feat(keycloak): add user profile for each realm.

xdanielsb · xdanielsb · commit dd2d0eb4076a · 2025-06-23T17:18:24.000+02:00
chore: do not allow user to update email/username.
diff --git a/.github/workflows/cd-keycloak.yml b/.github/workflows/cd-keycloak.yml
@@ -21,7 +21,7 @@ jobs:
           host: ${{ secrets.HOST }}
           username: deploy
           key: ${{ secrets.SSH_PRIVATE_KEY }}
-          source: "infra/compose/docker-compose.keycloak.yml,infra/keycloak/realm-export.json,infra/scripts/,Makefile"
+          source: "infra/compose/docker-compose.keycloak.yml,infra/keycloak/,infra/scripts/,Makefile"
           target: "/home/deploy/survey-app"
           strip_components: 0
           rm: false
diff --git a/infra/compose/docker-compose.keycloak.yml b/infra/compose/docker-compose.keycloak.yml
@@ -81,6 +81,7 @@ services:
       KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
     volumes:
       - ../keycloak/realm-export.json:/opt/keycloak/data/import/realm-export.json
+      - ../keycloak/user-profile.json:/opt/keycloak/data/import/user-profile.json
     depends_on:
       - db
 
diff --git a/infra/keycloak/user-profile.json b/infra/keycloak/user-profile.json
@@ -0,0 +1,110 @@
+{
+  "attributes": [
+    {
+      "name": "username",
+      "displayName": "${username}",
+      "validations": {
+        "length": {
+          "min": 3,
+          "max": 255
+        },
+        "username-prohibited-characters": {},
+        "up-username-not-idn-homograph": {}
+      },
+      "permissions": {
+        "view": [
+          "admin",
+          "user"
+        ],
+        "edit": [
+          "admin"
+        ]
+      },
+      "multivalued": false
+    },
+    {
+      "name": "email",
+      "displayName": "${email}",
+      "validations": {
+        "email": {},
+        "length": {
+          "max": 255
+        }
+      },
+      "required": {
+        "roles": [
+          "user"
+        ]
+      },
+      "permissions": {
+        "view": [
+          "admin",
+          "user"
+        ],
+        "edit": [
+          "admin"
+        ]
+      },
+      "multivalued": false
+    },
+    {
+      "name": "firstName",
+      "displayName": "${firstName}",
+      "validations": {
+        "length": {
+          "max": 255
+        },
+        "person-name-prohibited-characters": {}
+      },
+      "required": {
+        "roles": [
+          "user"
+        ]
+      },
+      "permissions": {
+        "view": [
+          "admin",
+          "user"
+        ],
+        "edit": [
+          "admin",
+          "user"
+        ]
+      },
+      "multivalued": false
+    },
+    {
+      "name": "lastName",
+      "displayName": "${lastName}",
+      "validations": {
+        "length": {
+          "max": 255
+        },
+        "person-name-prohibited-characters": {}
+      },
+      "required": {
+        "roles": [
+          "user"
+        ]
+      },
+      "permissions": {
+        "view": [
+          "admin",
+          "user"
+        ],
+        "edit": [
+          "admin",
+          "user"
+        ]
+      },
+      "multivalued": false
+    }
+  ],
+  "groups": [
+    {
+      "name": "user-metadata",
+      "displayHeader": "User metadata",
+      "displayDescription": "Attributes, which refer to user metadata"
+    }
+  ]
+}
