Skip to content

Commit

Permalink
chore: use keycloak 26
Browse files Browse the repository at this point in the history
  • Loading branch information
vincentchalamon committed Oct 30, 2024
1 parent 73efe13 commit dbb53bd
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 30 deletions.
8 changes: 6 additions & 2 deletions api/src/Security/Http/Protection/ResourceResourceHandler.php
Original file line number Diff line number Diff line change
Expand Up @@ -114,14 +114,18 @@ private function getTokenEndpoint(): string
$response = $this->securityAuthorizationClient->request('GET', '.well-known/openid-configuration');
$content = $response->toArray();

return $content['token_endpoint'];
// horrible fix for local development, can't find another way to fix it
// since bitnami/keycloak:^25 returns the configured hostname instead of the requested one
return \preg_replace('#^https?://localhost/#', 'http://keycloak:8080/', $content['token_endpoint']);
}

private function getResourceRegistrationEndpoint(): string
{
$response = $this->securityAuthorizationClient->request('GET', '.well-known/uma2-configuration');
$content = $response->toArray();

return $content['resource_registration_endpoint'];
// horrible fix for local development, can't find another way to fix it
// since bitnami/keycloak:^25 returns the configured hostname instead of the requested one
return \preg_replace('#^https?://localhost/#', 'http://keycloak:8080/', $content['resource_registration_endpoint']);
}
}
7 changes: 2 additions & 5 deletions compose.e2e.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ services:
KEYCLOAK_HTTPS_USE_PEM: "true"
KEYCLOAK_HTTPS_CERTIFICATE_FILE: /opt/bitnami/keycloak/certs/tls.crt
KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE: /opt/bitnami/keycloak/certs/tls.key
KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\" --import-realm"
volumes:
- ./helm/api-platform/keycloak/certs/tls.crt:/opt/bitnami/keycloak/certs/tls.crt:ro
- ./helm/api-platform/keycloak/certs/tls.pem:/opt/bitnami/keycloak/certs/tls.key:ro

keycloak-config-cli:
extends:
file: compose.override.yaml
service: keycloak-config-cli
- ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import
15 changes: 3 additions & 12 deletions compose.override.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,17 +50,8 @@ services:
build:
context: ./helm/api-platform/keycloak/
target: keycloak
volumes:
- ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo

keycloak-config-cli:
image: bitnami/keycloak-config-cli:5-debian-12
environment:
KEYCLOAK_URL: http://keycloak:8080/oidc/
KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin}
KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-!ChangeMe!}
KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true"
KEYCLOAK_AVAILABILITYCHECK_TIMEOUT: 120s
IMPORT_FILES_LOCATIONS: "/config/*"
KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\" --import-realm"
volumes:
- ./helm/api-platform/keycloak/config:/config
- ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo
- ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import
8 changes: 3 additions & 5 deletions compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,9 @@ services:
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-!ChangeMe!}
# Must finish with a trailing slash (https://github.com/bitnami/charts/issues/10885#issuecomment-1414279144)
KEYCLOAK_HTTP_RELATIVE_PATH: /oidc/
# https://www.keycloak.org/server/hostname
KC_HOSTNAME_URL: https://${SERVER_NAME:-localhost}/oidc/
KC_HOSTNAME_ADMIN_URL: https://${SERVER_NAME:-localhost}/oidc/
# https://www.keycloak.org/server/features
KC_FEATURES: "scripts"
KEYCLOAK_HOSTNAME: https://${SERVER_NAME:-localhost}/oidc/
KEYCLOAK_HOSTNAME_ADMIN: https://${SERVER_NAME:-localhost}/oidc/
KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\""
depends_on:
- keycloak-database
ports:
Expand Down
2 changes: 1 addition & 1 deletion helm/api-platform/keycloak/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@


# Versions
FROM bitnami/keycloak:24-debian-12 AS keycloak_upstream
FROM bitnami/keycloak:26-debian-12 AS keycloak_upstream


# The different stages of this Dockerfile are meant to be built into separate images
Expand Down
12 changes: 7 additions & 5 deletions helm/api-platform/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -108,14 +108,16 @@ keycloak:
service:
type: ClusterIP
extraEnvVars:
# Must set KC_HOSTNAME_URL to force https + relative path
- name: KC_HOSTNAME_URL
# Must set KEYCLOAK_HOSTNAME to force https + relative path
- name: KEYCLOAK_HOSTNAME
value: "https://chart-example.local/oidc/"
# Must set KC_HOSTNAME_ADMIN because of relative path
- name: KC_HOSTNAME_ADMIN_URL
# Must set KEYCLOAK_HOSTNAME_ADMIN because of relative path
- name: KEYCLOAK_HOSTNAME_ADMIN
value: "https://chart-example.local/oidc/"
- name: KEYCLOAK_PRODUCTION
value: "true"
- name: KEYCLOAK_EXTRA_ARGS
value: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\""
# must finish with a trailing slash (https://github.com/bitnami/charts/issues/10885#issuecomment-1414279144)
httpRelativePath: /oidc/
proxy: edge
Expand All @@ -137,7 +139,7 @@ keycloak:
- -jar
- /opt/bitnami/keycloak-config-cli/keycloak-config-cli.jar
image:
tag: 5-debian-12
tag: 6-debian-12
postgresql:
enabled: true
nameOverride: postgresql-keycloak
Expand Down

0 comments on commit dbb53bd

Please sign in to comment.