diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 68b8e8f..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,50 +0,0 @@ -version: '3' - -services: - keycloak: - image: quay.io/keycloak/keycloak:23.0.3 - container_name: keycloak - restart: always - command: start --proxy=edge -# command: start-dev # pour debug - ports: - - 8080:8080 - depends_on: - - keycloak_db - env_file: - - .env - volumes: - - ./keycloak/datas:/opt/keycloak/data/h2 - # volumes: - # - ./keycloak/certs:/opt/jboss/keycloak/standalone/configuration/certs:ro - # - ./keycloak/conf/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone-ha.xml:ro - - keycloak_db: - image: postgres:13 - container_name: keycloak-db - restart: always - volumes: - - ./postgres:/var/lib/postgresql/data - ports: - - 5435:5432 - env_file: - - .env - - openldap: - image: osixia/openldap - container_name: keycloak-openldap - restart: always - volumes: - - ./keycloak/ldap_ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom - - ./keycloak/ldap_db:/var/lib/ldap - - ./keycloak/ldap_conf:/etc/ldap/slapd.d - command: ["--copy-service"] - env_file: - - .env - tty: true - stdin_open: true - domainname: legaragenumerique.fr - hostname: "ldap" - ports: - - "389:389" - - "636:636" \ No newline at end of file diff --git a/keycloak-adm-clients.sh b/keycloak-adm-clients.sh index 7487edc..77a6715 100755 --- a/keycloak-adm-clients.sh +++ b/keycloak-adm-clients.sh @@ -10,7 +10,7 @@ CLIENT_IDS=("mon-client-1" "mon-client-2" "mon-client-3") # CLIENT_IDS=("adventure" "ai" "djangoquiz" "gitea" "glpi" "grafana" "leboard.legaragenumerique.fr" "netxcloud.legaragenumerique.fr" "odoo" "pdf" "penpot" "sshwifty" "synapse") EXPORT_FILE="clients-export.json" -# Fonction pour exécuter kcadm dans le conteneur +# Exécuter kcadm dans le conteneur kcadm() { docker exec -i "$KEYCLOAK_CONTAINER" /opt/keycloak/bin/kcadm.sh "$@" } @@ -20,15 +20,22 @@ login() { kcadm config credentials --server "$KEYCLOAK_URL" --realm master --user "$ADMIN_USER" --password "$ADMIN_PASS" } -# Export des clients +# Export des clients et mappers export_clients() { echo "[" > "$EXPORT_FILE" for CLIENT_ID in "${CLIENT_IDS[@]}"; do echo "🔄 Export du client : $CLIENT_ID" + CLIENT_JSON=$(kcadm get clients -r "$REALM" -q clientId="$CLIENT_ID" | jq '.[0]') CLIENT_UUID=$(echo "$CLIENT_JSON" | jq -r '.id') + CLIENT_SECRET=$(kcadm get clients/"$CLIENT_UUID"/client-secret -r "$REALM" | jq -r '.value') CLIENT_JSON=$(echo "$CLIENT_JSON" | jq --arg secret "$CLIENT_SECRET" '.secret = $secret') + + # Export des protocol mappers + MAPPERS_JSON=$(kcadm get clients/"$CLIENT_UUID"/protocol-mappers/models -r "$REALM") + CLIENT_JSON=$(echo "$CLIENT_JSON" | jq --argjson mappers "$MAPPERS_JSON" '.protocolMappers = $mappers') + echo "$CLIENT_JSON," >> "$EXPORT_FILE" done sed -i '$ s/,$//' "$EXPORT_FILE" @@ -36,25 +43,32 @@ export_clients() { echo "✅ Export terminé → $EXPORT_FILE" } -# Import des clients +# Import des clients et mappers import_clients() { jq -c '.[]' "$EXPORT_FILE" | while read -r CLIENT_JSON; do CLIENT_ID=$(echo "$CLIENT_JSON" | jq -r '.clientId') echo "⬇️ Import du client : $CLIENT_ID" - # Nettoyage des champs non valides - CLEAN_JSON=$(echo "$CLIENT_JSON" | jq 'del(.id, .secret, .rootUrl, .baseUrl, .adminUrl, .attributes."client.secret.created.timestamp")') + CLEAN_JSON=$(echo "$CLIENT_JSON" | jq 'del(.id, .secret, .rootUrl, .baseUrl, .adminUrl, .attributes."client.secret.created.timestamp", .protocolMappers)') # Création du client kcadm create clients -r "$REALM" -f - <