From ec1eb83814a6d3ed5536d56adbced253b03ab305 Mon Sep 17 00:00:00 2001
From: default <default@silicium>
Date: Tue, 28 May 2024 14:49:23 +0200
Subject: [PATCH] new: [add] new charm keycloak

---
 keycloak-elabore/README.rst                   | 32 +++++++++++++
 keycloak-elabore/build/Dockerfile             | 15 ++++++
 keycloak-elabore/build/Dockerfiledebug        | 16 +++++++
 keycloak-elabore/hooks/init                   | 12 +++++
 .../hooks/postgres_database-relation-joined   | 17 +++++++
 .../hooks/web_proxy-relation-joined           | 21 +++++++++
 keycloak-elabore/lib/common                   | 46 +++++++++++++++++++
 keycloak-elabore/metadata.yml                 | 24 ++++++++++
 8 files changed, 183 insertions(+)
 create mode 100644 keycloak-elabore/README.rst
 create mode 100644 keycloak-elabore/build/Dockerfile
 create mode 100644 keycloak-elabore/build/Dockerfiledebug
 create mode 100755 keycloak-elabore/hooks/init
 create mode 100755 keycloak-elabore/hooks/postgres_database-relation-joined
 create mode 100755 keycloak-elabore/hooks/web_proxy-relation-joined
 create mode 100644 keycloak-elabore/lib/common
 create mode 100644 keycloak-elabore/metadata.yml

diff --git a/keycloak-elabore/README.rst b/keycloak-elabore/README.rst
new file mode 100644
index 0000000..5827885
--- /dev/null
+++ b/keycloak-elabore/README.rst
@@ -0,0 +1,32 @@
+Description
+===========
+
+Using ``keycloak`` version 24.0
+DEV info : https://www.keycloak.org/server/containers
+
+Usage
+=====
+
+To start with ``keycloak``, just put this service in your
+``compose.yml``::
+
+    keycloak:
+      options:
+        admin-password: CHANGEME
+      relations:
+        web-proxy:
+          frontend:
+            domain: id.mydomain.fr
+
+Customize theme
+===============
+
+You can customize theme by putting your theme in
+``/srv/datastore/data/keycloak/opt/keycloak/themes``
+
+For example copy the material folder from
+https://github.com/MAXIMUS-DeltaWare/material-keycloak-theme and
+restart ``keycloak``.
+
+Then go to your admin console, log in and go to the realm/themes part
+to choose you new theme
diff --git a/keycloak-elabore/build/Dockerfile b/keycloak-elabore/build/Dockerfile
new file mode 100644
index 0000000..2bb0490
--- /dev/null
+++ b/keycloak-elabore/build/Dockerfile
@@ -0,0 +1,15 @@
+#FROM keycloak/keycloak:24.0.4 as builder
+#
+#ENV KC_METRICS_ENABLED=true
+#ENV KC_FEATURES=token-exchange
+#ENV KC_DB=postgres
+#
+#WORKDIR /opt/keycloak
+## for demonstration purposes only, please make sure to use proper certificates in production instead
+#RUN /opt/keycloak/bin/kc.sh build
+
+FROM keycloak/keycloak:24.0.4
+#COPY --from=builder /opt/keycloak/ /opt/keycloak/
+WORKDIR /opt/keycloak
+ENV KC_LOG_LEVEL=INFO
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]
diff --git a/keycloak-elabore/build/Dockerfiledebug b/keycloak-elabore/build/Dockerfiledebug
new file mode 100644
index 0000000..0be049d
--- /dev/null
+++ b/keycloak-elabore/build/Dockerfiledebug
@@ -0,0 +1,16 @@
+FROM docker.0k.io/keycloak:17.0.1 as builder
+
+ENV KC_METRICS_ENABLED=true
+ENV KC_FEATURES=token-exchange
+ENV KC_DB=postgres
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM builder as inspector
+ENTRYPOINT ["ls", "-l", "/opt/keycloak/lib/"]
+
+
+#FROM docker.0k.io/keycloak:17.0.0
+#COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
+#WORKDIR /opt/keycloak
+#ENV KC_LOG_LEVEL=INFO
+#ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
diff --git a/keycloak-elabore/hooks/init b/keycloak-elabore/hooks/init
new file mode 100755
index 0000000..57c1239
--- /dev/null
+++ b/keycloak-elabore/hooks/init
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+admin_password=$(options-get admin-password) || exit 1
+
+init-config-add "\
+  $MASTER_BASE_SERVICE_NAME:
+    environment:
+      KEYCLOAK_ADMIN: \"admin\"
+      KEYCLOAK_ADMIN_PASSWORD: \"$admin_password\"
+"
diff --git a/keycloak-elabore/hooks/postgres_database-relation-joined b/keycloak-elabore/hooks/postgres_database-relation-joined
new file mode 100755
index 0000000..1f5c177
--- /dev/null
+++ b/keycloak-elabore/hooks/postgres_database-relation-joined
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+PASSWORD="$(relation-get password)"
+USER="$(relation-get user)"
+DBNAME="$(relation-get dbname)"
+
+config-add "\
+services:
+  $MASTER_BASE_SERVICE_NAME:
+    environment:
+      KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\"
+      KC_DB_USERNAME: \"$USER\"
+      KC_DB_PASSWORD: \"$PASSWORD\"
+      KC_DB: \"postgres\"
+"
diff --git a/keycloak-elabore/hooks/web_proxy-relation-joined b/keycloak-elabore/hooks/web_proxy-relation-joined
new file mode 100755
index 0000000..d1dba28
--- /dev/null
+++ b/keycloak-elabore/hooks/web_proxy-relation-joined
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+. lib/common
+
+DOMAIN=$(relation-get domain) || exit 1
+#IP_HOST=$(hostname -I | awk '{print $1}')
+
+set -e
+keycloak:generate-key-if-not-exist "$DOMAIN"
+
+
+config-add "\
+services:
+  $MASTER_BASE_SERVICE_NAME:
+    environment:
+      KC_HOSTNAME: \"$DOMAIN\"
+      KC_PROXY: edge
+      KC_HTTP_ENABLED: \"true\"
+      KC_HOSTNAME_STRICT: \"false\"
+"
+
diff --git a/keycloak-elabore/lib/common b/keycloak-elabore/lib/common
new file mode 100644
index 0000000..26a9ce9
--- /dev/null
+++ b/keycloak-elabore/lib/common
@@ -0,0 +1,46 @@
+# -*- mode: bash -*-
+
+KEYCLOAK_DIR=/opt/keycloak
+DATASTORE_KEYCLOAK_DIR="$SERVICE_DATASTORE$KEYCLOAK_DIR"
+HOST_DATASTORE_KEYCLOAK_DIR="$HOST_DATASTORE/$SERVICE_NAME$KEYCLOAK_DIR"
+
+keycloak:generate-key-if-not-exist() {
+    local domain="$1" ip_host
+
+    [ -d "$DATASTORE_KEYCLOAK_DIR" ] && return 0
+
+    ip_host=$(set -o pipefail; getent ahostsv4 "$domain" | head -n 1 | cut -f 1 -d " ") || {
+        err "Couldn't resolve to ipv4 domain name '$domain'."
+	return 1
+    }
+    info "Resolved successfully '$domain' to ip '$ip_host'."
+    debug "DOCKER_BASE_IMAGE: $DOCKER_BASE_IMAGE"
+    debug "HOST_DATASTORE_KEYCLOAK_DIR:: $HOST_DATASTORE_KEYCLOAK_DIR"
+    mkdir -p "$DATASTORE_KEYCLOAK_DIR/conf" || return 0
+    docker_image_export_dir "$DOCKER_BASE_IMAGE" "/opt/keycloak" "$SERVICE_DATASTORE/opt" || return 1
+    uid=$(docker_get_uid "$SERVICE_NAME" "keycloak") || return 1
+    chown "$uid" "$DATASTORE_KEYCLOAK_DIR" -R
+    debug "DATASTORE_KEYCLOAK_DIR_LS:: $(ls $DATASTORE_KEYCLOAK_DIR)"
+    docker run -w /opt/keycloak \
+        -v "$HOST_DATASTORE_KEYCLOAK_DIR":"/opt/keycloak" \
+        --entrypoint bash \
+	"$DOCKER_BASE_IMAGE" -c " 
+    export KC_METRICS_ENABLED=true
+    export KC_FEATURES=token-exchange
+    export KC_DB=postgres
+    keytool -genkeypair -storepass password \
+        -storetype PKCS12 -keyalg RSA \
+	-keysize 2048 -dname 'CN=$domain' \
+	-alias server -ext 'SAN:c=DNS:$domain,IP:$ip_host' \
+	-keystore conf/server.keystore || exit 1
+     echo 'Generated key'
+     /opt/keycloak/bin/kc.sh build
+
+     " || { 
+
+        rmdir "$DATASTORE_KEYCLOAK_DIR/conf" 2>/dev/null
+        rmdir "$DATASTORE_KEYCLOAK_DIR" 2>/dev/null
+	return 1
+     }
+
+}
diff --git a/keycloak-elabore/metadata.yml b/keycloak-elabore/metadata.yml
new file mode 100644
index 0000000..1cd9221
--- /dev/null
+++ b/keycloak-elabore/metadata.yml
@@ -0,0 +1,24 @@
+
+data-resources:
+  - /opt/keycloak
+
+default-options:
+
+uses:
+  web-proxy:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: required 
+    auto: pair
+    solves:
+      proxy: "Public access"
+    default-options:
+      target: !var-expand ${MASTER_BASE_SERVICE_NAME}:8080
+  postgres-database:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: required
+    auto: summon
+    solves:
+      database: "main storage"
+    default-options: