsername": true,
+  "clients": [
+    {
+      "clientId": "clowder2-backend",
+      "rootUrl": "http://localhost:8000",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "http://localhost:8000/api/v2/auth"
+      ],
+      "webOrigins": [
+        "http://localhost:8000"
+      ],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {
+        "saml.multivalued.roles": "false",
+        "saml.force.post.binding": "false",
+        "oauth2.device.authorization.grant.enabled": "false",
+        "backchannel.logout.revoke.offline.tokens": "false",
+        "saml.server.signature.keyinfo.ext": "false",
+        "use.refresh.tokens": "true",
+        "oidc.ciba.grant.enabled": "false",
+        "backchannel.logout.session.required": "false",
+        "client_credentials.use_refresh_token": "false",
+        "saml.client.signature": "false",
+        "require.pushed.authorization.requests": "false",
+        "saml.assertion.signature": "false",
+        "id.token.as.detached.signature": "false",
+        "saml.encrypt": "false",
+        "saml.server.signature": "false",
+        "exclude.session.state.from.auth.response": "false",
+        "saml.artifact.binding": "false",
+        "saml_force_name_id_format": "false",
+        "tls.client.certificate.bound.access.tokens": "false",
+        "acr.loa.map": "{}",
+        "saml.authnstatement": "false",
+        "display.on.consent.screen": "false",
+        "token.response.type.bearer.lower-case": "false",
+        "saml.onetimeuse.condition": "false"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": true,
+      "nodeReRegistrationTimeout": -1,
+      "defaultClientScopes": [
+        "web-origins",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ]
+    }
+  ],
+  "loginTheme": "clowder-theme",
+  "identityProviders": [
+    {
+      "alias": "cilogon",
+      "displayName": "CILogon",
+      "internalId": "165a05f4-f6d7-44ae-a906-285cba64bae7",
+      "providerId": "oidc",
+      "enabled": true,
+      "updateProfileFirstLoginMode": "on",
+      "trustEmail": false,
+      "storeToken": true,
+      "addReadTokenRoleOnCreate": true,
+      "authenticateByDefault": false,
+      "linkOnly": false,
+      "firstBrokerLoginFlowAlias": "first broker login",
+      "config": {
+        "userInfoUrl": "https://cilogon.org/oauth2/userinfo",
+        "clientId": "cilogon:/client_id/165f54b200b7bc4bf77635fe56237902",
+        "tokenUrl": "https://cilogon.org/oauth2/token",
+        "authorizationUrl": "https://cilogon.org/authorize",
+        "clientAuthMethod": "client_secret_post",
+        "syncMode": "IMPORT",
+        "clientSecret": "**********",
+        "defaultScope": "openid profile org.cilogon.userinfo email",
+        "useJwksUrl": "true"
+      }
+    },
+    {
+      "alias": "globus",
+      "displayName": "Globus",
+      "internalId": "1f4df120-221f-4ed9-ab4a-f40bfeedafbb",
+      "providerId": "oidc",
+      "enabled": true,
+      "updateProfileFirstLoginMode": "on",
+      "trustEmail": false,
+      "storeToken": true,
+      "addReadTokenRoleOnCreate": true,
+      "authenticateByDefault": false,
+      "linkOnly": false,
+      "firstBrokerLoginFlowAlias": "first broker login",
+      "config": {
+        "clientId": "fa3320ff-4730-4395-a4ec-fc7fe23ec8a7",
+        "tokenUrl": "https://auth.globus.org/v2/oauth2/token",
+        "authorizationUrl": "https://auth.globus.org/v2/oauth2/authorize",
+        "clientAuthMethod": "client_secret_post",
+        "syncMode": "IMPORT",
+        "clientSecret": "**********",
+        "defaultScope": "openid profile email",
+        "useJwksUrl": "true"
+      }
+    }
+  ]
+}
diff --git a/scripts/keycloak/mini-clowder-realm-prod.json b/scripts/keycloak/mini-clowder-realm-prod.json
@@ -0,0 +1,128 @@
+{
+  "realm": "clowder",
+  "accessTokenLifespan": 300,
+  "enabled": true,
+  "registrationAllowed": true,
+  "registrationEmailAsUsername": true,
+  "clients": [
+    {
+      "clientId": "clowder2-backend",
+      "rootUrl": "http://localhost",
+      "surrogateAuthRequired": false,
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "clientAuthenticatorType": "client-secret",
+      "redirectUris": [
+        "http://localhost/api/v2/auth"
+      ],
+      "webOrigins": [
+        "http://localhost"
+      ],
+      "notBefore": 0,
+      "bearerOnly": false,
+      "consentRequired": false,
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
+      "frontchannelLogout": false,
+      "protocol": "openid-connect",
+      "attributes": {
+        "saml.force.post.binding": "false",
+        "saml.multivalued.roles": "false",
+        "frontchannel.logout.session.required": "false",
+        "oauth2.device.authorization.grant.enabled": "false",
+        "backchannel.logout.revoke.offline.tokens": "false",
+        "saml.server.signature.keyinfo.ext": "false",
+        "use.refresh.tokens": "true",
+        "oidc.ciba.grant.enabled": "false",
+        "backchannel.logout.session.required": "false",
+        "client_credentials.use_refresh_token": "false",
+        "require.pushed.authorization.requests": "false",
+        "saml.client.signature": "false",
+        "saml.allow.ecp.flow": "false",
+        "id.token.as.detached.signature": "false",
+        "saml.assertion.signature": "false",
+        "saml.encrypt": "false",
+        "saml.server.signature": "false",
+        "exclude.session.state.from.auth.response": "false",
+        "saml.artifact.binding": "false",
+        "saml_force_name_id_format": "false",
+        "acr.loa.map": "{}",
+        "tls.client.certificate.bound.access.tokens": "false",
+        "saml.authnstatement": "false",
+        "display.on.consent.screen": "false",
+        "token.response.type.bearer.lower-case": "false",
+        "saml.onetimeuse.condition": "false"
+      },
+      "authenticationFlowBindingOverrides": {},
+      "fullScopeAllowed": true,
+      "nodeReRegistrationTimeout": -1,
+      "defaultClientScopes": [
+        "web-origins",
+        "roles",
+        "profile",
+        "email"
+      ],
+      "optionalClientScopes": [
+        "address",
+        "phone",
+        "offline_access",
+        "microprofile-jwt"
+      ]
+    }
+  ],
+  "loginTheme": "clowder-theme",
+  "identityProviders": [
+    {
+      "alias": "cilogon",
+      "displayName": "CILogon",
+      "internalId": "165a05f4-f6d7-44ae-a906-285cba64bae7",
+      "providerId": "oidc",
+      "enabled": true,
+      "updateProfileFirstLoginMode": "on",
+      "trustEmail": false,
+      "storeToken": true,
+      "addReadTokenRoleOnCreate": true,
+      "authenticateByDefault": false,
+      "linkOnly": false,
+      "firstBrokerLoginFlowAlias": "first broker login",
+      "config": {
+        "userInfoUrl": "https://cilogon.org/oauth2/userinfo",
+        "clientId": "cilogon:/client_id/165f54b200b7bc4bf77635fe56237902",
+        "tokenUrl": "https://cilogon.org/oauth2/token",
+        "authorizationUrl": "https://cilogon.org/authorize",
+        "clientAuthMethod": "client_secret_post",
+        "syncMode": "IMPORT",
+        "clientSecret": "**********",
+        "defaultScope": "openid profile org.cilogon.userinfo email",
+        "useJwksUrl": "true"
+      }
+    },
+    {
+      "alias": "globus",
+      "displayName": "Globus",
+      "internalId": "1f4df120-221f-4ed9-ab4a-f40bfeedafbb",
+      "providerId": "oidc",
+      "enabled": true,
+      "updateProfileFirstLoginMode": "on",
+      "trustEmail": false,
+      "storeToken": true,
+      "addReadTokenRoleOnCreate": true,
+      "authenticateByDefault": false,
+      "linkOnly": false,
+      "firstBrokerLoginFlowAlias": "first broker login",
+      "config": {
+        "clientId": "fa3320ff-4730-4395-a4ec-fc7fe23ec8a7",
+        "tokenUrl": "https://auth.globus.org/v2/oauth2/token",
+        "authorizationUrl": "https://auth.globus.org/v2/oauth2/authorize",
+        "clientAuthMethod": "client_secret_post",
+        "syncMode": "IMPORT",
+        "clientSecret": "**********",
+        "defaultScope": "openid profile email",
+        "useJwksUrl": "true"
+      }
+    }
+  ]
+}

Original file line number	Diff line number	Diff line change
`@@ -1870,4 +1870,4 @@`
`1870`	`1870`	`"clientPolicies": {`
`1871`	`1871`	`"policies": []`
`1872`	`1872`	`}`
`1873`		`-}`
	`1873`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -2174,4 +2174,4 @@`
`2174`	`2174`	`"clientPolicies": {`
`2175`	`2175`	`"policies": []`
`2176`	`2176`	`}`
`2177`		`-}`
	`2177`	`+}`