Initial commit: add .gitignore and README

2026-02-09 21:51:46 -08:00
commit b970b4fc51
52 changed files with 3362 additions and 0 deletions
--- a/identity/user-management/setup.sh
+++ b/identity/user-management/setup.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+# Setup centralized user management in Keycloak
+
+set -e
+
+NAMESPACE="identity"
+KEYCLOAK_URL="${KEYCLOAK_URL:-http://keycloak.${NAMESPACE}.svc.cluster.local:8080}"
+ADMIN_USER="${KEYCLOAK_ADMIN:-admin}"
+ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-change-me-in-production}"
+
+echo "👥 Setting up centralized user management..."
+
+# Check if Keycloak is accessible
+if ! curl -s "${KEYCLOAK_URL}/health" > /dev/null; then
+  echo "⚠️  Keycloak not accessible at $KEYCLOAK_URL"
+  echo "   → Ensure Keycloak is deployed and running"
+  exit 1
+fi
+
+# Get admin token
+echo "🔑 Getting admin token..."
+TOKEN=$(curl -s -X POST "${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" \
+  -d "client_id=admin-cli" \
+  -d "username=${ADMIN_USER}" \
+  -d "password=${ADMIN_PASSWORD}" \
+  -d "grant_type=password" | jq -r '.access_token')
+
+if [ -z "$TOKEN" ] || [ "$TOKEN" == "null" ]; then
+  echo "❌ Failed to get admin token"
+  exit 1
+fi
+
+# Create realm
+echo "🌍 Creating workspace realm..."
+curl -s -X POST "${KEYCLOAK_URL}/admin/realms" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d @keycloak-realm.json
+
+echo "✅ User management setup complete!"
+echo ""
+echo "📝 Next steps:"
+echo "   1. Access Keycloak admin console"
+echo "   2. Review realm configuration"
+echo "   3. Create additional users and roles"
+echo "   4. Configure identity providers (if needed)"
+echo "   5. Set up user federation (if needed)"
+