Keycloak

User DB

Provide user records via a small varlink Python program which queries Keycloak for users, groups and roles.

The goal is to easily manager users / groups on our servers without having to run Ansible for changes.

To-Do

• package python-varlink
  • a bit unmaintained, depends on python-future (no longer exists in Arch). Easier to drop Python 2 support (and retired in c9s)
  • nose2/fixtures test dependencies are not amazing, pytest?
  • make docs are broken -> PYTHONPATH=. sphinx-build
  • setuptools_scm_git_archive This plugin is obsolete. setuptools_scm >= 7.0.0 supports Git archives by itself. (Can only be solved by moving to Python 3 only and requiring modern setuptools_scm)
  • tox setup is totally borked, also test on newer Python
  • run tests on pull request
• write a simple python varlink script which exposes GetUsers/ GetGroups and provide mock data to test how this works
• figure out service accounts which can query user / groups with Keycloak
• setup a "repepeatable" Keycloak container for development
• let the keycloak container talk with an easily deployable test vm
• package python-keycloak
• investigate if we can generate sphinx API docs from varlink definitions in systemd

Technical documentation

• User Groups specification
• Group record
• User record
• User database talk

Research

varlinkctl introspect /run/systemd/userdb/io.systemd.DynamicUser io.systemd.UserDatabase