1
0
Fork 0

add more keycloak options and add config creator

This commit is contained in:
ibizaman 2022-10-17 20:01:36 -07:00
parent eec5b5c24e
commit 99139a774c
3 changed files with 97 additions and 4 deletions

View file

@ -5,11 +5,21 @@
}:
{ configDir ? "/etc/keycloak-cli-config"
, configFile ? "config.json"
, config ? {}
, realm
, domain
, roles ? {}
, clients ? {}
, users ? {}
}:
let
configcreator = pkgs.callPackage ./configcreator.nix {};
in
utils.mkConfigFile {
name = configFile;
dir = configDir;
content = builtins.toJSON config;
content = builtins.toJSON (configcreator {
inherit realm domain roles clients users;
});
}

View file

@ -0,0 +1,79 @@
{ stdenv
, pkgs
, lib
}:
{ realm
, domain
, roles ? {}
, clients ? {}
, users ? {}
}:
with builtins;
with (pkgs.lib.attrsets);
let
mkRole = k: v:
let
iscomposite = (length v) > 0;
in {
name = k;
composite = if iscomposite then "true" else "false";
} // optionalAttrs iscomposite {
composites = {
realm = v;
};
};
mkClientRole =
let
roles = config:
if (hasAttr "roles" config)
then config.roles
else [];
c = v:
{
name = v;
clientRole = "true";
};
in k: config: map c (roles config);
mkClient = k: config:
let
url = "https://${k}.${domain}";
in
{
clientId = k;
rootUrl = url;
clientAuthenticatorType = "client-secret";
redirectUris = ["${url}/*"];
webOrigins = [url];
authorizationServicesEnabled = "true";
serviceAccountsEnabled = "true";
protocol = "openid-connect";
publicClient = "false";
};
mkUser = k: config:
{
username = k;
enabled = "true";
inherit (config) email firstName lastName realmRoles;
};
in
{
inherit realm;
id = realm;
enabled = "true";
clients = mapAttrsToList mkClient clients;
roles = {
realm = mapAttrsToList mkRole roles;
client = mapAttrs mkClientRole clients;
};
users = mapAttrsToList mkUser users;
}

View file

@ -3,7 +3,11 @@
{ name
, configDir ? "/etc/keycloak-cli-config"
, configFile ? "config.json"
, config ? ""
, realm
, domain
, roles ? {}
, clients ? {}
, users ? {}
}:
{
@ -12,7 +16,7 @@
pkg = KeycloakCliConfig {
inherit configDir configFile;
inherit config;
inherit realm domain roles clients users;
};
type = "fileset";