[sso-avatars] Actually use environment variables

This was needed because previously the DEFAULT_SERVER_URL was hardcoded
in the compiled keycloak module and that URL has changed.

For consistency sso-admin uses the same environment variables (except it
needs AVATARS_SERVER_HOST instead of AVATARS_SERVER_URL).
mejoras_instalacion
Evilham 2022-08-06 21:31:45 +02:00
parent beb0350e9a
commit 38d4e517b3
No known key found for this signature in database
GPG Key ID: AE3EE30D970886BF
6 changed files with 21 additions and 65 deletions

View File

@ -35,10 +35,10 @@ class Avatars:
def __init__(self, avatars_path : str):
self.avatars_path = avatars_path
self.mclient = Minio(
"dd-sso-avatars:9000",
access_key="AKIAIOSFODNN7EXAMPLE",
secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
secure=False,
os.environ["AVATARS_SERVER_HOST"],
access_key=os.environ["AVATARS_ACCESS_KEY"],
secret_key=os.environ["AVATARS_SECRET_KEY"],
secure=bool(os.environ.get("AVATARS_SECURE", "")),
)
self.bucket = "master-avatars"
self._minio_set_realm()

View File

@ -57,10 +57,10 @@ class DefaultAvatars:
)
self.mclient = Minio(
"dd-sso-avatars:9000",
access_key="AKIAIOSFODNN7EXAMPLE",
secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
secure=False,
os.environ["AVATARS_SERVER_HOST"],
access_key=os.environ["AVATARS_ACCESS_KEY"],
secret_key=os.environ["AVATARS_SECRET_KEY"],
secure=bool(os.environ.get("AVATARS_SECURE", "")),
)
self.bucket = "master-avatars"
self._minio_set_realm()

View File

@ -48,3 +48,6 @@ services:
- CUSTOM_FOLDER=/admin/custom
- NC_MAIL_QUEUE_FOLDER=/nc-mail-queue
- LEGAL_PATH=/admin/admin/static/templates/pages/legal
- AVATARS_SERVER_HOST=dd-sso-avatars:9000
- AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
- AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}

View File

@ -33,6 +33,9 @@ services:
- ${CUSTOM_PATH}/custom/img:/opt/jboss/keycloak/themes/dd/login/resources/custom-img
- ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/jboss/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
environment:
- AVATARS_SERVER_URL=http://dd-sso-avatars:9000
- AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
- AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
- KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm.json
- DB_VENDOR=POSTGRES
- DB_ADDR=${KEYCLOAK_DB_ADDR}

View File

@ -1,9 +1,14 @@
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*,module:deployment.avatar-minio-extension-bundle ])
/subsystem=keycloak-server/spi=avatar-storage/:add
/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true)
/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true, \
properties={ \
server-url => "${env.AVATARS_SERVER_URL}", \
access-key => "${env.AVATARS_ACCESS_KEY}", \
secret-key => "${env.AVATARS_SECRET_KEY}" \
})
/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*, module:deployment.avatar-minio-extension-bundle ])
:reload

View File

@ -1,55 +0,0 @@
## COPY keycloak.cli /opt/jboss/startup-scripts/keycloak.cli
#cp -R /opt/custom/deployments/* /opt/jboss/keycloak/standalone/deployments/
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
# Haproxy in front
#/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:remove
#/subsystem=keycloak-server/spi=x509cert-lookup:write-attribute(name=default-provider, value="haproxy")
#/subsystem=keycloak-server/spi=x509cert-lookup/provider=default:remove
#/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:add(enabled=true,properties={ sslClientCert => "SSL_CLIENT_CERT", sslCertChainPrefix => "CERT_CHAIN", certificateChainLength => "10"})
# Add avatar
/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*,module:deployment.avatar-minio-extension-bundle ])
/subsystem=keycloak-server/spi=avatar-storage/:add
/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true)
#:reload
run-batch
stop-embedded-server
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup:write-attribute(name=default-provider, value="haproxy")'
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup/provider=default:remove'
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:add(enabled=true,properties={ sslClientCert => "SSL_CLIENT_CERT", sslCertChainPrefix => "CERT_CHAIN", certificateChainLength => "10"})'
#./jboss-cli.sh --connect --command=':reload'
#<spi name="x509cert-lookup">
# <default-provider>haproxy</default-provider>
# <provider name="haproxy" enabled="true">
# <properties>
# <property name="sslClientCert" value="SSL_CLIENT_CERT"/>
# <property name="sslCertChainPrefix" value="CERT_CHAIN"/>
# <property name="certificateChainLength" value="10"/>
# </properties>
# </provider>
#</spi>
# <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
# <providers>
# <provider>
# module:deployment.avatar-minio-extension-bundle
# </provider>
# </providers>
# <spi name="avatar-storage">
# <provider name="avatar-storage-minio" enabled="true"/>
# </spi>
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)'
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)'
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)'
#./jboss-cli.sh --connect --command='reload'