build: add local developement keycloak and init script (#743)

Signed-off-by: Pat Losoponkul <[email protected]>
hyperledger · Oct 3, 2023 · 77b3588 · 77b3588
1 parent 4b10c3a
commit 77b3588
Show file tree

Hide file tree

Showing 2 changed files with 249 additions and 0 deletions.
diff --git a/infrastructure/shared/docker-compose-mt-keycloak.yml b/infrastructure/shared/docker-compose-mt-keycloak.yml
@@ -0,0 +1,188 @@
+---
+# This is tempoarily used for development of keycloak integration.
+# To be merged in the main compose file and removed when integration is stable and complete.
+version: "3.8"
+
+services:
+  ##########################
+  # Database
+  ##########################
+  db:
+    image: postgres:13
+    environment:
+      POSTGRES_MULTIPLE_DATABASES: "castor,pollux,connect,iris,agent,node_db"
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    volumes:
+      - pg_data_db:/var/lib/postgresql/data
+      - ./postgres/init-script.sh:/docker-entrypoint-initdb.d/init-script.sh
+      - ./postgres/max_conns.sql:/docker-entrypoint-initdb.d/max_conns.sql
+    #    ports:
+    #      - "5432:5432"
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "postgres", "-d", "iris"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  pgadmin:
+    image: dpage/pgadmin4
+    environment:
+      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:[email protected]}
+      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-admin}
+      PGADMIN_CONFIG_SERVER_MODE: "False"
+    volumes:
+      - pgadmin:/var/lib/pgadmin
+    ports:
+      - "${PGADMIN_PORT:-5050}:80"
+    depends_on:
+      db:
+        condition: service_healthy
+    profiles:
+      - debug
+
+  ##########################
+  # Services
+  ##########################
+
+  prism-node:
+    image: ghcr.io/input-output-hk/prism-node:${PRISM_NODE_VERSION}
+    environment:
+      NODE_PSQL_HOST: db:5432
+    depends_on:
+      db:
+        condition: service_healthy
+
+  vault-server:
+    image: hashicorp/vault:latest
+    #    ports:
+    #      - "8200:8200"
+    environment:
+      VAULT_ADDR: "http://0.0.0.0:8200"
+      VAULT_DEV_ROOT_TOKEN_ID: ${VAULT_DEV_ROOT_TOKEN_ID}
+    command: server -dev -dev-root-token-id=${VAULT_DEV_ROOT_TOKEN_ID}
+    cap_add:
+      - IPC_LOCK
+    healthcheck:
+      test: ["CMD", "vault", "status"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  prism-agent:
+    image: ghcr.io/input-output-hk/prism-agent:${PRISM_AGENT_VERSION}
+    environment:
+      IRIS_HOST: iris
+      IRIS_PORT: 8081
+      CASTOR_DB_HOST: db
+      CASTOR_DB_PORT: 5432
+      CASTOR_DB_NAME: castor
+      CASTOR_DB_USER: postgres
+      CASTOR_DB_PASSWORD: postgres
+      POLLUX_DB_HOST: db
+      POLLUX_DB_PORT: 5432
+      POLLUX_DB_NAME: pollux
+      POLLUX_DB_USER: postgres
+      POLLUX_DB_PASSWORD: postgres
+      CONNECT_DB_HOST: db
+      CONNECT_DB_PORT: 5432
+      CONNECT_DB_NAME: connect
+      CONNECT_DB_USER: postgres
+      CONNECT_DB_PASSWORD: postgres
+      AGENT_DB_HOST: db
+      AGENT_DB_PORT: 5432
+      AGENT_DB_NAME: agent
+      AGENT_DB_USER: postgres
+      AGENT_DB_PASSWORD: postgres
+      DIDCOMM_SERVICE_URL: http://${DOCKERHOST}:${PORT}/didcomm
+      PRISM_NODE_HOST: prism-node
+      PRISM_NODE_PORT: 50053
+      VAULT_ADDR: ${VAULT_ADDR:-http://vault-server:8200}
+      VAULT_TOKEN: ${VAULT_DEV_ROOT_TOKEN_ID:-root}
+      SECRET_STORAGE_BACKEND: postgres
+      DEV_MODE: true
+      DEFAULT_WALLET_ENABLED:
+      DEFAULT_WALLET_SEED:
+      DEFAULT_WALLET_WEBHOOK_URL:
+      DEFAULT_WALLET_WEBHOOK_API_KEY:
+      DEFAULT_WALLET_AUTH_API_KEY:
+      GLOBAL_WEBHOOK_URL:
+      GLOBAL_WEBHOOK_API_KEY:
+      WEBHOOK_PARALLELISM:
+      ADMIN_TOKEN:
+      API_KEY_SALT:
+      API_KEY_ENABLED:
+      API_KEY_AUTHENTICATE_AS_DEFAULT_USER:
+      API_KEY_AUTO_PROVISIONING:
+    depends_on:
+      db:
+        condition: service_healthy
+      prism-node:
+        condition: service_started
+      vault-server:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://prism-agent:8085/_system/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+
+  swagger-ui:
+    image: swaggerapi/swagger-ui:v5.1.0
+    environment:
+      - 'URLS=[
+        { name: "Prism Agent", url: "/docs/prism-agent/api/docs.yaml" }
+        ]'
+
+  apisix:
+    image: apache/apisix:2.15.0-alpine
+    volumes:
+      - ./apisix/conf/apisix.yaml:/usr/local/apisix/conf/apisix.yaml:ro
+      - ./apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
+    ports:
+      - "${PORT}:9080/tcp"
+    depends_on:
+      - prism-agent
+      - swagger-ui
+
+  keycloak:
+    image: bitnami/keycloak:22.0.3
+    ports:
+      - "9980:8080"
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+      KEYCLOAK_DATABASE_VENDOR: dev-mem
+      KEYCLOAK_EXTRA_ARGS: --health-enabled=true
+      KEYCLOAK_EXTRA_ARGS_PREPENDED: --verbose
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://keycloak:8080/health"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+
+  keycloak-init:
+    image: badouralix/curl-jq:ubuntu
+    command: /workspace/init-script.sh
+    environment:
+      KEYCLOAK_BASE_URL: http://keycloak:8080
+      KEYCLOAK_ADMIN_USER: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+      REALM_NAME: atala-demo
+      PRISM_AGENT_CLIENT_SECRET: prism-agent-demo-secret
+    volumes:
+      - ./keycloak/init-script.sh:/workspace/init-script.sh
+    depends_on:
+      keycloak:
+        condition: service_healthy
+
+volumes:
+  pg_data_db:
+  pgadmin:
+# Temporary commit network setting due to e2e CI bug
+# to be enabled later after debugging
+#networks:
+#  default:
+#    name: ${NETWORK}
diff --git a/infrastructure/shared/keycloak/init-script.sh b/infrastructure/shared/keycloak/init-script.sh
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+
+KEYCLOAK_BASE_URL=$KEYCLOAK_BASE_URL
+KEYCLOAK_ADMIN_USER=$KEYCLOAK_ADMIN_USER
+KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PASSWORD
+REALM_NAME=$REALM_NAME
+PRISM_AGENT_CLIENT_SECRET=$PRISM_AGENT_CLIENT_SECRET
+
+function get_admin_token() {
+	local response=$(
+		curl --request POST "$KEYCLOAK_BASE_URL/realms/master/protocol/openid-connect/token" \
+			--fail -s \
+			-d "grant_type=password" \
+			-d "client_id=admin-cli" \
+			-d "username=$KEYCLOAK_ADMIN_USER" \
+			-d "password=$KEYCLOAK_ADMIN_PASSWORD"
+	)
+	local access_token=$(echo $response | jq -r '.access_token')
+	echo $access_token
+}
+
+function create_realm() {
+	local access_token=$1
+
+	curl --request POST "$KEYCLOAK_BASE_URL/admin/realms" \
+		--fail -s \
+		-H "Authorization: Bearer $access_token" \
+		-H "Content-Type: application/json" \
+		--data-raw "{
+			\"realm\": \"$REALM_NAME\",
+			\"enabled\": true
+		}"
+}
+
+function create_prism_agent_client() {
+	local access_token=$1
+
+	curl --request POST "$KEYCLOAK_BASE_URL/admin/realms/$REALM_NAME/clients" \
+		--fail -s \
+		-H "Authorization: Bearer $access_token" \
+		-H "Content-Type: application/json" \
+		--data-raw "{
+			\"id\": \"prism-agent\",
+			\"directAccessGrantsEnabled\": true,
+			\"authorizationServicesEnabled\": true,
+			\"serviceAccountsEnabled\": true,
+			\"secret\": \"$PRISM_AGENT_CLIENT_SECRET\"
+		}"
+}
+
+echo "Getting admin access token ..."
+ADMIN_ACCESS_TOKEN=$(get_admin_token)
+
+echo "Creating a new test realm ..."
+create_realm $ADMIN_ACCESS_TOKEN
+
+echo "Creating a new prism-agent client ..."
+create_prism_agent_client $ADMIN_ACCESS_TOKEN