Local lagoon minimal

test/Makefile

@@ -0,0 +1,34 @@
+SHELL := /bin/bash
+
+KCADM = /opt/jboss/keycloak/bin/kcadm.sh
+KCADM_CONFIG = /tmp/.keycloak/kcadm.config
+KCADM_STRING = --server http://$$(hostname -i):8080/auth --user $$KEYCLOAK_ADMIN_USER --password $$KEYCLOAK_ADMIN_PASSWORD --realm master
+KCADM_LOGIN = $(KCADM) config credentials --config $(KCADM_CONFIG) $(KCADM_STRING)
+
+.PHONY: build-lagoon
+build-lagoon:
+	docker compose up -d --quiet-pull
+	$(MAKE) wait-for-keycloak
+	@echo "\nYour Lagoon stack is now running locally - use 'GRAPHQL_API=http://0.0.0.0:33000/graphql KEYCLOAK_API=http://0.0.0.0:38088/auth' as the variables to access it\n"
+
+.PHONY: wait-for-keycloak
+wait-for-keycloak:
+	$(info Waiting for Keycloak to be ready....)
+	grep -m 1 "Config of Keycloak done." <(docker compose --compatibility logs -f keycloak 2>&1)
+
+.PHONY: keycloak-setup
+keycloak-setup:
+	docker compose exec keycloak bash -c "/upload/configure-keycloak.sh"
+
+.PHONY: reload-data
+reload-data:
+	docker compose up -d local-api-data-watcher-pusher
+
+.PHONY: down
+down:
+	docker compose down --remove-orphans --volumes
+
+.PHONY: up
+up:
+	$(MAKE) build-lagoon 
+	$(MAKE) keycloak-setup

test/README.md

@@ -0,0 +1,16 @@
+## Lagoon minimal setup
+
+Use this docker-compose.yml to start a minimal Lagoon Core for testing purposes.
+
+### Running it
+
+Simple! Just run `make up` - this will pull the images, start Lagoon, and auto-configure the passwords.
+
+Lagoon comes built-in with organizations, groups, projects and users.
+
+All usernames have matching passwords (eg user:owner@example.com pass:owner@example.com)
+
+The file is configured to start the API and keycloak on non-usual ports to avoid any collisions
+
+Use `GRAPHQL_API=http://0.0.0.0:33000/graphql KEYCLOAK_API=http://0.0.0.0:38088/auth` with any tools.
+

test/docker-compose.yaml

@@ -0,0 +1,70 @@
+version: '3.2'
+
+name: lagoon-minimal
+
+services:
+  api-db:
+    image: testlagoon/api-db:main
+    networks:
+      - default
+  broker:
+    image: testlagoon/broker-single:main
+    restart: on-failure
+    networks:
+      - default
+  api-init:
+    image: testlagoon/api:main
+    command: ./node_modules/.bin/knex migrate:latest --cwd /app/services/api/database
+    depends_on:
+      - api-db
+      - keycloak
+  api:
+    image: testlagoon/api:main
+    ports:
+      - '33000:3000'
+    networks:
+      - default
+    environment:
+      - KEYCLOAK_URL=http://172.17.0.1:38088
+      - NODE_ENV=development
+      - OPENSEARCH_INTEGRATION_ENABLED=false
+      - DISABLE_CORE_HARBOR=true
+      - CI=${CI:-true}
+      - S3_FILES_HOST=http://0.0.0.0:39000
+      - S3_BAAS_ACCESS_KEY_ID=minio
+      - S3_BAAS_SECRET_ACCESS_KEY=minio123
+      - CONSOLE_LOGGING_LEVEL=trace
+    depends_on:
+      - api-init
+  api-redis:
+    image: testlagoon/api-redis:main
+  keycloak:
+    image: testlagoon/keycloak:main
+    depends_on:
+      - keycloak-db
+    ports:
+      - '38088:8080'
+    volumes:
+      - ./keycloak:/upload
+    environment:
+     - KEYCLOAK_FRONTEND_URL=http://0.0.0.0:38088/auth
+  keycloak-db:
+    image: testlagoon/keycloak-db:main
+  local-minio:
+    image: minio/minio
+    entrypoint: sh
+    command: -c 'mkdir -p /export/restores  && mkdir -p /export/lagoon-files && mkdir -p /export/harbor-images && minio server /export --console-address ":9001" '
+    ports:
+      - '39000:9000'
+      - '39001:9001'
+    environment:
+      - MINIO_ROOT_USER=minio
+      - MINIO_ROOT_PASSWORD=minio123
+  local-api-data-watcher-pusher:
+    image: testlagoon/local-api-data-watcher-pusher:main
+    depends_on:
+      - api
+    command: ["bash", "-c", "
+        wait-for api:3000 -t 600;
+        /home/data-init-push.sh;
+        "]

test/keycloak/configure-keycloak.sh

@@ -0,0 +1,52 @@
+function is_keycloak_running {
+    local http_code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8080/auth/admin/realms)
+  if [[ $http_code -eq 401 ]]; then
+    return 0
+  else
+    return 1
+  fi
+}
+
+function configure_user_passwords {
+
+  LAGOON_DEMO_USERS=("guest@example.com" "reporter@example.com" "developer@example.com" "maintainer@example.com" "owner@example.com")
+  LAGOON_DEMO_ORG_USERS=("orguser@example.com" "orgviewer@example.com" "orgowner@example.com" "platformowner@example.com")
+
+  for i in ${LAGOON_DEMO_USERS[@]}
+  do
+    echo Configuring password for $i
+    /opt/keycloak/bin/kcadm.sh set-password --config $CONFIG_PATH --username $i -p $i --target-realm Lagoon
+  done
+
+  for i in ${LAGOON_DEMO_ORG_USERS[@]}
+  do
+    echo Configuring password for $i
+    /opt/keycloak/bin/kcadm.sh set-password --config $CONFIG_PATH --username $i -p $i --target-realm Lagoon
+  done
+}
+
+function configure_platformowner {
+  echo Configuring platform owner role
+    /opt/keycloak/bin/kcadm.sh add-roles --uusername platformowner@example.com --rolename platform-owner --config $CONFIG_PATH --target-realm Lagoon
+}
+
+function configure_keycloak {
+  until is_keycloak_running; do
+    echo Keycloak still not running, waiting 5 seconds
+    sleep 5
+  done
+
+  # Set the config file path because $HOME/.keycloak/kcadm.config resolves to /opt/jboss/?/.keycloak/kcadm.config for some reason, causing it to fail
+  CONFIG_PATH=/tmp/kcadm.config
+
+  echo Keycloak is running, proceeding with configuration
+
+  /opt/keycloak/bin/kcadm.sh config credentials --config $CONFIG_PATH --server http://localhost:8080/auth --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD --realm master
+
+  configure_user_passwords
+  configure_platformowner
+
+  echo "Config of Keycloak users done"
+}
+
+configure_keycloak