baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(keycloak): add keycloak::enable-service-account

Browse Source
This commit is contained in:
Masaki Yatsu
2025-10-15 22:59:45 +09:00
parent 1e001462f6
commit 6367833ca4
2 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
keycloak/justfile
View File

@@ -268,6 +268,16 @@ delete-client realm client_id:
export KEYCLOAK_CLIENT_ID={{ client_id }} export KEYCLOAK_CLIENT_ID={{ client_id }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/delete-client.ts dotenvx run -q -f ../.env.local -- tsx ./scripts/delete-client.ts
# Enable service account for Keycloak client
enable-service-account realm client_id:
#!/bin/bash
set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username)
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
export KEYCLOAK_REALM={{ realm }}
export KEYCLOAK_CLIENT_ID={{ client_id }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/enable-service-account.ts
# Add attribute mapper for Keycloak client # Add attribute mapper for Keycloak client
add-attribute-mapper client_id attribute_name display_name='' claim_name='' options='' default_value='' mapper_name='' view_perms='admin,user' edit_perms='admin': add-attribute-mapper client_id attribute_name display_name='' claim_name='' options='' default_value='' mapper_name='' view_perms='admin,user' edit_perms='admin':
#!/bin/bash #!/bin/bash

61
keycloak/scripts/enable-service-account.ts Normal file
View File

@@ -0,0 +1,61 @@
import KcAdminClient from "@keycloak/keycloak-admin-client";
import invariant from "tiny-invariant";
const main = async () => {
const keycloakHost = process.env.KEYCLOAK_HOST;
invariant(keycloakHost, "KEYCLOAK_HOST environment variable is required.");
const adminUsername = process.env.KEYCLOAK_ADMIN_USER;
invariant(adminUsername, "KEYCLOAK_ADMIN_USER environment variable is required.");
const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD;
invariant(adminPassword, "KEYCLOAK_ADMIN_PASSWORD environment variable is required");
const realmName = process.env.KEYCLOAK_REALM;
invariant(realmName, "KEYCLOAK_REALM environment variable is required");
const clientId = process.env.KEYCLOAK_CLIENT_ID;
invariant(clientId, "KEYCLOAK_CLIENT_ID environment variable is required");
const kcAdminClient = new KcAdminClient({
baseUrl: `https://${keycloakHost}`,
realmName: "master",
});
try {
await kcAdminClient.auth({
username: adminUsername,
password: adminPassword,
grantType: "password",
clientId: "admin-cli",
});
console.log("Authentication successful.");
kcAdminClient.setConfig({ realmName });
const existingClients = await kcAdminClient.clients.find({ clientId });
if (existingClients.length === 0) {
console.error(`Client '${clientId}' not found.`);
process.exit(1);
}
const client = existingClients[0];
invariant(client.id, "Client ID is missing");
await kcAdminClient.clients.update(
{ id: client.id },
{
...client,
serviceAccountsEnabled: true,
authorizationServicesEnabled: false,
}
);
console.log(`Service Accounts enabled for client '${clientId}'`);
} catch (error) {
console.error("An error occurred:", error);
process.exit(1);
}
};
main();