[AAI] Keycloak integration into aai-resources updates
fix Keycloak integration into aai-resources PR by
replacing all hard coded values
with reference values in values.yaml file.
Issue-ID: AAI-3326
Signed-off-by: Roger Yuan <roger.yuan@yoppworks.com>
Change-Id: Ie8bd900d6512ad171ed3a5977a2f7e9e1c1da5ab
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
index 4f480cb..774e8bd 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
@@ -3,10 +3,10 @@
org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-multi.tenancy.enabled=true
+multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }}
keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
-keycloak.realm=aai-resources
-keycloak.resource=aai-resources-app
+keycloak.realm={{ .Values.config.keycloak.realm }}
+keycloak.resource={{ .Values.config.keycloak.resource }}
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index b841391..f30b067 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -49,7 +49,7 @@
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth
+ active: production,dmaap,aaf-auth #,keycloak
# Notification event specific properties
notification:
@@ -164,9 +164,19 @@
# Configuration for the resources deployment
config:
+ # configure keycloak according to your environment.
+ # don't forget to add keycloak in active profiles above (global.config.profiles)
keycloak:
- host: localhost
+ host: keycloak.your.domain
port: 8180
+ # Specifies a set of users, credentials, roles, and groups
+ realm: aai-resources
+ # Used by any client application for enabling fine-grained authorization for their protected resources
+ resource: aai-resources-app
+ # If set to true, additional criteria will be added that match the data-owner property with the given role
+ # to the user in keycloak
+ multiTenancy:
+ enabled: true
# Specifies crud related operation timeouts and overrides
crud: