KEYCLOAK_WAR cannot use expression

JeffersonLab · Aug 21, 2023 · 86df35a · 86df35a
1 parent c7e0438
commit 86df35a
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 16 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -23,7 +23,6 @@ RUN cd /tmp \
 ## Let's minimize layers in final-product by organizing files into a single copy structure
 RUN mkdir /unicopy \
     && cp /app/config/docker-server.env /unicopy \
-    && cp /app/config/docker-app.env /unicopy \
     && cp /app/scripts/TestOracleConnection.java /unicopy \
     && cp /app/scripts/docker-entrypoint.sh /unicopy \
     && cp /app/scripts/server-setup.sh /unicopy \
@@ -42,7 +41,6 @@ COPY --from=builder /tmp/server.p12 /opt/jboss/wildfly/standalone/configuration
 RUN /update-certs-runner.sh ${CUSTOM_CRT_URL} \
     && chsh -s /bin/bash jboss \
     && /server-setup.sh /docker-server.env \
-    && /app-setup.sh /docker-app.env \
     && rm -rf /opt/jboss/wildfly/standalone/configuration/standalone_xml_history
 ENTRYPOINT ["/docker-entrypoint.sh"]
 ENV ORACLE_DRIVER_PATH=$ORACLE_DRIVER_PATH

diff --git a/README.md b/README.md
@@ -53,7 +53,7 @@ Must be executed once per app installed in Wildfly.
 | KEYCLOAK_RESOURCE   | Keycloak resource to configure                                           | YES                 |
 | KEYCLOAK_SECRET     | Keycloak Secret                                                          | YES                 |
 | KEYCLOAK_SERVER_URL | Scheme, host name, and port of Keycloak authentication server            | YES                 |
-| KEYCLOAK_WAR        | Name of war file to secure with Keycloak (app key)                       | YES                 |
+| KEYCLOAK_WAR        | Name of war file to secure with Keycloak (app key)                       | NO                  |
 | ORACLE_DATASOURCE   | Name of Oracle datasource (app key)                                      | NO                  |
 | ORACLE_SERVER       | Host name and port of Oracle server to use to connect to DB from Wildfly | NO                  |
 | ORACLE_SERVICE      | Oracle Service name to use to connect to DB from Wildfly                 | NO                  |

diff --git a/config/docker-app.env b/config/docker-app.env
diff --git a/config/docker-server.env b/config/docker-server.env
@@ -11,7 +11,5 @@ ADD_JBOSS_MODULES='local|org.apache.poi|https://repo1.maven.org/maven2/org/apach
 global|org.tuckey.urlrewritefilter|https://repo1.maven.org/maven2/org/tuckey/urlrewritefilter/4.0.4/urlrewritefilter-4.0.4.jar|javaee.api,org.jboss.as.web
 global|org.jlab.jlog|https://repo1.maven.org/maven2/org/jlab/jlog/5.0.0/jlog-5.0.0.jar|javaee.api,org.jboss.as.web
 global|org.keycloak.admin-client|https://repo1.maven.org/maven2/org/keycloak/keycloak-admin-client/20.0.5/keycloak-admin-client-20.0.5.jar,https://repo1.maven.org/maven2/org/keycloak/keycloak-core/20.0.5/keycloak-core-20.0.5.jar,https://repo1.maven.org/maven2/org/keycloak/keycloak-common/20.0.5/keycloak-common-20.0.5.jar|org.jboss.ws.api,javax.ws.rs.api,org.jboss.logging,org.jboss.resteasy.resteasy-client,org.jboss.resteasy.resteasy-jackson2-provider,org.jboss.resteasy.resteasy-jaxb-provider,org.jboss.resteasy.resteasy-multipart-provider'
-WILDFLY_SKIP_RELOAD=defined
-WILDFLY_SKIP_STOP=defined
 KEYSTORE_NAME=server.p12
 KEYSTORE_PASS=changeit
diff --git a/scripts/app-setup.sh b/scripts/app-setup.sh
@@ -66,13 +66,24 @@ done
 echo $(date) " Wildfly started!"
 }
 
-config_keycloak_client() {
+config_keycloak_client_dynamic() {
 DEPLOYMENT_CONFIG=principal-attribute="preferred_username",ssl-required=EXTERNAL,resource="\${env.KEYCLOAK_RESOURCE:${KEYCLOAK_RESOURCE}}",realm="\${env.KEYCLOAK_REALM:${KEYCLOAK_REALM}}",auth-server-url=\${env.KEYCLOAK_SERVER_URL:${KEYCLOAK_SERVER_URL}}
 
 ${WILDFLY_CLI_PATH} -c <<EOF
 batch
-/subsystem=elytron-oidc-client/secure-deployment="\${env.KEYCLOAK_WAR:${KEYCLOAK_WAR}}"/:add(${DEPLOYMENT_CONFIG})
-/subsystem=elytron-oidc-client/secure-deployment="\${env.KEYCLOAK_WAR:${KEYCLOAK_WAR}}"/credential=secret:add(secret="\${env.KEYCLOAK_SECRET:${KEYCLOAK_SECRET}}")
+/subsystem=elytron-oidc-client/secure-deployment="${KEYCLOAK_WAR}"/:add(${DEPLOYMENT_CONFIG})
+/subsystem=elytron-oidc-client/secure-deployment="${KEYCLOAK_WAR}"/credential=secret:add(secret="\${env.KEYCLOAK_SECRET:${KEYCLOAK_SECRET}}")
+run-batch
+EOF
+}
+
+config_keycloak_client() {
+DEPLOYMENT_CONFIG=principal-attribute="preferred_username",ssl-required=EXTERNAL,resource="${KEYCLOAK_RESOURCE}",realm="${KEYCLOAK_REALM}",auth-server-url=${KEYCLOAK_SERVER_URL}
+
+${WILDFLY_CLI_PATH} -c <<EOF
+batch
+/subsystem=elytron-oidc-client/secure-deployment="${KEYCLOAK_WAR}"/:add(${DEPLOYMENT_CONFIG})
+/subsystem=elytron-oidc-client/secure-deployment="${KEYCLOAK_WAR}"/credential=secret:add(secret="${KEYCLOAK_SECRET}")
 run-batch
 EOF
 }