From 0cefa742d0df53ba8a42d5ea87ae1ae6e7d2d221 Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Mon, 13 Mar 2023 22:23:00 +0100
Subject: [PATCH] Added Keycloak

---
 docker-compose.yml                            |  5 +++
 fda-authentication-service/Dockerfile         | 45 +++++++++++++++----
 .../dbrepo-keycloak-realm.json                |  0
 .../docker-entrypoint.sh                      |  5 +++
 fda-metadata-db/setup-schema.sql              |  2 +
 5 files changed, 49 insertions(+), 8 deletions(-)
 create mode 100644 fda-authentication-service/dbrepo-keycloak-realm.json
 create mode 100644 fda-authentication-service/docker-entrypoint.sh

diff --git a/docker-compose.yml b/docker-compose.yml
index 955a59d41c..1380a51ddb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,7 @@ volumes:
   metadata-db-data:
   search-service-data:
   broker-service-data:
+  authentication-service-data:
 
 networks:
   userdb:
@@ -136,8 +137,12 @@ services:
       core:
     ports:
       - "9097:9097"
+      - "8443:8443"
+      - "8080:8080"
     env_file:
       - .env
+    volumes:
+      - authentication-service-data:/opt/keycloak/data/
     depends_on:
       fda-discovery-service:
         condition: service_healthy
diff --git a/fda-authentication-service/Dockerfile b/fda-authentication-service/Dockerfile
index 76f9271990..117770a3cd 100644
--- a/fda-authentication-service/Dockerfile
+++ b/fda-authentication-service/Dockerfile
@@ -3,6 +3,22 @@ FROM fda-metadata-db:latest as dependency
 MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
 
 ###### SECOND STAGE ######
+FROM keycloak/keycloak:21.0 as config
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+ENV KC_FEATURES=account-api
+
+# Configure a database vendor
+ENV KC_DB=mariadb
+
+WORKDIR /opt/keycloak
+# for demonstration purposes only, please make sure to use proper certificates in production instead
+RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
+RUN /opt/keycloak/bin/kc.sh build
+
+###### THIRD STAGE ######
 FROM maven:slim as build
 
 COPY ./pom.xml ./
@@ -18,8 +34,16 @@ COPY ./report ./report
 # Make sure it compiles
 RUN mvn -q clean package -DskipTests
 
-###### THIRD STAGE ######
-FROM openjdk:11-jre-slim as runtime
+###### FOURTH STAGE ######
+FROM keycloak/keycloak:21.0 as runtime
+COPY --from=config /opt/keycloak/ /opt/keycloak/
+
+USER root
+
+COPY ./service_ready /usr/bin
+COPY ./docker-entrypoint.sh /usr/bin
+COPY dbrepo-keycloak-realm.json /dbrepo-keycloak-realm.json
+RUN chmod +x /usr/bin/service_ready /usr/bin/docker-entrypoint.sh
 
 ENV METADATA_DB=fda
 ENV METADATA_USERNAME=root
@@ -40,13 +64,18 @@ ENV SMTP_PORT=""
 ENV SMTP_USERNAME=""
 ENV SMTP_PASSWORD=""
 ENV LOG_LEVEL=debug
-ENV DEFAULT_ROLES=ROLE_RESEARCHER
-ENV SUPERUSERS=""
 
-VOLUME /tmp
+ENV KC_DB=mariadb
+ENV KC_DB_URL=jdbc:mariadb://fda-metadata-db/keycloak
+ENV KC_DB_USERNAME=${METADATA_USERNAME}
+ENV KC_DB_PASSWORD=${METADATA_PASSWORD}
+ENV KC_HOSTNAME=localhost
 
-COPY ./service_ready /usr/bin
-RUN chmod +x /usr/bin/service_ready
+ENV KEYCLOAK_IMPORT=/dbrepo-keycloak-realm.json
+ENV KEYCLOAK_ADMIN=keycloak
+ENV KEYCLOAK_ADMIN_PASSWORD=keycloak
+
+VOLUME /tmp
 
 HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD service_ready
 
@@ -54,4 +83,4 @@ COPY --from=build ./rest-service/target/rest-service-*.jar ./authentication-serv
 
 EXPOSE 9097
 
-ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "./authentication-service.jar"]
+ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
diff --git a/fda-authentication-service/dbrepo-keycloak-realm.json b/fda-authentication-service/dbrepo-keycloak-realm.json
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/fda-authentication-service/docker-entrypoint.sh b/fda-authentication-service/docker-entrypoint.sh
new file mode 100644
index 0000000000..cfc3f7e184
--- /dev/null
+++ b/fda-authentication-service/docker-entrypoint.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+(java -Dlog4j2.formatMsgNoLookups=true -jar ./authentication-service.jar) &
+
+/opt/keycloak/bin/kc.sh start
\ No newline at end of file
diff --git a/fda-metadata-db/setup-schema.sql b/fda-metadata-db/setup-schema.sql
index ff4afcc630..4e77b22b99 100644
--- a/fda-metadata-db/setup-schema.sql
+++ b/fda-metadata-db/setup-schema.sql
@@ -1,3 +1,5 @@
+CREATE DATABASE keycloak;
+
 BEGIN;
 
 CREATE TABLE IF NOT EXISTS mdb_users
-- 
GitLab