keycloak/README.rst

@@ -0,0 +1,32 @@
+Description
+===========
+
+Using ``keycloak`` version 17.0
+
+
+Usage
+=====
+
+To start with ``keycloak``, just put this service in your
+``compose.yml``::
+
+    keycloak:
+      options:
+        admin-password: CHANGEME
+      relations:
+        web-proxy:
+          frontend:
+            domain: id.mydomain.fr
+
+Customize theme
+===============
+
+You can customize theme by putting your theme in
+``/srv/datastore/data/keycloak/opt/keycloak/themes``
+
+For example copy the material folder from
+https://github.com/MAXIMUS-DeltaWare/material-keycloak-theme and
+restart ``keycloak``.
+
+Then go to your admin console, log in and go to the realm/themes part
+to choose you new theme

keycloak/build/Dockerfile

@@ -0,0 +1,12 @@
+FROM quay.io/keycloak/keycloak:17.0.0 as builder
+
+ENV KC_METRICS_ENABLED=true
+ENV KC_FEATURES=token-exchange
+ENV KC_DB=postgres
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:17.0.0
+COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
+WORKDIR /opt/keycloak
+ENV KC_LOG_LEVEL=INFO
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

keycloak/hooks/post_deploy

@@ -1,37 +0,0 @@
-#!/bin/bash
-
-## Init is run on host
-## For now it is run every time the script is launched, but
-## it should be launched only once after build.
-
-## Accessible variables are:
-## - SERVICE_NAME        Name of current service
-## - DOCKER_BASE_IMAGE   Base image from which this service might be built if any
-## - SERVICE_DATASTORE           Location on host of the DATASTORE of this service
-## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
-
-PASSWORD_SET_CONTROL="$SERVICE_CONFIGSTORE/.password-set-control"
-
-set -e
-
-if [ -e "$PASSWORD_SET_CONTROL" ]; then
-    exit 0
-fi
-
-containers=($(get_running_containers_for_service "$SERVICE_NAME"))
-if [ "${#containers[@]}" == 0 ]; then
-    err "no containers found for service ${DARKYELLOW}$SERVICE_NAME${NORMAL}"
-    exit 1
-fi
-
-## It is not possible at first glance to reset password, so we decided
-## to set to admin/admin. This means it is important to change the
-## admin password as soon as possible.
-
-## XXXvlab: taking the first container
-container_id="${containers[0]}"
-docker exec "$container_id" \
-       /opt/jboss/keycloak/bin/add-user-keycloak.sh \
-       -u "admin" -p "admin"
-docker restart "$container_id"
-mkdir -p "${PASSWORD_SET_CONTROL%/*}" && touch "$PASSWORD_SET_CONTROL"

keycloak/hooks/postgres_database-relation-joined

@@ -10,9 +10,8 @@ config-add "\
 services:
   $MASTER_BASE_SERVICE_NAME:
     environment:
-      DB_VENDOR: postgres
-      DB_ADDR: \"$MASTER_TARGET_SERVICE_NAME\"
-      DB_DATABASE: \"$DBNAME\"
-      DB_PASSWORD: \"$PASSWORD\"
-      DB_USER: \"$USER\"
+      KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\"
+      KC_DB_USERNAME: \"$USER\"
+      KC_DB_PASSWORD: \"$PASSWORD\"
+      KC_DB: \"postgres\"
 "

keycloak/hooks/web_proxy-relation-joined

@@ -1,11 +1,16 @@
 #!/bin/bash
 
+DOMAIN=$(relation-get domain) || exit 1
+
 set -e
 
 config-add "\
 services:
   $MASTER_BASE_SERVICE_NAME:
     environment:
-      PROXY_ADDRESS_FORWARDING: \"true\"
+      KC_HOSTNAME: "$DOMAIN"
+      KC_PROXY: edge
+      KC_HTTP_ENABLED: \"true\"
+      KC_HOSTNAME_STRICT: \"false\"
 "
 

keycloak/metadata.yml

@@ -1,4 +1,6 @@
-docker-image: docker.0k.io/keycloak:16.1.1  ## jboss/keycloak:16.1.1
+
+data-resources:
+  - /opt/keycloak/themes
 
 default-options:
 

monujo/lib/common

@@ -11,61 +11,85 @@ monujo:code_init() {
     mkdir -p "$LOCATION"
     if dir_is_empty "$LOCATION"; then
         cd "$LOCATION"
-        wget -q "$SOURCE_URL" -O file.tar.bz2
-        tar xjf file.tar.bz2
-        rm file.tar.bz2
+        info "First install, downloading '$SOURCE_URL'."
+        wget -q "$SOURCE_URL" -O file.tar.bz2 || {
+            err "Couldn't download '$SOURCE_URL'."
+            rm file.tar.bz2
+            return 1
+        }
+        tar xjf file.tar.bz2 &&
+        rm file.tar.bz2 &&
         chown root:root "$LOCATION" -R
     fi
 }
 
+export MONUJO_OPTIONS=(
+    lokapi-host:string
+    lokapi-db:string
+    map-url:string
+    local-password-retention-time:numeric
+    theme:struct\*
+)
 
-monujo:code_config_base() {
-
-    MONUJO_OPTIONS=(
-        lokapi-host:string
-        lokapi-db:string
-        map-url:string
-        local-password-retention-time:string
-    )
+export MONUJO_OPTIONS_CONCAT=" ${MONUJO_OPTIONS[*]} "
 
-    MONUJO_OPTIONS_CONCAT=" ${MONUJO_OPTIONS[*]} "
 
+monujo:code_config_base() {
+    local service_def
     service_def=$(get_compose_service_def "$SERVICE_NAME") || return 1
-    echo "{}" > "$CONFIGFILE"
+    options=$(e "$service_def" | shyaml get-value -y options) || true
+
+    e "$options" |
+    monujo:json-make > "$CONFIGFILE" || {
+        err "Failed to make 'config.json'."
+        return 1
+    }
+}
+
+monujo:json-make() {
+    local conv="$1" key val
     ## XXXvlab: Should probably offer some lib to do this
+    local sep=
     while read-0 key val; do
-        key_option=${key//-/_}
+        key=$(e "$key" | shyaml get-value)
         case "$MONUJO_OPTIONS_CONCAT" in
-            *" ${key_option}:bool "*)
+            *" ${key}:bool "*)
                 case "${val,,}" in
                     true|ok|yes|y)
-                        val=yes
+                        val=true
                         ;;
                     false|ko|nok|no|n)
-                        val=no
+                        val=false
                         ;;
                     *)
                         die "Invalid value for ${WHITE}$key$NORMAL, please use a boolean value."
                         ;;
                 esac
                 ;;
-            *" ${key_option}:numeric "*)
+            *" ${key}:numeric "*)
+                val=$(e "$val" | shyaml get-value)
                 if ! is_int "$val"; then
-                    die "Invalid value for ${WHITE}$key$NORMAL, please use numeric value."
+                    err "Invalid value for ${WHITE}$key$NORMAL, please use numeric value."
+                    return 1
                 fi
                 ;;
-            *" ${key_option}:string "*)
-                :
+            *" ${key}:struct* "*)
+                val=$(e "$val" | monujo:json-make noconv) || return 1
                 ;;
-            *)
-                key_option=$(echo "$key_option" | sed 's/_\([a-z0-9]\)/\U\1/g')
-                printf "%s %s\0" "$key_option" "$val"
+            *" ${key}:struct "*)
+                val=$(e "$val" | monujo:json-make) || return 1
+                ;;
+            *" ${key}:string "*|*)
+                val=$(e "$val" | shyaml get-value | jq -Rr tojson)
                 ;;
         esac
-    done < <(printf "%s" "$service_def" | shyaml key-values-0 options) |
-        jq -R 'split("\u0000")  | map(split(" ") | {key: .[0], value: .[1]}) | from_entries' > \
-           "$CONFIGFILE"
-
+        if [ -z "$conv" ]; then
+            key=$(echo "${key//-/_}" | sed 's/_\([a-z0-9]\)/\U\1/g')
+        fi
+        printf "$sep%s\0%s" "$key" "$val"
+        sep="\0\0"
+    done < <(shyaml key-values-0 -y) |
+        jq -sR 'split("\u0000\u0000")  | map(split("\u0000") | {key: .[0], value: .[1] | fromjson}) | from_entries'
 }
 
 

postgres/hooks/postgres_database-relation-joined

@@ -51,8 +51,15 @@ ensure_db_docker_running
 
 ## XXXvlab: should send all these into only one docker...
 if ! db_has_database "$DBNAME"; then
-    db_create "$DBNAME" || exit 1
-
+    INITDB_ARGS=(encoding lc-collate lc-ctype template)
+    CREATEDB_OPTS=()
+    for option in "${INITDB_ARGS[@]}"; do
+        value="$(relation-get "$option" 2>/dev/null)" || true
+        if [ -n "$value" ]; then
+            CREATEDB_OPTS+=("--$option=$value")
+        fi
+    done
+    db_create "$DBNAME" "${CREATEDB_OPTS[@]}" || exit 1
     if sql=$(relation-get init-sql); then
         ddb "$DBNAME" > /dev/null < <(e "$sql") || exit 1
     fi

postgres/lib/common

@@ -63,7 +63,8 @@ db_drop () {
 
 db_create () {
     local dbname="$1"
-    dcmd createdb "$dbname" || return 1
+    shift
+    dcmd createdb "$dbname" "$@" || return 1
     info "Database '$dbname' created."
 }