feat(kanidm): add script for user onboarding

2024-12-22 20:44:33 +07:00 · 2024-01-06 02:07:58 +07:00 · 2024-01-06 02:07:58 +07:00 · a5c8f1e9c5
commit a5c8f1e9c5
parent f48debbce3
2 changed files with 13 additions and 22 deletions
--- a/scripts/onboard-user
+++ b/scripts/onboard-user
@ -0,0 +1,13 @@
+#!/bin/sh
+
+username="${1}"
+fullname="${2}"
+mail="${3}"
+
+host="$(kubectl get ingress --namespace kanidm kanidm --output jsonpath='{.spec.rules[0].host}')"
+
+kanidm person create "${username}" "${fullname}" --url "https://${host}" --name idm_admin
+kanidm person update "${username}" --url "https://${host}" --name idm_admin --mail "${mail}"
+# TODO better group management
+kanidm group add-members "editor" "${username}" --url "https://${host}" --name idm_admin
+kanidm person credential create-reset-token "${username}" --url "https://${host}" --name idm_admin
--- a/scripts/setupkanidm
+++ b/scripts/setupkanidm
@ -1,22 +0,0 @@
-# TODO Do not run this script directly, it only serves as documentation,
-# Proper automation will be added later, waiting for client library update:
-# https://github.com/kanidm/kanidm/pull/2301
-
-./scripts/kanidm-reset-admin-password
-# copy password manually
-kanidm login -D admin
-kanidm service-account credential generate -D admin idm_admin
-# copy password manually
-kanidm login -D idm_admin
-
-kanidm person create khuedoan "Khue Doan" --name idm_admin
-kanidm person update khuedoan --mail "mail@khuedoan.com"
-kanidm group create demo_group --name idm_admin
-kanidm group add-members demo_group khuedoan --name idm_admin
-kanidm person credential create-reset-token khuedoan --name idm_admin
-
-kanidm system oauth2 create dex Dex https://dex.khuedoan.com/callback
-kanidm system oauth2 show-basic-secret dex
-# add secret to k8s manually
-kanidm system oauth2 create-scope-map dex demo_group openid profile email groups
-kanidm system oauth2 warning-insecure-client-disable-pkce dex