[bitnami/keycloak] Release 22.0.1-debian-11-r1

.vib/keycloak/goss/goss.yaml

@@ -5,7 +5,6 @@ gossfile:
   # Goss tests exclusive to the current container
   ../../keycloak/goss/keycloak.yaml: {}
   # Load scripts from .vib/common/goss/templates
-  ../../common/goss/templates/check-app-version.yaml: {}
   ../../common/goss/templates/check-binaries.yaml: {}
   ../../common/goss/templates/check-broken-symlinks.yaml: {}
   ../../common/goss/templates/check-ca-certs.yaml: {}

.vib/keycloak/goss/keycloak.yaml

@@ -64,3 +64,10 @@ file:
     exists: true
     contains:
       - "<module xmlns=\"urn:jboss:module:1.0\" name=\"org.postgresql.jdbc\">"
+command:
+  check-app-version:
+    # kc.sh --version only works after server initialization. Checking the version.txt instead.
+    exec: cat /opt/bitnami/keycloak/version.txt
+    exit-status: 0
+    stdout:
+    - {{ .Env.APP_VERSION }}

.vib/keycloak/goss/vars.yaml

@@ -2,7 +2,7 @@ binaries:
   - java
   - wait-for-port
   - kc.sh
-version:
-  bin_name: kc.sh
-  flag: --version
 root_dir: /opt/bitnami
+sed_in_place:
+  exclude_paths:
+    - /opt/bitnami/keycloak/bin/federation-sssd-setup.sh

bitnami/keycloak/22/debian-11/Dockerfile

@@ -0,0 +1,57 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+FROM docker.io/bitnami/minideb:bullseye
+
+ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
+ARG TARGETARCH
+
+LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
+      org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
+      org.opencontainers.image.created="2023-07-31T17:43:48Z" \
+      org.opencontainers.image.description="Application packaged by VMware, Inc" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.ref.name="22.0.1-debian-11-r1" \
+      org.opencontainers.image.title="keycloak" \
+      org.opencontainers.image.vendor="VMware, Inc." \
+      org.opencontainers.image.version="22.0.1"
+
+ENV HOME="/" \
+    OS_ARCH="${TARGETARCH:-amd64}" \
+    OS_FLAVOUR="debian-11" \
+    OS_NAME="linux"
+
+COPY prebuildfs /
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# Install required system packages and dependencies
+RUN install_packages ca-certificates curl krb5-user libaio1 procps zlib1g
+RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+    COMPONENTS=( \
+      "wait-for-port-1.0.6-11-linux-${OS_ARCH}-debian-11" \
+      "java-17.0.8-7-2-linux-${OS_ARCH}-debian-11" \
+      "keycloak-22.0.1-1-linux-${OS_ARCH}-debian-11" \
+    ) && \
+    for COMPONENT in "${COMPONENTS[@]}"; do \
+      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
+        curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \
+        curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \
+      fi && \
+      sha256sum -c "${COMPONENT}.tar.gz.sha256" && \
+      tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
+      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
+    done
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
+RUN chmod g+rwX /opt/bitnami
+
+COPY rootfs /
+RUN /opt/bitnami/scripts/java/postunpack.sh
+RUN /opt/bitnami/scripts/keycloak/postunpack.sh
+ENV APP_VERSION="22.0.1" \
+    BITNAMI_APP_NAME="keycloak" \
+    JAVA_HOME="/opt/bitnami/java" \
+    PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/keycloak/bin:$PATH"
+
+USER 1001
+ENTRYPOINT [ "/opt/bitnami/scripts/keycloak/entrypoint.sh" ]
+CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ]

bitnami/keycloak/22/debian-11/docker-compose.yml

@@ -0,0 +1,25 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+version: '2'
+services:
+  postgresql:
+    image: docker.io/bitnami/postgresql:11
+    environment:
+      # ALLOW_EMPTY_PASSWORD is recommended only for development.
+      - ALLOW_EMPTY_PASSWORD=yes
+      - POSTGRESQL_USERNAME=bn_keycloak
+      - POSTGRESQL_DATABASE=bitnami_keycloak
+    volumes:
+      - 'postgresql_data:/bitnami/postgresql'
+
+  keycloak:
+    image: docker.io/bitnami/keycloak:22
+    depends_on:
+      - postgresql
+    ports:
+      - "80:8080"
+
+volumes:
+  postgresql_data:
+    driver: local

bitnami/keycloak/22/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json

@@ -0,0 +1,20 @@
+{
+    "java": {
+        "arch": "amd64",
+        "distro": "debian-11",
+        "type": "NAMI",
+        "version": "17.0.8-7-2"
+    },
+    "keycloak": {
+        "arch": "amd64",
+        "distro": "debian-11",
+        "type": "NAMI",
+        "version": "22.0.1-1"
+    },
+    "wait-for-port": {
+        "arch": "amd64",
+        "distro": "debian-11",
+        "type": "NAMI",
+        "version": "1.0.6-11"
+    }
+}

bitnami/keycloak/22/debian-11/prebuildfs/opt/bitnami/licenses/licenses.txt

@@ -0,0 +1,2 @@
+Bitnami containers ship with software bundles. You can find the licenses under:
+/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

bitnami/keycloak/22/debian-11/prebuildfs/opt/bitnami/scripts/libbitnami.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Bitnami custom library
+
+# shellcheck disable=SC1091
+
+# Load Generic Libraries
+. /opt/bitnami/scripts/liblog.sh
+
+# Constants
+BOLD='\033[1m'
+
+# Functions
+
+########################
+# Print the welcome page
+# Globals:
+#   DISABLE_WELCOME_MESSAGE
+#   BITNAMI_APP_NAME
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+print_welcome_page() {
+    if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
+        if [[ -n "$BITNAMI_APP_NAME" ]]; then
+            print_image_welcome_page
+        fi
+    fi
+}
+
+########################
+# Print the welcome page for a Bitnami Docker image
+# Globals:
+#   BITNAMI_APP_NAME
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+print_image_welcome_page() {
+    local github_url="https://github.com/bitnami/containers"
+
+    log ""
+    log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
+    log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
+    log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}"
+    log ""
+}
+

bitnami/keycloak/22/debian-11/prebuildfs/opt/bitnami/scripts/libfile.sh

@@ -0,0 +1,141 @@
+#!/bin/bash
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Library for managing files
+
+# shellcheck disable=SC1091
+
+# Load Generic Libraries
+. /opt/bitnami/scripts/libos.sh
+
+# Functions
+
+########################
+# Replace a regex-matching string in a file
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - substitute regex
+#   $4 - use POSIX regex. Default: true
+# Returns:
+#   None
+#########################
+replace_in_file() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local substitute_regex="${3:?substitute regex is required}"
+    local posix_regex=${4:-true}
+
+    local result
+
+    # We should avoid using 'sed in-place' substitutions
+    # 1) They are not compatible with files mounted from ConfigMap(s)
+    # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+    local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+    if [[ $posix_regex = true ]]; then
+        result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+    else
+        result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+    fi
+    echo "$result" > "$filename"
+}
+
+########################
+# Replace a regex-matching multiline string in a file
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - substitute regex
+# Returns:
+#   None
+#########################
+replace_in_file_multiline() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local substitute_regex="${3:?substitute regex is required}"
+
+    local result
+    local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+    result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
+    echo "$result" > "$filename"
+}
+
+########################
+# Remove a line in a file based on a regex
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - use POSIX regex. Default: true
+# Returns:
+#   None
+#########################
+remove_in_file() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local posix_regex=${3:-true}
+    local result
+
+    # We should avoid using 'sed in-place' substitutions
+    # 1) They are not compatible with files mounted from ConfigMap(s)
+    # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+    if [[ $posix_regex = true ]]; then
+        result="$(sed -E "/$match_regex/d" "$filename")"
+    else
+        result="$(sed "/$match_regex/d" "$filename")"
+    fi
+    echo "$result" > "$filename"
+}
+
+########################
+# Appends text after the last line matching a pattern
+# Arguments:
+#   $1 - file
+#   $2 - match regex
+#   $3 - contents to add
+# Returns:
+#   None
+#########################
+append_file_after_last_match() {
+    local file="${1:?missing file}"
+    local match_regex="${2:?missing pattern}"
+    local value="${3:?missing value}"
+
+    # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
+    result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
+    echo "$result" > "$file"
+}
+
+########################
+# Wait until certain entry is present in a log file
+# Arguments:
+#   $1 - entry to look for
+#   $2 - log file
+#   $3 - max retries. Default: 12
+#   $4 - sleep between retries (in seconds). Default: 5
+# Returns:
+#   Boolean
+#########################
+wait_for_log_entry() {
+    local -r entry="${1:-missing entry}"
+    local -r log_file="${2:-missing log file}"
+    local -r retries="${3:-12}"
+    local -r interval_time="${4:-5}"
+    local attempt=0
+
+    check_log_file_for_entry() {
+        if ! grep -qE "$entry" "$log_file"; then
+            debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
+            return 1
+        fi
+    }
+    debug "Checking that ${log_file} log file contains entry \"${entry}\""
+    if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
+        debug "Found entry \"${entry}\" in ${log_file}"
+        true
+    else
+        error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
+        debug_execute cat "$log_file"
+        return 1
+    fi
+}