From 811ed12d7aa7b7b8843bac05cc1ef38212aaae89 Mon Sep 17 00:00:00 2001
From: Sergii Leshchenko <sleshche@redhat.com>
Date: Fri, 16 Jul 2021 16:55:22 +0300
Subject: [PATCH] feat: add an ability to configure additional weborigins and
 redirecturls for keycloak

---
 templates/keycloak-provision.sh | 16 ++++++++++++++--
 templates/keycloak-update.sh    | 16 ++++++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/templates/keycloak-provision.sh b/templates/keycloak-provision.sh
index 1aa0e0ffc..9911508f1 100644
--- a/templates/keycloak-provision.sh
+++ b/templates/keycloak-provision.sh
@@ -37,12 +37,24 @@ provisionKeycloak() {
     -s adminTheme={{ .KeycloakTheme }} \
     -s emailTheme={{ .KeycloakTheme }}
 
+  DEFAULT_WEBORIGINS='"http://{{ .CheHost }}", "https://{{ .CheHost }}"'
+  # ADDITIONAL_WEBORIGINS is an env var in format '"url1", "url2"'
+  # which if specified, is provisioned to keycloak additionally to Che's URLs ones
+  [ ! -z "$ADDITIONAL_WEBORIGINS" ] && ADDITIONAL_WEBORIGINS=", $ADDITIONAL_WEBORIGINS"
+  WEBORIGINS="[$DEFAULT_WEBORIGINS $ADDITIONAL_WEBORIGINS]"
+
+  DEFAULT_REDIRECT_URIS='"http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"'
+  # ADDITIONAL_REDIRECT_URIS is an env var in format '"url1", "url2"'
+  # which if specified, is provisioned to keycloak additionally to Che's URLs ones
+  [ ! -z "$ADDITIONAL_REDIRECT_URIS" ] && ADDITIONAL_REDIRECT_URIS=", $ADDITIONAL_REDIRECT_URIS"
+  REDIRECT_URIS="[$DEFAULT_REDIRECT_URIS $ADDITIONAL_REDIRECT_URIS]"
+
   {{ .Script }} create clients \
     -r '{{ .KeycloakRealm }}' \
     -s clientId={{ .KeycloakClientId }} \
     -s id={{ .KeycloakClientId }} \
-    -s webOrigins='["http://{{ .CheHost }}", "https://{{ .CheHost }}"]' \
-    -s redirectUris='["http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"]' \
+    -s webOrigins="$WEBORIGINS" \
+    -s redirectUris="$REDIRECT_URIS" \
     -s directAccessGrantsEnabled=true \
     -s publicClient=true
 
diff --git a/templates/keycloak-update.sh b/templates/keycloak-update.sh
index 7be9dbf54..994a52b36 100644
--- a/templates/keycloak-update.sh
+++ b/templates/keycloak-update.sh
@@ -15,10 +15,22 @@ connectToKeycloak() {
 }
 
 updateKeycloak() {
+  DEFAULT_WEBORIGINS='"http://{{ .CheHost }}", "https://{{ .CheHost }}"'
+  # ADDITIONAL_WEBORIGINS is an env var in format '"url1", "url2"'
+  # which if specified, is provisioned to keycloak additionally to Che's URLs ones
+  [ ! -z "$ADDITIONAL_WEBORIGINS" ] && ADDITIONAL_WEBORIGINS=", $ADDITIONAL_WEBORIGINS"
+  WEBORIGINS="[$DEFAULT_WEBORIGINS $ADDITIONAL_WEBORIGINS]"
+
+  DEFAULT_REDIRECT_URIS='"http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"'
+  # ADDITIONAL_REDIRECT_URIS is an env var in format '"url1", "url2"'
+  # which if specified, is provisioned to keycloak additionally to Che's URLs ones
+  [ ! -z "$ADDITIONAL_REDIRECT_URIS" ] && ADDITIONAL_REDIRECT_URIS=", $ADDITIONAL_REDIRECT_URIS"
+  REDIRECT_URIS="[$DEFAULT_REDIRECT_URIS $ADDITIONAL_REDIRECT_URIS]"
+
   {{ .Script }} update clients/{{ .KeycloakClientId }} \
     -r '{{ .KeycloakRealm }}' \
-    -s webOrigins='["http://{{ .CheHost }}", "https://{{ .CheHost }}"]' \
-    -s redirectUris='["http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"]'
+    -s webOrigins="$WEBORIGINS" \
+    -s redirectUris="$REDIRECT_URIS"
 }
 
 checkKeycloak() {