From 07164843603f4a266e3f83b65015c9fd7d76662b Mon Sep 17 00:00:00 2001
From: Serreau Jovann <jovann@siteconseil.fr>
Date: Fri, 10 Apr 2026 11:36:40 +0200
Subject: [PATCH] Add fixed group set on ecosplay realm

- Declare the 10 application groups (gp_asso, gp_contest, gp_mail,
  gp_mailling, gp_member, gp_ndd, gp_sign, gp_ticket, super_admin_asso,
  superadmin) in the realm import JSON for fresh installs.
- Extend keycloak-init to idempotently create them via kcadm on every
  boot, so existing installs (where the realm is already imported and
  --import-realm is a no-op) also get them in sync.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 docker-compose.yml         | 15 +++++++++++++++
 realms/ecosplay-realm.json | 13 +++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 051b4d3..37fc3b7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -68,6 +68,7 @@ services:
       SMTP_USER: AKIAWTT2T22CWBRBBDYN
       SMTP_PASSWORD: BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP
       LOGIN_THEME: ecosplay
+      ECOSPLAY_GROUPS: "gp_asso gp_contest gp_mail gp_mailling gp_member gp_ndd gp_sign gp_ticket super_admin_asso superadmin"
     entrypoint: ["/bin/bash", "-c"]
     command:
       - |
@@ -96,6 +97,20 @@ services:
           -s 'supportedLocales=["fr"]' \
           -s "defaultLocale=fr"
         echo "Master realm configured."
+
+        echo "Ensuring groups exist on ecosplay realm..."
+        if /opt/keycloak/bin/kcadm.sh get realms/ecosplay >/dev/null 2>&1; then
+          for grp in $$ECOSPLAY_GROUPS; do
+            if /opt/keycloak/bin/kcadm.sh create groups -r ecosplay -s name="$$grp" >/dev/null 2>&1; then
+              echo "  + created group $$grp"
+            else
+              echo "  = group $$grp already exists"
+            fi
+          done
+          echo "Groups synced on ecosplay realm."
+        else
+          echo "ecosplay realm not found, skipping group sync (will be created from JSON import on next boot)."
+        fi
     networks:
       - keycloak-net
     restart: "no"
diff --git a/realms/ecosplay-realm.json b/realms/ecosplay-realm.json
index 08b3cdb..f4aa866 100644
--- a/realms/ecosplay-realm.json
+++ b/realms/ecosplay-realm.json
@@ -54,6 +54,19 @@
     "password": "BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP"
   },
 
+  "groups": [
+    { "name": "gp_asso" },
+    { "name": "gp_contest" },
+    { "name": "gp_mail" },
+    { "name": "gp_mailling" },
+    { "name": "gp_member" },
+    { "name": "gp_ndd" },
+    { "name": "gp_sign" },
+    { "name": "gp_ticket" },
+    { "name": "super_admin_asso" },
+    { "name": "superadmin" }
+  ],
+
   "clients": [
     {
       "clientId": "ecosplay-web",