From a816d52a07d69b1b109a1a21fb1123efb552f449 Mon Sep 17 00:00:00 2001 From: Martin Besozzi Date: Wed, 1 Nov 2023 23:26:26 -0300 Subject: [PATCH] fix: Store API port mapping in docker-compose-apps file and OIDC provider hostname config. Adjust KC health check configuration and listener port in docker-compose file. --- docker-compose-apps.yml | 6 +++--- docker-compose.yml | 12 ++++++++---- keycloak/initialize-poc.sh | 2 +- store-openfga-api/Dockerfile | 3 ++- store-openfga-api/src/config/jwt.config.js | 4 ++-- 5 files changed, 16 insertions(+), 11 deletions(-) diff --git a/docker-compose-apps.yml b/docker-compose-apps.yml index 73b4c0c..c4004a8 100644 --- a/docker-compose-apps.yml +++ b/docker-compose-apps.yml @@ -3,7 +3,7 @@ version: '3.8' services: store: build: ./store-oidc-app - image: twogentidentity/store-oidc-app + image: twogenidentity/store-oidc-app container_name: store-oidc-app ports: - "9090:8080" @@ -17,12 +17,12 @@ services: store-api: build: ./store-openfga-api - image: twogentidentity/store-openfga-api + image: twogenidentity/store-openfga-api container_name: store-openfga-api depends_on: keycloak: condition: service_healthy ports: - - "9091:8000" + - "9091:9091" environment: OIDC_PROVIDER_DOMAIN: http://keycloak:8081/realms/master \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 76b1130..4452da3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,7 +24,7 @@ services: - 5433:5432 keycloak: - image: quay.io/keycloak/keycloak:19.0.2 + image: quay.io/keycloak/keycloak:21.1 container_name: keycloak command: - start-dev @@ -36,21 +36,25 @@ services: KC_DB_URL_HOST: keycloak-postgres KC_DB_URL_DATABASE: keycloak KC_DB_SCHEMA: public + KC_HTTP_PORT: 8081 KC_DB_USERNAME: keycloak KC_DB_PASSWORD: password KC_HOSTNAME_STRICT: 'false' KC_HTTP_ENABLED: 'true' + KC_HEALTH_ENABLED: 'true' KC_HOSTNAME_ADMIN: localhost - KC_HOSTNAME: localhost + KC_HOSTNAME: keycloak + KC_FEATURES: declarative-user-profile KC_SPI_EVENTS_LISTENER_OPENFGA_EVENTS_PUBLISHER_API_URL: http://openfga:8080 KC_LOG_LEVEL: INFO, com.twogenidentity.keycloak:debug,com.twogenidentity.keycloak.utils:debug healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8080/"] + # test: ["CMD", "curl", "-f", "http://localhost:8081/health/ready"] + test: cat /proc/net/tcp | grep '00000000:1F91 00000000:0000' || exit 1 interval: 5s timeout: 2s retries: 15 ports: - - 8081:8080 + - 8081:8081 - 8443:8443 volumes: - $PWD/keycloak/lib/keycloak-openfga-event-publisher-1.0.0.jar:/opt/keycloak/providers/keycloak-openfga-event-publisher-1.0.0.jar diff --git a/keycloak/initialize-poc.sh b/keycloak/initialize-poc.sh index 96266dc..94ea84a 100644 --- a/keycloak/initialize-poc.sh +++ b/keycloak/initialize-poc.sh @@ -2,7 +2,7 @@ echo "Creating PoC Users, Role Model, User Role Assigments and Clients" -/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD +/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8081 --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD # Users /opt/keycloak/bin/kcadm.sh create users -r master -s username=paula -s firstName=Paula -s lastName=Von -s enabled=true -s email=paula@demo.com diff --git a/store-openfga-api/Dockerfile b/store-openfga-api/Dockerfile index 376b4b0..fbbc859 100644 --- a/store-openfga-api/Dockerfile +++ b/store-openfga-api/Dockerfile @@ -1,4 +1,5 @@ -FROM node:12-alpine +FROM node:16.0.0 +# FROM --platform=linux/amd64 node:16.0.0 LABEL maintainer="embesozzi@gmail.com" WORKDIR /app diff --git a/store-openfga-api/src/config/jwt.config.js b/store-openfga-api/src/config/jwt.config.js index 3c326c4..6f77c28 100644 --- a/store-openfga-api/src/config/jwt.config.js +++ b/store-openfga-api/src/config/jwt.config.js @@ -1,6 +1,6 @@ module.exports = { - jwksUri: process.env.OIDC_PROVIDER_JWKS_URI || "http://localhost:8081/realms/master/protocol/openid-connect/certs", + jwksUri: process.env.OIDC_PROVIDER_JWKS_URI || "http://keycloak:8081/realms/master/protocol/openid-connect/certs", audience: process.env.OIDC_PROVIDER_AUDIENCE || "account", - issuer: process.env.OIDC_PROVIDER_DOMAIN || "http://localhost:8081/realms/master" + issuer: process.env.OIDC_PROVIDER_DOMAIN || "http://keycloak:8081/realms/master" }