0k
/
0k-charms
6
3
Fork 2
Code Issues 11 Pull Requests 6 Releases Wiki Activity
Labels Milestones
New Pull Request

[UPD] bump keycloak to 17.0 and improve charm #22

Closed
njeudy wants to merge 3 commits from nj-keycloak-17.0 into master
Conversation 1 Commits 3 Files Changed 9
9 changed files with 120 additions and 75 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 32
      keycloak/README.rst
  2. 12
      keycloak/build/Dockerfile
  3. 37
      keycloak/hooks/post_deploy
  4. 9
      keycloak/hooks/postgres_database-relation-joined
  5. 7
      keycloak/hooks/web_proxy-relation-joined
  6. 4
      keycloak/metadata.yml
  7. 74
      monujo/lib/common
  8. 11
      postgres/hooks/postgres_database-relation-joined
  9. 3
      postgres/lib/common

32
keycloak/README.rst
View File

@ -0,0 +1,32 @@
Description
===========
Using ``keycloak`` version 17.0
Usage
=====
To start with ``keycloak``, just put this service in your
``compose.yml``::
keycloak:
options:
admin-password: CHANGEME
relations:
web-proxy:
frontend:
domain: id.mydomain.fr
Customize theme
===============
You can customize theme by putting your theme in
``/srv/datastore/data/keycloak/opt/keycloak/themes``
For example copy the material folder from
https://github.com/MAXIMUS-DeltaWare/material-keycloak-theme and
restart ``keycloak``.
Then go to your admin console, log in and go to the realm/themes part
to choose you new theme

12
keycloak/build/Dockerfile
View File

@ -0,0 +1,12 @@
FROM quay.io/keycloak/keycloak:17.0.0 as builder
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:17.0.0
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak
ENV KC_LOG_LEVEL=INFO
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

37
keycloak/hooks/post_deploy
View File

@ -1,37 +0,0 @@
#!/bin/bash
## Init is run on host
## For now it is run every time the script is launched, but
## it should be launched only once after build.
## Accessible variables are:
## - SERVICE_NAME Name of current service
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service
PASSWORD_SET_CONTROL="$SERVICE_CONFIGSTORE/.password-set-control"
set -e
if [ -e "$PASSWORD_SET_CONTROL" ]; then
exit 0
fi
containers=($(get_running_containers_for_service "$SERVICE_NAME"))
if [ "${#containers[@]}" == 0 ]; then
err "no containers found for service ${DARKYELLOW}$SERVICE_NAME${NORMAL}"
exit 1
fi
## It is not possible at first glance to reset password, so we decided
## to set to admin/admin. This means it is important to change the
## admin password as soon as possible.
## XXXvlab: taking the first container
container_id="${containers[0]}"
docker exec "$container_id" \
/opt/jboss/keycloak/bin/add-user-keycloak.sh \
-u "admin" -p "admin"
docker restart "$container_id"
mkdir -p "${PASSWORD_SET_CONTROL%/*}" && touch "$PASSWORD_SET_CONTROL"

9
keycloak/hooks/postgres_database-relation-joined
View File

@ -10,9 +10,8 @@ config-add "\
services:
$MASTER_BASE_SERVICE_NAME:
environment:
DB_VENDOR: postgres
DB_ADDR: \"$MASTER_TARGET_SERVICE_NAME\"
DB_DATABASE: \"$DBNAME\"
DB_PASSWORD: \"$PASSWORD\"
DB_USER: \"$USER\"
KC_DB_URL: \"jdbc:postgresql://$MASTER_TARGET_SERVICE_NAME:5432/$DBNAME\"
KC_DB_USERNAME: \"$USER\"
KC_DB_PASSWORD: \"$PASSWORD\"
KC_DB: \"postgres\"
"

7
keycloak/hooks/web_proxy-relation-joined
View File

@ -1,11 +1,16 @@
#!/bin/bash
DOMAIN=$(relation-get domain) || exit 1
set -e
config-add "\
services:
$MASTER_BASE_SERVICE_NAME:
environment:
PROXY_ADDRESS_FORWARDING: \"true\"
KC_HOSTNAME: "$DOMAIN"
KC_PROXY: edge
KC_HTTP_ENABLED: \"true\"
KC_HOSTNAME_STRICT: \"false\"
"

4
keycloak/metadata.yml
View File

@ -1,4 +1,6 @@
docker-image: docker.0k.io/keycloak:16.1.1 ## jboss/keycloak:16.1.1
data-resources:
- /opt/keycloak/themes
default-options:

74
monujo/lib/common
View File

@ -11,61 +11,85 @@ monujo:code_init() {
mkdir -p "$LOCATION"
if dir_is_empty "$LOCATION"; then
cd "$LOCATION"
wget -q "$SOURCE_URL" -O file.tar.bz2
tar xjf file.tar.bz2
info "First install, downloading '$SOURCE_URL'."
wget -q "$SOURCE_URL" -O file.tar.bz2 || {
err "Couldn't download '$SOURCE_URL'."
rm file.tar.bz2
return 1
}
tar xjf file.tar.bz2 &&
rm file.tar.bz2 &&
chown root:root "$LOCATION" -R
fi
}
monujo:code_config_base() {
MONUJO_OPTIONS=(
export MONUJO_OPTIONS=(
lokapi-host:string
lokapi-db:string
map-url:string
local-password-retention-time:string
)
local-password-retention-time:numeric
theme:struct\*
)
MONUJO_OPTIONS_CONCAT=" ${MONUJO_OPTIONS[*]} "
export MONUJO_OPTIONS_CONCAT=" ${MONUJO_OPTIONS[*]} "
monujo:code_config_base() {
local service_def
service_def=$(get_compose_service_def "$SERVICE_NAME") || return 1
echo "{}" > "$CONFIGFILE"
options=$(e "$service_def" | shyaml get-value -y options) || true
e "$options" |
monujo:json-make > "$CONFIGFILE" || {
err "Failed to make 'config.json'."
return 1
}
}
monujo:json-make() {
local conv="$1" key val
## XXXvlab: Should probably offer some lib to do this
local sep=
while read-0 key val; do
key_option=${key//-/_}
key=$(e "$key" | shyaml get-value)
case "$MONUJO_OPTIONS_CONCAT" in
*" ${key_option}:bool "*)
*" ${key}:bool "*)
case "${val,,}" in
true|ok|yes|y)
val=yes
val=true
;;
false|ko|nok|no|n)
val=no
val=false
;;
*)
die "Invalid value for ${WHITE}$key$NORMAL, please use a boolean value."
;;
esac
;;
*" ${key_option}:numeric "*)
*" ${key}:numeric "*)
val=$(e "$val" | shyaml get-value)
if ! is_int "$val"; then
die "Invalid value for ${WHITE}$key$NORMAL, please use numeric value."
err "Invalid value for ${WHITE}$key$NORMAL, please use numeric value."
return 1
fi
;;
*" ${key_option}:string "*)
:
*" ${key}:struct* "*)
val=$(e "$val" | monujo:json-make noconv) || return 1
;;
*)
key_option=$(echo "$key_option" | sed 's/_\([a-z0-9]\)/\U\1/g')
printf "%s %s\0" "$key_option" "$val"
*" ${key}:struct "*)
val=$(e "$val" | monujo:json-make) || return 1
;;
*" ${key}:string "*|*)
val=$(e "$val" | shyaml get-value | jq -Rr tojson)
;;
esac
done < <(printf "%s" "$service_def" | shyaml key-values-0 options) |
jq -R 'split("\u0000") | map(split(" ") | {key: .[0], value: .[1]}) | from_entries' > \
"$CONFIGFILE"
if [ -z "$conv" ]; then
key=$(echo "${key//-/_}" | sed 's/_\([a-z0-9]\)/\U\1/g')
fi
printf "$sep%s\0%s" "$key" "$val"
sep="\0\0"
done < <(shyaml key-values-0 -y) |
jq -sR 'split("\u0000\u0000") | map(split("\u0000") | {key: .[0], value: .[1] | fromjson}) | from_entries'
}

11
postgres/hooks/postgres_database-relation-joined
View File

@ -51,8 +51,15 @@ ensure_db_docker_running
## XXXvlab: should send all these into only one docker...
if ! db_has_database "$DBNAME"; then
db_create "$DBNAME" || exit 1
INITDB_ARGS=(encoding lc-collate lc-ctype template)
CREATEDB_OPTS=()
for option in "${INITDB_ARGS[@]}"; do
value="$(relation-get "$option" 2>/dev/null)" || true
if [ -n "$value" ]; then
CREATEDB_OPTS+=("--$option=$value")
fi
done
db_create "$DBNAME" "${CREATEDB_OPTS[@]}" || exit 1
if sql=$(relation-get init-sql); then
ddb "$DBNAME" > /dev/null < <(e "$sql") || exit 1
fi

3
postgres/lib/common
View File

@ -63,7 +63,8 @@ db_drop () {
db_create () {
local dbname="$1"
dcmd createdb "$dbname" || return 1
shift
dcmd createdb "$dbname" "$@" || return 1
info "Database '$dbname' created."
}

Write Preview
Loading…
Cancel
Save