sharang
9138731eea
internal/keycloak Adapter (HTTPAdapter + Mock). POST /v1/tenants now provisions a KC organization + IT_ADMIN invite when admin_email is set; KC failures emit keycloak.provision_failed but don't roll back. POST /v1/internal/keycloak/claims resolves the current claim bundle for any (tenant_id|tenant_slug|user_attrs.*) lookup. Mock used in tests + when KEYCLOAK_ADMIN_URL is empty. HTTPAdapter tested against an in-process stub KC (httptest.Server). Refs: M4.3
20 lines
812 B
Bash
20 lines
812 B
Bash
# tenant-registry — local dev environment.
|
|
# Copy to .env.local (gitignored).
|
|
|
|
APP_ENV=dev
|
|
ADDR=:8090
|
|
KEYCLOAK_ISSUER=http://localhost:8080/realms/breakpilot-dev
|
|
|
|
# Postgres DSN. Leave empty for in-memory store (the seeded acme tenant
|
|
# only; data lost on restart). Set to use the dev-stack Postgres + run
|
|
# `make migrate-up` first.
|
|
# DATABASE_URL=postgres://platform:platform-dev-pass@localhost:5432/platform?sslmode=disable
|
|
|
|
# Keycloak Admin API — when these are set, tenant-registry calls the real KC
|
|
# Admin API to provision orgs + invite IT_ADMINs on POST /v1/tenants. Leave
|
|
# empty to use the in-process Mock adapter (no real KC writes).
|
|
# KEYCLOAK_ADMIN_URL=http://localhost:8080
|
|
# KEYCLOAK_REALM=breakpilot-dev
|
|
# KEYCLOAK_CLIENT_ID=tenant-registry-admin
|
|
# KEYCLOAK_CLIENT_SECRET=...from infisical...
|