-
Notifications
You must be signed in to change notification settings - Fork 9
/
_functions_keycloak.sh
142 lines (126 loc) · 6.08 KB
/
_functions_keycloak.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#!/bin/bash -eu
# Don't load it several times
set +u
${_FUNCTIONS_KEYCLOAK_LOADED:-false} && return
set -u
# if the script was started from the base directory, then the
# expansion returns a period
if test "${SCRIPT_DIR}" == "."; then
SCRIPT_DIR="$PWD"
# if the script was not called with an absolute path, then we need to add the
# current working directory to the relative path of the script
elif test "${SCRIPT_DIR:0:1}" != "/"; then
SCRIPT_DIR="$PWD/${SCRIPT_DIR}"
fi
do_get_keycloak_settings() {
if [ "${DEPLOYMENT_KEYCLOAK_ENABLED}" == "false" ]; then
return;
fi
env_var DEPLOYMENT_KEYCLOAK_CONTAINER_NAME "${INSTANCE_KEY}_Keycloak"
}
#
# Drops all Keycloak data used by the instance.
#
do_drop_keycloak_data() {
echo_info "Dropping Keycloak data ..."
if [ "${DEPLOYMENT_KEYCLOAK_ENABLED}" == "true" ]; then
echo_info "Drops Keycloak container ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME} ..."
delete_docker_container ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME}
delete_docker_volume ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME}
echo_info "Done."
echo_info "Keycloak data dropped"
else
echo_info "Skip Drops Keycloak container ..."
fi
}
do_create_keycloak() {
if [ "${DEPLOYMENT_KEYCLOAK_ENABLED}" == "true" ]; then
echo_info "Creation of the Keycloak Docker volume ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME} ..."
create_docker_volume ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME}
fi
}
do_stop_keycloak() {
echo_info "Stopping Keycloak ..."
if [ "${DEPLOYMENT_KEYCLOAK_ENABLED}" == "false" ]; then
echo_info "Keycloak wasn't specified, skiping its server container shutdown"
return
fi
ensure_docker_container_stopped ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME}
echo_info "Keycloak container ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME} stopped."
}
do_start_keycloak() {
echo_info "Starting Keycloak..."
if [ "${DEPLOYMENT_KEYCLOAK_ENABLED}" == "false" ]; then
echo_info "Keycloak not specified, skiping its server container startup"
return
fi
echo_info "Starting Keycloak container ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME} based on image ${DEPLOYMENT_KEYCLOAK_IMAGE}:${DEPLOYMENT_KEYCLOAK_IMAGE_VERSION}"
# Ensure there is no container with the same name
delete_docker_container ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME}
env_var DEP_URL "$(echo ${DEPLOYMENT_URL} | sed -e 's/\(.*\)/\L\1/')"
if [ "${DEPLOYMENT_KEYCLOAK_MODE:-SAML}" = "SAML" ]; then
evaluate_file_content ${ETC_DIR}/keycloak/client_saml2_def.json.template ${DEPLOYMENT_DIR}/client_def.json
else
evaluate_file_content ${ETC_DIR}/keycloak/client_openid_def.json.template ${DEPLOYMENT_DIR}/client_def.json
fi
local _startArgs=""
if ${DEPLOYMENT_APACHE_HTTPSONLY_ENABLED:-false}; then
_startArgs="--proxy edge --hostname-strict=false"
fi
${DOCKER_CMD} run \
-d \
-e KEYCLOAK_ADMIN=root \
-e KEYCLOAK_ADMIN_PASSWORD=password \
-e PROXY_ADDRESS_FORWARDING=${DEPLOYMENT_APACHE_HTTPSONLY_ENABLED:-false} \
-e KC_HTTP_RELATIVE_PATH=/auth \
-p "${DEPLOYMENT_KEYCLOAK_HTTP_PORT}:8080" \
-v ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME}:/opt/keycloak/data \
--name ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME} ${DEPLOYMENT_KEYCLOAK_IMAGE}:${DEPLOYMENT_KEYCLOAK_IMAGE_VERSION} start-dev ${_startArgs}
echo_info "${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME} container started"
check_keycloak_availability
local token=$(curl -X POST "http://localhost:${DEPLOYMENT_KEYCLOAK_HTTP_PORT}/auth/realms/master/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=root" \
-d "password=password" \
-d 'grant_type=password' \
-d 'client_id=admin-cli' | jq -r '.access_token')
local keycloakRootUserId=$(curl -fssL "http://localhost:${DEPLOYMENT_KEYCLOAK_HTTP_PORT}/auth/admin/realms/master/users" -H 'Content-Type: application/json' -H "Authorization: Bearer $token" | jq -r '.[]| select(.username == "root") | .id')
local keycloakCreatedTimestamp=$(curl -fssL "http://localhost:${DEPLOYMENT_KEYCLOAK_HTTP_PORT}/auth/admin/realms/master/users" -H 'Content-Type: application/json' -H "Authorization: Bearer $token" | jq -r '.[]| select(.username == "root") | .createdTimestamp')
curl -s -X PUT --output /dev/null "http://localhost:${DEPLOYMENT_KEYCLOAK_HTTP_PORT}/auth/admin/realms/master/users/${keycloakRootUserId}" \
-H 'Content-type: application/json' \
-H "Authorization: Bearer ${token}" \
-d "{\"id\":\"${keycloakRootUserId}\",\"createdTimestamp\":${keycloakCreatedTimestamp},\"username\":\"root\",\"enabled\":true,\"totp\":false,\"emailVerified\":false,\"disableableCredentialTypes\":[],\"requiredActions\":[],\"notBefore\":0,\"access\":{\"manageGroupMembership\":true,\"view\":true,\"mapRoles\":true,\"impersonate\":true,\"manage\":true},\"attributes\":{},\"email\":\"root@gatein.com\",\"firstName\":\"Root\",\"lastName\":\"Root\"}" \
&& echo_info "Keycloak root user updated"
curl -s -X POST --output /dev/null "http://localhost:${DEPLOYMENT_KEYCLOAK_HTTP_PORT}/auth/admin/realms/master/clients" \
-H 'Content-type: application/json' \
-H "Authorization: Bearer ${token}" \
-d "@${DEPLOYMENT_DIR}/client_def.json" && echo_info "Keycloak client added"
}
check_keycloak_availability() {
echo_info "Waiting for Keycloak availability on port ${DEPLOYMENT_KEYCLOAK_HTTP_PORT}"
local count=0
local try=600
local wait_time=1
local RET=-1
while [ $count -lt $try -a $RET -ne 0 ]; do
count=$(( $count + 1 ))
set +e
curl -s -q --max-time ${wait_time} http://localhost:${DEPLOYMENT_KEYCLOAK_HTTP_PORT} > /dev/null
RET=$?
if [ $RET -ne 0 ]; then
[ $(( ${count} % 10 )) -eq 0 ] && echo_info "Keycloak not yet available (${count} / ${try})..."
echo -n "."
sleep $wait_time
fi
set -e
done
if [ $count -eq $try ]; then
echo_error "Keycloak ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME} not available after $(( ${count} * ${wait_time}))s"
exit 1
fi
echo_info "Keycloak ${DEPLOYMENT_KEYCLOAK_CONTAINER_NAME} up and available"
}
# #############################################################################
# Env var to not load it several times
_FUNCTIONS_KEYCLOAK_LOADED=true
echo_debug "_function_keycloak.sh Loaded"