57902730d6
This patch adds openid token auth support when calling k8s APIs. Openid token auth of k8s relies on an external openid provider, and Keycloak acts as the openid provider in this implementation. Implements: blueprint support-openid-k8s-vim Change-Id: Ie5e080a20cba3ba0ed514ede7955eb16729d797c
19 lines
527 B
Bash
19 lines
527 B
Bash
#!/bin/bash
|
|
|
|
KEYCLOAK_BASE_URL=https://127.0.0.1:8443
|
|
|
|
ADMIN_TOKEN=$(curl -k -sS -X POST "${KEYCLOAK_BASE_URL}/realms/master/protocol/openid-connect/token" \
|
|
-H 'Content-Type: application/x-www-form-urlencoded' \
|
|
-d 'username=admin' \
|
|
-d 'password=admin' \
|
|
-d 'grant_type=password' \
|
|
-d 'client_id=admin-cli' | jq -r .access_token)
|
|
if [ $? -ne 0 ]
|
|
then
|
|
exit $?
|
|
fi
|
|
|
|
curl -k -L -X POST "${KEYCLOAK_BASE_URL}/admin/realms" \
|
|
-H 'Content-Type: application/json' \
|
|
-H "Authorization: Bearer $ADMIN_TOKEN" \
|
|
-d @"oidc_realm.json" |