That diff contains three commits updating keycloak configuration trough puppet:
- Set `content_security_policy` property on realms. It enables to embed Keycloak UI pages in SWH web applications.
- Bump swh theme to v0.3.1
- Set brute_force_protected on realms. Activate Keycloak countermeasures to protect againts bot attacks.
Related to T2718
```
15:21 $ bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details -t staging kelvingrove.internal.softwareheritage.org
Found host kelvingrove.internal.softwareheritage.org
Cloning into '/tmp/swh-ocd.MtuYmhN6/environments/production/data/private'...
done.
Cloning into '/tmp/swh-ocd.MtuYmhN6/environments/staging/data/private'...
done.
*** Running octocatalog-diff on host kelvingrove.internal.softwareheritage.org
I, [2020-10-21T15:22:04.216775 #4057243] INFO -- : Catalogs compiled for kelvingrove.internal.softwareheritage.org
I, [2020-10-21T15:22:04.472116 #4057243] INFO -- : Diffs computed for kelvingrove.internal.softwareheritage.org
diff origin/production/kelvingrove.internal.softwareheritage.org current/kelvingrove.internal.softwareheritage.org
*******************************************
Keycloak_realm[SoftwareHeritageStaging] =>
parameters =>
brute_force_protected =>
+ true
content_security_policy =>
+ frame-src 'self'; frame-ancestors 'self' *.staging.swh.network; object-src 'none';
*******************************************
Keycloak_realm[SoftwareHeritage] =>
parameters =>
brute_force_protected =>
+ true
content_security_policy =>
+ frame-src 'self'; frame-ancestors 'self' *.softwareheritage.org; object-src 'none';
*******************************************
Keycloak_realm[master] =>
parameters =>
brute_force_protected =>
+ true
*******************************************
Vcsrepo[/opt/swh-keycloak-theme] =>
parameters =>
revision =>
- v0.3.0
+ v0.3.1
*******************************************
*** End octocatalog-diff on kelvingrove.internal.softwareheritage.org
```