feat: add an ability to configure additional weborigins and redirectu…

…rls for keycloak
eclipse-che · Jul 19, 2021 · 811ed12 · 811ed12
1 parent 53c245a
commit 811ed12
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/templates/keycloak-provision.sh b/templates/keycloak-provision.sh
@@ -37,12 +37,24 @@ provisionKeycloak() {
     -s adminTheme={{ .KeycloakTheme }} \
     -s emailTheme={{ .KeycloakTheme }}
 
+  DEFAULT_WEBORIGINS='"http://{{ .CheHost }}", "https://{{ .CheHost }}"'
+  # ADDITIONAL_WEBORIGINS is an env var in format '"url1", "url2"'
+  # which if specified, is provisioned to keycloak additionally to Che's URLs ones
+  [ ! -z "$ADDITIONAL_WEBORIGINS" ] && ADDITIONAL_WEBORIGINS=", $ADDITIONAL_WEBORIGINS"
+  WEBORIGINS="[$DEFAULT_WEBORIGINS $ADDITIONAL_WEBORIGINS]"
+
+  DEFAULT_REDIRECT_URIS='"http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"'
+  # ADDITIONAL_REDIRECT_URIS is an env var in format '"url1", "url2"'
+  # which if specified, is provisioned to keycloak additionally to Che's URLs ones
+  [ ! -z "$ADDITIONAL_REDIRECT_URIS" ] && ADDITIONAL_REDIRECT_URIS=", $ADDITIONAL_REDIRECT_URIS"
+  REDIRECT_URIS="[$DEFAULT_REDIRECT_URIS $ADDITIONAL_REDIRECT_URIS]"
+
   {{ .Script }} create clients \
     -r '{{ .KeycloakRealm }}' \
     -s clientId={{ .KeycloakClientId }} \
     -s id={{ .KeycloakClientId }} \
-    -s webOrigins='["http://{{ .CheHost }}", "https://{{ .CheHost }}"]' \
-    -s redirectUris='["http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"]' \
+    -s webOrigins="$WEBORIGINS" \
+    -s redirectUris="$REDIRECT_URIS" \
     -s directAccessGrantsEnabled=true \
     -s publicClient=true
 

diff --git a/templates/keycloak-update.sh b/templates/keycloak-update.sh
@@ -15,10 +15,22 @@ connectToKeycloak() {
 }
 
 updateKeycloak() {
+  DEFAULT_WEBORIGINS='"http://{{ .CheHost }}", "https://{{ .CheHost }}"'
+  # ADDITIONAL_WEBORIGINS is an env var in format '"url1", "url2"'
+  # which if specified, is provisioned to keycloak additionally to Che's URLs ones
+  [ ! -z "$ADDITIONAL_WEBORIGINS" ] && ADDITIONAL_WEBORIGINS=", $ADDITIONAL_WEBORIGINS"
+  WEBORIGINS="[$DEFAULT_WEBORIGINS $ADDITIONAL_WEBORIGINS]"
+
+  DEFAULT_REDIRECT_URIS='"http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"'
+  # ADDITIONAL_REDIRECT_URIS is an env var in format '"url1", "url2"'
+  # which if specified, is provisioned to keycloak additionally to Che's URLs ones
+  [ ! -z "$ADDITIONAL_REDIRECT_URIS" ] && ADDITIONAL_REDIRECT_URIS=", $ADDITIONAL_REDIRECT_URIS"
+  REDIRECT_URIS="[$DEFAULT_REDIRECT_URIS $ADDITIONAL_REDIRECT_URIS]"
+
   {{ .Script }} update clients/{{ .KeycloakClientId }} \
     -r '{{ .KeycloakRealm }}' \
-    -s webOrigins='["http://{{ .CheHost }}", "https://{{ .CheHost }}"]' \
-    -s redirectUris='["http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"]'
+    -s webOrigins="$WEBORIGINS" \
+    -s redirectUris="$REDIRECT_URIS"
 }
 
 checkKeycloak() {