feat(keycloak): M4.3 — Admin API adapter + claim resolver
internal/keycloak Adapter (HTTPAdapter + Mock). POST /v1/tenants now provisions a KC organization + IT_ADMIN invite when admin_email is set; KC failures emit keycloak.provision_failed but don't roll back. POST /v1/internal/keycloak/claims resolves the current claim bundle for any (tenant_id|tenant_slug|user_attrs.*) lookup. Mock used in tests + when KEYCLOAK_ADMIN_URL is empty. HTTPAdapter tested against an in-process stub KC (httptest.Server). Refs: M4.3
This commit was merged in pull request #8.
This commit is contained in:
@@ -9,3 +9,11 @@ KEYCLOAK_ISSUER=http://localhost:8080/realms/breakpilot-dev
|
||||
# only; data lost on restart). Set to use the dev-stack Postgres + run
|
||||
# `make migrate-up` first.
|
||||
# DATABASE_URL=postgres://platform:platform-dev-pass@localhost:5432/platform?sslmode=disable
|
||||
|
||||
# Keycloak Admin API — when these are set, tenant-registry calls the real KC
|
||||
# Admin API to provision orgs + invite IT_ADMINs on POST /v1/tenants. Leave
|
||||
# empty to use the in-process Mock adapter (no real KC writes).
|
||||
# KEYCLOAK_ADMIN_URL=http://localhost:8080
|
||||
# KEYCLOAK_REALM=breakpilot-dev
|
||||
# KEYCLOAK_CLIENT_ID=tenant-registry-admin
|
||||
# KEYCLOAK_CLIENT_SECRET=...from infisical...
|
||||
|
||||
Reference in New Issue
Block a user