diff --git a/.rultor.yml b/.rultor.yml index 61dae25..ebd5f5d 100644 --- a/.rultor.yml +++ b/.rultor.yml @@ -3,7 +3,11 @@ architect: docker: image: l3r8y/rultor-image:1.0.3 assets: - ghcr.txt: tracehubpm/secrets#assets/ghcr.txt + ghcr.txt: tracehubpm/secrets#assets/ghcr-hanna.txt + ssh.txt: tracehubpm/secrets#assets/ssh.txt + pmo.env: tracehubpm/secrets#assets/pmo.env + keycloak.env: tracehubpm/secrets#assets/keycloak.env + realm-export.json: tracehubpm/secrets#assets/realm-export.json merge: script: | mvn clean install --errors @@ -11,14 +15,26 @@ release: sensitive: - ghcr.txt script: | - [[ "${tag}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9_]+)?$ ]] || exit -1 - mvn versions:set "-DnewVersion=${tag}" - git commit -am "${tag}" + [[ "${TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9_]+)?$ ]] || exit -1 + mvn versions:set "-DnewVersion=${TAG}" + git commit -am "${TAG}" mvn clean install - docker build -t ghcr.io/tracehubpm/pmo:${tag} . - cat ../ghcr.txt | docker login ghcr.io --username h1alexbel --password-stdin - docker push ghcr.io/tracehubpm/pmo:${tag} -# @todo #2:90min Create deploy script for rultor configuration. -# We should create deploy script that will deliver our Java software -# into some target platform. For now, we assuming that it will be -# Cloud VM with public IP, and SSH connection. + docker build -t ghcr.io/tracehubpm/pmo:${TAG} . + cat ../ghcr.txt | docker login ghcr.io --username hizmailovich --password-stdin + docker push ghcr.io/tracehubpm/pmo:${TAG} + sudo apt-get -y install sshpass + echo ${TAG} >> /home/r/repo/scripts/release/tag.txt + sshpass -f ../ssh.txt scp -r /home/r/repo/scripts/release root@${IP}:~/ + sshpass -f ../ssh.txt scp ../pmo.env root@${IP}:~/release/pmo.env + sshpass -f ../ssh.txt scp ../keycloak.env root@${IP}:~/release/keycloak.env + sshpass -f ../ssh.txt scp ../realm-export.json root@${IP}:~/release/realm-export.json + sshpass -f ../ssh.txt ssh -o StrictHostKeyChecking=no root@${IP} + cd release + sh up.sh +deploy: + script: | + sudo apt-get -y install sshpass + sshpass -f ../ssh.txt scp -r /home/r/repo/scripts/deploy root@${IP}:~/ + sshpass -f ../ssh.txt ssh -o StrictHostKeyChecking=no root@${IP} + cd deploy + sh setup.sh \ No newline at end of file diff --git a/README.md b/README.md index 00b3bd2..8e030ad 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,9 @@ it can be found here: `/swagger-ui/index.html`. * Allows to log in using login and password. * Allows to log in using such social coding platforms as GitHub, GitLab, and Bitbucket. * Allows to create a project. -* Creates and queries tickets. +* Creates and queries tickets. * Creates and manages [secrets](https://en.wikipedia.org/wiki/Environment_variable), represented as simple `key = value` -pair, where value will be encrypted using [jasypt](http://www.jasypt.org). + pair, where value will be encrypted using [jasypt](http://www.jasypt.org). After project creation bot [@tracehubgit](https://github.com/tracehubgit) will be invited to the repository and a `new` label for issues will be added. Moreover, a webhook for `push` events will be @@ -48,6 +48,19 @@ Then you should update client secrets for identity providers in Keycloak using f 4. Choose appropriate identity provider and update client secret. 5. Save changes. +### How to deploy? + +The instance can be configured from GitHub Issue using bot [@rultor](https://github.com/yegor256/rultor) and command: + +`@rultor deploy, IP=` + +### How to release? + +The updated artifact can be released from GitHub Issue using bot [@rultor](https://github.com/yegor256/rultor) and +command: + +`@rultor release, IP=, TAG=` + ### How to contribute? Fork repository, make changes, send us a [pull request](https://www.yegor256.com/2014/04/15/github-guidelines.html). diff --git a/realm-export.json b/realm-export.json deleted file mode 100644 index 6cf4dc1..0000000 --- a/realm-export.json +++ /dev/null @@ -1,2474 +0,0 @@ -{ - "id": "458b384c-be7e-4622-b38c-739cc99fcdec", - "realm": "pmo", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": true, - "registrationEmailAsUsername": true, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "5b9a10ca-eb05-480b-b300-d6304d3c9383", - "name": "default-roles-pmo", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "broker": [ - "read-token" - ], - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "458b384c-be7e-4622-b38c-739cc99fcdec", - "attributes": {} - }, - { - "id": "0cefb977-1923-4ef2-9258-24f56b0c3e51", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "458b384c-be7e-4622-b38c-739cc99fcdec", - "attributes": {} - }, - { - "id": "79dad14b-4887-4002-a3f3-05dbd3c8d1bf", - "name": "user_github", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "458b384c-be7e-4622-b38c-739cc99fcdec", - "attributes": {} - }, - { - "id": "afb79c93-03f6-404f-96c8-080c7803d2a1", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "458b384c-be7e-4622-b38c-739cc99fcdec", - "attributes": {} - }, - { - "id": "d6258175-81e1-4185-956f-19be7552950e", - "name": "read-token", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "458b384c-be7e-4622-b38c-739cc99fcdec", - "attributes": {} - }, - { - "id": "3d894791-89cb-4c1b-af73-a49aea41adfb", - "name": "admin", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "458b384c-be7e-4622-b38c-739cc99fcdec", - "attributes": {} - }, - { - "id": "1d64d76a-0441-497a-ba17-f6db68c4a493", - "name": "user", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "458b384c-be7e-4622-b38c-739cc99fcdec", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "f90a6fd6-aef3-4239-82b8-f79603f58840", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "46c1fa5a-a47d-4011-a6d4-e8221afe1d42", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "cb5f713d-c252-45d0-a92c-060844ce865e", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "3c167bf9-2c2f-4ec6-8168-08524e8e25cd", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "4dca663e-6355-4793-812f-eaa4f763f15e", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "f605df6d-b64a-4a16-8cb8-3ecdab582916", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "e5bf5c55-aa6d-42e4-8a26-95caef9a561c", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "52fa6d30-ae5f-489d-bf55-b0bf90d25772", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "1ade7ba9-7585-4c19-aedd-c1a4f071d8df", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "6e3f3ea8-b8ce-4c66-8114-3e23b50cdd9d", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "4605fe63-ecaf-46f7-851e-f0a6dd7d884a", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "5313bbc4-9078-49e4-9b0d-41031cfc06bd", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "d6611b0c-236e-435c-94ca-3ca83e39ea54", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "25be2ed6-2cd4-4d23-ab20-0ea10992e197", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "e2b0a145-a236-4063-bcac-6da6edb2dcf4", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "b9e0e231-c848-4114-8277-d8810308e1e1", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "fb975dc8-d326-48df-b286-7276fc223d73", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "5d31965e-8c83-47f2-a057-207f1d3f90ac", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-events", - "query-clients", - "view-realm", - "manage-realm", - "impersonation", - "manage-clients", - "manage-identity-providers", - "manage-authorization", - "query-users", - "query-realms", - "create-client", - "manage-events", - "query-groups", - "view-clients", - "view-identity-providers", - "view-authorization", - "manage-users", - "view-users" - ] - } - }, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - }, - { - "id": "c952ba76-ce6a-42a6-a52e-a0d76838f9d7", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "attributes": {} - } - ], - "security-admin-console": [], - "tracehub-pmo": [ - { - "id": "8bb2087e-7f6a-4c97-bd16-9ac93c81d87f", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "8bc708b1-5b38-4a86-a9cc-af834e0d6784", - "attributes": {} - }, - { - "id": "ba83e807-b5e9-48b2-beee-346d45fffda2", - "name": "uma_protection", - "composite": false, - "clientRole": true, - "containerId": "8bc708b1-5b38-4a86-a9cc-af834e0d6784", - "attributes": {} - } - ], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "ccdb1ae0-9cfa-4158-a90e-abc2bcf3cf24", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "90a4886f-3bf1-4e91-9adb-52e732093318", - "attributes": {} - } - ], - "account": [ - { - "id": "cca706ea-3b8a-4be8-a4e8-55d64fe06ae3", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - }, - { - "id": "10266cac-6232-41e6-97d8-98775c0be0c8", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - }, - { - "id": "04a6aad0-9c42-4e9c-9e75-f320f8351d72", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - }, - { - "id": "b3573f67-2238-46bb-b4cc-7bc2180eabdd", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - }, - { - "id": "88da235d-f0c9-4597-ac03-35716361e2b1", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - }, - { - "id": "6be93ea3-e654-4aa4-9847-32d73a5aec56", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - }, - { - "id": "4258490d-45e8-45cf-9d81-b56e51295b7d", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - }, - { - "id": "221c5a84-a8e8-4a20-9183-6625c63c63d2", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - }, - { - "id": "897b05bd-1566-4567-9721-7510490d889b", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "attributes": {} - } - ] - } - }, - "groups": [ - { - "id": "c0dde556-f6b3-4025-8de2-55e42319e1d3", - "name": "broker", - "path": "/broker" - } - ], - "defaultRole": { - "id": "5b9a10ca-eb05-480b-b300-d6304d3c9383", - "name": "default-roles-pmo", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "458b384c-be7e-4622-b38c-739cc99fcdec" - }, - "defaultGroups": [ - "/broker" - ], - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": [ - "totpAppFreeOTPName", - "totpAppGoogleName", - "totpAppMicrosoftAuthenticatorName" - ], - "localizationTexts": {}, - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyExtraOrigins": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "webAuthnPolicyPasswordlessExtraOrigins": [], - "users": [ - { - "id": "bda20d8d-c916-4dd9-92c7-6748cfc511ac", - "createdTimestamp": 1709286021048, - "username": "service-account-tracehub-pmo", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "tracehub-pmo", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-pmo" - ], - "clientRoles": { - "tracehub-pmo": [ - "uma_protection" - ] - }, - "notBefore": 0, - "groups": [ - "/broker" - ] - } - ], - "scopeMappings": [ - { - "clientScope": "broker", - "roles": [ - "default-roles-pmo", - "user_github", - "user" - ] - }, - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account", - "view-groups" - ] - } - ] - }, - "clients": [ - { - "id": "cc42ce98-43ff-495b-82b6-45e6c68c4114", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/pmo/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/pmo/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f9dc08c6-e0a9-4b4b-a081-ec4a6e4c0f3d", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/pmo/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/pmo/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "e9a49998-3b9c-433a-9c7a-a523a3d73227", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "57473aca-ee87-43e9-b1fa-5aa86db3389f", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "90a4886f-3bf1-4e91-9adb-52e732093318", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "250c78f1-29a1-4f2f-bb9c-9864b67f4aa3", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "5bf878ec-f1ee-4845-ac05-b29d413f45b1", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/pmo/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/pmo/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "64bcc88f-2b20-4a10-b4b2-2f1fc8978a89", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "8bc708b1-5b38-4a86-a9cc-af834e0d6784", - "clientId": "tracehub-pmo", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "http://localhost:8080/*", - "*" - ], - "webOrigins": [ - "http://locahost:8080", - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "authorizationServicesEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "client.secret.creation.time": "1705571311", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "true", - "backchannel.logout.revoke.offline.tokens": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "acr.loa.map": "{}", - "display.on.consent.screen": "false", - "token.response.type.bearer.lower-case": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "71bd2ecd-87aa-4702-83f4-ad932771cf01", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "introspection.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "081d164c-79ac-4066-97c0-cabf29f9b9aa", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "client_id", - "introspection.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" - } - }, - { - "id": "3d4613a3-d582-4867-8c8f-8c903883cde4", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "introspection.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "broker", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "authorizationSettings": { - "allowRemoteResourceManagement": true, - "policyEnforcementMode": "ENFORCING", - "resources": [ - { - "name": "Default Resource", - "type": "urn:tracehub-pmo:resources:default", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "9493b68d-795d-4b82-b7b3-32fabfc9240c", - "uris": [ - "/*" - ] - } - ], - "policies": [ - { - "id": "6194f1f2-ca91-47bb-93d8-ab921b4cde00", - "name": "Default Policy", - "description": "A policy that grants access only for users within this realm", - "type": "js", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" - } - }, - { - "id": "925e0765-c149-48a2-835e-8ace11621682", - "name": "Default Permission", - "description": "A permission that applies to the default resource type", - "type": "resource", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "defaultResourceType": "urn:tracehub-pmo:resources:default", - "applyPolicies": "[\"Default Policy\"]" - } - } - ], - "scopes": [], - "decisionStrategy": "UNANIMOUS" - } - } - ], - "clientScopes": [ - { - "id": "32bfb57e-e6f0-429d-871c-3170e3c6e22e", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "6dc75b6c-6c78-4b8b-8326-ae40a87b5c64", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "13c3d4ea-2263-4653-830b-f0d7dbd42150", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "5bf6d09b-a651-4452-bccf-71e2ea5fb923", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "fd0a58a7-dcb3-45f7-81d4-6b806492adfc", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "long" - } - }, - { - "id": "7ff9efd8-b82a-40b3-9190-54e1c4d07a10", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "b68c93e4-0296-4b91-9abc-ca64bc717f15", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "6f77b84f-bb3d-4e98-a6fb-16d6d3b30abe", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "ec5e90d5-a38f-4558-80a3-a013ae7e4f15", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "7bd47744-b673-4224-b068-50473ec0edb0", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "904169f7-a811-4c04-ac75-175c13f6b987", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "ada8378c-20c7-478c-b0ae-99f1b11d8348", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "ef82c9c1-d043-4f33-8994-83e7afafafe6", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "d604cabc-dedb-4d63-9914-3779243fdc47", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "e0f12c52-fc73-4c30-87b4-874b9080a6e8", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "0f64b664-d5a9-4f30-b551-32c26d7f93d4", - "name": "broker", - "description": "", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "gui.order": "", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "32055c55-3dc9-4089-a159-3974adf3e239", - "name": "read-token", - "protocol": "openid-connect", - "protocolMapper": "oidc-claims-param-token-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "750a5109-7aba-474f-b99c-a583c5cb648d", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "a2e22207-c845-4e9e-9742-e2593dcdec11", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "introspection.token.claim": "true", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "13297a17-5fb0-48f2-a52e-053a40f36b30", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "eff78f20-202a-4492-97e4-266f28797476", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "3b21af7b-ba71-41e5-886f-275070e7d4a4", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "8f29eecb-6b13-4616-b7b6-57030f7d9002", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "b6654374-83e5-42ae-af34-455b59844e20", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "045da296-b1d5-4f74-9294-edb641a8229c", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "2bb52d0b-f243-4560-8c29-e2a96b38e3a1", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "344cfced-5aa1-4478-b550-022f6a8eb15c", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "9d1775a7-fcb0-4b70-8a81-536fff8f87f8", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "multivalued": "true", - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String" - } - }, - { - "id": "e509ad1a-f77c-4c27-8819-fe56e6dd4c25", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "multivalued": "true", - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String" - } - }, - { - "id": "82ea2bd5-57d2-4a75-8e8a-cb49b1359bee", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "1f398e90-1bb0-4e97-9be5-85b3cac9dbcd", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "6f805233-706a-42ca-80a9-5395079bbdb9", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "cb9859bb-b35e-447e-b7bc-5172b1d23770", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "e6c7eee2-cd02-4ddb-85f4-27d7e37a15a8", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "aeec04ea-cd83-4c6a-b09c-8415eef18a49", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "fdd85168-3a56-49ca-b9f0-ec62180c084d", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "dbbf324c-a2d1-4073-82da-29223a6ff885", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "f7820f9b-e49c-4235-836f-71f9236c87c0", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "923248e7-f5ad-4351-9ec1-99d02cb8083a", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "web-origins", - "acr", - "roles", - "broker" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [ - { - "alias": "github", - "internalId": "746fa90e-c8ef-4f25-8185-d7eca220f434", - "providerId": "github", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": true, - "storeToken": true, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "hideOnLoginPage": "false", - "clientId": "499b6f4de7f3f64219ed", - "acceptsPromptNoneForwardFromClient": "false", - "disableUserInfo": "false", - "filteredByClaim": "false", - "syncMode": "IMPORT", - "clientSecret": "**********", - "defaultScope": "repo" - } - } - ], - "identityProviderMappers": [ - { - "id": "d07522c3-3586-4262-9e6e-5143722d029a", - "name": "read-token", - "identityProviderAlias": "github", - "identityProviderMapper": "github-user-attribute-mapper", - "config": { - "syncMode": "INHERIT", - "jsonField": "resource_access.${client_id}.roles.${role_read-token}", - "userAttribute": "read-token" - } - }, - { - "id": "01359399-5e5e-4ba3-87bf-5cac5c6be9bd", - "name": "Github role", - "identityProviderAlias": "github", - "identityProviderMapper": "oidc-hardcoded-role-idp-mapper", - "config": { - "syncMode": "INHERIT", - "role": "user_github" - } - } - ], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c60e5fc2-e975-47d4-b597-74c4a424375e", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "ca5836ad-0181-4b24-ad35-ad55afb444fb", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "1d796cfc-706b-4d5d-b8d1-a4689a976a6d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "132c70fa-b3ec-4362-9661-9a6424637e85", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "4f91512d-7207-4b01-b31b-4b53e785f3c3", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "b94e7f77-d185-4e0d-9ead-59b84e674fd6", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "1399ee2a-7929-4c46-b87e-82dcfd01e4ea", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "oidc-address-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "2038f19e-18e9-4696-b130-f21edabda873", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "0b856887-6928-4777-89ab-fecdbee4b7e7", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "d48d0b96-c0bd-42a3-982b-afdb323d9ad5", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "b9079ccf-005d-4c9a-a14b-498583c45d50", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "a9f3704a-5a61-4d90-9be8-be2942f532b2", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "f53abfba-5d81-4641-8563-a90795eae7d5", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "1ed377fe-0c40-4d27-bd9f-b79dcd3a4bd4", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "a88c060e-2e79-4c93-af0e-74a8e250b9c8", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "de7ded19-cf17-463b-9e85-5363d2871594", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "1b14e5b3-7bf1-4afe-92bb-2fada2e87dc2", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "9f7b59da-ec74-4325-8d8c-f443370d82ee", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "b8781215-9271-4d6d-baa0-a9e536aaf525", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "03767276-033f-49b5-9f7c-57b94325e197", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "7e40665b-86bf-425a-abd7-46127eb20f05", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "1059bc15-b32b-413e-b835-c0cd348b92ec", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "dcad1939-297c-425f-82c0-73e9d2d8dfc3", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "dd0230fd-734b-4141-81f2-8a0d073c13f2", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "1223409f-1b9f-476e-aaf8-4a6fd54e2e0d", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "dbdacd7c-f79e-42d1-9b9f-b4c35412e3da", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "9d70d2e2-743c-4658-99a2-c8b74bd3515d", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "aef73528-60ea-4e53-b3d0-a8bfad91c6c1", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "ca94673c-19be-45ca-ba11-5ae42c396991", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "ea260f4e-4ca4-4e7f-8d34-c54124297ac8", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "3fd643b2-123d-4924-a5e0-be9e92d4a6e0", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "fe723fe5-a6ab-45c0-b692-d7274a820183", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "webauthn-register", - "name": "Webauthn Register", - "providerId": "webauthn-register", - "enabled": true, - "defaultAction": false, - "priority": 70, - "config": {} - }, - { - "alias": "webauthn-register-passwordless", - "name": "Webauthn Register Passwordless", - "providerId": "webauthn-register-passwordless", - "enabled": true, - "defaultAction": false, - "priority": 80, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false" - }, - "keycloakVersion": "23.0.2", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} diff --git a/scripts/deploy/default-8080.conf b/scripts/deploy/default-8080.conf new file mode 100644 index 0000000..130d38b --- /dev/null +++ b/scripts/deploy/default-8080.conf @@ -0,0 +1,13 @@ +http { + server { + listen 80; + server_name pmo.tracehub.git; + + location /realms/ { + proxy_pass http://localhost:8090; + } + location /api/ { + proxy_pass http://localhost:8080; + } + } +} \ No newline at end of file diff --git a/scripts/deploy/default-8081.conf b/scripts/deploy/default-8081.conf new file mode 100644 index 0000000..ee61599 --- /dev/null +++ b/scripts/deploy/default-8081.conf @@ -0,0 +1,13 @@ +http { + server { + listen 80; + server_name pmo.tracehub.git; + + location /realms/ { + proxy_pass http://localhost:8090; + } + location /api/ { + proxy_pass http://localhost:8081; + } + } +} \ No newline at end of file diff --git a/scripts/deploy/setup.sh b/scripts/deploy/setup.sh new file mode 100644 index 0000000..74ffbce --- /dev/null +++ b/scripts/deploy/setup.sh @@ -0,0 +1,19 @@ +sudo apt-get update && sudo apt-get -y upgrade +sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - +sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" +sudo apt-get -y install docker-ce +sudo systemctl status docker +sudo apt-get -y install curl gnupg2 ca-certificates lsb-release ubuntu-keyring +curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ + | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg +echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ +http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \ + | sudo tee /etc/apt/sources.list.d/nginx.list +echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ + | sudo tee /etc/apt/preferences.d/99nginx +sudo apt-get -y install nginx +sudo mv default-8080.conf /etc/nginx/conf.d/default.conf +sudo systemctl restart nginx +sudo systemctl status nginx diff --git a/scripts/release/docker-compose.yml b/scripts/release/docker-compose.yml new file mode 100644 index 0000000..fdca0dd --- /dev/null +++ b/scripts/release/docker-compose.yml @@ -0,0 +1,39 @@ +version: '3.9' + +services: + keycloak: + image: quay.io/keycloak/keycloak:23.0.2 + container_name: keycloak + restart: always + environment: + KC_DB: ${KC_DB} + KC_DB_URL_HOST: ${KC_DB_URL_HOST} + KC_DB_USERNAME: ${KC_DB_USERNAME} + KC_DB_PASSWORD: ${KC_DB_PASSWORD} + KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN} + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} + ports: + - '8090:8090' + networks: + - pmo + command: start --import-realm --http-port=8090 + volumes: + - realm-export.json:/opt/keycloak/data/import/realm-export.json + env_file: + - keycloak.env + pmo: + container_name: pmo-${PORT} + image: ghcr.io/tracehubpm/pmo:${TAG} + restart: always + ports: + - ${PORT}:8080 + depends_on: + - keycloak + networks: + - pmo + env_file: + - pmo.env + +networks: + pmo: + driver: bridge \ No newline at end of file diff --git a/scripts/release/up.sh b/scripts/release/up.sh new file mode 100644 index 0000000..eff74fc --- /dev/null +++ b/scripts/release/up.sh @@ -0,0 +1,22 @@ +if [[ "`docker ps -f status=running -f name=pmo-8080 --format '{{.Names}}'`" == "pmo-8080" ]] +then + green_port="8081" + blue_port="8080" +else + green_port="8080" + blue_port="8081" +fi +TAG=$(cat tag.txt) PORT=${green_port} docker-compose up -d +echo "Green is running on port ${green_port}" +if [[ "`sudo docker inspect -f {{.State.Running}} pmo-${green_port}`" == "true" ]] +then + echo "Switching..." + sudo cp /root/deploy/default-${green_port}.conf /etc/nginx/conf.d/default.conf + sudo nginx -t + sudo systemctl reload nginx + sudo docker stop pmo-${blue_port} + sudo docker rm pmo-${blue_port} + echo "Blue is stopped" +else + echo "Green is not running" +fi \ No newline at end of file