ci/oauth/keycloak/keycloak_functions.sh from cyberark/conjur-api-ruby

ci/oauth/keycloak/keycloak_functions.sh
Summary

Maintainability

Test Coverage

Issues
#!/usr/bin/env bash

KEYCLOAK_SERVICE_NAME="keycloak"

# Note: the single arg is a nameref, which this function sets to an array
# containing items of the form "KEY=VAL".
function _hydrate_keycloak_env_args() {
  local -n arr=$1
  local keycloak_items

  readarray -t keycloak_items < <(
    set -o pipefail
    # Note: This prints all lines that look like:
    # KEYCLOAK_XXX=someval
    docker compose exec -T ${KEYCLOAK_SERVICE_NAME} printenv | awk '/KEYCLOAK/'
  )

  # shellcheck disable=SC2034
  arr=(
    "${keycloak_items[@]}"
    "PROVIDER_URI=https://keycloak:8443/auth/realms/master"
    "PROVIDER_INTERNAL_URI=http://keycloak:8080/auth/realms/master/protocol/openid-connect"
    "PROVIDER_ISSUER=http://keycloak:8080/auth/realms/master"
    "ID_TOKEN_USER_PROPERTY=preferred_username"
  )
}

# The arguments must be unexpanded variable names.  Eg:
#
# _create_keycloak_user '$APP_USER' '$APP_PW' '$APP_EMAIL'
#
# This is because those variables are not available to this script. They are
# available to bash commands run via "docker compose exec keycloak bash
# -c...", since they're defined in the docker-compose.yml.
function _create_keycloak_user() {
  local user_var=$1
  local pw_var=$2
  local email_var=$3

  docker compose exec -T \
    ${KEYCLOAK_SERVICE_NAME} \
    bash -c "/scripts/create_user \"$user_var\" \"$pw_var\" \"$email_var\""
}

function create_keycloak_users() {
  echo "Defining keycloak client"

  docker compose exec -T ${KEYCLOAK_SERVICE_NAME} /scripts/create_client

  echo "Creating user 'alice' in Keycloak"

  # Note: We want to pass the bash command thru without expansion here.
  # shellcheck disable=SC2016
  _create_keycloak_user \
    '$KEYCLOAK_APP_USER' \
    '$KEYCLOAK_APP_USER_PASSWORD' \
    '$KEYCLOAK_APP_USER_EMAIL'
}

function wait_for_keycloak_server() {
  docker compose exec -T \
    ${KEYCLOAK_SERVICE_NAME} /scripts/wait_for_server
}

function fetch_keycloak_certificate() {
  # there's a dep on the docker-compose.yml volumes.
  # Fetch SSL cert to communicate with keycloak (OIDC provider).
  echo "Initialize keycloak certificate in conjur server"
  docker compose exec -T \
    conjur /scripts/fetch_certificate
}