This is an automated email from the ASF dual-hosted git repository. omartushevskyi pushed a commit to branch DLAB-1158 in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push: new 3b9f28c added gcp gke deploying 3b9f28c is described below commit 3b9f28cf09ac222679cfe2899c49cd4d47af0380 Author: Oleh Martushevskyi <oleh_martushevs...@epam.com> AuthorDate: Fri Dec 20 11:26:33 2019 +0200 added gcp gke deploying --- .../terraform/gcp/endpoint/main/main.tf | 2 +- .../terraform/gcp/endpoint/main/variables.tf | 2 +- .../terraform/gcp/ssn-gke/main/main.tf | 2 ++ .../dlab-ui-chart/templates/configmap-ui-conf.yaml | 4 ++-- .../modules/helm_charts/dlab-ui-chart/values.yaml | 2 ++ .../gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf | 2 ++ .../modules/helm_charts/files/configure_keycloak.sh | 20 ++++++++++---------- .../gcp/ssn-gke/main/modules/helm_charts/keycloak.tf | 2 ++ .../ssn-gke/main/modules/helm_charts/variables.tf | 4 ++++ .../terraform/gcp/ssn-gke/main/outputs.tf | 4 ++-- .../terraform/gcp/ssn-gke/main/variables.tf | 8 ++++++++ 11 files changed, 36 insertions(+), 16 deletions(-) diff --git a/infrastructure-provisioning/terraform/gcp/endpoint/main/main.tf b/infrastructure-provisioning/terraform/gcp/endpoint/main/main.tf index 3eab2a5..9d69110 100644 --- a/infrastructure-provisioning/terraform/gcp/endpoint/main/main.tf +++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/main.tf @@ -21,7 +21,7 @@ provider "google" { credentials = file(var.creds_file) - project = var.project_id + project = var.gcp_project_id region = var.region zone = var.zone } \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf b/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf index 5d62063..6ef2466 100644 --- a/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf +++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf @@ -19,7 +19,7 @@ # # ****************************************************************************** -variable "project_id" { +variable "gcp_project_id" { default = "" } diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf index c1fe060..6521774 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf @@ -75,4 +75,6 @@ module "helm_charts" { custom_key_path = var.custom_key_path mysql_disk_size = var.mysql_disk_size domain = var.domain + keycloak_realm_name = var.keycloak_realm_name + keycloak_client_id = var.keycloak_client_id } \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/configmap-ui-conf.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/configmap-ui-conf.yaml index 12c2176..ac96e8b 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/configmap-ui-conf.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/configmap-ui-conf.yaml @@ -216,13 +216,13 @@ data: keycloakConfiguration: redirectUri: {{ .Values.ui.keycloak.redirect_uri }} - realm: dlab + realm: {{ .Values.ui.keycloak.realm_name }} bearer-only: true auth-server-url: ${KEYCLOAK_AUTH_URL} ssl-required: none register-node-at-startup: true register-node-period: 600 - resource: dlab-ui + resource: {{ .Values.ui.keycloak.client_id }} credentials: secret: ${KEYCLOAK_CLIENT_SECRET} diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml index 2d12be7..4f11f1b 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml @@ -56,6 +56,8 @@ ui: keycloak: auth_server_url: https://${ssn_k8s_alb_dns_name}/auth redirect_uri: https://${ssn_k8s_alb_dns_name}/ + realm_name: ${keycloak_realm_name} + client_id: ${keycloak_client_id} custom_certs: enabled: ${custom_certs_enabled} diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf index aef6881..93899d4 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf @@ -43,6 +43,8 @@ data "template_file" "dlab_ui_values" { custom_certs_crt = local.custom_cert custom_certs_key = local.custom_key step_ca_crt = lookup(data.external.step-ca-config-values.result, "rootCa") + keycloak_realm_name = var.keycloak_realm_name + keycloak_client_id = var.keycloak_client_id } } diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/configure_keycloak.sh b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/configure_keycloak.sh index 40039a1..309c37c 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/configure_keycloak.sh +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/configure_keycloak.sh @@ -27,16 +27,16 @@ --user ${keycloak_user} --password ${keycloak_password} > /dev/null && echo "true" || echo "false") } check_realm () { - RUN=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab > /dev/null && echo "true" || echo "false") + RUN=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/${keycloak_realm_name} > /dev/null && echo "true" || echo "false") } configure_keycloak () { # Create Realm - /opt/jboss/keycloak/bin/kcadm.sh create realms -s realm=dlab -s enabled=true -s loginTheme=dlab \ + /opt/jboss/keycloak/bin/kcadm.sh create realms -s realm=${keycloak_realm_name} -s enabled=true -s loginTheme=dlab \ -s sslRequired=none # Get realm ID - dlab_realm_id=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab | /usr/bin/jq -r '.id') + dlab_realm_id=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/${keycloak_realm_name} | /usr/bin/jq -r '.id') # Create user federation - /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=dlab-ldap -s providerId=ldap \ + /opt/jboss/keycloak/bin/kcadm.sh create components -r ${keycloak_realm_name} -s name=dlab-ldap -s providerId=ldap \ -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=$dlab_realm_id -s 'config.priority=["1"]' \ -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' \ -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s \ @@ -50,15 +50,15 @@ -s 'config.useTruststoreSpi=["ldapsOnly"]' -s 'config.connectionPooling=["true"]' \ -s 'config.pagination=["true"]' --server http://127.0.0.1:8080/auth # Get user federation ID - user_f_id=$(/opt/jboss/keycloak/bin/kcadm.sh get components -r dlab --query name=dlab-ldap | /usr/bin/jq -er '.[].id') + user_f_id=$(/opt/jboss/keycloak/bin/kcadm.sh get components -r ${keycloak_realm_name} --query name=dlab-ldap | /usr/bin/jq -er '.[].id') # Create user federation email mapper - /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=uid-attribute-to-email-mapper \ + /opt/jboss/keycloak/bin/kcadm.sh create components -r ${keycloak_realm_name} -s name=uid-attribute-to-email-mapper \ -s providerId=user-attribute-ldap-mapper -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper \ -s parentId=$user_f_id -s 'config."user.model.attribute"=["email"]' \ -s 'config."ldap.attribute"=["uid"]' -s 'config."read.only"=["false"]' \ -s 'config."always.read.value.from.ldap"=["false"]' -s 'config."is.mandatory.in.ldap"=["false"]' # Create user federation group mapper - /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=group_mapper -s providerId=group-ldap-mapper \ + /opt/jboss/keycloak/bin/kcadm.sh create components -r ${keycloak_realm_name} -s name=group_mapper -s providerId=group-ldap-mapper \ -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper -s parentId=$user_f_id \ -s 'config."groups.dn"=["ou=Groups,${ldap_dn}"]' -s 'config."group.name.ldap.attribute"=["cn"]' \ -s 'config."group.object.classes"=["posixGroup"]' -s 'config."preserve.group.inheritance"=["false"]' \ @@ -67,14 +67,14 @@ -s 'config."user.roles.retrieve.strategy"=["LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"]' \ -s 'config."mapped.group.attributes"=[]' -s 'config."drop.non.existing.groups.during.sync"=["false"]' # Create client - /opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -s clientId=dlab-ui -s enabled=true -s \ + /opt/jboss/keycloak/bin/kcadm.sh create clients -r ${keycloak_realm_name} -s clientId=${keycloak_client_id} -s enabled=true -s \ 'redirectUris=["https://${ssn_k8s_alb_dns_name}/"]' -s secret=${keycloak_client_secret} -s \ serviceAccountsEnabled=true # Get clint ID - client_id=$(/opt/jboss/keycloak/bin/kcadm.sh get clients -r dlab --query clientId=dlab-ui | /usr/bin/jq -er '.[].id') + client_id=$(/opt/jboss/keycloak/bin/kcadm.sh get clients -r ${keycloak_realm_name} --query clientId=${keycloak_client_id} | /usr/bin/jq -er '.[].id') # Create client mapper /opt/jboss/keycloak/bin/kcadm.sh create clients/$client_id/protocol-mappers/models \ - -r dlab -s name=group_mapper -s protocol=openid-connect -s protocolMapper="oidc-group-membership-mapper" \ + -r ${keycloak_realm_name} -s name=group_mapper -s protocol=openid-connect -s protocolMapper="oidc-group-membership-mapper" \ -s 'config."full.path"="false"' -s 'config."id.token.claim"="true"' -s 'config."access.token.claim"="true"' \ -s 'config."claim.name"="groups"' -s 'config."userinfo.token.claim"="true"' } diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf index 7b8e01d..e07f693 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf @@ -34,6 +34,8 @@ data "template_file" "configure_keycloak" { ldap_dn = var.ldap_dn ldap_user = var.ldap_user ldap_bind_creds = var.ldap_bind_creds + keycloak_realm_name = var.keycloak_realm_name + keycloak_client_id = var.keycloak_client_id } } diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf index c9d3382..be4f82c 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf @@ -82,3 +82,7 @@ variable "custom_certs_host" {} variable "mysql_disk_size" {} variable "domain" {} + +variable "keycloak_realm_name" {} + +variable "keycloak_client_id" {} diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/outputs.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/outputs.tf index 95a7e1a..1a2028b 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/outputs.tf +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/outputs.tf @@ -36,7 +36,7 @@ output "keycloak_client_secret" { } output "keycloak_client_id" { - value = "dlab-ui" + value = var.keycloak_client_id } output "ssn_ui_host" { @@ -64,7 +64,7 @@ output "keycloak_auth_server_url" { } output "keycloak_realm_name" { - value = "dlab" + value = var.keycloak_realm_name } output "keycloak_user_name" { diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf index 40ca86b..fbecd7c 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf @@ -194,3 +194,11 @@ variable "mysql_disk_size" { variable "domain" { default = "" } + +variable "keycloak_realm_name" { + default = "dlab" +} + +variable "keycloak_client_id" { + default = "dlab-ui" +} --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org For additional commands, e-mail: commits-h...@dlab.apache.org