chg: [keycloak] upgrade to version ``17.0.1``

Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago · 2309adc7b3
6 changed files with 57 additions and 44 deletions
--- a/keycloak/README.rst
+++ b/keycloak/README.rst
@ -0,0 +1,32 @@
+Description
+===========
+
+Using ``keycloak`` version 17.0
+
+
+Usage
+=====
+
+To start with ``keycloak``, just put this service in your
+``compose.yml``::
+
+    keycloak:
+      options:
+        admin-password: CHANGEME
+      relations:
+        web-proxy:
+          frontend:
+            domain: id.mydomain.fr
+
+Customize theme
+===============
+
+You can customize theme by putting your theme in
+``/srv/datastore/data/keycloak/opt/keycloak/themes``
+
+For example copy the material folder from
+https://github.com/MAXIMUS-DeltaWare/material-keycloak-theme and
+restart ``keycloak``.
+
+Then go to your admin console, log in and go to the realm/themes part
+to choose you new theme
--- a/keycloak/build/Dockerfile
+++ b/keycloak/build/Dockerfile
@ -0,0 +1,12 @@
+FROM docker.0k.io/keycloak:17.0.1 as builder
+
+ENV KC_METRICS_ENABLED=true
+ENV KC_FEATURES=token-exchange
+ENV KC_DB=postgres
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM docker.0k.io/keycloak:17.0.0
+COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
+WORKDIR /opt/keycloak
+ENV KC_LOG_LEVEL=INFO
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
--- a/keycloak/hooks/post_deploy
+++ b/keycloak/hooks/post_deploy
@ -1,37 +0,0 @@
-#!/bin/bash
-
-## Init is run on host
-## For now it is run every time the script is launched, but
-## it should be launched only once after build.
-
-## Accessible variables are:
-## - SERVICE_NAME        Name of current service
-## - DOCKER_BASE_IMAGE   Base image from which this service might be built if any
-## - SERVICE_DATASTORE           Location on host of the DATASTORE of this service
-## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
-
-PASSWORD_SET_CONTROL="$SERVICE_CONFIGSTORE/.password-set-control"
-
-set -e
-
-if [ -e "$PASSWORD_SET_CONTROL" ]; then
-    exit 0
-fi
-
-containers=($(get_running_containers_for_service "$SERVICE_NAME"))
-if [ "${#containers[@]}" == 0 ]; then
-    err "no containers found for service ${DARKYELLOW}$SERVICE_NAME${NORMAL}"
-    exit 1
-fi
-
-## It is not possible at first glance to reset password, so we decided
-## to set to admin/admin. This means it is important to change the
-## admin password as soon as possible.
-
-## XXXvlab: taking the first container
-container_id="${containers[0]}"
-docker exec "$container_id" \
-       /opt/jboss/keycloak/bin/add-user-keycloak.sh \
-       -u "admin" -p "admin"
-docker restart "$container_id"
-mkdir -p "${PASSWORD_SET_CONTROL%/*}" && touch "$PASSWORD_SET_CONTROL"
--- a/keycloak/hooks/postgres_database-relation-joined
+++ b/keycloak/hooks/postgres_database-relation-joined
@ -10,9 +10,8 @@ config-add "\
 services:
  $MASTER_BASE_SERVICE_NAME:
    environment:
-      DB_VENDOR: postgres
-      DB_ADDR: \"$MASTER_TARGET_SERVICE_NAME\"
-      DB_DATABASE: \"$DBNAME\"
-      DB_PASSWORD: \"$PASSWORD\"
-      DB_USER: \"$USER\"
+      KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\"
+      KC_DB_USERNAME: \"$USER\"
+      KC_DB_PASSWORD: \"$PASSWORD\"
+      KC_DB: \"postgres\"
 "
--- a/keycloak/hooks/web_proxy-relation-joined
+++ b/keycloak/hooks/web_proxy-relation-joined
@ -1,11 +1,16 @@
 #!/bin/bash

+DOMAIN=$(relation-get domain) || exit 1
+
 set -e

 config-add "\
 services:
  $MASTER_BASE_SERVICE_NAME:
    environment:
-      PROXY_ADDRESS_FORWARDING: \"true\"
+      KC_HOSTNAME: "$DOMAIN"
+      KC_PROXY: edge
+      KC_HTTP_ENABLED: \"true\"
+      KC_HOSTNAME_STRICT: \"false\"
 "

--- a/keycloak/metadata.yml
+++ b/keycloak/metadata.yml
@ -1,4 +1,6 @@
-docker-image: docker.0k.io/keycloak:16.1.1  ## jboss/keycloak:16.1.1
+
+data-resources:
+  - /opt/keycloak/themes

 default-options: