[sso-avatars] Actually use environment variables

This was needed because previously the DEFAULT_SERVER_URL was hardcoded in the compiled keycloak module and that URL has changed. For consistency sso-admin uses the same environment variables (except it needs AVATARS_SERVER_HOST instead of AVATARS_SERVER_URL).
2022-08-06 21:31:45 +02:00 · 2022-08-06 21:31:45 +02:00 · 38d4e517b3
parent beb0350e9a
commit 38d4e517b3
6 changed files with 21 additions and 65 deletions
--- a/dd-sso/admin/src/admin/lib/avatars.py
+++ b/dd-sso/admin/src/admin/lib/avatars.py
@ -35,10 +35,10 @@ class Avatars:
    def __init__(self, avatars_path : str):
        self.avatars_path = avatars_path
        self.mclient = Minio(
-            "dd-sso-avatars:9000",
-            access_key="AKIAIOSFODNN7EXAMPLE",
-            secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
-            secure=False,
+            os.environ["AVATARS_SERVER_HOST"],
+            access_key=os.environ["AVATARS_ACCESS_KEY"],
+            secret_key=os.environ["AVATARS_SECRET_KEY"],
+            secure=bool(os.environ.get("AVATARS_SECURE", "")),
        )
        self.bucket = "master-avatars"
        self._minio_set_realm()
--- a/dd-sso/admin/src/scripts/avatars.py
+++ b/dd-sso/admin/src/scripts/avatars.py
@ -57,10 +57,10 @@ class DefaultAvatars:
        )

        self.mclient = Minio(
-            "dd-sso-avatars:9000",
-            access_key="AKIAIOSFODNN7EXAMPLE",
-            secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
-            secure=False,
+            os.environ["AVATARS_SERVER_HOST"],
+            access_key=os.environ["AVATARS_ACCESS_KEY"],
+            secret_key=os.environ["AVATARS_SECRET_KEY"],
+            secure=bool(os.environ.get("AVATARS_SECURE", "")),
        )
        self.bucket = "master-avatars"
        self._minio_set_realm()
--- a/dd-sso/docker-compose-parts/admin.yml
+++ b/dd-sso/docker-compose-parts/admin.yml
@ -48,3 +48,6 @@ services:
      - CUSTOM_FOLDER=/admin/custom
      - NC_MAIL_QUEUE_FOLDER=/nc-mail-queue
      - LEGAL_PATH=/admin/admin/static/templates/pages/legal
+      - AVATARS_SERVER_HOST=dd-sso-avatars:9000
+      - AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
+      - AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
--- a/dd-sso/docker-compose-parts/keycloak.yml
+++ b/dd-sso/docker-compose-parts/keycloak.yml
@ -33,6 +33,9 @@ services:
      - ${CUSTOM_PATH}/custom/img:/opt/jboss/keycloak/themes/dd/login/resources/custom-img
      - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/jboss/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
    environment:
+      - AVATARS_SERVER_URL=http://dd-sso-avatars:9000
+      - AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
+      - AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
      - KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm.json 
      - DB_VENDOR=POSTGRES
      - DB_ADDR=${KEYCLOAK_DB_ADDR}
--- a/dd-sso/init/keycloak/scripts/02-extension-avatar.cli
+++ b/dd-sso/init/keycloak/scripts/02-extension-avatar.cli
@ -1,9 +1,14 @@
 embed-server --server-config=standalone-ha.xml --std-out=echo 
 batch

-/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*,module:deployment.avatar-minio-extension-bundle ])
 /subsystem=keycloak-server/spi=avatar-storage/:add
-/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true)
+/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true, \
+  properties={ \
+    server-url => "${env.AVATARS_SERVER_URL}", \
+    access-key => "${env.AVATARS_ACCESS_KEY}", \
+    secret-key => "${env.AVATARS_SECRET_KEY}" \
+})
+/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*, module:deployment.avatar-minio-extension-bundle ])

 :reload

--- a/dd-sso/init/keycloak/scripts/keycloak-samples
+++ b/dd-sso/init/keycloak/scripts/keycloak-samples
@ -1,55 +0,0 @@
-## COPY keycloak.cli /opt/jboss/startup-scripts/keycloak.cli
-#cp -R /opt/custom/deployments/* /opt/jboss/keycloak/standalone/deployments/
-embed-server --server-config=standalone-ha.xml --std-out=echo 
-batch
-
-# Haproxy in front
-#/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:remove
-#/subsystem=keycloak-server/spi=x509cert-lookup:write-attribute(name=default-provider, value="haproxy")
-#/subsystem=keycloak-server/spi=x509cert-lookup/provider=default:remove
-#/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:add(enabled=true,properties={ sslClientCert => "SSL_CLIENT_CERT", sslCertChainPrefix => "CERT_CHAIN", certificateChainLength => "10"})
-
-# Add avatar
-/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*,module:deployment.avatar-minio-extension-bundle ])
-/subsystem=keycloak-server/spi=avatar-storage/:add
-/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true)
-
-
-#:reload
-
-
-
-run-batch 
-stop-embedded-server
-
-
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup:write-attribute(name=default-provider, value="haproxy")'            
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup/provider=default:remove'
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:add(enabled=true,properties={ sslClientCert => "SSL_CLIENT_CERT", sslCertChainPrefix => "CERT_CHAIN", certificateChainLength => "10"})'           
-#./jboss-cli.sh --connect --command=':reload'
-
-#<spi name="x509cert-lookup">
-#    <default-provider>haproxy</default-provider>
-#    <provider name="haproxy" enabled="true">
-#        <properties>
-#            <property name="sslClientCert" value="SSL_CLIENT_CERT"/>
-#            <property name="sslCertChainPrefix" value="CERT_CHAIN"/>
-#            <property name="certificateChainLength" value="10"/>
-#        </properties>
-#    </provider>
-#</spi>
-
-# <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-#   <providers>
-#     <provider>
-#       module:deployment.avatar-minio-extension-bundle
-#     </provider>
-#   </providers>
-#   <spi name="avatar-storage">
-#     <provider name="avatar-storage-minio" enabled="true"/>
-#   </spi>
-
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)'
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)'
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)'
-#./jboss-cli.sh --connect --command='reload'