[incubator-dlab] branch DLAB-1158 updated: added gcp gke deploying

omartushevskyi Fri, 20 Dec 2019 01:31:48 -0800

This is an automated email from the ASF dual-hosted git repository.

omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git



The following commit(s) were added to refs/heads/DLAB-1158 by this push:
     new fd0da49  added gcp gke deploying
fd0da49 is described below

commit fd0da498304e3c3389e43eb905556c8e61672fd4
Author: Oleh Martushevskyi <oleh_martushevs...@epam.com>
AuthorDate: Fri Dec 20 11:31:19 2019 +0200

    added gcp gke deploying
---
 .../dlab-ui-chart/templates/configmap-ui-conf.yaml   |  4 ++--
 .../ssn-helm-charts/main/dlab-ui-chart/values.yaml   |  2 ++
 .../terraform/aws/ssn-helm-charts/main/dlab-ui.tf    |  2 ++
 .../ssn-helm-charts/main/files/configure_keycloak.sh | 20 ++++++++++----------
 .../terraform/aws/ssn-helm-charts/main/keycloak.tf   |  2 ++
 .../terraform/aws/ssn-helm-charts/main/outputs.tf    |  4 ++--
 .../terraform/aws/ssn-helm-charts/main/variables.tf  |  8 ++++++++
 7 files changed, 28 insertions(+), 14 deletions(-)

diff --git 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
index e3ab332..abc2517 100644
--- 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
+++ 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
@@ -216,13 +216,13 @@ data:
 
     keycloakConfiguration:
       redirectUri: {{ .Values.ui.keycloak.redirect_uri }}
-      realm: dlab
+      realm: {{ .Values.ui.keycloak.realm_name }}
       bearer-only: true
       auth-server-url: ${KEYCLOAK_AUTH_URL}
       ssl-required: none
       register-node-at-startup: true
       register-node-period: 600
-      resource: dlab-ui
+      resource: {{ .Values.ui.keycloak.client_id }}
       credentials:
         secret: ${KEYCLOAK_CLIENT_SECRET}
 
diff --git 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
index bba8f87..84206dd 100644
--- 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
+++ 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
@@ -59,6 +59,8 @@ ui:
   keycloak:
     auth_server_url: https://${ssn_k8s_alb_dns_name}/auth
     redirect_uri: https://${ssn_k8s_alb_dns_name}/
+    realm_name: ${keycloak_realm_name}
+    client_id: ${keycloak_client_id}
 
   custom_certs:
     enabled: ${custom_certs_enabled}
diff --git 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
index 125460d..a34cc1c 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
@@ -43,6 +43,8 @@ data "template_file" "dlab_ui_values" {
       custom_certs_crt       = local.custom_cert
       custom_certs_key       = local.custom_key
       step_ca_crt            = 
lookup(data.external.step-ca-config-values.result, "rootCa")
+      keycloak_realm_name    = var.keycloak_realm_name
+      keycloak_client_id     = var.keycloak_client_id
   }
 }
 
diff --git 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
index 38edd16..26662bc 100644
--- 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
+++ 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
@@ -27,16 +27,16 @@
           --user ${keycloak_user} --password ${keycloak_password} > /dev/null 
&& echo "true" || echo "false")
       }
       check_realm () {
-          RUN=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab > /dev/null 
&& echo "true" || echo "false")
+          RUN=$(/opt/jboss/keycloak/bin/kcadm.sh get 
realms/${keycloak_realm_name} > /dev/null && echo "true" || echo "false")
       }
       configure_keycloak () {
           # Create Realm
-          /opt/jboss/keycloak/bin/kcadm.sh create realms -s realm=dlab -s 
enabled=true -s loginTheme=dlab \
+          /opt/jboss/keycloak/bin/kcadm.sh create realms -s 
realm=${keycloak_realm_name} -s enabled=true -s loginTheme=dlab \
           -s sslRequired=none
           # Get realm ID
-          dlab_realm_id=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab | 
/usr/bin/jq -r '.id')
+          dlab_realm_id=$(/opt/jboss/keycloak/bin/kcadm.sh get 
realms/${keycloak_realm_name} | /usr/bin/jq -r '.id')
           # Create user federation
-          /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s 
name=dlab-ldap -s providerId=ldap \
+          /opt/jboss/keycloak/bin/kcadm.sh create components -r 
${keycloak_realm_name} -s name=dlab-ldap -s providerId=ldap \
           -s providerType=org.keycloak.storage.UserStorageProvider -s 
parentId=$dlab_realm_id  -s 'config.priority=["1"]' \
           -s 'config.fullSyncPeriod=["-1"]' -s 
'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' \
           -s config.evictionDay=[] -s config.evictionHour=[] -s 
config.evictionMinute=[] -s config.maxLifespan=[] -s \
@@ -50,15 +50,15 @@
           -s 'config.useTruststoreSpi=["ldapsOnly"]' -s 
'config.connectionPooling=["true"]' \
           -s 'config.pagination=["true"]' --server http://127.0.0.1:8080/auth
           # Get user federation ID
-          user_f_id=$(/opt/jboss/keycloak/bin/kcadm.sh get components -r dlab 
--query name=dlab-ldap | /usr/bin/jq -er '.[].id')
+          user_f_id=$(/opt/jboss/keycloak/bin/kcadm.sh get components -r 
${keycloak_realm_name} --query name=dlab-ldap | /usr/bin/jq -er '.[].id')
           # Create user federation email mapper
-          /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s 
name=uid-attribute-to-email-mapper \
+          /opt/jboss/keycloak/bin/kcadm.sh create components -r 
${keycloak_realm_name} -s name=uid-attribute-to-email-mapper \
           -s providerId=user-attribute-ldap-mapper -s 
providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper \
           -s parentId=$user_f_id -s 'config."user.model.attribute"=["email"]' \
           -s 'config."ldap.attribute"=["uid"]' -s 
'config."read.only"=["false"]' \
           -s 'config."always.read.value.from.ldap"=["false"]' -s 
'config."is.mandatory.in.ldap"=["false"]'
           # Create user federation group mapper
-          /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s 
name=group_mapper -s providerId=group-ldap-mapper \
+          /opt/jboss/keycloak/bin/kcadm.sh create components -r 
${keycloak_realm_name} -s name=group_mapper -s providerId=group-ldap-mapper \
           -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper 
-s parentId=$user_f_id \
           -s 'config."groups.dn"=["ou=Groups,${ldap_dn}"]' -s 
'config."group.name.ldap.attribute"=["cn"]' \
           -s 'config."group.object.classes"=["posixGroup"]' -s 
'config."preserve.group.inheritance"=["false"]' \
@@ -67,14 +67,14 @@
           -s 
'config."user.roles.retrieve.strategy"=["LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"]' \
           -s 'config."mapped.group.attributes"=[]' -s 
'config."drop.non.existing.groups.during.sync"=["false"]'
           # Create client
-          /opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -s 
clientId=dlab-ui -s enabled=true -s \
+          /opt/jboss/keycloak/bin/kcadm.sh create clients -r 
${keycloak_realm_name} -s clientId=${keycloak_client_id} -s enabled=true -s \
           'redirectUris=["https://${ssn_k8s_alb_dns_name}/";]' -s 
secret=${keycloak_client_secret} -s \
           serviceAccountsEnabled=true
           # Get clint ID
-          client_id=$(/opt/jboss/keycloak/bin/kcadm.sh get clients -r dlab 
--query clientId=dlab-ui | /usr/bin/jq -er '.[].id')
+          client_id=$(/opt/jboss/keycloak/bin/kcadm.sh get clients -r 
${keycloak_realm_name} --query clientId=${keycloak_client_id} | /usr/bin/jq -er 
'.[].id')
           # Create client mapper
           /opt/jboss/keycloak/bin/kcadm.sh create 
clients/$client_id/protocol-mappers/models \
-          -r dlab -s name=group_mapper -s protocol=openid-connect -s 
protocolMapper="oidc-group-membership-mapper" \
+          -r ${keycloak_realm_name} -s name=group_mapper -s 
protocol=openid-connect -s protocolMapper="oidc-group-membership-mapper" \
           -s 'config."full.path"="false"' -s 'config."id.token.claim"="true"' 
-s 'config."access.token.claim"="true"' \
           -s 'config."claim.name"="groups"' -s 
'config."userinfo.token.claim"="true"'
       }
diff --git 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
index 53758da..a9ffd62 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
@@ -34,6 +34,8 @@ data "template_file" "configure_keycloak" {
     ldap_dn                = var.ldap_dn
     ldap_user              = var.ldap_user
     ldap_bind_creds        = var.ldap_bind_creds
+    keycloak_realm_name    = var.keycloak_realm_name
+    keycloak_client_id     = var.keycloak_client_id
   }
 }
 
diff --git 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/outputs.tf 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/outputs.tf
index a0e6e10..b0cd25a 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/outputs.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/outputs.tf
@@ -28,7 +28,7 @@ output "keycloak_auth_server_url" {
 }
 
 output "keycloak_realm_name" {
-    value = "dlab"
+    value = var.keycloak_realm_name
 }
 
 output "keycloak_user_name" {
@@ -40,7 +40,7 @@ output "keycloak_user_password" {
 }
 
 output "keycloak_client_id" {
-    value = "dlab-ui"
+    value = var.keycloak_client_id
 }
 
 output "ssn_ui_host" {
diff --git 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
index d703b6b..915e06e 100644
--- 
a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
+++ 
b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
@@ -185,6 +185,14 @@ variable "custom_key_path" {
 variable "custom_certs_host" {
     default = ""
 }
+
+variable "keycloak_realm_name" {
+  default = "dlab"
+}
+
+variable "keycloak_client_id" {
+  default = "dlab-ui"
+}
 //variable "nginx_http_port" {
 //    default = "31080"
 //    description = "Sets the nodePort that maps to the Ingress' port 80"


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org
For additional commands, e-mail: commits-h...@dlab.apache.org

[incubator-dlab] branch DLAB-1158 updated: added gcp gke deploying

Reply via email to