| #!/bin/bash |
| |
| realm_name='drivetrain-realm' |
| realm_user='operations-api' |
| realm_usermail='drivetrain-eng@mirantis.com' |
| echo "[ Getting Keycloak endpoint ]" |
| keycloak_port=$(salt-call pillar.get --out=txt _param:haproxy_keycloak_exposed_port | awk '{print $2}') |
| internal_address=$(salt-call pillar.get --out=txt _param:docker_default_gateway | awk '{print $2}') |
| keycloak_url="http://${internal_address}:${keycloak_port}" |
| keycloak_admin_password=$(salt-call pillar.get --out=txt _param:keycloak_admin_password | awk '{print $2}') |
| keycloak_user_password=$(salt-call pillar.get --out=txt _param:keycloak_user_password | awk '{print $2}') |
| echo "[ Waiting for Keycloak server ]" |
| until $(curl --output /dev/null --silent --head --fail ${keycloak_url}); do |
| sleep 2 |
| done |
| |
| KCADM="/opt/jboss/keycloak/bin/kcadm.sh" |
| keycloak_container=$(docker ps --format '{{.Names}}' --filter 'name=keycloak-server') |
| script=""" |
| $KCADM config credentials --server ${keycloak_url}/auth --realm master --user admin --password ${keycloak_admin_password} ; |
| $KCADM create users -r ${realm_name} -s username=${realm_user} -s enabled=true -s emailVerified=true -s firstName=Operations-Service-User -s email=${realm_usermail} ; |
| ID=\$($KCADM get users -r ${realm_name} --fields id -q username=${realm_user} -q email=${realm_usermail} | grep id | cut -f 2 -d \":\" | tr -d \"\\\"\" | tr -d \" \") ; |
| $KCADM update users/\$ID/reset-password -r ${realm_name} -s type=password -s value=${keycloak_user_password} -s temporary=false -n ; |
| """ |
| |
| docker exec -t ${keycloak_container} /bin/bash -c "${script}" |