Skip to content

keycloak: Update puppet configuration

That diff contains three commits updating keycloak configuration trough puppet:

  • Set content_security_policy property on realms. It enables to embed Keycloak UI pages in SWH web applications.

  • Bump swh theme to v0.3.1

  • Set brute_force_protected on realms. Activate Keycloak countermeasures to protect againts bot attacks.

Related to T2718

15:21 $ bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details -t staging kelvingrove.internal.softwareheritage.org
Found host kelvingrove.internal.softwareheritage.org
Cloning into '/tmp/swh-ocd.MtuYmhN6/environments/production/data/private'...
done.
Cloning into '/tmp/swh-ocd.MtuYmhN6/environments/staging/data/private'...
done.
*** Running octocatalog-diff on host kelvingrove.internal.softwareheritage.org
I, [2020-10-21T15:22:04.216775 #4057243]  INFO -- : Catalogs compiled for kelvingrove.internal.softwareheritage.org
I, [2020-10-21T15:22:04.472116 #4057243]  INFO -- : Diffs computed for kelvingrove.internal.softwareheritage.org
diff origin/production/kelvingrove.internal.softwareheritage.org current/kelvingrove.internal.softwareheritage.org
*******************************************
  Keycloak_realm[SoftwareHeritageStaging] =>
   parameters =>
     brute_force_protected =>
      + true
*******************************************
  Keycloak_realm[SoftwareHeritage] =>
   parameters =>
     brute_force_protected =>
      + true
*******************************************
  Keycloak_realm[master] =>
   parameters =>
     brute_force_protected =>
      + true
*******************************************
  Vcsrepo[/opt/swh-keycloak-theme] =>
   parameters =>
     revision =>
      - v0.3.0
      + v0.3.1
*******************************************
*** End octocatalog-diff on kelvingrove.internal.softwareheritage.org

Migrated from D4320 (view on Phabricator)

Merge request reports