build: initialize keycloak in local docker-compose infrastructure

Signed-off-by: Pat Losoponkul <[email protected]>
hyperledger · Oct 3, 2023 · 53edab9 · 53edab9
1 parent a23b7a5
commit 53edab9
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 2,385 deletions.
diff --git a/...re/shared/docker-compose-tmp-keycloak.yml → ...ure/shared/docker-compose-mt-keycloak.yml b/...re/shared/docker-compose-tmp-keycloak.yml → ...ure/shared/docker-compose-mt-keycloak.yml
@@ -155,10 +155,28 @@ services:
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: admin
       KEYCLOAK_DATABASE_VENDOR: dev-mem
-      KEYCLOAK_EXTRA_ARGS: --import-realm
+      KEYCLOAK_EXTRA_ARGS: --health-enabled=true
       KEYCLOAK_EXTRA_ARGS_PREPENDED: --verbose
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://keycloak:8080/health"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+
+  keycloak-init:
+    image: badouralix/curl-jq:ubuntu
+    command: /workspace/init-script.sh
+    environment:
+      KEYCLOAK_BASE_URL: http://keycloak:8080
+      KEYCLOAK_ADMIN_USER: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+      REALM_NAME: atala-demo
+      PRISM_AGENT_CLIENT_SECRET: prism-agent-demo-secret
     volumes:
-      - ./keycloak/manage-realm.json:/opt/bitnami/keycloak/data/import/manage-realm.json
+      - ./keycloak/init-script.sh:/workspace/init-script.sh
+    depends_on:
+      keycloak:
+        condition: service_healthy
 
 volumes:
   pg_data_db:

diff --git a/infrastructure/shared/keycloak/init-script.sh b/infrastructure/shared/keycloak/init-script.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -e
+set -u
+
+KEYCLOAK_BASE_URL=$KEYCLOAK_BASE_URL
+KEYCLOAK_ADMIN_USER=$KEYCLOAK_ADMIN_USER
+KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PASSWORD
+REALM_NAME=$REALM_NAME
+PRISM_AGENT_CLIENT_SECRET=$PRISM_AGENT_CLIENT_SECRET
+
+function get_admin_token() {
+	local response=$(
+		curl --request POST "$KEYCLOAK_BASE_URL/realms/master/protocol/openid-connect/token" \
+			--fail -s \
+			-d "grant_type=password" \
+			-d "client_id=admin-cli" \
+			-d "username=$KEYCLOAK_ADMIN_USER" \
+			-d "password=$KEYCLOAK_ADMIN_PASSWORD"
+	)
+	local access_token=$(echo $response | jq -r '.access_token')
+	echo $access_token
+}
+
+function create_realm() {
+	local access_token=$1
+
+	curl --request POST "$KEYCLOAK_BASE_URL/admin/realms" \
+		--fail -s \
+		-H "Authorization: Bearer $access_token" \
+		-H "Content-Type: application/json" \
+		--data-raw "{
+			\"realm\": \"$REALM_NAME\",
+			\"enabled\": true
+		}"
+}
+
+function create_prism_agent_client() {
+	local access_token=$1
+
+	local response=$(
+		curl --request POST "$KEYCLOAK_BASE_URL/admin/realms/$REALM_NAME/clients" \
+			--fail -s \
+			-H "Authorization: Bearer $access_token" \
+			-H "Content-Type: application/json" \
+			--data-raw "{
+				\"id\": \"prism-agent\",
+				\"directAccessGrantsEnabled\": true,
+				\"authorizationServicesEnabled\": true,
+				\"serviceAccountsEnabled\": true,
+				\"secret\": \"$PRISM_AGENT_CLIENT_SECRET\"
+			}"
+	)
+	echo $response
+}
+
+echo "Getting admin access token ..."
+ADMIN_ACCESS_TOKEN=$(get_admin_token)
+
+echo "Creating a new test realm ..."
+create_realm $ADMIN_ACCESS_TOKEN
+
+echo "Creating a new prism-agent client ..."
+create_prism_agent_client $ADMIN_ACCESS_TOKEN