forked from keycloak/kc-sig-fapi
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-compose.yml
116 lines (116 loc) · 3.31 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
version: '3.6'
services:
load_balancer:
build:
context: ./load-balancer
ports:
- "443:443"
environment:
- KEYCLOAK_FQDN=${KEYCLOAK_FQDN}
- RESOURCE_FQDN=${RESOURCE_FQDN}
- CONFORMANCE_SUITE_FQDN=${CONFORMANCE_SUITE_FQDN}
depends_on:
- keycloak
- api_gateway_nginx
- httpd
networks:
default:
aliases:
- ${KEYCLOAK_FQDN}
- ${RESOURCE_FQDN}
- ${CONFORMANCE_SUITE_FQDN}
keycloak:
build:
context: ./keycloak
args:
KEYCLOAK_BASE_IMAGE: ${KEYCLOAK_BASE_IMAGE}
KEYCLOAK_REALM_IMPORT_FILENAME: ${KEYCLOAK_REALM_IMPORT_FILENAME}
ports:
- "8787:8787"
environment:
- KEYCLOAK_USER=${KEYCLOAK_USER}
- KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
volumes:
- ./https/server.pem:/etc/x509/https/tls.crt
- ./https/server-key.pem:/etc/x509/https/tls.key
- ./https/client-ca.pem:/etc/x509/https/client-ca.crt
# - ../bin/keycloak-conformance-test:/opt/jboss/keycloak
command: "-b 0.0.0.0 -Djboss.socket.binding.port-offset=1000 --debug -Dkeycloak.profile=preview"
api_gateway_nginx:
build:
context: ./api-gateway-nginx
volumes:
- ./https/server.pem:/etc/x509/https/tls.crt
- ./https/server-key.pem:/etc/x509/https/tls.key
- ./https/client-ca.pem:/etc/x509/https/client-ca.crt
- ./https/ca.pem:/usr/local/share/ca-certificates/keycloak-fapi-ca.pem
environment:
- SERVER_NAME=${RESOURCE_FQDN}
- INTROSPECTION_ENDPOINT_URL=https://${KEYCLOAK_FQDN}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token/introspect
# JWT access token veirfication can't pass reuse-authorisation-code case
# - DISCOVERY_URL=https://${KEYCLOAK_FQDN}/auth/realms/${KEYCLOAK_REALM}/.well-known/openid-configuration
- CLIENT_SECRET=2ef90464-b0fc-4e06-965d-19ef671a3e22
depends_on:
- resource_server
- keycloak
resource_server:
build:
context: ./resource-server
client_jwks_server:
build:
context: ./client_private_keys
volumes:
- ./client_private_keys:/keys
command: /keys
test_runner:
build:
context: ./test-runner
environment:
- AUTOMATE_TESTS=${AUTOMATE_TESTS}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./fapi-conformance-suite-configs:/json-config
depends_on:
- load_balancer
- keycloak
- server
mongodb:
image: mongo
# volumes:
# - mongodata:/data/db
httpd:
build:
context: ${OPENID_GIT_URL}#${OPENID_GIT_TAG}:httpd
ports:
- "8443:8443"
depends_on:
- server
server:
build:
context: ./conformance-suite
args:
OPENID_GIT_URL: ${OPENID_GIT_URL}
OPENID_GIT_TAG: ${OPENID_GIT_TAG}
ports:
- "9999:9999"
volumes:
- ${MVN_HOME}:/root/.m2
- ./report:/conformance-suite/report
- ./fapi-conformance-suite-configs/:/conformance-suite/.gitlab-ci/fapi-conformance-suite-configs/
environment:
- CONFORMANCE_SERVER=https://${CONFORMANCE_SUITE_FQDN}
- CONFORMANCE_DEV_MODE=1
- MONGODB_HOST=mongodb
links:
- mongodb:mongodb
depends_on:
- mongodb
- keycloak
logging:
# limit logs retained on host
driver: "json-file"
options:
max-size: "500k"
max-file: "5"
#volumes:
# mongodata: