feat(RHIDP-9113): add username change for validation \

creadentail changes for new database of keycloak \
additional config to sync the catalog to RHDH

Signed-off-by: skestwal <skestwal@redhat.com>

Author: shashankkestwal

ci-scripts/rhdh-setup/create_resource.sh

@@ -443,7 +443,7 @@ create_user() {
   groups="$groups]"
   while ((attempt <= max_attempts)); do
     token=$(get_token)
-    username="t${0}"
+    username="t_${0}"
     response="$(curl -s -k --location --request POST "$(keycloak_url)/admin/realms/backstage/users" \
       -H 'Content-Type: application/json' \
       -H 'Authorization: Bearer '"$token" \
@@ -499,7 +499,13 @@ log_token_err() {
 }
 
 keycloak_token() {
-  curl -s -k "$(keycloak_url)/realms/master/protocol/openid-connect/token" -d username=admin -d "password=$1" -d 'grant_type=password' -d 'client_id=admin-cli' | jq -r ".expires_in_timestamp = $(python3 -c 'from datetime import datetime, timedelta; t_add=int(30); print(int((datetime.now() + timedelta(seconds=t_add)).timestamp()))')"
+  client_secret=$(oc -n "${RHDH_NAMESPACE}" get secret keycloak-client-secret-backstage -o template --template='{{.data.CLIENT_SECRET}}' | base64 -d)
+  curl -s -k "$(keycloak_url)/realms/backstage/protocol/openid-connect/token" \
+    -d username=guru \
+    -d "password=$1" \
+    -d 'grant_type=password' \
+    -d 'client_id=backstage' \
+    -d "client_secret=$client_secret" | jq -r ".expires_in_timestamp = $(python3 -c 'from datetime import datetime, timedelta; t_add=int(30); print(int((datetime.now() + timedelta(seconds=t_add)).timestamp()))')"
 }
 
 rhdh_token() {
@@ -588,7 +594,7 @@ get_token() {
         log_token_err "Unable to get $token_type token, re-attempting"
       fi
     else
-      keycloak_pass=$(oc -n "${RHDH_NAMESPACE}" get secret credential-rhdh-keycloak -o template --template='{{.data.ADMIN_PASSWORD}}' | base64 -d)
+      keycloak_pass=$(oc -n "${RHDH_NAMESPACE}" get secret perf-test-secrets -o template --template='{{.data.keycloak_user_pass}}' | base64 -d)
       if ! keycloak_token "$keycloak_pass" >"$token_file"; then
         log_token_err "Unable to get $token_type token, re-attempting"
       fi

ci-scripts/rhdh-setup/deploy.sh

@@ -61,6 +61,7 @@ export GROUP_COUNT="${GROUP_COUNT:-1}"
 export API_COUNT="${API_COUNT:-1}"
 export COMPONENT_COUNT="${COMPONENT_COUNT:-1}"
 export KEYCLOAK_USER_PASS=${KEYCLOAK_USER_PASS:-$(mktemp -u XXXXXXXXXX)}
+export KEYCLOAK_ADMIN_PASS=${KEYCLOAK_ADMIN_PASS:-admin}
 export AUTH_PROVIDER="${AUTH_PROVIDER:-''}"
 export ENABLE_RBAC="${ENABLE_RBAC:-false}"
 export ENABLE_ORCHESTRATOR="${ENABLE_ORCHESTRATOR:-false}"
@@ -256,7 +257,7 @@ keycloak_install() {
     wait_to_start statefulset rhdh-keycloak 450 600
 
     $clin create secret generic credential-rhdh-keycloak \
-        --from-literal=ADMIN_PASSWORD=admin \
+        --from-literal=ADMIN_PASSWORD="$KEYCLOAK_ADMIN_PASS" \
         --dry-run=client -o yaml | $clin apply -f -
 
     $clin create route edge keycloak \
@@ -274,7 +275,7 @@ keycloak_install() {
         fi
     fi
     # shellcheck disable=SC2016
-    envsubst '${KEYCLOAK_CLIENT_SECRET} ${OAUTH2_REDIRECT_URI} ${KEYCLOAK_USER_PASS}' <template/keycloak/keycloakRealmImport.yaml | $clin apply -f -
+    envsubst '${KEYCLOAK_CLIENT_SECRET} ${OAUTH2_REDIRECT_URI} ${KEYCLOAK_USER_PASS} ${KEYCLOAK_ADMIN_PASS}' <template/keycloak/keycloakRealmImport.yaml | $clin apply -f -
     $clin create secret generic keycloak-client-secret-backstage --from-literal=CLIENT_ID=backstage --from-literal=CLIENT_SECRET="$KEYCLOAK_CLIENT_SECRET" --dry-run=client -o yaml | oc apply -f -
 }
 

ci-scripts/rhdh-setup/template/backstage/helm/chart-values.image-override.yaml

@@ -8,6 +8,25 @@ global:
     plugins:
       - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic
         disabled: false
+        pluginConfig:
+          catalog:
+            providers:
+              keycloakOrg:
+                default:
+                  baseUrl: ${KEYCLOAK_BASE_URL}
+                  realm: ${KEYCLOAK_REALM}
+                  loginRealm: ${KEYCLOAK_LOGIN_REALM}
+                  clientId: ${CLIENT_ID}
+                  clientSecret: ${CLIENT_SECRET}
+                  userQuerySize: 1000
+                  groupQuerySize: 1000
+                  schedule:
+                    frequency:
+                      minutes: 30
+                    timeout:
+                      minutes: 1
+                    initialDelay:
+                      seconds: 15
       - package: ./dynamic-plugins/dist/backstage-community-plugin-analytics-provider-segment
         disabled: true
       # TechDocs

ci-scripts/rhdh-setup/template/backstage/helm/chart-values.yaml

@@ -8,6 +8,25 @@ global:
     plugins:
       - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic
         disabled: false
+        pluginConfig:
+          catalog:
+            providers:
+              keycloakOrg:
+                default:
+                  baseUrl: ${KEYCLOAK_BASE_URL}
+                  realm: ${KEYCLOAK_REALM}
+                  loginRealm: ${KEYCLOAK_LOGIN_REALM}
+                  clientId: ${CLIENT_ID}
+                  clientSecret: ${CLIENT_SECRET}
+                  userQuerySize: 1000
+                  groupQuerySize: 1000
+                  schedule:
+                    frequency:
+                      minutes: 30
+                    timeout:
+                      minutes: 1
+                    initialDelay:
+                      seconds: 15
       - package: ./dynamic-plugins/dist/backstage-community-plugin-analytics-provider-segment
         disabled: true
       # TechDocs

ci-scripts/rhdh-setup/template/keycloak/keycloakRealmImport.yaml

@@ -31,6 +31,10 @@ spec:
             - query-groups
             - query-users
             - view-users
+            - view-clients
+            - view-realm
+            - manage-users
+            - manage-clients
     users:
       - username: guru
         firstName: Guru
@@ -42,3 +46,6 @@ spec:
           - type: password
             value: ${KEYCLOAK_USER_PASS}
             temporary: false
+        clientRoles:
+          realm-management:
+            - realm-admin