Merge pull request #2 from pvarki/rasenmaeher_integration

Move Keycloak to separate repo

.pre-commit-config.yaml

@@ -0,0 +1,47 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+default_language_version:
+    python: python3
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.1.0
+    hooks:
+    -   id: no-commit-to-branch
+    -   id: check-executables-have-shebangs
+    -   id: check-ast
+    -   id: check-toml
+    -   id: trailing-whitespace
+    -   id: end-of-file-fixer
+    -   id: check-yaml
+        exclude: "docker-compose.*.yml"
+    -   id: check-added-large-files
+    -   id: check-case-conflict
+    -   id: check-json
+    -   id: check-merge-conflict
+    -   id: check-symlinks
+    -   id: pretty-format-json
+        args:
+        - --autofix
+-   repo: https://github.com/IamTheFij/docker-pre-commit.git
+    rev: v2.1.1
+    hooks:
+    -   id: docker-compose-check
+        files: "docker-compose.*.yml"
+        exclude: ".*.tpl"
+-   repo: https://github.com/Lucas-C/pre-commit-hooks
+    rev: v1.1.13
+    hooks:
+    -   id: forbid-crlf
+    -   id: remove-crlf
+    -   id: forbid-tabs
+    -   id: remove-tabs
+-   repo: https://github.com/Lucas-C/pre-commit-hooks-markup
+    rev: v1.0.1
+    hooks:
+    -   id: rst-linter
+-   repo: https://github.com/Yelp/detect-secrets
+    rev: v1.2.0
+    hooks:
+    -   id: detect-secrets
+        exclude: "poetry.lock|dotenv.example|docker-compose_.*.yml"
+        # args: ['--baseline', '.secrets.baseline']

Dockerfile

@@ -1,6 +1,7 @@
 FROM docker.io/bitnami/openldap:2.5.14
 
 # Adds custom libopenldap.sh that:
-# 1. properly disables anonymous access
+# 1. Properly disables anonymous access
 # 2. Adds memberof-support to openLDAP
-COPY rootfs /
+# 3. Set default custom tree.ldif (if it needs to be customized we need to update the /opt/bitnami/scripts/openldap/entrypoint.s script)
+COPY ./rootfs /

README.md

@@ -1,21 +1,14 @@
-# openLDAP for PVARKI
+# openLDAP with PVARKI defaults
 
-## Local testing
-
-1. Run ```docker-compose -f docker-compose-local.yml up```
-
-This sets bootstraps Keycloak, openLDAP and postgres automatically, and also configures Keycloak.
+## Used as git submodule
 
-## Create users
+This repo is used as submodule in https://github.com/pvarki/docker-rasenmaeher-integration
+it is probably a good idea to handle all development via it because it has docker composition
+for bringin up all the other services rasenmaeher-api depends on
 
-1. Open http://keycloak:8080/admin/master/console/ in browser
-2. Select realm RASENMAEHER
-3. Add group
-4. Create user
-
-This data should be automatically be sync with LDAP.
+## Local testing
 
-## Testing
+1. Run ```docker-compose -f docker-compose-local.yml up```
 
 Execute inside openldap container with uid of created user:
 

docker-compose-local.yml

@@ -1,64 +1,37 @@
 version: '3.7'
 
-services:
-  postgres:
-    image: postgres:12
-    environment:
-      - POSTGRES_USER=kc
-      - POSTGRES_PASSWORD=kc
-      - POSTGRES_DATABASE=kc
-    ports:
-      - '5432:5432'
+x-ldap_admin_env: &ldap_admin_env
+  # FIXME: take from env (which should be set to random)
+  LDAP_ADMIN_PASSWORD: &ldapadminpass ldapadminpwd # pragma: allowlist secret
+  LDAP_ADMIN_USERNAME: &ldapadminuser admin
 
+services:
   openldap:
+    image: pvarki/openldap:latest
     build:
       dockerfile: Dockerfile
     ports:
       - '1389:1389'
-      - '1636:1636'
     environment:
-      - LDAP_ROOT=dc=example,dc=org
-      - LDAP_ADMIN_USERNAME=admin
-      - LDAP_ADMIN_PASSWORD=adminpassword
-      - LDAP_SKIP_DEFAULT_TREE=yes
-      - LDAP_ALLOW_ANON_BINDING=no
-      #- LDAP_LOGLEVEL=-1
+      <<: *ldap_admin_env
+      LDAP_SKIP_DEFAULT_TREE: yes
+      LDAP_ALLOW_ANON_BINDING: no
+      # FIXME: get from env ??
+      LDAP_ROOT: "dc=example,dc=org"  # Probably needs to match the custom ldfis
+#      LDAP_LOGLEVEL: -1
+      # FIXME: Use letsencrypt cert ?
+      #LDAP_ENABLE_TLS: 1
+      #LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/certs/openldap.crt
+      #LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/certs/openldap.key
+      #LDAP_TLS_CA_FILE: /opt/bitnami/openldap/certs/openldapCA.crt
     volumes:
       - openldap_data:/bitnami/openldap
-
-  keycloak:
-    image: bitnami/keycloak:latest
-    ports:
-      - '8080:8080'
-    environment:
-      - KEYCLOAK_ADMIN_USER=admin
-      - KEYCLOAK_ADMIN_PASSWORD=admin
-      - KEYCLOAK_DATABASE_NAME=postgres
-      - KEYCLOAK_DATABASE_HOST=postgres
-      - KEYCLOAK_DATABASE_USER=kc
-      - KEYCLOAK_DATABASE_PASSWORD=kc
-    depends_on:
-      - postgres
-      - openldap
-
-  # init container that sets up profile with realm on keycloak instance
-  keycloak-config-cli:
-    image: adorsys/keycloak-config-cli:latest-21.0.1
-    volumes:
-      - ./keycloak-config:/config
-    environment:
-      - KEYCLOAK_URL=http://keycloak:8080
-      - KEYCLOAK_USER=admin
-      - KEYCLOAK_PASSWORD=admin
-      - KEYCLOAK_SSL-VERIFY=false
-      - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
-      - KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=30s
-      - IMPORT_VAR_SUBSTITUTION_ENABLED=true
-      - LDAP_CONNECTION_URL=ldap://openldap:1389
-      - LDAP_ADMIN_PASSWORD=adminpassword
-    depends_on:
-      - keycloak
+    healthcheck:
+      test: 'ldapsearch -Q -tt -LLL -Y EXTERNAL -H ldapi:/// "(uid=testuser)" -b dc=example,dc=org memberOf'
+      interval: 5s
+      timeout: 5s
+      retries: 3
+      start_period: 5s
 
 volumes:
   openldap_data:
-    driver: local