From e01ffe494aae06e996644b5fd5527b0c6d8fb67b Mon Sep 17 00:00:00 2001 From: ckm007 Date: Tue, 1 Oct 2024 19:36:24 +0530 Subject: [PATCH] [MOSIP-35816] updated keycloak init script to create mosip-deployment-client Signed-off-by: ckm007 --- deploy/initialise-prereq.sh | 2 +- deploy/keycloak/keycloak-init-values.yaml | 9 +++++++++ deploy/keycloak/keycloak-init.sh | 6 ++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/deploy/initialise-prereq.sh b/deploy/initialise-prereq.sh index 8c62b2b54..a8259252f 100755 --- a/deploy/initialise-prereq.sh +++ b/deploy/initialise-prereq.sh @@ -52,7 +52,7 @@ function initialising_Prerequisites() { kubectl -n $NS create secret generic esignet-captcha --from-literal=esignet-captcha-site-key=$ESITE_KEY --from-literal=esignet-captcha-secret-key=$ESECRET_KEY --dry-run=client -o yaml | kubectl apply -f - echo Setting up dummy values for esignet misp license key - kubectl create secret generic esignet-misp-onboarder-key -n $NS --from-literal=mosip-esignet-misp-key='' --dry-run=client -o yaml | kubectl apply -f - + kubectl -n $NS create secret generic esignet-misp-onboarder-key --from-literal=mosip-esignet-misp-key='' --dry-run=client -o yaml | kubectl apply -f - echo "All prerequisite services initialised successfully." return 0 diff --git a/deploy/keycloak/keycloak-init-values.yaml b/deploy/keycloak/keycloak-init-values.yaml index c3c56a0cb..3dd04e513 100644 --- a/deploy/keycloak/keycloak-init-values.yaml +++ b/deploy/keycloak/keycloak-init-values.yaml @@ -43,6 +43,8 @@ keycloak: # "user": "" roles: - PARTNER_ADMIN + - offline_access + - uma_authorization - PUBLISH_OIDC_CLIENT_CREATED_GENERAL - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL - PUBLISH_APIKEY_APPROVED_GENERAL @@ -155,3 +157,10 @@ keycloak: - ID_AUTHENTICATION - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL + - name: mosip-deployment-client + saroles: + - ID_AUTHENTICATION + - GLOBAL_ADMIN + - PARTNER_ADMIN + - uma_authorization + - offline_access diff --git a/deploy/keycloak/keycloak-init.sh b/deploy/keycloak/keycloak-init.sh index 1b83e52bf..6cafdf832 100755 --- a/deploy/keycloak/keycloak-init.sh +++ b/deploy/keycloak/keycloak-init.sh @@ -21,6 +21,8 @@ MPARTNER_DEFAULT_AUTH_SECRET_KEY='mpartner_default_auth_secret' MPARTNER_DEFAULT_AUTH_SECRET_VALUE=$(kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$MPARTNER_DEFAULT_AUTH_SECRET_KEY} | base64 -d) IDA_CLIENT_SECRET_KEY='mosip_ida_client_secret' IDA_CLIENT_SECRET_VALUE=$(kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$IDA_CLIENT_SECRET_KEY} | base64 -d) +DEPLOYMENT_CLIENT_SECRET_KEY='mosip_deployment_client_secret' +DEPLOYMENT_CLIENT_SECRET_VALUE=$(kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$DEPLOYMENT_CLIENT_SECRET_VALUE} | base64 -d) echo "Copying keycloak configmaps and secret" $COPY_UTIL configmap keycloak-host keycloak $NS @@ -38,11 +40,14 @@ helm -n $NS install esignet-keycloak-init mosip/keycloak-init \ --set clientSecrets[1].secret="$MPARTNER_DEFAULT_AUTH_SECRET_VALUE" \ --set clientSecrets[2].name="$IDA_CLIENT_SECRET_KEY" \ --set clientSecrets[2].secret="$IDA_CLIENT_SECRET_VALUE" \ + --set clientSecrets[3].name="$DEPLOYMENT_CLIENT_SECRET_KEY" \ + --set clientSecrets[3].secret="$DEPLOYMENT_CLIENT_SECRET_VALUE" \ --version $CHART_VERSION --wait --wait-for-jobs MPARTNER_DEFAULT_AUTH_SECRET_VALUE=$(kubectl -n $NS get secrets keycloak-client-secrets -o jsonpath={.data.$MPARTNER_DEFAULT_AUTH_SECRET_KEY}) PMS_CLIENT_SECRET_VALUE=$(kubectl -n $NS get secrets keycloak-client-secrets -o jsonpath={.data.$PMS_CLIENT_SECRET_KEY}) IDA_CLIENT_SECRET_VALUE=$(kubectl -n $NS get secrets keycloak-client-secrets -o jsonpath={.data.$IDA_CLIENT_SECRET_KEY}) +DEPLOYMENT_CLIENT_SECRET_VALUE=$(kubectl -n $NS get secrets keycloak-client-secrets -o jsonpath={.data.$DEPLOYMENT_CLIENT_SECRET_KEY}) # Check if the secret exists if kubectl get secret keycloak-client-secrets -n keycloak >/dev/null 2>&1; then @@ -51,6 +56,7 @@ if kubectl get secret keycloak-client-secrets -n keycloak >/dev/null 2>&1; then jq ".data[\"$PMS_CLIENT_SECRET_KEY\"]=\"$PMS_CLIENT_SECRET_VALUE\"" | jq ".data[\"$MPARTNER_DEFAULT_AUTH_SECRET_KEY\"]=\"$MPARTNER_DEFAULT_AUTH_SECRET_VALUE\"" | jq ".data[\"$IDA_CLIENT_SECRET_KEY\"]=\"$IDA_CLIENT_SECRET_VALUE\"" | + jq ".data[\"$DEPLOYMENT_CLIENT_SECRET_KEY\"]=\"$DEPLOYMENT_CLIENT_SECRET_VALUE\"" | kubectl apply -f - else echo "Secret 'keycloak-client-secrets' does not exist. Copying the secret to the keycloak namespace."