Skip to content

Changes due to IFN upgrade #830

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ddelpiano wants to merge 31 commits into
base: develop
Choose a base branch
from
Open

Changes due to IFN upgrade #830

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
b952398
chore(tilt): initial commit generate tilt file
zoran-sinnema Sep 5, 2025
f91f71a
chore(CH-217): removed some debug code from tilt generator
zoran-sinnema Sep 5, 2025
9789fb5
(chore) linting fix
filippomc Sep 8, 2025
7b83e67
chore(tilt): fix for tasks dockerfile
zoran-sinnema Sep 9, 2025
fdc128f
chore(tilt): add non deployment builds to parent app as requirement
zoran-sinnema Sep 9, 2025
272e2f5
chore(tilt): fix for tasks dockerfile
zoran-sinnema Sep 9, 2025
4d411fe
chore: add option to skip ingress controller install
zoran-sinnema Sep 10, 2025
81b002a
chore(CH-217): added opt-in for setup infrastructure
zoran-sinnema Sep 11, 2025
d456084
chore(CH-217): add some sleep time to give ingress tme to start
zoran-sinnema Sep 11, 2025
955f078
chore(CH-217): some fixes for jupyterhub
zoran-sinnema Sep 19, 2025
4bd4fea
fix: mongodb k8s probes
zoran-sinnema Nov 27, 2025
c69e68b
fix: tilt set app in debug mode
zoran-sinnema Nov 27, 2025
ca23ef7
chore(tilt): enable --watch cli parameter
zoran-sinnema Nov 27, 2025
a796cb3
chore: create api user now also (re)sets the password to the one stor…
zoran-sinnema Dec 2, 2025
6ad98d1
fix: keycloak update attributes clearing the first and lastname
zoran-sinnema Dec 2, 2025
d430b3d
Merge branch 'develop' into IFNS-29-upgrade-ifn
zoran-sinnema Dec 3, 2025
f858ab2
Revert "Merge branch 'develop' into IFNS-29-upgrade-ifn"
zoran-sinnema Dec 3, 2025
28992bd
CH-207 fix images path - reverts CH-194
filippomc Nov 18, 2025
1ba1da3
fix: init kc event listener on app startup
zoran-sinnema Dec 4, 2025
af6f409
chore: small code cleanup and fix in ch django events
zoran-sinnema Dec 4, 2025
53907b4
chore: wait 1s before processing the KC event, this will make sure KC…
zoran-sinnema Dec 4, 2025
61b8d39
fix: added missing ,"unmanagedAttributePolicy":"ENABLED" to realm.jso…
zoran-sinnema Dec 5, 2025
aafe2e6
chore: resolve merge conflicts
zoran-sinnema Dec 5, 2025
2788eb0
chore: resolve merge conflicts
zoran-sinnema Dec 5, 2025
1bd49c2
chore: resolve merge conflicts
zoran-sinnema Dec 5, 2025
1bd4412
feat: refactor accounts realm.json to use templates
zoran-sinnema Dec 5, 2025
ec405ce
chore: resolve merge conflicts
zoran-sinnema Dec 10, 2025
57a3d20
chore: resolve merge conflicts
zoran-sinnema Dec 11, 2025
e4f3c04
deployment configuration using ip local machine rather than cluster i…
ddelpiano Jan 20, 2026
48ae70f
dns resolution issue
ddelpiano Jan 20, 2026
be98297
some fixes due to values.yaml generated not picking up the correct lo…
ddelpiano Jan 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions application-templates/django-fastapi/backend/django_baseapp/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret! TODO change this
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = "django-insecure-81kv$0=07xac7r(pgz6ndb5t0at4-z@ae6&f@u6_3jo&9d#4kl"

# SECURITY WARNING: don't run with debug turned on in production!
Expand Down Expand Up @@ -164,4 +164,3 @@
]

KC_DEFAULT_USER_ROLE = None # don't add the user role to the realm default role
SESSION_COOKIE_AGE = 3600
3 changes: 1 addition & 2 deletions application-templates/django-ninja/backend/django_baseapp/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret! TODO change this
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = "django-insecure-81kv$0=07xac7r(pgz6ndb5t0at4-z@ae6&f@u6_3jo&9d#4kl"

# SECURITY WARNING: don't run with debug turned on in production!
Expand Down Expand Up @@ -165,4 +165,3 @@
]

KC_DEFAULT_USER_ROLE = None # don't add the user role to the realm default role
SESSION_COOKIE_AGE = 3600
9 changes: 5 additions & 4 deletions application-templates/flask-server/backend/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
connexion[swagger-ui,flask,gunicorn]>=3.0.0,<4.0.0
swagger-ui-bundle>=1.1.0
python_dateutil >= 2.9.0
connexion[swagger-ui]==2.14.2
Flask == 2.2.5
swagger-ui-bundle==0.0.9
python_dateutil >= 2.6.0
setuptools >= 21.0.0
gunicorn


6 changes: 3 additions & 3 deletions applications/accounts/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM quay.io/keycloak/keycloak:26.4
FROM quay.io/keycloak/keycloak:26.4.0

EXPOSE 9000
EXPOSE 8080
Expand All @@ -12,7 +12,7 @@ USER keycloak
COPY themes/custom /opt/keycloak/themes/custom

# # keycloak kafka listener plugin
COPY plugins/* /opt/keycloak/providers/
COPY plugins/metacell-admin-event-listener-module-1.0.0.jar /opt/keycloak/providers/

ENTRYPOINT [ "/opt/keycloak/bin/kc-entrypoint.sh" ]
CMD [ "start", "--import-realm" ]
CMD [ "start-dev", "--import-realm", "--health-enabled=true", "--metrics-enabled=true" ]
2 changes: 1 addition & 1 deletion applications/accounts/admin-event-listener/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
## Building
```
mvn clean install
cp ./ear-module/target/metacell-admin-event-listener-bundle-0.1.0.ear ../plugins/
cp ./jar-module/target/metacell-admin-event-listener-module-1.0.0.jar ../plugins/
```

## Install
Expand Down
186 changes: 22 additions & 164 deletions applications/accounts/deploy/resources/realm.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,177 +1,24 @@
{{- define "deploy_accounts_utils.role" }}
{
"id": {{ uuidv4 | quote }},
"name": {{ .role| quote }},
"composite": false,
"clientRole": true,
"containerId": {{ .app.harness.name | quote }},
"attributes": {}
}
{{- end}}
{{- define "deploy_accounts_utils.user" }}
{
"username": {{ .user.username | default .user.email | quote }},
"email": {{ .user.email | default .user.username | quote }},
"enabled": true,
"firstName": {{ .user.firstName | default "Test" | quote }},
"lastName": {{ .user.lastName | default "User" | quote }},
"credentials": [
{
"type": "password",
"value": {{ .user.password | default "test" | quote }}
}
],
"realmRoles": {{ .user.realmRoles | toJson }},
"clientRoles": {
{{ .app.harness.name | quote }}: {{ .user.clientRoles | toJson }}
}
}

{{- end}}
{
"id": {{ .Values.namespace | quote }},
"realm": {{ .Values.namespace | quote }},
"enabled": true,
"sslRequired": {{ ternary "none" "external" (not .Values.tls) | quote }},
"loginTheme": "keycloak",
"accountTheme": "keycloak",
"adminTheme": "keycloak",
"emailTheme": "keycloak",
"registrationAllowed": true,
"registrationEmailAsUsername": false,
"loginTheme": {{ .Values.apps.accounts.theme.login | default "keycloak" | quote }},
"accountTheme": {{ .Values.apps.accounts.theme.account | default "keycloak" | quote }},
"adminTheme": {{ .Values.apps.accounts.theme.admiin | default "keycloak" | quote }},
"emailTheme": {{ .Values.apps.accounts.theme.email | default "keycloak" | quote }},
"registrationAllowed": {{ .Values.apps.accounts.registrationAllowed | default true }},
"registrationEmailAsUsername": {{ .Values.apps.accounts.registrationEmailAsUsername | default false }},
"rememberMe": true,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": true,
"components": {
"org.keycloak.userprofile.UserProfileProvider": [
{
"id": "002b69df-9702-40dd-b73e-3a66d161bf11",
"providerId": "declarative-user-profile",
"subComponents": {},
"config": {
"kc.user.profile.config": [
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
]
}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "e632ce46-36ad-421a-b1a5-776383cc1565",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "b68bee45-a8f0-46ca-b7d9-0df90189736a",
"name": "hmac-generated-hs512",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS512"
]
}
},
{
"id": "55960a57-af77-4f4c-8b6e-925c74bb44db",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "ce068675-5cae-434e-851f-09f653ccc604",
"name": "rsa-enc-generated",
"providerId": "rsa-enc-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"RSA-OAEP"
]
}
}
]
},
"users": [
{{- $j := 0}}
{{- range $app := .Values.apps }}
{{- if (hasKey $app.harness "accounts") }}
{{- if $j}},{{end}}
{{- if $app.harness.accounts.users}}
{{- $j = add1 $j }}
{{- end }}
{{- range $i, $user := $app.harness.accounts.users }}{{if $i}},{{end}}
{{ include "deploy_accounts_utils.user" (dict "root" $ "app" $app "user" $user) }}
{{- end }}
{{- end }}

{{- end }}
],
"roles": {
"realm": [
{
"id": "70835ad6-1454-4bc5-86a4-f1597e776b75",
"name": {{ .Values.apps.accounts.admin.role | quote }},
"composite": false,
"clientRole": false,
"containerId": {{ .Values.namespace | quote }},
"attributes": {}
},
{
"id": "498353dd-88eb-4a5e-99b8-d912e0f20f23",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": {{ .Values.namespace | quote }},
"attributes": {}
},
{
"id": "f99970f1-958b-4bb8-8b39-0d7498b0ecc4",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": {{ .Values.namespace | quote }},
"attributes": {}
}
],
"client": {
{{- $k := 0}}
{{- range $app := .Values.apps }}

{{- if (hasKey $app.harness "accounts") }}
{{- if $k}},{{end}}
{{ $app.harness.name | quote }}: [
{{- range $i, $role := $app.harness.accounts.roles }}
{{if $i}},{{end}}
{{- include "deploy_accounts_utils.role" (dict "root" $ "app" $app "role" $role) }}
{{- end }}
]
{{- $k = add1 $k }}
{{- end }}
{{- end }}
}
},
"editUsernameAllowed": {{ .Values.apps.accounts.editUsernameAllowed }},
{{- include "deploy_accounts_utils.events" (dict "app" .Values.apps.accounts) | indent 8 -}}
{{- include "deploy_accounts_utils.identity_providers" (dict "app" .Values.apps.accounts) | indent 8 -}}
{{- include "deploy_accounts_utils.components" . | indent 8 -}}
{{- include "deploy_accounts_utils.users_roles" (dict "Values" .Values) | indent 8 -}}
"clientScopeMappings": {
"account": [
{
Expand Down Expand Up @@ -775,6 +622,17 @@
"jsonType.label": "String"
}
},
{
"id": "0b8d0cf7-eebc-4c51-892e-2b65212856b4",
"name": "sub",
"protocol": "openid-connect",
"protocolMapper": "oidc-sub-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "3d763f84-d417-4b4e-99e4-2b0e05bf861a",
"name": "family name",
Expand Down
75 changes: 75 additions & 0 deletions applications/accounts/deploy/templates/_components.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{{- define "deploy_accounts_utils.user_profile_provider_component" -}}
"org.keycloak.userprofile.UserProfileProvider": [
{
"id": "002b69df-9702-40dd-b73e-3a66d161bf11",
"providerId": "declarative-user-profile",
"subComponents": {},
"config": {
"kc.user.profile.config": [
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
]
}
}
]
{{- end -}}
{{- define "deploy_accounts_utils.key_provider_component" -}}
"org.keycloak.keys.KeyProvider": [
{
"id": "e632ce46-36ad-421a-b1a5-776383cc1565",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "b68bee45-a8f0-46ca-b7d9-0df90189736a",
"name": "hmac-generated-hs512",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS512"
]
}
},
{
"id": "55960a57-af77-4f4c-8b6e-925c74bb44db",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "ce068675-5cae-434e-851f-09f653ccc604",
"name": "rsa-enc-generated",
"providerId": "rsa-enc-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"RSA-OAEP"
]
}
}
]
{{- end -}}
#
{{- define "deploy_accounts_utils.components" -}}
"components": {
{{template "deploy_accounts_utils.user_profile_provider_component" }},
{{template "deploy_accounts_utils.key_provider_component" }}
},
{{- end -}}
Loading