diff --git a/dd-sso/admin/src/admin/lib/avatars.py b/dd-sso/admin/src/admin/lib/avatars.py
index d0f2880..0e7ecbe 100644
--- a/dd-sso/admin/src/admin/lib/avatars.py
+++ b/dd-sso/admin/src/admin/lib/avatars.py
@@ -35,10 +35,10 @@ class Avatars:
def __init__(self, avatars_path : str):
self.avatars_path = avatars_path
self.mclient = Minio(
- "dd-sso-avatars:9000",
- access_key="AKIAIOSFODNN7EXAMPLE",
- secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
- secure=False,
+ os.environ["AVATARS_SERVER_HOST"],
+ access_key=os.environ["AVATARS_ACCESS_KEY"],
+ secret_key=os.environ["AVATARS_SECRET_KEY"],
+ secure=bool(os.environ.get("AVATARS_SECURE", "")),
)
self.bucket = "master-avatars"
self._minio_set_realm()
diff --git a/dd-sso/admin/src/scripts/avatars.py b/dd-sso/admin/src/scripts/avatars.py
index f3f329d..342cdc2 100644
--- a/dd-sso/admin/src/scripts/avatars.py
+++ b/dd-sso/admin/src/scripts/avatars.py
@@ -57,10 +57,10 @@ class DefaultAvatars:
)
self.mclient = Minio(
- "dd-sso-avatars:9000",
- access_key="AKIAIOSFODNN7EXAMPLE",
- secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
- secure=False,
+ os.environ["AVATARS_SERVER_HOST"],
+ access_key=os.environ["AVATARS_ACCESS_KEY"],
+ secret_key=os.environ["AVATARS_SECRET_KEY"],
+ secure=bool(os.environ.get("AVATARS_SECURE", "")),
)
self.bucket = "master-avatars"
self._minio_set_realm()
diff --git a/dd-sso/docker-compose-parts/admin.yml b/dd-sso/docker-compose-parts/admin.yml
index 24aea8f..15f851f 100644
--- a/dd-sso/docker-compose-parts/admin.yml
+++ b/dd-sso/docker-compose-parts/admin.yml
@@ -48,3 +48,6 @@ services:
- CUSTOM_FOLDER=/admin/custom
- NC_MAIL_QUEUE_FOLDER=/nc-mail-queue
- LEGAL_PATH=/admin/admin/static/templates/pages/legal
+ - AVATARS_SERVER_HOST=dd-sso-avatars:9000
+ - AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
+ - AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
diff --git a/dd-sso/docker-compose-parts/keycloak.yml b/dd-sso/docker-compose-parts/keycloak.yml
index a8cd961..aa3c00c 100644
--- a/dd-sso/docker-compose-parts/keycloak.yml
+++ b/dd-sso/docker-compose-parts/keycloak.yml
@@ -33,6 +33,9 @@ services:
- ${CUSTOM_PATH}/custom/img:/opt/jboss/keycloak/themes/dd/login/resources/custom-img
- ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/jboss/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
environment:
+ - AVATARS_SERVER_URL=http://dd-sso-avatars:9000
+ - AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
+ - AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
- KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm.json
- DB_VENDOR=POSTGRES
- DB_ADDR=${KEYCLOAK_DB_ADDR}
diff --git a/dd-sso/init/keycloak/scripts/02-extension-avatar.cli b/dd-sso/init/keycloak/scripts/02-extension-avatar.cli
index fbee95e..2b74f00 100644
--- a/dd-sso/init/keycloak/scripts/02-extension-avatar.cli
+++ b/dd-sso/init/keycloak/scripts/02-extension-avatar.cli
@@ -1,9 +1,14 @@
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
-/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*,module:deployment.avatar-minio-extension-bundle ])
/subsystem=keycloak-server/spi=avatar-storage/:add
-/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true)
+/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true, \
+ properties={ \
+ server-url => "${env.AVATARS_SERVER_URL}", \
+ access-key => "${env.AVATARS_ACCESS_KEY}", \
+ secret-key => "${env.AVATARS_SECRET_KEY}" \
+})
+/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*, module:deployment.avatar-minio-extension-bundle ])
:reload
diff --git a/dd-sso/init/keycloak/scripts/keycloak-samples b/dd-sso/init/keycloak/scripts/keycloak-samples
deleted file mode 100644
index 97e53d4..0000000
--- a/dd-sso/init/keycloak/scripts/keycloak-samples
+++ /dev/null
@@ -1,55 +0,0 @@
-## COPY keycloak.cli /opt/jboss/startup-scripts/keycloak.cli
-#cp -R /opt/custom/deployments/* /opt/jboss/keycloak/standalone/deployments/
-embed-server --server-config=standalone-ha.xml --std-out=echo
-batch
-
-# Haproxy in front
-#/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:remove
-#/subsystem=keycloak-server/spi=x509cert-lookup:write-attribute(name=default-provider, value="haproxy")
-#/subsystem=keycloak-server/spi=x509cert-lookup/provider=default:remove
-#/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:add(enabled=true,properties={ sslClientCert => "SSL_CLIENT_CERT", sslCertChainPrefix => "CERT_CHAIN", certificateChainLength => "10"})
-
-# Add avatar
-/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*,module:deployment.avatar-minio-extension-bundle ])
-/subsystem=keycloak-server/spi=avatar-storage/:add
-/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true)
-
-
-#:reload
-
-
-
-run-batch
-stop-embedded-server
-
-
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup:write-attribute(name=default-provider, value="haproxy")'
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup/provider=default:remove'
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:add(enabled=true,properties={ sslClientCert => "SSL_CLIENT_CERT", sslCertChainPrefix => "CERT_CHAIN", certificateChainLength => "10"})'
-#./jboss-cli.sh --connect --command=':reload'
-
-#
-# haproxy
-#
-#
-#
-#
-#
-#
-#
-#
-
-#
-#
-#
-# module:deployment.avatar-minio-extension-bundle
-#
-#
-#
-#
-#
-
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)'
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)'
-#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)'
-#./jboss-cli.sh --connect --command='reload'
\ No newline at end of file