revert: changes to create_api_user

Author: filippomc

applications/accounts/scripts/create_api_user.sh

@@ -7,13 +7,17 @@ PASSWORD=$(cat /opt/cloudharness/resources/auth/api_user_password)
 echo "Checking if API user exists..."
 
 # Check if user already exists
-if /opt/keycloak/bin/kcadm.sh get users -q "username=$USERNAME" | grep -v "$USERNAME"; then
-    # create the user and reload keycloak
-    echo "Creating API user $USERNAME"
-    /opt/keycloak/bin/kcadm.sh create users -s "username=$USERNAME" -s enabled=True
-    echo "API user created successfully"
+if /opt/keycloak/bin/kcadm.sh get users -q "username=$USERNAME" | grep -q "$USERNAME"; then
+    echo "ERROR: API user $USERNAME already exists, but password is out of sync. You may need to reset it manually."
+    # /opt/keycloak/bin/kcadm.sh set-password --username "$USERNAME" --new-password "$PASSWORD"
+    # Removed automatic password reset as that would only work if the main admin password is unchanged from the default password
+    # That would create the false impression that the password is reset successfully when in fact it has not on production systems
+    exit 0
 fi
 
-echo Setting API user password
+echo "Creating API user $USERNAME"
+set -e 
+# create the user and reload keycloak
+/opt/keycloak/bin/kcadm.sh create users -s "username=$USERNAME" -s enabled=True
 /opt/keycloak/bin/kcadm.sh set-password --username "$USERNAME" --new-password "$PASSWORD"
 /opt/keycloak/bin/kcadm.sh add-roles --uusername "$USERNAME" --rolename admin