Add keycloak to compose with default realm

compose.yaml

@@ -17,3 +17,16 @@ services:
     environment:
       - KEYCLOAK_ADMIN=admin
       - KEYCLOAK_ADMIN_PASSWORD=admin
+  keycloak:
+    image: quay.io/keycloak/keycloak:22.0.4
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+    command:
+      - 'start-dev'
+      - '--import-realm'
+    ports:
+      - 8080:8080
+      - 8443:8443
+    volumes:
+      - ./dev-realm-spsh.json:/opt/keycloak/data/import/realm.json

config/config.dev.json

@@ -12,9 +12,9 @@
     },
     "KEYCLOAK": {
         "BASE_URL": "http://127.0.0.1:8080",
-        "ADMIN_REALM_NAME": "master",
+        "ADMIN_REALM_NAME": "SPSH",
         "ADMIN_CLIENT_ID": "admin-cli",
-        "REALM_NAME": "schulportal",
-        "CLIENT_ID": "schulportal"
+        "REALM_NAME": "SPSH",
+        "CLIENT_ID": "spsh"
     }
 }

config/config.test.json

@@ -12,9 +12,9 @@
     },
     "KEYCLOAK": {
         "BASE_URL": "http://127.0.0.1:8080",
-        "ADMIN_REALM_NAME": "master",
+        "ADMIN_REALM_NAME": "SPSH",
         "ADMIN_CLIENT_ID": "admin-cli",
-        "REALM_NAME": "schulportal",
-        "CLIENT_ID": "schulportal"
+        "REALM_NAME": "SPSH",
+        "CLIENT_ID": "spsh"
     }
 }

dev-realm-spsh.json

@@ -66,6 +66,22 @@
         "containerId": "17bbe7b0-1ce8-44c3-b326-dafea397e270",
         "attributes": {}
       },
+      {
+        "id": "73e11c10-4d3a-4772-9cc2-7f4aeabd144a",
+        "name": "admin",
+        "description": "Admin role for SPSH",
+        "composite": true,
+        "composites": {
+          "client": {
+            "realm-management": [
+              "manage-users"
+            ]
+          }
+        },
+        "clientRole": false,
+        "containerId": "17bbe7b0-1ce8-44c3-b326-dafea397e270",
+        "attributes": {}
+      },
       {
         "id": "4e8df461-0777-4036-ae35-a32d279558e9",
         "name": "offline_access",
@@ -452,6 +468,23 @@
   "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
   "webAuthnPolicyPasswordlessAcceptableAaguids": [],
   "users": [
+    {
+      "id": "f3cf6895-d74e-4011-a846-5f19be8543d9",
+      "createdTimestamp": 1697619074892,
+      "username": "service-account-admin-cli",
+      "enabled": true,
+      "totp": false,
+      "emailVerified": false,
+      "serviceAccountClientId": "admin-cli",
+      "disableableCredentialTypes": [],
+      "requiredActions": [],
+      "realmRoles": [
+        "default-roles-spsh",
+        "admin"
+      ],
+      "notBefore": 0,
+      "groups": []
+    },
     {
       "id": "9e30e22d-2f7b-47cf-a82a-a6e82cf8c5de",
       "createdTimestamp": 1697087666332,
@@ -596,16 +629,17 @@
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
+      "secret": "A4Py4nxWuFRfv0s7ElMc9JflIJWBQeMR",
       "redirectUris": [],
       "webOrigins": [],
       "notBefore": 0,
       "bearerOnly": false,
       "consentRequired": false,
       "standardFlowEnabled": false,
       "implicitFlowEnabled": false,
-      "directAccessGrantsEnabled": true,
-      "serviceAccountsEnabled": false,
-      "publicClient": true,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": true,
+      "publicClient": false,
       "frontchannelLogout": false,
       "protocol": "openid-connect",
       "attributes": {},

src/modules/person/api/person.controller.ts

@@ -11,6 +11,7 @@ import {
     ApiTags,
     ApiUnauthorizedResponse,
 } from '@nestjs/swagger';
+import { Unprotected } from 'nest-keycloak-connect';
 import { PersonUc } from '../api/person.uc.js';
 import { CreatePersonBodyParams } from './create-person.body.params.js';
 import { CreatePersonDto } from '../domain/create-person.dto.js';
@@ -28,6 +29,7 @@ import { FindPersonenkontextDto } from './find-personenkontext.dto.js';
 
 @ApiTags('person')
 @Controller({ path: 'person' })
+@Unprotected()
 export class PersonController {
     public constructor(
         private readonly personUc: PersonUc,