public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "nixos/keycloak: use db username in db init scripts"

Browse Source 
This reverts commit d9e18f4e7f77fffde95384d36cc8ac5d1d51b356.

This change is broken, since it doesn't configure the proper database
username in keycloak when provisioning a local database with a custom
username. Its intended behavior is also potentially confusing and
dangerous, so rather than fixing it, let's revert to the old one.
This commit is contained in:
talyz 2021-05-04 13:45:28 +02:00 committed by Milan
parent f65f1a4047
commit fdf6bb5b95
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
nixos/modules/services/web-apps/keycloak.nix
View File

@ -168,10 +168,9 @@ in
type = lib.types.str; type = lib.types.str;
default = "keycloak"; default = "keycloak";
description = '' description = ''
Username to use when connecting to the database. Username to use when connecting to an external or manually
This is also used for automatic provisioning of the database. provisioned database; has no effect when a local database is
Changing this after the initial installation doesn't delete the automatically provisioned.
old user and can cause further problems.
''; '';
}; };
@ -588,8 +587,8 @@ in
PSQL=${config.services.postgresql.package}/bin/psql PSQL=${config.services.postgresql.package}/bin/psql
db_password="$(<'${cfg.databasePasswordFile}')" db_password="$(<'${cfg.databasePasswordFile}')"
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${cfg.databaseUsername}'" | grep -q 1 || $PSQL -tAc "CREATE ROLE ${cfg.databaseUsername} WITH LOGIN PASSWORD '$db_password' CREATEDB" $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || $PSQL -tAc "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB"
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "${cfg.databaseUsername}"' $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
''; '';
}; };
@ -607,9 +606,9 @@ in
set -eu set -eu
db_password="$(<'${cfg.databasePasswordFile}')" db_password="$(<'${cfg.databasePasswordFile}')"
( echo "CREATE USER IF NOT EXISTS '${cfg.databaseUsername}'@'localhost' IDENTIFIED BY '$db_password';" ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;" echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
echo "GRANT ALL PRIVILEGES ON keycloak.* TO '${cfg.databaseUsername}'@'localhost';" echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
) | ${config.services.mysql.package}/bin/mysql -N ) | ${config.services.mysql.package}/bin/mysql -N
''; '';
}; };