Sl 185 carregar o admin default pelo env

.github/workflows/cd.yml

@@ -76,6 +76,9 @@ jobs:
           RABBITMQ_SMTP_PASS: ${{ secrets.RABBITMQ_SMTP_PASS }}
           KEYCLOAK_ADMIN: ${{ vars.KEYCLOAK_ADMIN }}
           KEYCLOAK_ADMIN_PASSWORD: ${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}
+          PLATFORM_ADMIN_PASSWORD: ${{ secrets.PLATFORM_ADMIN_PASSWORD }}
+          CONTENT_MANAGER_PASSWORD: ${{ secrets.CONTENT_MANAGER_PASSWORD }}
+          ORG_MANAGER_TEMP_PASSWORD: ${{ secrets.ORG_MANAGER_TEMP_PASSWORD }}
           KC_SMTP_HOST: ${{ vars.KC_SMTP_HOST }}
           KC_SMTP_PORT: ${{ vars.KC_SMTP_PORT }}
           KC_SMTP_FROM: ${{ vars.KC_SMTP_FROM }}
@@ -146,6 +149,9 @@ jobs:
             printf 'RABBITMQ_SMTP_PASS=%s\n'       "$RABBITMQ_SMTP_PASS"
             printf 'KEYCLOAK_ADMIN=%s\n'           "$KEYCLOAK_ADMIN"
             printf 'KEYCLOAK_ADMIN_PASSWORD=%s\n'  "$KEYCLOAK_ADMIN_PASSWORD"
+            printf 'PLATFORM_ADMIN_PASSWORD=%s\n'  "$PLATFORM_ADMIN_PASSWORD"
+            printf 'CONTENT_MANAGER_PASSWORD=%s\n' "$CONTENT_MANAGER_PASSWORD"
+            printf 'ORG_MANAGER_TEMP_PASSWORD=%s\n' "$ORG_MANAGER_TEMP_PASSWORD"
             printf 'KC_SMTP_HOST=%s\n'             "$KC_SMTP_HOST"
             printf 'KC_SMTP_PORT=%s\n'             "$KC_SMTP_PORT"
             printf 'KC_SMTP_FROM=%s\n'             "$KC_SMTP_FROM"

api/src/core/settings.py

@@ -26,6 +26,7 @@ class Settings(BaseSettings):
   SMTP_PASSWORD: str = ""
   SMTP_USER: str = ""
   SMTP_FROM: str = ""
+  ORG_MANAGER_TEMP_PASSWORD: str = ""
 
   WEB_URL: str = "http://localhost:5173"
   API_URL: str = "http://localhost:8000"

api/src/services/keycloak_admin/base_handler.py

@@ -16,6 +16,7 @@ def __init__(self):
         self.smtp_password = settings.SMTP_PASSWORD
         self.smtp_user = settings.SMTP_USER
         self.smtp_from = settings.SMTP_FROM
+        self.org_manager_temp_password = settings.ORG_MANAGER_TEMP_PASSWORD
         self.keycloak_client = get_keycloak_client()
 
         if not self.keycloak_url:

api/src/services/keycloak_admin/realm_handler.py

@@ -140,6 +140,7 @@ def create_realm(
             smtp_password=self.smtp_password,
             smtp_user=self.smtp_user,
             smtp_from=self.smtp_from,
+            org_manager_temp_password=self.org_manager_temp_password,
         )
 
         client_scopes = list(template["client_scopes"])

api/src/services/keycloak_admin/realm_template.json

@@ -713,7 +713,7 @@
             "credentials": [
                 {
                     "type": "password",
-                    "value": "1234",
+                    "value": "{org_manager_temp_password}",
                     "temporary": true
                 }
             ],
@@ -727,4 +727,4 @@
             }
         }
     ]
-}
+}

deployment/.env.dev.example

@@ -38,6 +38,9 @@ RABBITMQ_SMTP_PASS=smtp_consumer_pass
 # Keycloak Configuration
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=admin
+PLATFORM_ADMIN_PASSWORD=admin
+CONTENT_MANAGER_PASSWORD=admin
+ORG_MANAGER_TEMP_PASSWORD=1234
 CLIENT_SECRET=your_very_secure_key_here
 KEYCLOAK_INTERNAL_URL=http://keycloak:8080
 API_INTERNAL_URL=http://api:8000

deployment/.env.prod.example

@@ -38,6 +38,9 @@ RABBITMQ_SMTP_PASS=smtp_consumer_pass
 # Keycloak Configuration
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=admin
+PLATFORM_ADMIN_PASSWORD=change-me
+CONTENT_MANAGER_PASSWORD=change-me
+ORG_MANAGER_TEMP_PASSWORD=change-me
 CLIENT_SECRET=your_very_secure_key_here
 KEYCLOAK_INTERNAL_URL=http://keycloak:8080/kc
 API_INTERNAL_URL=http://api:80

deployment/docker-compose.dev.yml

@@ -69,7 +69,7 @@ services:
       - "3900:3900"
       - "3901:3901"
     volumes:
-      - ./services/garage/garage.template.toml:/etc/garage.toml:ro
+      - ./services/garage/garage.toml:/etc/garage.toml:ro
       - garage_data:/var/lib/garage
     healthcheck:
       test: ["CMD", "/garage", "-c", "/etc/garage.toml", "status"]
@@ -124,6 +124,8 @@ services:
     environment:
       KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
       KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      PLATFORM_ADMIN_PASSWORD: ${PLATFORM_ADMIN_PASSWORD}
+      CONTENT_MANAGER_PASSWORD: ${CONTENT_MANAGER_PASSWORD}
       KC_IMPORT: /opt/keycloak/data/import/
       KC_HTTP_ACCESS_LOG_ENABLED: "true"
       KC_LOG_CATEGORY_ORG_KEYCLOAK_AUTHORIZATION: DEBUG
@@ -208,6 +210,7 @@ services:
       SMTP_PASSWORD: ${KC_SMTP_PASSWORD}
       SMTP_USER: ${KC_SMTP_USER}
       SMTP_FROM: ${KC_SMTP_FROM}
+      ORG_MANAGER_TEMP_PASSWORD: ${ORG_MANAGER_TEMP_PASSWORD}
     ports:
       - "8000:8000"
     volumes:

deployment/docker-compose.yml

@@ -148,6 +148,8 @@ services:
     environment:
       KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
       KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      PLATFORM_ADMIN_PASSWORD: ${PLATFORM_ADMIN_PASSWORD}
+      CONTENT_MANAGER_PASSWORD: ${CONTENT_MANAGER_PASSWORD}
 
       KC_IMPORT: /opt/keycloak/data/import/
       KC_LOG_LEVEL: INFO
@@ -223,6 +225,7 @@ services:
       SMTP_PASSWORD: ${KC_SMTP_PASSWORD}
       SMTP_USER: ${KC_SMTP_USER}
       SMTP_FROM: ${KC_SMTP_FROM}
+      ORG_MANAGER_TEMP_PASSWORD: ${ORG_MANAGER_TEMP_PASSWORD}
     expose:
       - "80"
     healthcheck:

deployment/services/keycloak/imports/realm-export.json

@@ -53,7 +53,7 @@
         "credentials": [
           {
             "type": "password",
-            "value": "admin"
+            "value": "${PLATFORM_ADMIN_PASSWORD}"
           }
         ],
         "realmRoles": [
@@ -66,7 +66,7 @@
         "credentials": [
           {
             "type": "password",
-            "value": "admin"
+            "value": "${CONTENT_MANAGER_PASSWORD}"
           }
         ],
         "realmRoles": [
@@ -194,4 +194,4 @@
       }
     ]
   }
-]
+]