docker-compose.yaml

# SPDX-FileCopyrightText: 2019-2020 Magenta ApS
# SPDX-License-Identifier: MPL-2.0
version: '3.9'
services:
  keycloak:
    image: quay.io/keycloak/keycloak:14.0.0
    ports:
      - "8081:8080"
    environment:
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      DB_VENDOR: POSTGRES
      DB_ADDR: "keycloak-db"
      DB_USER: keycloak
      DB_PASSWORD: keycloak
      DB_SCHEMA: public
      DB_DATABASE: keycloak
      # PROXY_ADDRESS_FORWARDING: 'true'
      # KEYCLOAK_FRONTEND_URL: https://proxy/auth
      # KEYCLOAK_LOGLEVEL: DEBUG
    depends_on:
      keycloak-db:
        condition: service_healthy
    volumes:
      - keycloak-volume:/srv/:ro
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/auth/"]
      interval: 5s
      timeout: 5s
      retries: 3
      start_period: 60s

  keycloak-sd:
    build:
      context: integration
    environment:
      POSTGRES_CONNECTION_STRING: postgres://keycloak:keycloak@keycloak-db/keycloak?sslmode=disable
      POSTGRES_SCHEMA_NAME: terraform_remote_state_sd_changed_at

      TF_VAR_admin_username: admin
      TF_VAR_admin_password: admin
      TF_VAR_url: "http://keycloak:8080"

      TF_VAR_client_name: sd
      TF_VAR_client_secret: 1ca5ef4a-eed9-4142-9c82-f8e4bab67d9e
      TF_VAR_client_roles: '["admin"]'
      TF_VAR_client_uuid: 5d05d05d-baad-c0de-0000-53444c6f656e
    depends_on:
      keycloak:
        condition: service_healthy
      keycloak-gen:
        condition: service_completed_successfully

  keycloak-gen:
    build: .
    environment:
      POSTGRES_CONNECTION_STRING: postgres://keycloak:keycloak@keycloak-db/keycloak?sslmode=disable

      KEYCLOAK_ADMIN_USERNAME: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KEYCLOAK_URL: "http://keycloak:8080"

      KEYCLOAK_VERSION: 14.0.0
      KEYCLOAK_SSL_REQUIRED_MO: external
      KEYCLOAK_SSL_REQUIRED_LORA: external
      KEYCLOAK_DIPEX_CLIENT_ENABLED: "true"
      KEYCLOAK_DIPEX_CLIENT_SECRET: 0ba5ef4a-eed9-4142-9c82-f8e4bab67d8d
      KEYCLOAK_DIPEX_TOKEN_LIFESPAN: 360

      KEYCLOAK_RBAC_ENABLED: "true"
      KEYCLOAK_REALM_USERS: '[
        {
          "username": "bruce",
          "password": "bruce",
          "firstname": "Bruce",
          "lastname": "Lee",
          "email": "bruce@kung.fu",
          "roles": ["admin"],
          "enabled": true
        }]'
      KEYCLOAK_MO_CLIENT_REDIRECT_URI: '["http://localhost:5001/*", "*"]'
      KEYCLOAK_MO_CLIENT_WEB_ORIGIN: '["http://localhost:5001", "*"]'
      KEYCLOAK_MO_TOKEN_LIFESPAN: 900

      KEYCLOAK_LORA_REALM_ENABLED: "true"

      KEYCLOAK_IDP_ENABLE: "true"
      KEYCLOAK_IDP_ENCRYPTION_KEY: "MIIDXTCCAkWgAwIBAgIJALmVVuDWu4NYMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTYxMjMxMTQzNDQ3WhcNNDgwNjI1MTQzNDQ3WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUCFozgNb1h1M0jzNRSCjhOBnR+uVbVpaWfXYIR+AhWDdEe5ryY+CgavOg8bfLybyzFdehlYdDRgkedEB/GjG8aJw06l0qF4jDOAw0kEygWCu2mcH7XOxRt+YAH3TVHa/Hu1W3WjzkobqqqLQ8gkKWWM27fOgAZ6GieaJBN6VBSMMcPey3HWLBmc+TYJmv1dbaO2jHhKh8pfKw0W12VM8P1PIO8gv4Phu/uuJYieBWKixBEyy0lHjyixYFCR12xdh4CA47q958ZRGnnDUGFVE1QhgRacJCOZ9bd5t9mr8KLaVBYTCJo5ERE8jymab5dPqe5qKfJsCZiqWglbjUo9twIDAQABo1AwTjAdBgNVHQ4EFgQUxpuwcs/CYQOyui+r1G+3KxBNhxkwHwYDVR0jBBgwFoAUxpuwcs/CYQOyui+r1G+3KxBNhxkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAiWUKs/2x/viNCKi3Y6blEuCtAGhzOOZ9EjrvJ8+COH3Rag3tVBWrcBZ3/uhhPq5gy9lqw4OkvEws99/5jFsX1FJ6MKBgqfuy7yh5s1YfM0ANHYczMmYpZeAcQf2CGAaVfwTTfSlzNLsF2lW/ly7yapFzlYSJLGoVE+OHEu8g5SlNACUEfkXw+5Eghh+KzlIN7R6Q7r2ixWNFBC/jWf7NKUfJyX8qIG5md1YUeT6GBW9Bm2/1/RiO24JTaYlfLdKK9TYb8sG5B+OLab2DImG99CJ25RkAcSobWNF5zD0O6lgOo3cEdB/ksCq3hmtlC/DlLZ/D8CJ+7VuZnS1rR2naQ=="
      KEYCLOAK_IDP_NAME_ID_POLICY_FORMAT: "Unspecified"
      KEYCLOAK_IDP_SIGNED_REQUESTS: "true"
      KEYCLOAK_IDP_SIGNING_CERTIFICATE: "MIIDXTCCAkWgAwIBAgIJALmVVuDWu4NYMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTYxMjMxMTQzNDQ3WhcNNDgwNjI1MTQzNDQ3WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUCFozgNb1h1M0jzNRSCjhOBnR+uVbVpaWfXYIR+AhWDdEe5ryY+CgavOg8bfLybyzFdehlYdDRgkedEB/GjG8aJw06l0qF4jDOAw0kEygWCu2mcH7XOxRt+YAH3TVHa/Hu1W3WjzkobqqqLQ8gkKWWM27fOgAZ6GieaJBN6VBSMMcPey3HWLBmc+TYJmv1dbaO2jHhKh8pfKw0W12VM8P1PIO8gv4Phu/uuJYieBWKixBEyy0lHjyixYFCR12xdh4CA47q958ZRGnnDUGFVE1QhgRacJCOZ9bd5t9mr8KLaVBYTCJo5ERE8jymab5dPqe5qKfJsCZiqWglbjUo9twIDAQABo1AwTjAdBgNVHQ4EFgQUxpuwcs/CYQOyui+r1G+3KxBNhxkwHwYDVR0jBBgwFoAUxpuwcs/CYQOyui+r1G+3KxBNhxkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAiWUKs/2x/viNCKi3Y6blEuCtAGhzOOZ9EjrvJ8+COH3Rag3tVBWrcBZ3/uhhPq5gy9lqw4OkvEws99/5jFsX1FJ6MKBgqfuy7yh5s1YfM0ANHYczMmYpZeAcQf2CGAaVfwTTfSlzNLsF2lW/ly7yapFzlYSJLGoVE+OHEu8g5SlNACUEfkXw+5Eghh+KzlIN7R6Q7r2ixWNFBC/jWf7NKUfJyX8qIG5md1YUeT6GBW9Bm2/1/RiO24JTaYlfLdKK9TYb8sG5B+OLab2DImG99CJ25RkAcSobWNF5zD0O6lgOo3cEdB/ksCq3hmtlC/DlLZ/D8CJ+7VuZnS1rR2naQ=="
      KEYCLOAK_IDP_ENTITY_ID: "http://localhost:8081"
      KEYCLOAK_IDP_LOGOUT_SERVICE_URL: "https://idp.filth.biz/simplesaml/saml2/idp/SingleLogoutService.php"
      KEYCLOAK_IDP_SIGNON_SERVICE_URL: "https://idp.filth.biz/simplesaml/saml2/idp/SSOService.php"
    volumes:
      - keycloak-volume:/srv/
    depends_on:
      keycloak:
        condition: service_healthy

  keycloak-db:
    image: postgres:13.3
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: keycloak
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "keycloak"]
      interval: 5s
      timeout: 5s
      retries: 3
      start_period: 30s
volumes:
  keycloak-volume: