Merge branch 'keycloak' into zato

keycloak-elabore/README.rst

@@ -1,8 +1,8 @@
 Description
 ===========
 
-Using ``keycloak`` version 17.0
+Using ``keycloak`` version 24.0
-
+DEV info : https://www.keycloak.org/server/containers
 
 Usage
 =====
@@ -11,6 +11,8 @@ To start with ``keycloak``, just put this service in your
 ``compose.yml``::
 
     keycloak:
+      docker-compose:
+        image: docker.0k.io/keycloak24.0.4-elabore:1.0.0
       options:
         admin-password: CHANGEME
       relations:

keycloak-elabore/build/Dockerfile

@@ -1,16 +1,15 @@
-FROM keycloak/keycloak:24.0.4 as builder
+#FROM keycloak/keycloak:24.0.4 as builder
-
+#
-ENV KC_METRICS_ENABLED=true
+#ENV KC_METRICS_ENABLED=true
-ENV KC_FEATURES=token-exchange
+#ENV KC_FEATURES=token-exchange
-ENV KC_DB=postgres
+#ENV KC_DB=postgres
-
+#
-WORKDIR /opt/keycloak
+#WORKDIR /opt/keycloak
-# for demonstration purposes only, please make sure to use proper certificates in production instead
+## for demonstration purposes only, please make sure to use proper certificates in production instead
-RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
+#RUN /opt/keycloak/bin/kc.sh build
-RUN /opt/keycloak/bin/kc.sh build
 
 FROM keycloak/keycloak:24.0.4
-COPY --from=builder /opt/keycloak/ /opt/keycloak/
+#COPY --from=builder /opt/keycloak/ /opt/keycloak/
 WORKDIR /opt/keycloak
 ENV KC_LOG_LEVEL=INFO
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]

keycloak-elabore/hooks/web_proxy-relation-joined

@@ -1,8 +1,13 @@
 #!/bin/bash
 
+. lib/common
+
 DOMAIN=$(relation-get domain) || exit 1
+#IP_HOST=$(hostname -I | awk '{print $1}')
 
 set -e
+keycloak:generate-key-if-not-exist "$DOMAIN"
+
 
 config-add "\
 services:

keycloak-elabore/lib/common

@@ -0,0 +1,46 @@
+# -*- mode: bash -*-
+
+KEYCLOAK_DIR=/opt/keycloak
+DATASTORE_KEYCLOAK_DIR="$SERVICE_DATASTORE$KEYCLOAK_DIR"
+HOST_DATASTORE_KEYCLOAK_DIR="$HOST_DATASTORE/$SERVICE_NAME$KEYCLOAK_DIR"
+
+keycloak:generate-key-if-not-exist() {
+    local domain="$1" ip_host
+
+    [ -d "$DATASTORE_KEYCLOAK_DIR" ] && return 0
+
+    ip_host=$(set -o pipefail; getent ahostsv4 "$domain" | head -n 1 | cut -f 1 -d " ") || {
+        err "Couldn't resolve to ipv4 domain name '$domain'."
+	return 1
+    }
+    info "Resolved successfully '$domain' to ip '$ip_host'."
+    debug "DOCKER_BASE_IMAGE: $DOCKER_BASE_IMAGE"
+    debug "HOST_DATASTORE_KEYCLOAK_DIR:: $HOST_DATASTORE_KEYCLOAK_DIR"
+    mkdir -p "$DATASTORE_KEYCLOAK_DIR/conf" || return 0
+    docker_image_export_dir "$DOCKER_BASE_IMAGE" "/opt/keycloak" "$SERVICE_DATASTORE/opt" || return 1
+    uid=$(docker_get_uid "$SERVICE_NAME" "keycloak") || return 1
+    chown "$uid" "$DATASTORE_KEYCLOAK_DIR" -R
+    debug "DATASTORE_KEYCLOAK_DIR_LS:: $(ls $DATASTORE_KEYCLOAK_DIR)"
+    docker run -w /opt/keycloak \
+        -v "$HOST_DATASTORE_KEYCLOAK_DIR":"/opt/keycloak" \
+        --entrypoint bash \
+	"$DOCKER_BASE_IMAGE" -c " 
+    export KC_METRICS_ENABLED=true
+    export KC_FEATURES=token-exchange
+    export KC_DB=postgres
+    keytool -genkeypair -storepass password \
+        -storetype PKCS12 -keyalg RSA \
+	-keysize 2048 -dname 'CN=$domain' \
+	-alias server -ext 'SAN:c=DNS:$domain,IP:$ip_host' \
+	-keystore conf/server.keystore || exit 1
+     echo 'Generated key'
+     /opt/keycloak/bin/kc.sh build
+
+     " || { 
+
+        rmdir "$DATASTORE_KEYCLOAK_DIR/conf" 2>/dev/null
+        rmdir "$DATASTORE_KEYCLOAK_DIR" 2>/dev/null
+	return 1
+     }
+
+}

keycloak-elabore/metadata.yml

@@ -1,6 +1,6 @@
 
 data-resources:
-  - /opt/keycloak/themes
+  - /opt/keycloak
 
 default-options:
 
@@ -8,7 +8,7 @@ uses:
   web-proxy:
     #constraint: required | recommended | optional
     #auto: pair | summon | none ## default: pair
-    constraint: recommended
+    constraint: required
     auto: pair
     solves:
       proxy: "Public access"