diff --git a/data/defaults.yaml b/data/defaults.yaml --- a/data/defaults.yaml +++ b/data/defaults.yaml @@ -2706,6 +2706,11 @@ sentry::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}" sentry::vhost::hsts_header: "%{hiera('apache::hsts_header')}" +keycloak::version: 8.0.1 + +keycloak::swh_theme::repo_url: https://forge.softwareheritage.org/source/swh-keycloak-theme.git +keycloak::swh_theme::tag: v0.1.1 + keycloak::vhost::name: auth.softwareheritage.org keycloak::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}" @@ -2731,6 +2736,9 @@ internationalization_enabled: true supported_locales: - en + account_theme: swh + admin_theme: swh + login_theme: swh keycloak::resources::clients::common_settings: public_client: true diff --git a/site-modules/profile/manifests/keycloak/primary.pp b/site-modules/profile/manifests/keycloak/primary.pp --- a/site-modules/profile/manifests/keycloak/primary.pp +++ b/site-modules/profile/manifests/keycloak/primary.pp @@ -1,6 +1,11 @@ # Definition for the primary keycloak server class profile::keycloak::primary { + $version = lookup('keycloak::version') + + $swh_theme_repo_url = lookup('keycloak::swh_theme::repo_url') + $swh_theme_tag = lookup('keycloak::swh_theme::tag') + $backend_port = lookup('keycloak::backend::port') $postgres_host = lookup('keycloak::postgres::host') @@ -13,6 +18,9 @@ $admin_password = lookup('keycloak::admin::password') class {'::keycloak': + # Version number + version => $version, + # Virtual Host settings proxy_https => true, @@ -34,5 +42,29 @@ manage_datasource => false, } + # Install Software Heritage theme for Keycloak + vcsrepo { '/tmp/swh-keycloak-theme': + ensure => present, + provider => git, + source => $swh_theme_repo_url, + revision => $swh_theme_tag, + } + + file { "/opt/keycloak-${version}/themes/swh": + ensure => directory, + recurse => true, + source => '/tmp/swh-keycloak-theme/swh', + # keycloak service needs to be restarted when updating themes + # as they are cached + notify => Service['keycloak'], + } + + file {'/tmp/swh-keycloak-theme': + ensure => absent, + recurse => true, + purge => true, + force => true, + } + include ::profile::keycloak::resources }