[MOSIP-35490] moved required helm and deploy scripts to modular repo

Signed-off-by: Chandra Keshav Mishra <[email protected]>

deploy/keycloak_init.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+# Initialize Keycloak with MOSIP base data
+# Usage:
+# ./keycloak_init.sh [kube_config_file]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+read_user_input(){
+    if [ $# -lt 2 ]; then
+        echo "$(tput setaf 1) Variable & Message arguments not passed to read_user_input function; EXITING $(tput sgr0)";
+        exit 1;
+    fi
+    DEFAULT=''
+    if [ $# -gt 2 ]; then
+        DEFAULT=$3;                            ## default values for $VAR variable
+    fi
+    VAR=$1;                                    ## variable name
+    MSG=$2;                                    ## message to be printed for the given variable
+    read -p "Provide $MSG : " $VAR;
+    TEMP=$( eval "echo \${$VAR}" );            ## save $VAR values to a temporary variable
+    eval ${VAR}=${TEMP:-$DEFAULT};             ## set $VAR value to $DEFAULT if $TEMP is empty, else set $VAR value to $TEMP
+    VAR_VALUE=$( eval "echo \${$VAR}" )
+    if [ -z $VAR_VALUE ]; then
+        echo "$(tput setaf 1) $MSG not provided; EXITING $(tput sgr0)";
+        exit 1;
+    fi
+
+    if [[ $# -gt 3  ]]; then
+      if echo "$VAR_VALUE" | grep -Ev "$4" > /dev/null; then
+        echo "$(tput setaf 1) Variable $VAR is neither of $4 $(tput sgr0)";
+        exit 1;
+      fi
+    fi
+    DEFAULT='';                               ## reset `DEFAULT` variable to empty string
+}
+
+function initialize_keycloak() {
+  NS=keycloak
+  CHART_VERSION=0.0.1-develop
+
+  helm repo add mosip https://mosip.github.io/mosip-helm
+  helm repo update
+
+  read_user_input SMTP_HOST "'SMTP host' for keycloak"
+  read_user_input SMTP_PORT "'SMTP port' for keycloak"
+
+  read_user_input SMTP_FROM_ADDR "'From email address' for keycloak SMTP"
+  REGEX="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
+  if [[ !  "$SMTP_FROM_ADDR" =~ $REGEX ]] ; then
+      echo "$(tput setaf 1)  Variable SMTP_FROM_ADDR is not a valid email ID; EXITING;$(tput sgr0)"
+      exit 1;
+  fi
+  read_user_input SMTP_STARTTLS "Would you like to enable 'starttls' configuration for SMTP ? (false/true) : [ Default: false ]" false '^(true|false)$'
+  read_user_input SMTP_AUTH "Would you like to enable \"AUTHENTICATION\" configuration for SMTP ? (true/false) : [ Default: true ]" true '^(true|false)$'
+  read_user_input SMTP_SSL "Would you like to enable \"SSL\" fro SMTP ? (true/false) : [ Default: true ]" true '^(true|false)$'
+  SMTP_AUTH_SET="--set keycloak.realms.mosip.realm_config.smtpServer.auth=$SMTP_AUTH"
+  if [[ $SMTP_AUTH == "true" ]]; then
+    read_user_input SMTP_USERNAME "Provide SMTP login Username"
+    read_user_input SMTP_PASSWORD "Provide SMTP login Password"
+
+    SMTP_AUTH_SET="--set keycloak.realms.mosip.realm_config.smtpServer.auth=$SMTP_AUTH          \
+          --set keycloak.realms.mosip.realm_config.smtpServer.user=$SMTP_USERNAME      \
+          --set keycloak.realms.mosip.realm_config.smtpServer.password=$SMTP_PASSWORD"
+  fi
+
+  IAMHOST_URL=$(kubectl get cm global -o jsonpath={.data.mosip-iam-external-host})
+
+  echo Initializing keycloak-init
+  helm -n $NS install keycloak-init mosip/keycloak-init   \
+  --set keycloak.realms.mosip.realm_config.smtpServer.host="$SMTP_HOST"                     \
+  --set keycloak.realms.mosip.realm_config.smtpServer.port="$SMTP_PORT"                     \
+  --set keycloak.realms.mosip.realm_config.smtpServer.from="$SMTP_FROM_ADDR"                \
+  --set keycloak.realms.mosip.realm_config.smtpServer.starttls="$SMTP_STARTTLS"             \
+  --set keycloak.realms.mosip.realm_config.smtpServer.ssl="$SMTP_SSL"                       \
+  $SMTP_AUTH_SET \
+  --set keycloak.realms.mosip.realm_config.attributes.frontendUrl="https://$IAMHOST_URL/auth" --version $CHART_VERSION
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+initialize_keycloak   # calling function

helm/keycloak-init/.gitignore

@@ -0,0 +1 @@
+charts/

helm/keycloak-init/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/keycloak-init/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: keycloak-init
+description: A Helm chart for Kubernetes to initialize Keycloak  (updating for test)
+type: application
+version: 0.0.1-develop
+appVersion: 1.2.0
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+
+home: https://mosip.io
+keywords:
+  - keycloak
+  - access-management
+maintainers:
+  - email: [email protected]
+    name: MOSIP

helm/keycloak-init/README.md

@@ -0,0 +1,11 @@
+# Keycloak Init
+
+* Make sure Keycloak server is running
+* Update helm dependencies using:
+```
+$ helm dependency update
+```
+* Run the helm chart
+```
+$ helm install keycloak-init keycloak-init
+```

helm/keycloak-init/templates/_helpers.tpl

@@ -0,0 +1,69 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "keycloak-init.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "keycloak-init.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "keycloak-init.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "keycloak-init.labels" -}}
+helm.sh/chart: {{ include "keycloak-init.chart" . }}
+{{ include "keycloak-init.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "keycloak-init.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "keycloak-init.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "keycloak-init.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "keycloak-init.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Return the Keycloak encrypted password
+*/}}
+{{- define "keycloak.admin.encryptedPassword" -}}
+{{- .Values.keycloak.admin.password | b64enc | quote -}}
+{{- end -}}

helm/keycloak-init/templates/client-secrets.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keycloak-client-secrets
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: postgres
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  {{- range $index, $client := .Values.clientSecrets }}
+  {{- if $client.secret }}
+  {{ $client.name }}: {{ $client.secret | b64enc | quote }}
+  {{- else }}
+  {{ $client.name }}: {{ randAlphaNum 16 | b64enc | quote }}
+  {{- end }} 
+  {{- end }} 
+
+

helm/keycloak-init/templates/configmap.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-configuration" (include "keycloak-init.fullname" .) }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: keycloak-init
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+
+data:
+  input.yaml: |
+    {{ .Values.keycloak.realms | toYaml | nindent 4 }}
+    

helm/keycloak-init/templates/job.yaml

@@ -0,0 +1,77 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "keycloak-init.fullname" . }}
+  labels:
+    {{- include "keycloak-init.labels" . | nindent 4 }}
+spec:
+  backoffLimit: 0
+  template:
+    metadata:
+      labels:
+        {{- include "keycloak-init.selectorLabels" . | nindent 8 }}
+        sidecar.istio.io/inject: "false"
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "keycloak-init.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.jobSecurityContext | nindent 8 }}
+      restartPolicy: Never  # This is one time job
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+          {{- $globalSecretName := include "common.secrets.name" (dict "existingSecret" .Values.keycloak.existingSecret "context" $) }}
+          - name: KEYCLOAK_ADMIN_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.keycloak.admin.secret.existingSecret }}
+                key: {{ .Values.keycloak.admin.secret.key }}
+          - name: KEYCLOAK_SERVER_URL
+            valueFrom:
+               configMapKeyRef:
+                 name: {{ .Values.keycloak.host.existingConfigMap }} 
+                 key:  {{ .Values.keycloak.host.key }} 
+          - name: KEYCLOAK_ADMIN_USER
+            valueFrom:
+               configMapKeyRef:
+                 name: {{ .Values.keycloak.admin.userName.existingConfigMap }} 
+                 key:  {{ .Values.keycloak.admin.userName.key }} 
+          - name: FRONTEND_URL
+            value: {{ .Values.frontend }}
+          - name:  INPUT_FILE
+            value: input.yaml  # Must match below file name in the mount
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+          - secretRef:
+              name: keycloak-client-secrets
+          {{- if .Values.extraEnvVarsCM }}
+          {{- range .Values.extraEnvVarsCM }}
+          - configMapRef:
+              name: {{ . }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.extraEnvVarsSecret }}
+          {{- range .Values.extraEnvVarsSecret }}
+          - secretRef:
+              name: {{ . }}
+          {{- end }}
+          {{- end }}
+
+          volumeMounts:
+            - name: keycloak-init-input
+              mountPath: /opt/mosip/input/input.yaml # Same as INPUT_DIR/INPUT_FILE in docker
+              subPath: input.yaml # INPUT_FILE in docker
+      volumes:
+        - name: keycloak-init-input
+          configMap:
+            name: {{ printf "%s-configuration" (include "keycloak-init.fullname" .) }}
+

helm/keycloak-init/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "keycloak-init.serviceAccountName" . }}
+  labels:
+    {{- include "keycloak-init.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/keycloak-init/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "keycloak-init.fullname" . }}-test-connection"
+  labels:
+    {{- include "keycloak-init.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "keycloak-init.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never