Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

kc syncer

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-04-30 11:45:30 +02:00
parent 2135580210
commit 03e60a3512
1 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
infra/values/base/keycloak-values.yaml
View File

@@ -470,9 +470,8 @@ extraDeploy:
publicClient: false, publicClient: false,
redirectUris: .redirectUris, redirectUris: .redirectUris,
webOrigins: .webOrigins, webOrigins: .webOrigins,
defaultClientScopes: .defaultClientScopes,
protocolMappers: (.protocolMappers // []) protocolMappers: (.protocolMappers // [])
}') } + if .defaultClientScopes then {defaultClientScopes: .defaultClientScopes} else {} end')
# Check if client already exists # Check if client already exists
EXISTING=$(curl -s -H "Authorization: Bearer ${TOKEN}" \ EXISTING=$(curl -s -H "Authorization: Bearer ${TOKEN}" \
@@ -510,6 +509,32 @@ extraDeploy:
| jq -r '.[0].id') | jq -r '.[0].id')
fi fi
# Assign default client scopes (KC REST API ignores defaultClientScopes in POST/PUT body)
REQUESTED_SCOPES=$(echo "$CLIENT_JSON" | jq -r '.defaultClientScopes // [] | .[]' 2>/dev/null)
if [ -n "$REQUESTED_SCOPES" ]; then
# Fetch all realm client scopes once
ALL_SCOPES=$(curl -s -H "Authorization: Bearer ${TOKEN}" \
"${KEYCLOAK_URL}/admin/realms/${REALM}/client-scopes")
echo "$REQUESTED_SCOPES" | while read -r SCOPE_NAME; do
[ -z "$SCOPE_NAME" ] && continue
SCOPE_ID=$(echo "$ALL_SCOPES" | jq -r --arg name "$SCOPE_NAME" '.[] | select(.name == $name) | .id // empty')
if [ -z "$SCOPE_ID" ]; then
echo " WARNING: Scope '${SCOPE_NAME}' not found in realm, skipping"
continue
fi
SC_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: Bearer ${TOKEN}" \
-X PUT \
"${KEYCLOAK_URL}/admin/realms/${REALM}/clients/${CLIENT_UUID}/default-client-scopes/${SCOPE_ID}")
if [ "$SC_CODE" = "204" ] || [ "$SC_CODE" = "200" ]; then
echo " Assigned scope '${SCOPE_NAME}'"
else
echo " WARNING: Failed to assign scope '${SCOPE_NAME}' (HTTP ${SC_CODE})"
fi
done
fi
# Sync credentials to target namespace # Sync credentials to target namespace
sync_credentials "$CLIENT_ID" "$CLIENT_UUID" "$CRED_NS" "$CRED_NAME" "$CRED_ID_KEY" "$CRED_SECRET_KEY" sync_credentials "$CLIENT_ID" "$CLIENT_UUID" "$CRED_NS" "$CRED_NAME" "$CRED_ID_KEY" "$CRED_SECRET_KEY"