eclipse-che · mshaposhnik · Apr 27, 2021 · Apr 16, 2021 · Apr 16, 2021 · Apr 16, 2021
@@ -49,6 +49,7 @@ FROM registry.access.redhat.com/ubi8-minimal:8.3-298
 
 COPY --from=builder /tmp/che-operator/che-operator /usr/local/bin/che-operator
 COPY --from=builder /che-operator/templates/keycloak-provision.sh /tmp/keycloak-provision.sh
+COPY --from=builder /che-operator/templates/keycloak-update.sh /tmp/keycloak-update.sh
 COPY --from=builder /che-operator/templates/oauth-provision.sh /tmp/oauth-provision.sh
 COPY --from=builder /che-operator/templates/delete-identity-provider.sh /tmp/delete-identity-provider.sh
 COPY --from=builder /che-operator/templates/create-github-identity-provider.sh /tmp/create-github-identity-provider.sh

@@ -51,6 +51,7 @@ prepareTemplates() {
   cp templates/delete-identity-provider.sh /tmp/delete-identity-provider.sh
   cp templates/create-github-identity-provider.sh /tmp/create-github-identity-provider.sh
   cp templates/oauth-provision.sh /tmp/oauth-provision.sh
+  cp templates/keycloak-update.sh /tmp/keycloak-update.sh
 
   # Download Dev Workspace operator templates
   echo "[INFO] Downloading Dev Workspace operator templates ..."

@@ -64,6 +64,31 @@ func GetKeycloakProvisionCommand(cr *v1.CheCluster) (command string, err error)
 	return getCommandFromTemplateFile(cr, "/tmp/keycloak-provision.sh", data)
 }
 
+func GetKeycloakUpdateCommand(cr *v1.CheCluster) (command string, err error) {
+	cheFlavor := deploy.DefaultCheFlavor(cr)
+	realmDisplayName := (map[bool]string{true: "CodeReady Workspaces", false: "Eclipse Che"})[cheFlavor == "codeready"]
+
+	script, keycloakRealm, keycloakClientId, keycloakUserEnvVar, keycloakPasswordEnvVar := getDefaults(cr)
+	data := struct {
+		Script                string
+		KeycloakAdminUserName string
+		KeycloakAdminPassword string
+		KeycloakRealm         string
+		RealmDisplayName      string
+		CheHost               string
+		KeycloakClientId      string
+	}{
+		script,
+		keycloakUserEnvVar,
+		keycloakPasswordEnvVar,
+		keycloakRealm,
+		realmDisplayName,
+		cr.Spec.Server.CheHost,
+		keycloakClientId,
+	}
+	return getCommandFromTemplateFile(cr, "/tmp/keycloak-update.sh", data)
+}
+
 func GetOpenShiftIdentityProviderProvisionCommand(cr *v1.CheCluster, oAuthClientName string, oauthSecret string) (string, error) {
 	isOpenShift4 := util.IsOpenShift4
 	providerId := (map[bool]string{true: "openshift-v4", false: "openshift-v3"})[isOpenShift4]

@@ -121,6 +121,12 @@ func syncKeycloakResources(deployContext *deploy.DeployContext) (bool, error) {
 				break
 			}
 		}
+		_, err := util.K8sclient.ExecIntoPod(
+			deployContext.CheCluster,
+			deploy.IdentityProviderName,
+			GetKeycloakUpdateCommand,
+			"Update redirect URI-s")
+		return err == nil, err
 	}
 
 	return true, nil

@@ -42,7 +42,7 @@ provisionKeycloak() {
     -s clientId={{ .KeycloakClientId }} \
     -s id={{ .KeycloakClientId }} \
     -s webOrigins='["http://{{ .CheHost }}", "https://{{ .CheHost }}"]' \
-    -s redirectUris='["http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/workspace-loader/*", "https://{{ .CheHost }}/workspace-loader/*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"]' \
+    -s redirectUris='["http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"]' \
     -s directAccessGrantsEnabled=true \
     -s publicClient=true
 

@@ -0,0 +1,37 @@
+#
+# Copyright (c) 2020 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+
+connectToKeycloak() {
+  {{ .Script }} config credentials --server http://0.0.0.0:8080/auth --realm master --user {{ .KeycloakAdminUserName }} --password {{ .KeycloakAdminPassword }}
+}
+
+updateKeycloak() {
+  {{ .Script }} update clients/{{ .KeycloakClientId }} \
+    -r '{{ .KeycloakRealm }}' \
+    -s redirectUris='["http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"]'
+}
+
+checkKeycloak() {
+  REDIRECT_URIS=$({{ .Script }} get clients/{{ .KeycloakClientId }} -r '{{ .KeycloakRealm }}' | jq '.redirectUris')
+  FIND="http://{{ .CheHost }}/factory*"
+  for URI in "${REDIRECT_URIS[@]}"; do
+    [[ $FIND == "$URI" ]] && return 0
+  done
+  return 1
+}
+
+connectToKeycloak
+checkKeycloak
+if [ $? -ne 0 ]
+then
+  updateKeycloak
+fi