From 65557d76f4110ec4099cb464d1fe0121899a1a72 Mon Sep 17 00:00:00 2001
From: Nikhil Palaskar <npalaska@redhat.com>
Date: Thu, 9 Feb 2023 17:47:32 -0500
Subject: [PATCH] Make the OAuth2 client public in our Keycloak config (#3243)

Update the keycloak.sh to not create a private client.

Instead of creating a private pbench-server-client, it now creates
pbench-dashboard public client.
---
 server/pbenchinacan/load_keycloak.sh | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/server/pbenchinacan/load_keycloak.sh b/server/pbenchinacan/load_keycloak.sh
index 4f543ba7a2..56dfba4e6b 100755
--- a/server/pbenchinacan/load_keycloak.sh
+++ b/server/pbenchinacan/load_keycloak.sh
@@ -24,7 +24,7 @@ ADMIN_PASSWORD=${ADMIN_PASSWORD:-"admin"}
 # These values must match the options "realm" and "client in the
 # "openid-connect" section of the pbench server configuration file.
 REALM=${KEYCLOAK_REALM:-"pbench-server"}
-CLIENT=${KEYCLOAK_CLIENT:-"pbench-server-client"}
+CLIENT=${KEYCLOAK_CLIENT:-"pbench-dashboard"}
 
 end_in_epoch_secs=$(date --date "2 minutes" +%s)
 
@@ -68,8 +68,7 @@ fi
 CLIENT_CONF=$(curl -si -f -X POST "${KEYCLOAK_HOST_PORT}/admin/realms/${REALM}/clients" \
   -H "Authorization: Bearer ${ADMIN_TOKEN}" \
   -H "Content-Type: application/json" \
-   -d '{"clientId": "'${CLIENT}'", "directAccessGrantsEnabled": true, "serviceAccountsEnabled": true, "redirectUris": ["'${KEYCLOAK_REDIRECT_URI}'"]}')
-
+  -d '{"clientId": "'${CLIENT}'", "publicClient": true, "directAccessGrantsEnabled": true, "enabled": true, "redirectUris": ["'${KEYCLOAK_REDIRECT_URI}'"]}')
 
 CLIENT_ID=$(grep -o -e 'http://[^[:space:]]*' <<< ${CLIENT_CONF} | sed -e 's|.*/||')
 if [[ -z "${CLIENT_ID}" ]]; then
@@ -79,14 +78,6 @@ else
   echo "Created ${CLIENT} client"
 fi
 
-PBENCH_CLIENT_SECRET=$(curl -s -f -X POST "${KEYCLOAK_HOST_PORT}/admin/realms/${REALM}/clients/${CLIENT_ID}/client-secret" \
-  -H "Authorization: Bearer ${ADMIN_TOKEN}" | jq -r '.value')
-
-if [[ -z "${PBENCH_CLIENT_SECRET}" ]]; then
-  echo "${CLIENT} secret is empty"
-  exit 1
-fi
-
 status_code=$(curl -s -o /dev/null -w "%{http_code}" -X POST "${KEYCLOAK_HOST_PORT}/admin/realms/${REALM}/clients/${CLIENT_ID}/roles" \
   -H "Authorization: Bearer ${ADMIN_TOKEN}" \
   -H "Content-Type: application/json" \