revert to non service account user for jhub apps startup apps

nebari-dev · Jan 21, 2025 · 1bfe644 · 1bfe644
1 parent 01d1d5d
commit 1bfe644
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 33 deletions.
diff --git a/...nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/main.tf b/...nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/main.tf
@@ -37,23 +37,23 @@ resource "kubernetes_secret" "jhub_apps_secrets" {
 }
 
 
-# resource "keycloak_user" "jhub_apps_service_account" {
-#   count    = var.jhub-apps-enabled ? 1 : 0
-#   realm_id = var.realm_id
-#   username = "service-account-jhub-apps"
-#   enabled  = true
-# }
-
-
-# resource "keycloak_user_roles" "jhub_apps_sa_allow_app_sharing_role" {
-#   count    = var.jhub-apps-enabled ? 1 : 0
-#   realm_id = var.realm_id
-#   user_id  = keycloak_user.jhub_apps_service_account[0].id
-#   role_ids = [
-#     module.jupyterhub-openid-client.client_role_ids["allow-app-sharing-role"]
-#   ]
-#   exhaustive = true
-# }
+resource "keycloak_user" "jhub_apps_service_account" {
+  count    = var.jhub-apps-enabled ? 1 : 0
+  realm_id = var.realm_id
+  username = "service-account-jhub-apps"
+  enabled  = true
+}
+
+
+resource "keycloak_user_roles" "jhub_apps_sa_allow_app_sharing_role" {
+  count    = var.jhub-apps-enabled ? 1 : 0
+  realm_id = var.realm_id
+  user_id  = keycloak_user.jhub_apps_service_account[0].id
+  role_ids = [
+    module.jupyterhub-openid-client.client_role_ids["allow-app-sharing-role"]
+  ]
+  exhaustive = true
+}
 
 locals {
   jupyterhub_env_vars = [
@@ -365,7 +365,7 @@ module "jupyterhub-openid-client" {
   service-accounts-enabled   = true
   service-account-roles = {
     "realm-management" : ["view-realm", "view-users", "view-clients"],
-  "jupyterhub" = ["allow-app-sharing-role"] }
+  }
 }
 
 

diff --git a/...ri/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/versions.tf b/...ri/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/versions.tf
@@ -1,9 +1,9 @@
-# terraform {
-#   required_providers {
-#     keycloak = {
-#       source  = "mrparkers/keycloak"
-#       version = "3.7.0"
-#     }
-#   }
-#   required_version = ">= 1.0"
-# }
+terraform {
+  required_providers {
+    keycloak = {
+      source  = "mrparkers/keycloak"
+      version = "3.7.0"
+    }
+  }
+  required_version = ">= 1.0"
+}
diff --git a/...tages/kubernetes_services/template/modules/kubernetes/services/keycloak-client/outputs.tf b/...tages/kubernetes_services/template/modules/kubernetes/services/keycloak-client/outputs.tf
@@ -13,9 +13,9 @@ output "config" {
   }
 }
 
-# output "client_role_ids" {
-#   description = "Map of role names to their IDs"
-#   value = {
-#     for role_key, role in keycloak_role.default_client_roles : role_key => role.id
-#   }
-# }
+output "client_role_ids" {
+  description = "Map of role names to their IDs"
+  value = {
+    for role_key, role in keycloak_role.default_client_roles : role_key => role.id
+  }
+}