fix: setting keycloak system properties for rh-sso (#928) (CRW-1426)

Change-Id: I952ab093f4f7b7c1a088e3cfbd8b9052c6f03111 Signed-off-by: Anatolii Bazko <abazko@redhat.com>
2021-07-14 21:00:43 +03:00 · 2021-07-14 21:00:43 +03:00 · 1cd79e21ab
parent fa7e7b9ff5
commit 1cd79e21ab
1 changed files with 15 additions and 1 deletions
--- a/pkg/deploy/identity-provider/deployment_keycloak.go
+++ b/pkg/deploy/identity-provider/deployment_keycloak.go
@ -546,6 +546,10 @@ func GetSpecKeycloakDeployment(
 	}

 	evaluateKeycloakSystemProperties := "KEYCLOAK_SYS_PROPS=\"-Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled\""
+	if cheFlavor == "codeready" {
+		// We need to export `KEYCLOAK_SYS_PROPS` to pass them to standalone.sh via openshift-launch.sh
+		evaluateKeycloakSystemProperties = "export KEYCLOAK_SYS_PROPS=\"\""
+	}

 	// Evaluating keycloak.connectionsHttpClient.default system properties, see details: https://github.com/eclipse/che/issues/19653
 	evaluateExpectContinueEnabled := "if [[ $KEYCLOAK_CONNECTIONS_HTTP_CLIENT_DEFAULT_EXPECT_CONTINUE_ENABLED != false ]]; then KEYCLOAK_SYS_PROPS=$KEYCLOAK_SYS_PROPS\" -Dkeycloak.connectionsHttpClient.default.expect-continue-enabled=true\"; fi"
@ -575,7 +579,17 @@ func GetSpecKeycloakDeployment(
 			"pattern=\"[a-z]([-a-z0-9]{0,61}[a-z0-9])?\" " +
 			"title=\"Username has to comply with the DNS naming convention. An alphanumeric (a-z, and 0-9) string, with a maximum length of 63 characters, with the '-' character allowed anywhere except the first or last character.\" " +
 			"name=\"username\"|g' ${baseTemplate}"
-		command = bashFunctions + "\n" + addUsernameReadonlyTheme + " && " + addUsernameValidationForKeycloakTheme + " && " + addCertToTrustStoreCommand + addProxyCliCommand + applyProxyCliCommand +
+		patchOpenshiftLaunch := "sed -i 's|standalone.sh -c standalone-openshift.xml|standalone.sh -c standalone-openshift.xml ${KEYCLOAK_SYS_PROPS}|' /opt/eap/bin/openshift-launch.sh"
+		command = bashFunctions + "\n" +
+			addUsernameReadonlyTheme +
+			" && " + addUsernameValidationForKeycloakTheme +
+			" && " + addCertToTrustStoreCommand +
+			addProxyCliCommand +
+			applyProxyCliCommand +
+			" && " + evaluateKeycloakSystemProperties +
+			" && " + evaluateExpectContinueEnabled +
+			" && " + evaluateReuseConnections +
+			" && " + patchOpenshiftLaunch +
 			" && echo \"feature.token_exchange=enabled\nfeature.admin_fine_grained_authz=enabled\" > /opt/eap/standalone/configuration/profile.properties  " +
 			" && sed -i 's/WILDCARD/ANY/g' /opt/eap/bin/launch/keycloak-spi.sh && /opt/eap/bin/openshift-launch.sh -b 0.0.0.0"
 	}