Merge pull request #309 from bcgov/feature/GRAD2-3037

GRAD2-3037 - adds new service client secret
bcgov · Jan 17, 2025 · e572d9e · e572d9e
2 parents 637753e + 4a1a276
commit e572d9e
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 2 deletions.
diff --git a/api/src/main/resources/application.yaml b/api/src/main/resources/application.yaml
@@ -36,8 +36,8 @@ spring:
       client:
         registration:
           graduation-report-client:
-            client-id: ${GRADUATION_REPORT_API_CLIENT_NAME}
-            client-secret: ${GRADUATION_REPORT_API_CLIENT_SECRET}
+            client-id: ${GRAD_GRADUATION_REPORT_API_CLIENT_NAME}
+            client-secret: ${GRAD_GRADUATION_REPORT_API_CLIENT_SECRET}
             authorization-grant-type: client_credentials
         provider:
           graduation-report-client:

diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh
@@ -8,6 +8,7 @@ COMMON_NAMESPACE=$4
 BUSINESS_NAMESPACE=$5
 SPLUNK_TOKEN=$6
 APP_LOG_LEVEL=$7
+CLIENT_SECRET_NAME=grad-graduation-report-api-client-secret
 
 SPLUNK_URL="gww.splunk.educ.gov.bc.ca"
 FLB_CONFIG="[SERVICE]
@@ -70,3 +71,34 @@ oc create -n "$GRAD_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-m
   --from-literal=parsers.conf="$PARSER_CONFIG" \
   --dry-run=client -o yaml | oc apply -f -
 
+SOAM_KC_LOAD_USER_ADMIN=$(oc -n $COMMON_NAMESPACE-$envValue -o json get secret sso-admin-${envValue} | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode)
+SOAM_KC_LOAD_USER_PASS=$(oc -n $COMMON_NAMESPACE-$envValue -o json get secret sso-admin-${envValue} | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode)
+SOAM_KC=soam-$envValue.apps.silver.devops.gov.bc.ca
+SOAM_KC_REALM_ID="master"
+
+echo Fetching SOAM token
+TKN=$(curl -s \
+  -d "client_id=admin-cli" \
+  -d "username=$SOAM_KC_LOAD_USER_ADMIN" \
+  -d "password=$SOAM_KC_LOAD_USER_PASS" \
+  -d "grant_type=password" \
+  "https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/protocol/openid-connect/token" | jq -r '.access_token')
+
+echo Retrieving client ID for grad-graduation-report-api-service
+CLIENT_UUID=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN" |
+  jq '.[] | select(.clientId=="'"$CLIENT_ID"'")' | jq -r '.id')
+
+echo
+echo Retrieving client secret for grad-graduation-report-api-service
+SERVICE_CLIENT_SECRET=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients/$CLIENT_UUID/client-secret" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN" |
+  jq -r '.value')
+
+echo Creating secret for client
+oc create -n "$GRAD_NAMESPACE"-"$envValue" secret generic $CLIENT_SECRET_NAME \
+  --from-literal=GRAD_GRADUATION_REPORT_API_CLIENT_NAME="$CLIENT_ID" \
+  --from-literal=GRAD_GRADUATION_REPORT_API_CLIENT_SECRET="$SERVICE_CLIENT_SECRET" \
+  --dry-run=client -o yaml | oc apply -f -