Closed jjeroch closed 3 weeks ago
Last comment from norbert: as a first step in PR https://github.com/eclipse-tractusx/portal-backend/pull/363 all code referring to UserEntityId (companyUsers) respectivly ClientId (ServiceAccounts) has been refactored to make use of username / clientClientId instead. As with this change the keycloak's primary key of those entities doesn't matter any more it allows to seed keycloak-data via the api independently from the database-content. For now the UserEntityId is left as a fallback to authenticate companyUsers that do not have the username set to their identityId. This refers to manually created test-data that needs to be cleaned up as a follow-up activity before removing the UserEntityId from the db-scheme entirely.
The PR is approved, merged and successfully tested on DEV
implemented for Client-Secrets: new config-element:
"KeycloakSeeding": {
"DataPaths": [ "..." ],
"InstanceName": "...",
"Secrets": {
"Realm": "...",
"Clients": [
{
"ClientId": "...",
"Secret": "..."
}
]
}
}
to be set from the helmchart as environments-variables:
KEYCLOAKSEEDING_SECRETS_0_REALM
KEYCLOAKSEEDING_SECRETS_0_CLIENTS_0_CLIENTID
KEYCLOAKSEEDING_SECRETS_0_CLIENTS_0_SECRET
Examples for variables:
redirectUris https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json#L6250 https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L3404 https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L3825 https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L4015
adminUrl https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L3914 https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L3818
identityProviders__config
-- authorizationUrl https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.0/import/realm-config/generic/catenax-central/CX-Central-realm.json#L6637
Summary
Enhancement keycloak seeding job to seed variables and secrets
Please be aware of the changes done to the keycloak seeding in course of https://github.com/eclipse-tractusx/portal-backend/pull/346 (created as short term solution for 23.12.)