From 43536a17b9e91b15b490aa432098af5cf1d04ab7 Mon Sep 17 00:00:00 2001 From: Scott Poore Date: Mon, 19 Dec 2022 17:52:00 -0600 Subject: [PATCH] docker-compose: updates for ipa-tuura + keycloak Test containers and Makefiles to build test environment included. 1. Container src/Containerfile -- defines systemd container to build src/Makefile -- defines container build steps in make form src/install/ipa-tuura.env -- ipa-tuura service env file for container src/install/ipa-tuura.service -- ipa-tuura systemd service file for container 2. Docker Compose Makefile -- defines test env setup steps in make form .env -- Variables for Makefile and docker-compose data/configs/dnsmasq.conf -- config for dns container data/configs/nm_zone_test.conf -- config for dns container env.containers -- env vars for containers. mostly used by keycloak src/install/setup_bridge.sh -- add SCIM plugin config to keycloak for ipa-tuura bridge docker-compose.yml -- defines containerized test env docker-compose.gating.yml -- defines minimal containerized test env for gating docker-compose.samba.yml -- defines containerized test env with samba *NOTE* docker-compose.yml relies on SSSD containers to provide ipa, dns, ldap. 3. README.md update to show how to start the container test environment Signed-off-by: Scott Poore --- .env | 8 ++- Makefile | 44 +++++++++++++++ README.md | 94 ++++++++++++++++++++++++++++++++ data/configs/dnsmasq.conf | 10 +++- docker-compose.gating.yaml | 99 +++++++++++++++++++++++++++++++++ docker-compose.samba.yaml | 100 ++++++++++++++++++++++++++++++++++ docker-compose.yml | 86 ++++++++++++++++++----------- env.containers | 9 +++ src/Containerfile | 49 +++++++++++++++++ src/Makefile | 18 ++++++ src/install/ipa-tuura.env | 5 ++ src/install/ipa-tuura.service | 17 ++++++ src/install/setup_bridge.sh | 62 +++++++++++++++++++++ 13 files changed, 567 insertions(+), 34 deletions(-) create mode 100644 Makefile create mode 100644 docker-compose.gating.yaml create mode 100644 docker-compose.samba.yaml create mode 100644 src/Containerfile create mode 100644 src/Makefile create mode 100644 src/install/ipa-tuura.env create mode 100644 src/install/ipa-tuura.service create mode 100755 src/install/setup_bridge.sh diff --git a/.env b/.env index 803b0a30..016fe4c2 100644 --- a/.env +++ b/.env @@ -1,4 +1,10 @@ # This is the docker-compose environment file. # Copy it to .env or use --env-file=env.example on docker-compose command. -REGISTRY=quay.io/ftrivino +#REGISTRY=quay.io/ftrivino +REGISTRY=localhost/sssd TAG=latest + +PLUGIN_TAG=kc19_intg +PLUGIN_VER=0.0.1 +PLUGIN_DIR=scim-keycloak-user-storage-spi-${PLUGIN_TAG} +PLUGIN_JAR=scim-user-spi-0.0.1-SNAPSHOT.jar diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..0dc6c47d --- /dev/null +++ b/Makefile @@ -0,0 +1,44 @@ +include .env + +up: datadir plugin + docker-compose up --detach --no-recreate + +up-gating: + docker-compose -f docker-compose.gating.yaml up --no-recreate --detach + +up-samba: + docker-compose -f docker-compose.samba.yaml up --no-recreate --detach + +stop: + docker-compose stop + +down: stop + docker-compose -f docker-compose.samba.yaml \ + -f docker-compose.gating.yaml \ + -f docker-compose.yml down + +datadir: +ifeq (,$(wildcard data/keycloak)) + mkdir -p data/keycloak +endif + +container: + $(MAKE) -C src + +plugin: datadir +ifeq (,$(wildcard data/keycloak/$(PLUGIN_JAR))) + cd data/keycloak && \ + wget https://github.com/justin-stephenson/scim-keycloak-user-storage-spi/archive/refs/tags/$(PLUGIN_TAG).tar.gz && \ + tar zxvf $(PLUGIN_TAG).tar.gz && \ + pushd $(PLUGIN_DIR) && \ + JAVA_HOME=/usr/lib/jvm/java-11-openjdk mvn clean package && \ + mv target/$(PLUGIN_JAR) ../ && \ + chown 994:994 ../${PLUGIN_JAR} +endif + +bridge: + source ./env.containers && \ + bash -c "src/install/setup_bridge.sh" + +clean: + rm -rf data/keycloak/* diff --git a/README.md b/README.md index 7038cb61..bbc1cc55 100644 --- a/README.md +++ b/README.md @@ -100,3 +100,97 @@ make html ``` The generated documentation will be available at `$IPA_TUURA/doc/_build/html/` folder. + + +### Testing + +Provided is a docker-compose.yml container based test environment. Running this +environment on a system will provide the containers needed for testing some of the +basic features of ipa-tuura: + +* ipa-tuura running SCIMv2 Bridge +* Keycloak running with the SCIMv2 User Storage plugin +* FreeIPA to provide IPA service +* LDAP container to provide LDAP service +* DNS container to provide static DNS for the test environment +* Nextcloud to provide End to End application authentication testing + + +First Install required packages needed to run container test environment: + +```bash +sudo dnf -y install podman docker-compose podman-docker \ + java-17-openjdk-headless maven dnsmasq +``` + +Start podman service: + +```bash +sudo systemctl start podman +``` + +Clone this repository: + +```bash +git clone https://github.com/freeipa/ipa-tuura +cd ipa-tuura +``` + +Set SELinux boolean: + +```bash +sudo setsebool -P container_manage_cgroup true +``` + +OPTIONAL: Note if you want to setup your local DNS to resolve the container +hostnames, you can follow these steps: + +```bash +sudo cp data/configs/nm_enable_dnsmasq.conf /etc/NetworkManager/conf.d/ +sudo cp data/configs/nm_zone_test.conf /etc/NetworkManager/dnsmasq.d/ +sudo systemctl disable --now systemd-resolved +sudo mv /etc/resolv.conf /etc/resolv.conf.ipa-tuura-backup +sudo systemctl reload NetworkManager +``` + +Start containers: + +```bash +sudo make up +sudo make bridge +``` + +Note that `make bridge` runs `src/install/setup_bridge.sh` which allows you to +override the keycloak and/or ipa-tuura hostnames if you wish to use this elsewhere. +To do this, just set variables before manually running the script: + +```bash +export KC_HOSTNAME= +export TUURA_HOSTNAME= +bash src/install/setup_bridge.sh +``` + +Note that the container names all start with "kite-" which stands for Keycloak +Integration Test Environment. Each container is named after the service it +provides to make access easier. + +Now you can access the containers with either: + +```bash +sudo podman exec -it kite- bash +``` + +Or for some containers, you can access with ssh. To do so, lookup IP from +docker-compose.yml file. + +```bash +ssh root@ +``` + +To run Keycloak or IPA commands, you can alias the commands like this: + +```bash +alias kcadm='sudo podman exec -it kite-keycloak /opt/keycloak/bin/kcadm.sh' +alias ipa='sudo podman exec -it kite-ipa ipa' +``` + diff --git a/data/configs/dnsmasq.conf b/data/configs/dnsmasq.conf index 477f3e34..0f2da3d7 100644 --- a/data/configs/dnsmasq.conf +++ b/data/configs/dnsmasq.conf @@ -9,19 +9,25 @@ local=/test/ # These zones have their own DNS server server=/ipa.test/172.16.100.10 -server=/samba.test/172.16.100.30 server=/ad.test/172.16.200.10 # Add A records for LDAP and client machines address=/master.ldap.test/172.16.100.20 address=/client.test/172.16.100.40 +address=/master.keycloak.test/172.16.100.70 +address=/master.nextcloud.test/172.16.100.12 +address=/master.mariadb.test/172.16.100.13 +address=/ipa-tuura.bridge.test/172.16.100.14 # Add SRV record for LDAP srv-host=_ldap._tcp.ldap.test,master.ldap.test,389 # Add PTR records for all machines ptr-record=10.100.16.172.in-addr.arpa,master.ipa.test +ptr-record=70.100.16.172.in-addr.arpa,master.keycloak.test +ptr-record=12.100.16.172.in-addr.arpa,master.nextcloud.test +ptr-record=13.100.16.172.in-addr.arpa,master.mariadb.test +ptr-record=14.100.16.172.in-addr.arpa,ipa-tuura.bridge.test ptr-record=20.100.16.172.in-addr.arpa,master.ldap.test -ptr-record=30.100.16.172.in-addr.arpa,dc.samba.test ptr-record=40.100.16.172.in-addr.arpa,client.test ptr-record=10.200.16.172.in-addr.arpa,dc.ad.test diff --git a/docker-compose.gating.yaml b/docker-compose.gating.yaml new file mode 100644 index 00000000..937a0c21 --- /dev/null +++ b/docker-compose.gating.yaml @@ -0,0 +1,99 @@ +services: + dns: + restart: always + image: ${REGISTRY}/ci-dns:${TAG} + container_name: dns + env_file: ./env.containers + volumes: + - ./data/configs/dnsmasq.conf:/etc/dnsmasq.conf + cap_add: + - NET_RAW + - NET_ADMIN + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.2 + + ipa: + image: ${REGISTRY}/ci-ipa:${TAG} + container_name: ipa + hostname: master.ipa.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + - AUDIT_CONTROL + - SYS_CHROOT + - NET_ADMIN + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.10 + + ipa-tuura: + #image: quay.io/idmops/bridge:latest + image: localhost/ipa-tuura/base:latest + container_name: ipa-tuura + hostname: ipa-tuura.bridge.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.14 + + keycloak: + image: ${REGISTRY}/ci-keycloak:${TAG} + #image: quay.io/keycloak/keycloak:${KC_TAG} + container_name: keycloak + hostname: master.keycloak.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./data/keycloak/scim-user-spi-${PLUGIN_VER}-SNAPSHOT.jar:/opt/keycloak/providers/scim.jar + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.70 + +networks: + ipa-tuura: + name: ipa-tuura-ci + driver: bridge + ipam: + config: + - subnet: 172.16.100.0/24 + gateway: 172.16.100.1 + options: + driver: host-local diff --git a/docker-compose.samba.yaml b/docker-compose.samba.yaml new file mode 100644 index 00000000..a2bb26eb --- /dev/null +++ b/docker-compose.samba.yaml @@ -0,0 +1,100 @@ +services: + dns: + restart: always + image: ${REGISTRY}/ci-dns:${TAG} + container_name: dns + env_file: ./env.containers + volumes: + - ./data/configs/dnsmasq.conf:/etc/dnsmasq.conf + cap_add: + - NET_RAW + - NET_ADMIN + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.2 + + ipa-tuura: + #image: quay.io/idmops/bridge:latest + image: localhost/ipa-tuura/base:latest + container_name: ipa-tuura + hostname: ipa-tuura.bridge.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.14 + + keycloak: + image: ${REGISTRY}/ci-keycloak:${TAG} + #image: quay.io/keycloak/keycloak:${KC_TAG} + container_name: keycloak + hostname: master.keycloak.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./data/keycloak/scim-user-spi-${PLUGIN_VER}-SNAPSHOT.jar:/opt/keycloak/providers/scim.jar + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.70 + + samba: + image: ${REGISTRY}/ci-samba:${TAG} + container_name: samba + hostname: dc.samba.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.30 + +networks: + ipa-tuura: + name: ipa-tuura-ci + driver: bridge + ipam: + config: + - subnet: 172.16.100.0/24 + gateway: 172.16.100.1 + options: + driver: host-local diff --git a/docker-compose.yml b/docker-compose.yml index 401b7c30..7ea294f8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ services: dns: restart: always - image: ${REGISTRY}/ci-dns:latest + image: ${REGISTRY}/ci-dns:${TAG} container_name: dns env_file: ./env.containers volumes: @@ -14,7 +14,7 @@ services: - label=disable - seccomp=unconfined networks: - sssd: + ipa-tuura: ipv4_address: 172.16.100.2 ipa: @@ -29,33 +29,65 @@ services: - SYS_ADMIN - SYS_PTRACE - AUDIT_WRITE + - AUDIT_CONTROL + - SYS_CHROOT + - NET_ADMIN security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: + ipa-tuura: ipv4_address: 172.16.100.10 + ipa-tuura: + #image: quay.io/idmops/bridge:latest + image: localhost/ipa-tuura/base:latest + container_name: ipa-tuura + hostname: ipa-tuura.bridge.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.14 + keycloak: - image: ${REGISTRY}/keycloak:${TAG} + image: ${REGISTRY}/ci-keycloak:${TAG} + #image: quay.io/keycloak/keycloak:${KC_TAG} container_name: keycloak hostname: master.keycloak.test dns: 172.16.100.2 env_file: ./env.containers volumes: - - ./shared:/shared:rw + - ./data/keycloak/scim-user-spi-${PLUGIN_VER}-SNAPSHOT.jar:/opt/keycloak/providers/scim.jar cap_add: - SYS_ADMIN - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN - AUDIT_WRITE + - AUDIT_CONTROL security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: - ipv4_address: 172.16.100.11 + ipa-tuura: + ipv4_address: 172.16.100.70 + nextcloud: image: ${REGISTRY}/nextcloud:${TAG} container_name: nextcloud @@ -68,13 +100,15 @@ services: - SYS_ADMIN - SYS_PTRACE - AUDIT_WRITE + - AUDIT_CONTROL security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: + ipa-tuura: ipv4_address: 172.16.100.12 + mariadb: image: ${REGISTRY}/mariadb:${TAG} container_name: mariadb @@ -87,13 +121,15 @@ services: - SYS_ADMIN - SYS_PTRACE - AUDIT_WRITE + - AUDIT_CONTROL security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: + ipa-tuura: ipv4_address: 172.16.100.13 + ldap: image: ${REGISTRY}/ci-ldap:${TAG} container_name: ldap @@ -103,39 +139,27 @@ services: volumes: - ./shared:/shared:rw cap_add: - - SYS_PTRACE - - AUDIT_WRITE - security_opt: - - apparmor=unconfined - - label=disable - - seccomp=unconfined - networks: - sssd: - ipv4_address: 172.16.100.20 - client: - image: ${REGISTRY}/ci-client:${TAG} - container_name: client - hostname: client.test - dns: 172.16.100.2 - env_file: ./env.containers - volumes: - - ./shared:/shared:rw - cap_add: - SYS_ADMIN - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN - AUDIT_WRITE + - AUDIT_CONTROL security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: - ipv4_address: 172.16.100.40 + ipa-tuura: + ipv4_address: 172.16.100.20 + networks: - sssd: - name: sssd-ci + ipa-tuura: + name: ipa-tuura-ci driver: bridge ipam: config: - subnet: 172.16.100.0/24 gateway: 172.16.100.1 + options: + driver: host-local diff --git a/env.containers b/env.containers index 87a732e7..eb9e5c01 100644 --- a/env.containers +++ b/env.containers @@ -1,2 +1,11 @@ # Environment variables set in all started containers CONTAINER=yes +KEYCLOAK_ADMIN=admin +KEYCLOAK_ADMIN_PASSWORD=Secret123 +KC_HOSTNAME=master.keycloak.test +KC_HOSTNAME_PORT=8443 +KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/server.crt +KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/server.key +KC_HTTPS_TRUST_STORE_FILE=/opt/keycloak/conf/server.keystore +KC_HTTPS_TRUST_STORE_PASSWORD=Secret123 +KC_HTTP_RELATIVE_PATH=/auth diff --git a/src/Containerfile b/src/Containerfile new file mode 100644 index 00000000..9552eb31 --- /dev/null +++ b/src/Containerfile @@ -0,0 +1,49 @@ +FROM fedora:latest + +MAINTAINER Scott Poore + +ENV DJANGO_SUPERUSER_PASSWORD: Secret123 \ + DJANGO_SUPERUSER_USERNAME: scim \ + DJANGO_SUPERUSER_EMAIL: scim@ipa.test + +EXPOSE 8000 + +WORKDIR /ipa-tuura + +COPY ipa-tuura /ipa-tuura +COPY install/ipa-tuura.service /etc/systemd/system/ipa-tuura.service +COPY install/ipa-tuura.env /etc/sysconfig/ipa-tuura.env +COPY install/requirements.txt /ipa-tuura/requirements.txt + +# Leaving behind workaround for running specific fork/branch: +#RUN dnf -y install git +#RUN git clone https://github.com/f-trivino/ipa-tuura.git -b domains /opt/ipa-tuura +##RUN git clone https://github.com/Tiboris/ipa-tuura.git -b pr_check_workflow /opt/ipa-tuura +#RUN ln -s /opt/ipa-tuura/src/ipa-tuura /ipa-tuura +#RUN cp /opt/ipa-tuura/src/install/requirements.txt /ipa-tuura/requirements.txt + +# Need to install packages before linking service file so that the +# proper filesystem structure is in place for systemd +RUN dnf -y install sssd ipa-client realmd java-11-openjdk-headless \ + openssl maven unzip python3-pip git python3-netifaces \ + python3-devel krb5-devel gcc sssd-dbus wget openldap-clients \ + sssd sssd-ldap oddjob-mkhomedir realmd openssh-server passwd \ + --nodocs && \ + dnf clean all -y && \ + echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/99-root.conf && \ + chmod 600 /etc/ssh/sshd_config.d/99-root.conf && \ + chown root:root /etc/ssh/sshd_config.d/99-root.conf && \ + echo -e "Secret123\nSecret123" | passwd root && \ + ln -s /etc/systemd/system/ipa-tuura.service \ + /etc/systemd/system/multi-user.target.wants/ipa-tuura.service && \ + ls -Fal /etc/systemd/system/multi-user.target.wants/* && \ + pip install -r /ipa-tuura/requirements.txt && \ + source /etc/sysconfig/ipa-tuura.env && \ + python3 /ipa-tuura/manage.py makemigrations ipatuura && \ + python3 /ipa-tuura/manage.py migrate && \ + python3 /ipa-tuura/manage.py createsuperuser --scim_username scim --noinput + +CMD ["/usr/sbin/init"] + +# ln -s /usr/lib/systemd/system/sshd.service \ +# /etc/systemd/system/multi-user.target.wants/sshd.service && \ diff --git a/src/Makefile b/src/Makefile new file mode 100644 index 00000000..7c9d522f --- /dev/null +++ b/src/Makefile @@ -0,0 +1,18 @@ +default: build + +build: + podman build -t ipa-tuura/base . + +run: + podman run --name bridge -d -p 8000:8000 ipa-tuura/base && \ + podman start bridge + +start: + podman start bridge + +exec: + podman exec -it bridge bash + +clean: + podman rm -f bridge && \ + podman image rm ipa-tuura/base diff --git a/src/install/ipa-tuura.env b/src/install/ipa-tuura.env new file mode 100644 index 00000000..75d4e273 --- /dev/null +++ b/src/install/ipa-tuura.env @@ -0,0 +1,5 @@ +DJANGO_SUPERUSER_USERNAME=scim +DJANGO_SUPERUSER_PASSWORD=Secret123 +DJANGO_SUPERUSER_EMAIL=scim@ipa.test +export DJANGO_SUPERUSER_USERNAME DJANGO_SUPERUSER_PASSWORD DJANGO_SUPERUSER_EMAIL + diff --git a/src/install/ipa-tuura.service b/src/install/ipa-tuura.service new file mode 100644 index 00000000..a9cb8461 --- /dev/null +++ b/src/install/ipa-tuura.service @@ -0,0 +1,17 @@ +[Unit] +Description=SCIMv2 Bridge Server +After=network.target + +[Service] +Type=idle +WorkingDirectory=/ipa-tuura/ +EnvironmentFile=/etc/sysconfig/ipa-tuura.env +# Fix this later +# User=scim +# Group=scim +ExecStart=/usr/bin/python3 /ipa-tuura/manage.py runserver 0.0.0.0:8000 +TimeoutStartSec=600 +TimeoutStopSec=600 + +[Install] +WantedBy=multi-user.target diff --git a/src/install/setup_bridge.sh b/src/install/setup_bridge.sh new file mode 100755 index 00000000..bdbee292 --- /dev/null +++ b/src/install/setup_bridge.sh @@ -0,0 +1,62 @@ +#!/bin/bash -x + +KC_HOSTNAME=${KC_HOSTNAME:="master.keycloak.test"} +TUURA_HOSTNAME=${TUURA_HOSTNAME:="ipa-tuura.bridge.test"} + +podman exec -it keycloak \ + /opt/keycloak/bin/kcadm.sh config truststore --trustpass Secret123 \ + /data/certs/master.keycloak.test.keystore + + +# Run kc.sh build to pick up keycloak scim provider plugin +podman exec -it keycloak \ + /opt/keycloak/bin/kc.sh build + +podman exec -it keycloak \ + systemctl restart keycloak + +# sometimes need to retry login to connect successfully +for count in {1..10}; do + podman exec -it keycloak \ + /opt/keycloak/bin/kcadm.sh config credentials \ + --server https://$KC_HOSTNAME:8443/auth/ \ + --realm master --user admin --password Secret123 + if [ $? -eq 0 ]; then + break + else + sleep 10 + fi +done + + +# Setup SCIM Plugin in Keycloak to join IPA domain +podman exec -it keycloak \ + /opt/keycloak/bin/kcadm.sh create components -r master \ + -s name=scimprov \ + -s providerId=scim \ + -s providerType=org.keycloak.storage.UserStorageProvider \ + -s "config.scimurl=[\"$TUURA_HOSTNAME:8000\"]" \ + -s 'config.loginusername=["scim"]' \ + -s 'config.loginpassword=["Secret123"]' \ + -s 'config.addintgdomain=["True"]' \ + -s 'config.domain=["http://ipa.test"]' \ + -s 'config.domainname=["ipa.test"]' \ + -s 'config.domaindesc=["Bridge to IPA Domain ipa.test"]' \ + -s "config.domainurl=[\"https://$TUURA_HOSTNAME\"]" \ + -s 'config.domainclientid=["admin"]' \ + -s 'config.domainclientsecret=["Secret123"]' \ + -s 'config.idprovider=["ipa"]' \ + -s 'config.cacert=["/etc/ipaca.crt"]' + +# -s 'config.domainuserextraattrs=["mail:mail, sn:sn: givenname:givenname"]' \ +# -s 'config.userDn=["ou=users,dc=ipa,dc=test"]' + +# getFirst("domainname")); +# getFirst("domaindesc")); +# getFirst("domainurl")); +# getFirst("domainclientid")); +# getFirst("domainclientsecret")); +# getFirst("idprovider")); +# getFirst("users_dn")); +# getFirst("cacert"); +