fix: Store API port mapping in docker-compose-apps file and OIDC prov…

…ider hostname config. Adjust KC health check configuration and listener port in docker-compose file.
embesozzi · Nov 2, 2023 · a816d52 · a816d52
1 parent b81786e
commit a816d52
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 11 deletions.
diff --git a/docker-compose-apps.yml b/docker-compose-apps.yml
@@ -3,7 +3,7 @@ version: '3.8'
 services:
   store:
     build: ./store-oidc-app
-    image: twogentidentity/store-oidc-app
+    image: twogenidentity/store-oidc-app
     container_name: store-oidc-app
     ports:
       - "9090:8080"
@@ -17,12 +17,12 @@ services:
 
   store-api:
     build: ./store-openfga-api
-    image: twogentidentity/store-openfga-api
+    image: twogenidentity/store-openfga-api
     container_name: store-openfga-api
     depends_on:
       keycloak:
         condition: service_healthy  
     ports:
-      - "9091:8000"
+      - "9091:9091"
     environment: 
       OIDC_PROVIDER_DOMAIN: http://keycloak:8081/realms/master
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -24,7 +24,7 @@ services:
       - 5433:5432
 
   keycloak:
-    image: quay.io/keycloak/keycloak:19.0.2
+    image: quay.io/keycloak/keycloak:21.1
     container_name: keycloak
     command:
       - start-dev
@@ -36,21 +36,25 @@ services:
       KC_DB_URL_HOST: keycloak-postgres
       KC_DB_URL_DATABASE: keycloak
       KC_DB_SCHEMA: public
+      KC_HTTP_PORT: 8081
       KC_DB_USERNAME: keycloak
       KC_DB_PASSWORD: password
       KC_HOSTNAME_STRICT: 'false'
       KC_HTTP_ENABLED: 'true'
+      KC_HEALTH_ENABLED: 'true'
       KC_HOSTNAME_ADMIN: localhost
-      KC_HOSTNAME: localhost
+      KC_HOSTNAME: keycloak
+      KC_FEATURES: declarative-user-profile
       KC_SPI_EVENTS_LISTENER_OPENFGA_EVENTS_PUBLISHER_API_URL: http://openfga:8080
       KC_LOG_LEVEL: INFO, com.twogenidentity.keycloak:debug,com.twogenidentity.keycloak.utils:debug
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8080/"]
+      # test: ["CMD", "curl", "-f", "http://localhost:8081/health/ready"]
+      test: cat /proc/net/tcp | grep '00000000:1F91 00000000:0000' || exit 1
       interval: 5s
       timeout: 2s
       retries: 15         
     ports:
-      - 8081:8080
+      - 8081:8081
       - 8443:8443
     volumes:
       - $PWD/keycloak/lib/keycloak-openfga-event-publisher-1.0.0.jar:/opt/keycloak/providers/keycloak-openfga-event-publisher-1.0.0.jar

diff --git a/keycloak/initialize-poc.sh b/keycloak/initialize-poc.sh
@@ -2,7 +2,7 @@
 
 echo "Creating PoC Users, Role Model, User Role Assigments and Clients"
 
-/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD
+/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8081 --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD
 
 # Users
 /opt/keycloak/bin/kcadm.sh create users -r master -s username=paula -s firstName=Paula -s lastName=Von -s enabled=true -s [email protected]

diff --git a/store-openfga-api/Dockerfile b/store-openfga-api/Dockerfile
@@ -1,4 +1,5 @@
-FROM node:12-alpine
+FROM node:16.0.0
+# FROM --platform=linux/amd64 node:16.0.0
 LABEL maintainer="[email protected]"
 
 WORKDIR /app

diff --git a/store-openfga-api/src/config/jwt.config.js b/store-openfga-api/src/config/jwt.config.js
@@ -1,6 +1,6 @@
 module.exports = {
-	jwksUri: process.env.OIDC_PROVIDER_JWKS_URI || "http://localhost:8081/realms/master/protocol/openid-connect/certs",
+	jwksUri: process.env.OIDC_PROVIDER_JWKS_URI || "http://keycloak:8081/realms/master/protocol/openid-connect/certs",
 	audience: process.env.OIDC_PROVIDER_AUDIENCE ||  "account",
-	issuer: process.env.OIDC_PROVIDER_DOMAIN || "http://localhost:8081/realms/master"
+	issuer: process.env.OIDC_PROVIDER_DOMAIN || "http://keycloak:8081/realms/master"
 }