ensure remote resource management is enabled on keycloak for k8s (#325)

fixes fabric8-services/fabric8-auth#91 by ensuring these settings are preserved during the update of the jenkins redirect URI
fabric8-services · Sep 9, 2017 · ea0d377 · ea0d377
1 parent 2fef2e4
commit ea0d377
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 4 deletions.
diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -1,4 +1,4 @@
-FROM fabric8/fabric8-tenant:v0bcd033
+FROM fabric8/fabric8-tenant:ve664885
 
 COPY fabric8-tenant-linux /usr/local/fabric8-tenant/bin/fabric8-tenant
 RUN echo chmod +x /usr/local/fabric8-tenant/bin/fabric8-tenant
diff --git a/openshift/kube_keycloak.go b/openshift/kube_keycloak.go
@@ -66,13 +66,15 @@ func EnsureKeyCloakHasJenkinsRedirectURL(config Config, kcConfig keycloak.Config
 		return fmt.Sprintf("Cannot query the keycloak realm %s for client %s", realm, clientID), fmt.Errorf("Failed to load KeyCloak client at %s status code %d", clientsURL, status)
 	}
 	redirectURL := strings.TrimSuffix(jenkinsUrl, "/") + "/securityRealm/finishLogin"
-	id, jsonText, err := addRedirectUrl(jsonText, redirectURL)
+	id, updatedJson, err := addRedirectUrl(jsonText, redirectURL)
 	if err != nil {
 		return "Failed to add redirectURL for Jenkins into KeyCLoak JSON", err
 	}
-	if len(jsonText) > 0 {
+	if len(updatedJson) > 0 {
+		//fmt.Printf("client JSON before update: %s\n", jsonText)
+		//fmt.Printf("client JSON after update: %s\n", updatedJson)
 		clientURL := clientsURL + "/" + id
-		_, err = postJson(config, "PUT", clientURL, token, jsonText)
+		_, err = postJson(config, "PUT", clientURL, token, updatedJson)
 		if err != nil {
 			return "Failed to register redirectURL for Jenkins into KeyCloak", err
 		}
@@ -145,6 +147,26 @@ func addRedirectUrl(jsonText string, url string) (string, string, error) {
 	redirectUris = append(redirectUris, url)
 	obj.Set("redirectUris", redirectUris)
 
+	// lets set the auth flags which seem to get removed for some reason
+	// no idea why mind you! but lets make sure these values are populated!
+	// for background see: https://github.com/fabric8-services/fabric8-auth/issues/91
+	authScopes := []map[string]interface{}{
+		{
+			"name": "read:space",
+		},
+		{
+			"name": "admin:space",
+		},
+	}
+	authorizationSettings := map[string]interface{}{
+		"allowRemoteResourceManagement": true,
+		"policyEnforcementMode":         "ENFORCING",
+		"scopes":                        authScopes,
+	}
+
+	obj.Set("authorizationServicesEnabled", true)
+	obj.Set("authorizationSettings", authorizationSettings)
+
 	data, err := obj.MarshalJSON()
 	if err != nil {
 		return "", "", err