Added: custom Keycloak image with scripts for setting up SPI

GPortas · GPortas · commit 8fd954ca63de · 2025-04-04T10:13:07.000+01:00
diff --git a/dev-env/docker-compose-dev.yml b/dev-env/docker-compose-dev.yml
@@ -53,6 +53,7 @@ services:
       DATAVERSE_AUTH_OIDC_CLIENT_ID: test
       DATAVERSE_AUTH_OIDC_CLIENT_SECRET: 94XHrfNRwXsjqTqApRrwWmhDLDHpIYV8
       DATAVERSE_AUTH_OIDC_AUTH_SERVER_URL: http://keycloak.mydomain.com:9080/realms/test
+      DATAVERSE_FEATURE_API_BEARER_AUTH_USE_BUILTIN_USER_ON_ID_MATCH: 1
       JVM_ARGS: -Ddataverse.pid.providers=fake
         -Ddataverse.pid.default-provider=fake
         -Ddataverse.pid.fake.type=FAKE
@@ -182,28 +183,50 @@ services:
       - /mail:mode=770,size=128M,uid=1000,gid=1000
 
   dev_keycloak:
-    container_name: 'dev_keycloak'
-    image: 'quay.io/keycloak/keycloak:21.0'
+    container_name: "dev_keycloak"
+    build:
+      context: ./keycloak
+      dockerfile: Dockerfile
+    image: gdcc/keycloak
     hostname: keycloak
-    command:
-      - 'start-dev'
-      - '--import-realm'
     environment:
-      - KC_HTTP_PORT=9080
-      - KC_HOSTNAME=localhost
-      - KC_HOSTNAME_PORT=8000
-      - KC_HOSTNAME_ADMIN_URL=http://localhost:8000
       - KEYCLOAK_ADMIN=kcadmin
       - KEYCLOAK_ADMIN_PASSWORD=kcpassword
       - KEYCLOAK_LOGLEVEL=DEBUG
+      - KC_HOSTNAME_STRICT=false
+      - KC_HOSTNAME=localhost
+      - KC_HTTP_PORT=9080
+      - KC_DB=postgres
+      - KC_DB_URL=jdbc:postgresql://postgres:5432/dataverse
+      - KC_DB_USERNAME=${DATAVERSE_DB_USER}
+      - KC_DB_PASSWORD=secret
+      - DATAVERSE_DB_HOST=postgres
+      - DATAVERSE_DB_PORT=5432
+      - DATAVERSE_DB_USER=${DATAVERSE_DB_USER}
+      - DATAVERSE_DB_PASSWORD=secret
+      - DATAVERSE_BASE_URL=http://dataverse:8080
     networks:
       dataverse:
         aliases:
           - keycloak.mydomain.com
+    command: start-dev --verbose --import-realm
     expose:
-      - 9080
+      - '9000'
+      - '9080'
+
+  dev_keycloak_initializer:
+    image: alpine:latest
+    container_name: "dev_keycloak_initializer"
+    depends_on:
+      - dev_keycloak
+    environment:
+      - KEYCLOAK_ADMIN=kcadmin
+      - KEYCLOAK_ADMIN_PASSWORD=kcpassword
     volumes:
-      - './keycloak/test-realm.json:/opt/keycloak/data/import/test-realm.json'
+      - ./keycloak/setup-spi.sh:/usr/local/bin/setup-spi.sh
+    command: [ "/bin/sh", "-c", "apk add --no-cache curl jq && /usr/local/bin/setup-spi.sh" ]
+    networks:
+      - dataverse
 
 networks:
   dataverse:
diff --git a/dev-env/keycloak/Dockerfile b/dev-env/keycloak/Dockerfile
@@ -0,0 +1,23 @@
+FROM quay.io/keycloak/keycloak:26.1.4
+
+# Add the Oracle JDBC jars
+ARG ORACLE_JDBC_VERSION=23.7.0.25.01
+ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc11/${ORACLE_JDBC_VERSION}/ojdbc11-${ORACLE_JDBC_VERSION}.jar /opt/keycloak/providers/ojdbc11.jar
+ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/oracle/database/nls/orai18n/${ORACLE_JDBC_VERSION}/orai18n-${ORACLE_JDBC_VERSION}.jar /opt/keycloak/providers/orai18n.jar
+
+# Health build parameter
+ENV KC_HEALTH_ENABLED=true
+
+# Copy SPI JAR
+COPY keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar /opt/keycloak/providers/
+
+# Copy additional configurations
+COPY quarkus.properties /opt/keycloak/conf/
+COPY test-realm.json /opt/keycloak/data/import/
+
+# Set the Keycloak command
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+CMD ["start-dev", "--import-realm", "--http-port=9080"]
+
+# Expose port 9080
+EXPOSE 9080
diff --git a/dev-env/keycloak/quarkus.properties b/dev-env/keycloak/quarkus.properties
@@ -0,0 +1,15 @@
+quarkus.datasource.user-store.db-kind=postgresql
+quarkus.datasource.user-store.jdbc.url=jdbc:postgresql://${DATAVERSE_DB_HOST}:${DATAVERSE_DB_PORT}/dataverse
+quarkus.datasource.user-store.username=${DATAVERSE_DB_USER}
+quarkus.datasource.user-store.password=${DATAVERSE_DB_PASSWORD}
+
+quarkus.datasource.user-store.jdbc.driver=org.postgresql.Driver
+quarkus.datasource.user-store.jdbc.transactions=disabled
+quarkus.transaction-manager.unsafe-multiple-last-resources=allow
+
+quarkus.datasource.user-store.jdbc.recovery.username=${DATAVERSE_DB_USER}
+quarkus.datasource.user-store.jdbc.recovery.password=${DATAVERSE_DB_PASSWORD}
+
+quarkus.datasource.user-store.jdbc.xa-properties.serverName=${DATAVERSE_DB_HOST}
+quarkus.datasource.user-store.jdbc.xa-properties.portNumber=${DATAVERSE_DB_PORT}
+quarkus.datasource.user-store.jdbc.xa-properties.databaseName=dataverse
diff --git a/dev-env/keycloak/setup-spi.sh b/dev-env/keycloak/setup-spi.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+echo "Waiting for Keycloak to be fully up..."
+
+# Loop until the health check returns 200
+while true; do
+  RESPONSE=$(curl -s -w "\n%{http_code}" "http://keycloak:9000/health")
+  HTTP_BODY=$(echo "$RESPONSE" | head -n -1)   # Extract response body
+  HTTP_CODE=$(echo "$RESPONSE" | tail -n 1)    # Extract HTTP status code
+
+  if [ "$HTTP_CODE" -eq 200 ]; then
+    echo "Keycloak is up! (HTTP $HTTP_CODE)"
+    break
+  else
+    echo "Health check failed (HTTP $HTTP_CODE). Response: $HTTP_BODY"
+    sleep 5
+  fi
+done
+
+echo "Keycloak is up and running! Executing SPI setup script..."
+
+# Obtain admin token
+ADMIN_TOKEN=$(curl -s -X POST "http://keycloak:9080/realms/master/protocol/openid-connect/token" \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "username=$KEYCLOAK_ADMIN" \
+  -d "password=$KEYCLOAK_ADMIN_PASSWORD" \
+  -d "grant_type=password" \
+  -d "client_id=admin-cli" | jq -r .access_token)
+
+# Create user storage provider using the components endpoint
+curl -X POST "http://keycloak:9080/admin/realms/test/components" \
+  -H "Authorization: Bearer $ADMIN_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "name": "Dataverse built-in users authentication",
+    "providerId": "dv-builtin-users-authenticator",
+    "providerType": "org.keycloak.storage.UserStorageProvider",
+    "parentId": null
+  }'
+
+echo "Keycloak SPI configured in realm."
