Add fixed group set on ecosplay realm

- Declare the 10 application groups (gp_asso, gp_contest, gp_mail, gp_mailling, gp_member, gp_ndd, gp_sign, gp_ticket, super_admin_asso, superadmin) in the realm import JSON for fresh installs. - Extend keycloak-init to idempotently create them via kcadm on every boot, so existing installs (where the realm is already imported and --import-realm is a no-op) also get them in sync. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 11:36:40 +02:00
parent 581d6a0929
commit 0716484360
2 changed files with 28 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -68,6 +68,7 @@ services:
      SMTP_USER: AKIAWTT2T22CWBRBBDYN
      SMTP_PASSWORD: BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP
      LOGIN_THEME: ecosplay
+      ECOSPLAY_GROUPS: "gp_asso gp_contest gp_mail gp_mailling gp_member gp_ndd gp_sign gp_ticket super_admin_asso superadmin"
    entrypoint: ["/bin/bash", "-c"]
    command:
      - |
@@ -96,6 +97,20 @@ services:
          -s 'supportedLocales=["fr"]' \
          -s "defaultLocale=fr"
        echo "Master realm configured."
+
+        echo "Ensuring groups exist on ecosplay realm..."
+        if /opt/keycloak/bin/kcadm.sh get realms/ecosplay >/dev/null 2>&1; then
+          for grp in $$ECOSPLAY_GROUPS; do
+            if /opt/keycloak/bin/kcadm.sh create groups -r ecosplay -s name="$$grp" >/dev/null 2>&1; then
+              echo "  + created group $$grp"
+            else
+              echo "  = group $$grp already exists"
+            fi
+          done
+          echo "Groups synced on ecosplay realm."
+        else
+          echo "ecosplay realm not found, skipping group sync (will be created from JSON import on next boot)."
+        fi
    networks:
      - keycloak-net
    restart: "no"
--- a/realms/ecosplay-realm.json
+++ b/realms/ecosplay-realm.json
@@ -54,6 +54,19 @@
    "password": "BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP"
  },

+  "groups": [
+    { "name": "gp_asso" },
+    { "name": "gp_contest" },
+    { "name": "gp_mail" },
+    { "name": "gp_mailling" },
+    { "name": "gp_member" },
+    { "name": "gp_ndd" },
+    { "name": "gp_sign" },
+    { "name": "gp_ticket" },
+    { "name": "super_admin_asso" },
+    { "name": "superadmin" }
+  ],
+
  "clients": [
    {
      "clientId": "ecosplay-web",