Compare commits

..

No commits in common. "master" and "1.2.0" have entirely different histories.

11 changed files with 58 additions and 72 deletions

View file

@ -1,7 +1,7 @@
# convention 4 kubernetes: c4k-keycloak # convention 4 kubernetes: c4k-keycloak
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-keycloak.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-keycloak) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/commits/master) [![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-keycloak.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-keycloak) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/commits/master)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de) [<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
## Purpose ## Purpose
@ -43,6 +43,6 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei
## License ## License
Copyright © 2024 meissa GmbH Copyright © 2021 meissa GmbH
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License") Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE) Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)

View file

@ -23,7 +23,9 @@ def initialize(project):
"release_primary_build_file": "project.clj", "release_primary_build_file": "project.clj",
"release_secondary_build_files": [ "release_secondary_build_files": [
"package.json", "package.json",
], "infrastructure/backup/build.py",
"infrastructure/federated/build.py",
],
"release_artifact_server_url": "https://repo.prod.meissa.de", "release_artifact_server_url": "https://repo.prod.meissa.de",
"release_organisation": "meissa", "release_organisation": "meissa",
"release_repository_name": name, "release_repository_name": name,
@ -100,12 +102,6 @@ def package_frontend(project):
@task @task
def package_uberjar(project): def package_uberjar(project):
run("mkdir -p target/uberjar", shell=True, check=True)
run(
"lein uberjar",
shell=True,
check=True,
)
run( run(
"sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256", "sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256",
shell=True, shell=True,
@ -132,10 +128,13 @@ def package_native(project):
"--no-server " + "--no-server " +
"--no-fallback " + "--no-fallback " +
"--features=clj_easy.graal_build_time.InitClojureClasses " + "--features=clj_easy.graal_build_time.InitClojureClasses " +
f"-jar target/uberjar/{project.name}-standalone.jar " + "-jar target/uberjar/" + project.name + "-standalone.jar " +
"-march=compatibility " +
"-H:+UnlockExperimentalVMOptions " +
"-H:IncludeResources=.*.yaml " + "-H:IncludeResources=.*.yaml " +
"-H:IncludeResources=logback.xml " +
"-H:Log=registerResource:verbose " + "-H:Log=registerResource:verbose " +
f"-H:Name=target/graalvm/{project.name}", "-H:Name=target/graalvm/" + project.name + "",
shell=True, shell=True,
check=True, check=True,
) )
@ -153,7 +152,11 @@ def package_native(project):
@task @task
def inst(project): def inst(project):
package_uberjar(project) run(
"lein uberjar",
shell=True,
check=True,
)
package_native(project) package_native(project)
run( run(
"sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar", "sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar",
@ -174,6 +177,11 @@ def upload_clj(project):
@task @task
def lint(project): def lint(project):
#run(
# "lein eastwood",
# shell=True,
# check=True,
#)
run( run(
"lein ancient check", "lein ancient check",
shell=True, shell=True,

View file

@ -2,7 +2,7 @@
"name": "c4k-keycloak", "name": "c4k-keycloak",
"description": "Generate c4k yaml for a keycloak deployment.", "description": "Generate c4k yaml for a keycloak deployment.",
"author": "meissa GmbH", "author": "meissa GmbH",
"version": "1.3.2-SNAPSHOT", "version": "1.2.0",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-keycloak#readme", "homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-keycloak#readme",
"repository": "https://www.npmjs.com/package/c4k-keycloak", "repository": "https://www.npmjs.com/package/c4k-keycloak",
"license": "APACHE2", "license": "APACHE2",

View file

@ -1,11 +1,11 @@
(defproject org.domaindrivenarchitecture/c4k-keycloak "1.3.2-SNAPSHOT" (defproject org.domaindrivenarchitecture/c4k-keycloak "1.2.0"
:description "keycloak c4k-installation package" :description "keycloak c4k-installation package"
:url "https://domaindrivenarchitecture.org" :url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0" :license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"} :url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.4"] :dependencies [[org.clojure/clojure "1.11.3"]
[org.clojure/tools.reader "1.5.0"] [org.clojure/tools.reader "1.4.2"]
[org.domaindrivenarchitecture/c4k-common-clj "8.0.0"]] [org.domaindrivenarchitecture/c4k-common-clj "6.4.1"]]
:target-path "target/%s/" :target-path "target/%s/"
:source-paths ["src/main/cljc" :source-paths ["src/main/cljc"
"src/main/clj"] "src/main/clj"]
@ -22,9 +22,9 @@
:main dda.c4k-keycloak.uberjar :main dda.c4k-keycloak.uberjar
:uberjar-name "c4k-keycloak-standalone.jar" :uberjar-name "c4k-keycloak-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.1.230"] :dependencies [[org.clojure/tools.cli "1.1.230"]
[ch.qos.logback/logback-classic "1.5.7" [ch.qos.logback/logback-classic "1.5.6"
:exclusions [com.sun.mail/javax.mail]] :exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.16"] [org.slf4j/jcl-over-slf4j "2.0.13"]
[com.github.clj-easy/graal-build-time "1.0.5"]]}} [com.github.clj-easy/graal-build-time "1.0.5"]]}}
:release-tasks [["test"] :release-tasks [["test"]
["vcs" "assert-committed"] ["vcs" "assert-committed"]

View file

@ -7,11 +7,10 @@
(set! *warn-on-reflection* true) (set! *warn-on-reflection* true)
(defn -main [& cmd-args] (defn -main [& cmd-args]
(uberjar/main-cm (uberjar/main-common
"c4k-keycloak" "c4k-keycloak"
core/config? core/config?
core/auth? core/auth?
core/config-defaults core/config-defaults
core/config-objects core/k8s-objects
core/auth-objects
cmd-args)) cmd-args))

View file

@ -13,45 +13,34 @@
(def default-storage-class :local-path) (def default-storage-class :local-path)
(def config-defaults {:issuer "staging", (def config-defaults {:issuer "staging"})
:namespace "keycloak"
:postgres-image "postgres:14"
:postgres-size :2gb
:db-name "keycloak"
:pv-storage-size-gb 30
:pvc-storage-class-name default-storage-class})
(def config? (s/keys :req-un [::kc/fqdn] (def config? (s/keys :req-un [::kc/fqdn]
:opt-un [::kc/issuer :opt-un [::kc/issuer
::mon/mon-cfg ::mon/mon-cfg]))
::kc/namespace]))
(def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password (def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password
::postgres/postgres-db-user ::postgres/postgres-db-password] ::postgres/postgres-db-user ::postgres/postgres-db-password]
:opt-un [::mon/mon-auth])) :opt-un [::mon/mon-auth]))
(defn-spec config-objects cp/map-or-seq? (defn-spec k8s-objects cp/map-or-seq?
[config config?]
(map yaml/to-string
(filter
#(not (nil? %))
(cm/concat-vec
(ns/generate config)
(postgres/generate-config config)
[(kc/generate-service config)
(kc/generate-deployment config)]
(kc/generate-ingress config)
(when (contains? config :mon-cfg)
(mon/generate-config))))))
(defn-spec auth-objects cp/map-or-seq?
[config config? [config config?
auth auth?] auth auth?]
(map yaml/to-string (map yaml/to-string
(filter (filter
#(not (nil? %)) #(not (nil? %))
(cm/concat-vec (cm/concat-vec
(postgres/generate-auth config auth) (ns/generate (merge {:namespace "keycloak"} config))
[(kc/generate-secret config auth)] (postgres/generate (merge {:postgres-image "postgres:14"
(when (and (contains? auth :mon-auth) (contains? config :mon-cfg)) :postgres-size :2gb
(mon/generate-auth (:mon-cfg config) (:mon-auth auth))))))) :db-name "keycloak"
:pv-storage-size-gb 30
:pvc-storage-class-name default-storage-class
:namespace "keycloak"})
auth)
[(kc/generate-secret auth)
(kc/generate-service)
(kc/generate-deployment config)]
(kc/generate-ingress (merge {:namespace "keycloak"} config))
(when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))

View file

@ -11,14 +11,12 @@
[dda.c4k-common.predicate :as cp])) [dda.c4k-common.predicate :as cp]))
(s/def ::fqdn cp/fqdn-string?) (s/def ::fqdn cp/fqdn-string?)
(s/def ::namespace string?)
(s/def ::issuer cp/letsencrypt-issuer?) (s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::keycloak-admin-user cp/bash-env-string?) (s/def ::keycloak-admin-user cp/bash-env-string?)
(s/def ::keycloak-admin-password cp/bash-env-string?) (s/def ::keycloak-admin-password cp/bash-env-string?)
(def config? (s/keys :req-un [::fqdn] (def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer :opt-un [::issuer]))
::namespace]))
(def auth? (s/keys :req-un [::keycloak-admin-user (def auth? (s/keys :req-un [::keycloak-admin-user
::keycloak-admin-password])) ::keycloak-admin-password]))
@ -37,28 +35,20 @@
config))) config)))
(defn-spec generate-secret cp/map-or-seq? (defn-spec generate-secret cp/map-or-seq?
[config config? [auth auth?]
auth auth?] (let [{:keys [keycloak-admin-user keycloak-admin-password]} auth]
(let [{:keys [namespace]} config
{:keys [keycloak-admin-user keycloak-admin-password]} auth]
(-> (->
(yaml/load-as-edn "keycloak/secret.yaml") (yaml/load-as-edn "keycloak/secret.yaml")
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user)) (cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password))))) (cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
(defn-spec generate-service cp/map-or-seq? (defn-spec generate-service cp/map-or-seq? []
[config config?] (yaml/load-as-edn "keycloak/service.yaml"))
(let [{:keys [namespace]} config]
(->
(yaml/load-as-edn "keycloak/service.yaml")
(cm/replace-all-matching "NAMESPACE" namespace))))
(defn-spec generate-deployment cp/map-or-seq? (defn-spec generate-deployment cp/map-or-seq?
[config config?] [config config?]
(let [{:keys [fqdn namespace]} config] (let [{:keys [fqdn]} config]
(-> (->
(yaml/load-as-edn "keycloak/deployment.yaml") (yaml/load-as-edn "keycloak/deployment.yaml")
(cm/replace-all-matching "NAMESPACE" namespace) (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(cm/replace-all-matching "FQDN" fqdn))))

View file

@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: keycloak name: keycloak
namespace: NAMESPACE namespace: keycloak
labels: labels:
app: keycloak app: keycloak
spec: spec:

View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: keycloak-secret name: keycloak-secret
namespace: NAMESPACE namespace: keycloak
type: Opaque type: Opaque
data: data:
keycloak-user: admin keycloak-user: admin

View file

@ -4,7 +4,7 @@ metadata:
name: keycloak name: keycloak
labels: labels:
service: keycloak service: keycloak
namespace: NAMESPACE namespace: keycloak
spec: spec:
ports: ports:
- name: "http" - name: "http"

View file

@ -15,7 +15,7 @@
:data :data
{:keycloak-user "dXNlcg==" {:keycloak-user "dXNlcg=="
:keycloak-password "cGFzc3dvcmQ="}} :keycloak-password "cGFzc3dvcmQ="}}
(cut/generate-secret {:namespace "keycloak" :fqdn "test.de"} {:keycloak-admin-user "user" :keycloak-admin-password "password"})))) (cut/generate-secret {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
(deftest should-generate-deployment (deftest should-generate-deployment
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
@ -75,4 +75,4 @@
:items :items
[{:key "tls.crt", :path "tls.crt"} [{:key "tls.crt", :path "tls.crt"}
{:key "tls.key", :path "tls.key"}]}}]}}}} {:key "tls.key", :path "tls.key"}]}}]}}}}
(cut/generate-deployment {:fqdn "test.de" :namespace "keycloak"})))) (cut/generate-deployment {:fqdn "test.de"}))))