From e20e00a3c2dd98f0bfded89949eb554fa8177c66 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@hackerspace-zone.labs.lowerlayer.nl>
Date: Fri, 11 Nov 2022 17:53:45 +0000
Subject: [PATCH] keycloak: fix setup to use a shell script

---
 keycloak.yaml                |  8 ++++++--
 keycloak/entrypoint-setup.sh | 19 +++++++++++++++++++
 keycloak/mail-setup.sh       | 27 +++++++++++++++++++++++++++
 3 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100755 keycloak/entrypoint-setup.sh
 create mode 100755 keycloak/mail-setup.sh

diff --git a/keycloak.yaml b/keycloak.yaml
index d83d08b..35151f0 100644
--- a/keycloak.yaml
+++ b/keycloak.yaml
@@ -42,6 +42,9 @@ services:
       depends_on:
         - keycloak-db
 
+  # all of the various subdomains can install files in
+  # /keycloak-setup/ to be executed during the setup phase
+  # to enable their clients using the client-create tool
   keycloak-setup:
         image: quay.io/keycloak/keycloak:18.0.0
         profiles:
@@ -52,9 +55,10 @@ services:
         env_file:
           - env.production
           - data/keycloak/secrets
-        entrypoint: /keycloak-setup.sh
+        entrypoint: /entrypoint.sh
         volumes:
-          - ./keycloak/setup:/keycloak-setup.sh:ro
+          - ./keycloak/entrypoint-setup.sh:/entrypoint.sh:ro
+          - ./keycloak/mail-setup.sh:/keycloak-setup/mail-setup.sh:ro
           - ./keycloak/client-create:/bin/client-create:ro
 
   # add the keycloak nginx configuration into the nginx volume
diff --git a/keycloak/entrypoint-setup.sh b/keycloak/entrypoint-setup.sh
new file mode 100755
index 0000000..051bff2
--- /dev/null
+++ b/keycloak/entrypoint-setup.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+export PATH=/opt/keycloak/bin:$PATH
+
+# perform an authentication as admin so that all other scripts can
+# use the cached credentials
+
+kcadm.sh \
+	config credentials \
+	--server http://keycloak:8080/ \
+	--user admin \
+	--password "$KEYCLOAK_ADMIN_PASSWORD" \
+	--realm master \
+|| exit 1
+
+for file in /keycloak-setup/* ; do
+	echo >&2 "$file: running setup"
+	$file || exit 1
+done
diff --git a/keycloak/mail-setup.sh b/keycloak/mail-setup.sh
new file mode 100755
index 0000000..6e8c716
--- /dev/null
+++ b/keycloak/mail-setup.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [ -z "$SMTP_SERVER" ]; then
+	exit 0
+fi
+
+echo >&2 "*** configuring email to use $SMTP_SERVER"
+/opt/keycloak/bin/kcadm.sh update \
+	"realms/$REALM" \
+	-f - <<EOF || exit 1
+{
+  "resetPasswordAllowed": "true",
+  "smtpServer" : {
+    "auth" : "true",
+    "starttls" : "true",
+    "user" : "$SMTP_USER",
+    "password" : "$SMTP_PASSWORD",
+    "port" : "$SMTP_PORT",
+    "host" : "$SMTP_SERVER",
+    "from" : "keycloak@$DOMAIN_NAME",
+    "fromDisplayName" : "Keycloak @ $DOMAIN_NAME",
+    "ssl" : "false"
+  }
+}
+EOF
+
+exit 0