new: [add] new charm keycloak

keycloak-elabore/README.rst

@@ -0,0 +1,32 @@
+Description
+===========
+
+Using ``keycloak`` version 24.0
+DEV info : https://www.keycloak.org/server/containers
+
+Usage
+=====
+
+To start with ``keycloak``, just put this service in your
+``compose.yml``::
+
+    keycloak:
+      options:
+        admin-password: CHANGEME
+      relations:
+        web-proxy:
+          frontend:
+            domain: id.mydomain.fr
+
+Customize theme
+===============
+
+You can customize theme by putting your theme in
+``/srv/datastore/data/keycloak/opt/keycloak/themes``
+
+For example copy the material folder from
+https://github.com/MAXIMUS-DeltaWare/material-keycloak-theme and
+restart ``keycloak``.
+
+Then go to your admin console, log in and go to the realm/themes part
+to choose you new theme

keycloak-elabore/build/Dockerfile

@@ -0,0 +1,15 @@
+#FROM keycloak/keycloak:24.0.4 as builder
+#
+#ENV KC_METRICS_ENABLED=true
+#ENV KC_FEATURES=token-exchange
+#ENV KC_DB=postgres
+#
+#WORKDIR /opt/keycloak
+## for demonstration purposes only, please make sure to use proper certificates in production instead
+#RUN /opt/keycloak/bin/kc.sh build
+
+FROM keycloak/keycloak:24.0.4
+#COPY --from=builder /opt/keycloak/ /opt/keycloak/
+WORKDIR /opt/keycloak
+ENV KC_LOG_LEVEL=INFO
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]

keycloak-elabore/build/Dockerfiledebug

@@ -0,0 +1,16 @@
+FROM docker.0k.io/keycloak:17.0.1 as builder
+
+ENV KC_METRICS_ENABLED=true
+ENV KC_FEATURES=token-exchange
+ENV KC_DB=postgres
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM builder as inspector
+ENTRYPOINT ["ls", "-l", "/opt/keycloak/lib/"]
+
+
+#FROM docker.0k.io/keycloak:17.0.0
+#COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
+#WORKDIR /opt/keycloak
+#ENV KC_LOG_LEVEL=INFO
+#ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

keycloak-elabore/hooks/init

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+admin_password=$(options-get admin-password) || exit 1
+
+init-config-add "\
+  $MASTER_BASE_SERVICE_NAME:
+    environment:
+      KEYCLOAK_ADMIN: \"admin\"
+      KEYCLOAK_ADMIN_PASSWORD: \"$admin_password\"
+"

keycloak-elabore/hooks/postgres_database-relation-joined

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+PASSWORD="$(relation-get password)"
+USER="$(relation-get user)"
+DBNAME="$(relation-get dbname)"
+
+config-add "\
+services:
+  $MASTER_BASE_SERVICE_NAME:
+    environment:
+      KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\"
+      KC_DB_USERNAME: \"$USER\"
+      KC_DB_PASSWORD: \"$PASSWORD\"
+      KC_DB: \"postgres\"
+"

keycloak-elabore/hooks/web_proxy-relation-joined

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+. lib/common
+
+DOMAIN=$(relation-get domain) || exit 1
+#IP_HOST=$(hostname -I | awk '{print $1}')
+
+set -e
+keycloak:generate-key-if-not-exist "$DOMAIN"
+
+
+config-add "\
+services:
+  $MASTER_BASE_SERVICE_NAME:
+    environment:
+      KC_HOSTNAME: \"$DOMAIN\"
+      KC_PROXY: edge
+      KC_HTTP_ENABLED: \"true\"
+      KC_HOSTNAME_STRICT: \"false\"
+"
+

keycloak-elabore/lib/common

@@ -0,0 +1,46 @@
+# -*- mode: bash -*-
+
+KEYCLOAK_DIR=/opt/keycloak
+DATASTORE_KEYCLOAK_DIR="$SERVICE_DATASTORE$KEYCLOAK_DIR"
+HOST_DATASTORE_KEYCLOAK_DIR="$HOST_DATASTORE/$SERVICE_NAME$KEYCLOAK_DIR"
+
+keycloak:generate-key-if-not-exist() {
+    local domain="$1" ip_host
+
+    [ -d "$DATASTORE_KEYCLOAK_DIR" ] && return 0
+
+    ip_host=$(set -o pipefail; getent ahostsv4 "$domain" | head -n 1 | cut -f 1 -d " ") || {
+        err "Couldn't resolve to ipv4 domain name '$domain'."
+	return 1
+    }
+    info "Resolved successfully '$domain' to ip '$ip_host'."
+    debug "DOCKER_BASE_IMAGE: $DOCKER_BASE_IMAGE"
+    debug "HOST_DATASTORE_KEYCLOAK_DIR:: $HOST_DATASTORE_KEYCLOAK_DIR"
+    mkdir -p "$DATASTORE_KEYCLOAK_DIR/conf" || return 0
+    docker_image_export_dir "$DOCKER_BASE_IMAGE" "/opt/keycloak" "$SERVICE_DATASTORE/opt" || return 1
+    uid=$(docker_get_uid "$SERVICE_NAME" "keycloak") || return 1
+    chown "$uid" "$DATASTORE_KEYCLOAK_DIR" -R
+    debug "DATASTORE_KEYCLOAK_DIR_LS:: $(ls $DATASTORE_KEYCLOAK_DIR)"
+    docker run -w /opt/keycloak \
+        -v "$HOST_DATASTORE_KEYCLOAK_DIR":"/opt/keycloak" \
+        --entrypoint bash \
+	"$DOCKER_BASE_IMAGE" -c " 
+    export KC_METRICS_ENABLED=true
+    export KC_FEATURES=token-exchange
+    export KC_DB=postgres
+    keytool -genkeypair -storepass password \
+        -storetype PKCS12 -keyalg RSA \
+	-keysize 2048 -dname 'CN=$domain' \
+	-alias server -ext 'SAN:c=DNS:$domain,IP:$ip_host' \
+	-keystore conf/server.keystore || exit 1
+     echo 'Generated key'
+     /opt/keycloak/bin/kc.sh build
+
+     " || { 
+
+        rmdir "$DATASTORE_KEYCLOAK_DIR/conf" 2>/dev/null
+        rmdir "$DATASTORE_KEYCLOAK_DIR" 2>/dev/null
+	return 1
+     }
+
+}

keycloak-elabore/metadata.yml

@@ -0,0 +1,24 @@
+
+data-resources:
+  - /opt/keycloak
+
+default-options:
+
+uses:
+  web-proxy:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: required 
+    auto: pair
+    solves:
+      proxy: "Public access"
+    default-options:
+      target: !var-expand ${MASTER_BASE_SERVICE_NAME}:8080
+  postgres-database:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: required
+    auto: summon
+    solves:
+      database: "main storage"
+    default-options: