feat: Add keycloak (#510)
* feat: Add keycloak
* fix lint error
* Deploy keycloak in default
* Fix role names in deps
* Remove dynamic key in ansible variable dic
* Use custom wait logic because postgresql CRD doesn't have condition status
* Use production mode for keycloak
* Wait until zalando operator ready
* Set admin password explicitly
* Fix ingress config
* Create grafana client in keycloak and enable oauth in grafana
* Use PXC instead of zalando postgres
* Set default value for atmosphere_keycloak_enabled
* Split the mysql queries into multiple parts
* Solve convo
* Use ansible module for keycloak realm
* Concatenate realm arrays
* Tune keycloak config to work with mysql vendor and fix keycloak db user's host config
* Add notes about mysql vendor support in keycloak
* remove default client scope setting
it requires community.general collection upgrade to 4.7.0.
But there are other collections in the deps list which use lower versions.
Need to bump its version at some time surely.
* Tuen grafana oauth config
* Fix keycloak client auth mode
* Use a variable for keycloak database name
* Fix lint error
* Remove unused var from doc
* Manage pxc strict mode in ansible
* revert the changes out of the scope
* ignore changes during realm creation
* Resolve commnents
* Fix default values
* Use official keycloak image instead of bitnami
* Set proxy mode using KC env var
* securely reference oauth secrets in grafana.ini
* Remove implicit octal value in helm values
* Support id token in keycloak clients for rbac and add ingress role
* Update grafana role map attribute
* Use j2 template
https://stackoverflow.com/questions/63961938/ansible-variable-conversion-to-int-is-ignored
* Create client roles
* Fix yaml lint error
* Add keycloak health check in consumer roles
* fix: use correct annotations
* chore: add keystone-keycloak-backend to keystone
* fix: make openstack_helm_endpoints work cleaner
* chore: clean up unecessary docs
* fix: lock down grafana to allow users with roles only
* feat: integrate keystone with keycloak
* chore: added horizon auth via keycloak
* chore: add slo for grafana
* chore: bump to 0.1.5
* Fix yaml lint error
* Fix client role creation
* chore(kube-prometheus-stack): update to latest
* fix: KubeJobFailed should be SEV-3
* chore: refactor softnet alerts
* chore(monitoring): migrate to using jsonnet
* chore: refactor alerts
* chore: major monitoring refactor
* fix: solve alerts
* fix: apiserver selector
* more cleanups
* switch from SEV- to P
* fix: improve port binding alerts
* fix admin state alert for neutron
* map some more alerts
* drop uuid
* Revert "drop uuid"
This reverts commit ad0f05d0e7564759e8259c2cc53c2e2f5c73e1b8.
* fix: drop recording rules
* switch alertmanager to jsonnet
* fix: idempotence for monitoring
* chore: fix linters
* chore: lower ceph osd timeouts to p4
* chore: refactor to using new jsonnet
* chore: use vendor path
* chore: fix mixin for alertmanager
* core: fix selector
* ci: add initial keycloak kind tests
* ci: run keycloak basic scenario
* chore: refactor to using multiple domains
* chore: wip for keycloak multidomain
* adding multi domain support for keycloak as external identity provider (#556)
Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
* chore: initial impl for multiple domain
* chore: grafan + keycloak wip
* chore: fix missing roles
* chore: remove commented out role
* chore: add ci debug
* chore: use smaller nodes for test
* ci: fix keycloak_user_info
* ci: fix keycloak_user_info
* ci: debug keycloak ci
* chore: fix linters
* ci: retry a few times for keycloak users to appear
* ci: ci fixes
* ci: misc fixes
* ci: fix secret generation
* ci: fix missing secrets
---------
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
Co-authored-by: Jeremy Lee <6729613+legit-ninja@users.noreply.github.com>
diff --git a/galaxy.yml b/galaxy.yml
index 46842a5..7a867cc 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -12,12 +12,12 @@
ansible.posix: 1.3.0
ansible.utils: 2.9.0
community.crypto: 2.2.3
- community.general: 4.5.0
+ community.general: 7.3.0
community.mysql: 3.6.0
- kubernetes.core: 2.3.2
+ kubernetes.core: 2.4.0
openstack.cloud: 1.7.0
- vexxhost.ceph: 2.0.1
- vexxhost.kubernetes: 1.8.0
+ vexxhost.ceph: 2.1.0
+ vexxhost.kubernetes: 1.8.2
tags:
- application
- cloud