From 0cefa742d0df53ba8a42d5ea87ae1ae6e7d2d221 Mon Sep 17 00:00:00 2001 From: Martin Weise <martin.weise@tuwien.ac.at> Date: Mon, 13 Mar 2023 22:23:00 +0100 Subject: [PATCH] Added Keycloak --- docker-compose.yml | 5 +++ fda-authentication-service/Dockerfile | 45 +++++++++++++++---- .../dbrepo-keycloak-realm.json | 0 .../docker-entrypoint.sh | 5 +++ fda-metadata-db/setup-schema.sql | 2 + 5 files changed, 49 insertions(+), 8 deletions(-) create mode 100644 fda-authentication-service/dbrepo-keycloak-realm.json create mode 100644 fda-authentication-service/docker-entrypoint.sh diff --git a/docker-compose.yml b/docker-compose.yml index 955a59d41c..1380a51ddb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,6 +8,7 @@ volumes: metadata-db-data: search-service-data: broker-service-data: + authentication-service-data: networks: userdb: @@ -136,8 +137,12 @@ services: core: ports: - "9097:9097" + - "8443:8443" + - "8080:8080" env_file: - .env + volumes: + - authentication-service-data:/opt/keycloak/data/ depends_on: fda-discovery-service: condition: service_healthy diff --git a/fda-authentication-service/Dockerfile b/fda-authentication-service/Dockerfile index 76f9271990..117770a3cd 100644 --- a/fda-authentication-service/Dockerfile +++ b/fda-authentication-service/Dockerfile @@ -3,6 +3,22 @@ FROM fda-metadata-db:latest as dependency MAINTAINER Martin Weise <martin.weise@tuwien.ac.at> ###### SECOND STAGE ###### +FROM keycloak/keycloak:21.0 as config + +# Enable health and metrics support +ENV KC_HEALTH_ENABLED=true +ENV KC_METRICS_ENABLED=true +ENV KC_FEATURES=account-api + +# Configure a database vendor +ENV KC_DB=mariadb + +WORKDIR /opt/keycloak +# for demonstration purposes only, please make sure to use proper certificates in production instead +RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore +RUN /opt/keycloak/bin/kc.sh build + +###### THIRD STAGE ###### FROM maven:slim as build COPY ./pom.xml ./ @@ -18,8 +34,16 @@ COPY ./report ./report # Make sure it compiles RUN mvn -q clean package -DskipTests -###### THIRD STAGE ###### -FROM openjdk:11-jre-slim as runtime +###### FOURTH STAGE ###### +FROM keycloak/keycloak:21.0 as runtime +COPY --from=config /opt/keycloak/ /opt/keycloak/ + +USER root + +COPY ./service_ready /usr/bin +COPY ./docker-entrypoint.sh /usr/bin +COPY dbrepo-keycloak-realm.json /dbrepo-keycloak-realm.json +RUN chmod +x /usr/bin/service_ready /usr/bin/docker-entrypoint.sh ENV METADATA_DB=fda ENV METADATA_USERNAME=root @@ -40,13 +64,18 @@ ENV SMTP_PORT="" ENV SMTP_USERNAME="" ENV SMTP_PASSWORD="" ENV LOG_LEVEL=debug -ENV DEFAULT_ROLES=ROLE_RESEARCHER -ENV SUPERUSERS="" -VOLUME /tmp +ENV KC_DB=mariadb +ENV KC_DB_URL=jdbc:mariadb://fda-metadata-db/keycloak +ENV KC_DB_USERNAME=${METADATA_USERNAME} +ENV KC_DB_PASSWORD=${METADATA_PASSWORD} +ENV KC_HOSTNAME=localhost -COPY ./service_ready /usr/bin -RUN chmod +x /usr/bin/service_ready +ENV KEYCLOAK_IMPORT=/dbrepo-keycloak-realm.json +ENV KEYCLOAK_ADMIN=keycloak +ENV KEYCLOAK_ADMIN_PASSWORD=keycloak + +VOLUME /tmp HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD service_ready @@ -54,4 +83,4 @@ COPY --from=build ./rest-service/target/rest-service-*.jar ./authentication-serv EXPOSE 9097 -ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "./authentication-service.jar"] +ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] diff --git a/fda-authentication-service/dbrepo-keycloak-realm.json b/fda-authentication-service/dbrepo-keycloak-realm.json new file mode 100644 index 0000000000..e69de29bb2 diff --git a/fda-authentication-service/docker-entrypoint.sh b/fda-authentication-service/docker-entrypoint.sh new file mode 100644 index 0000000000..cfc3f7e184 --- /dev/null +++ b/fda-authentication-service/docker-entrypoint.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +(java -Dlog4j2.formatMsgNoLookups=true -jar ./authentication-service.jar) & + +/opt/keycloak/bin/kc.sh start \ No newline at end of file diff --git a/fda-metadata-db/setup-schema.sql b/fda-metadata-db/setup-schema.sql index ff4afcc630..4e77b22b99 100644 --- a/fda-metadata-db/setup-schema.sql +++ b/fda-metadata-db/setup-schema.sql @@ -1,3 +1,5 @@ +CREATE DATABASE keycloak; + BEGIN; CREATE TABLE IF NOT EXISTS mdb_users -- GitLab