feat: pepr Keycloak Client management#358
Merged
chance-coleman merged 21 commits intomainfrom Mar 27, 2025
Merged
Conversation
5 tasks
slaskawi
commented
Mar 18, 2025
slaskawi
commented
Mar 18, 2025
slaskawi
commented
Mar 18, 2025
slaskawi
commented
Mar 18, 2025
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
slaskawi
force-pushed
the
pepr_keycloak_client_management
branch
from
e575b20 to
957ebe8
Compare
slaskawi
commented
Mar 18, 2025
This was referenced Mar 19, 2025
…docs' into pepr_keycloak_client_management
…in/clientpolicy/executor/UDSClientPolicyPermissionsExecutorFactory.java Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
slaskawi
commented
Mar 24, 2025
chance-coleman
previously approved these changes
Mar 26, 2025
mjnagel
reviewed
Mar 26, 2025
Collaborator
mjnagel
left a comment
mjnagel
left a comment
There was a problem hiding this comment.
LGTM overall - small comments, but the functionality seems to work as expected in testing.
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
mjnagel
previously approved these changes
Mar 27, 2025
slaskawi
added a commit
to defenseunicorns/uds-core
that referenced
this pull request
Mar 27, 2025
## Description This Pull Request introduces an alternative mode for managing Keycloak Clients by the UDS Operator. The UDS Operator now discovers if Keycloak has been properly configure (and if it supports the configuration delivered by defenseunicorns/uds-identity-config#358) and switches to Client Credentials if it does. In other case, the UDS Operator will keep using the Dynamic Client Registration feature. The behavior might be overridden by using the `PEPR_KEYCLOAK_CLIENT_STRATEGY` Environment Variable in the UDS Operator that can have 3 values: * `dynamic_client_registration` - the Dynamic Client Registration mode * `client_credentials` - using the Client Credentials mode * `auto` - the Operator probes if a token obtained by the Client Credentials Grant looks good and picks proper mode according to the results of the check. The documentation for this feature will be delivered here: #1367 ## Related Issue * Fixes #1330 * Relates to #1296 * [Technical Design](https://www.notion.so/Managing-Keycloak-Clients-from-Pepr-1a5e512f24fc80c4bc35d13b9d7a1367) ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate This functionality primarily relies on the regression testing. ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --------- Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com> Co-authored-by: Noah <40781376+noahpb@users.noreply.github.com> Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
chance-coleman
previously approved these changes
Mar 27, 2025
mjnagel
approved these changes
Mar 27, 2025
mjnagel
added a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
…icorns#1341) ## Description This Pull Request introduces an alternative mode for managing Keycloak Clients by the UDS Operator. The UDS Operator now discovers if Keycloak has been properly configure (and if it supports the configuration delivered by defenseunicorns/uds-identity-config#358) and switches to Client Credentials if it does. In other case, the UDS Operator will keep using the Dynamic Client Registration feature. The behavior might be overridden by using the `PEPR_KEYCLOAK_CLIENT_STRATEGY` Environment Variable in the UDS Operator that can have 3 values: * `dynamic_client_registration` - the Dynamic Client Registration mode * `client_credentials` - using the Client Credentials mode * `auto` - the Operator probes if a token obtained by the Client Credentials Grant looks good and picks proper mode according to the results of the check. The documentation for this feature will be delivered here: defenseunicorns#1367 ## Related Issue * Fixes defenseunicorns#1330 * Relates to defenseunicorns#1296 * [Technical Design](https://www.notion.so/Managing-Keycloak-Clients-from-Pepr-1a5e512f24fc80c4bc35d13b9d7a1367) ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate This functionality primarily relies on the regression testing. ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --------- Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com> Co-authored-by: Noah <40781376+noahpb@users.noreply.github.com> Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This Pull Request is the counterpart of defenseunicorns/uds-core#1341 and introduces necessary plugins and Realm Configuration for using Client Credentials Grant by the UDS Operator to manage Keycloak Clients
The documentation for this feature will be delivered separately
Related Issue
Type of change
Checklist before merging