From d1b89fe65fbd206c26b2bc783a4f894a056f80c4 Mon Sep 17 00:00:00 2001
From: Matthieu Borgognon <mat.gh@bqn.ch>
Date: Wed, 6 Jul 2022 03:00:24 +0200
Subject: [PATCH] Upgrade keycloak to v18+ and switch to official repos
 breaking changes (#675)

* Update Ghost to v5 breaking changes

* Fix formatting issue

* Upgrade keycloak to v18+ and switch to official repos breaking changes

* Made data persistent trough postgres

* Fix formatting
---
 public/v4/apps/keycloak.yml | 65 ++++++++++++++++++++++++-------------
 1 file changed, 42 insertions(+), 23 deletions(-)

diff --git a/public/v4/apps/keycloak.yml b/public/v4/apps/keycloak.yml
index d69ef68..4481228 100644
--- a/public/v4/apps/keycloak.yml
+++ b/public/v4/apps/keycloak.yml
@@ -1,4 +1,3 @@
-# tested on CR 1.10.1 2022-01-08 by sneak
 captainVersion: 4
 services:
     $$cap_appname-db:
@@ -13,45 +12,55 @@ services:
         caproverExtra:
             notExposeAsWebApp: 'true'
     $$cap_appname:
-        image: jboss/keycloak:$$cap_keycloak_version
         depends_on:
             - $$cap_appname-db
         restart: always
         environment:
-            DB_VENDOR: postgres
-            DB_ADDR: srv-captain--$$cap_appname-db
-            POSTGRES_DB: keycloak
-            DB_USER: keycloak
-            DB_PASSWORD: $$cap_pg_pass
-            KEYCLOAK_USER: $$cap_keycloak_user
-            KEYCLOAK_PASSWORD: $$cap_keycloak_password
-            PROXY_ADDRESS_FORWARDING: 'true'
+            KEYCLOAK_ADMIN: $$cap_keycloak_admin
+            KEYCLOAK_ADMIN_PASSWORD: $$cap_keycloak_password
+            KC_DB_PASSWORD: $$cap_pg_pass
         caproverExtra:
             containerHttpPort: '8080'
+            dockerfileLines:
+                - FROM quay.io/keycloak/keycloak:$$cap_keycloak_version as builder
+                - ENV KC_HEALTH_ENABLED=true
+                - ENV KC_METRICS_ENABLED=false
+                - ENV KC_FEATURES=token-exchange,recovery-codes
+                - ENV KC_DB=postgres
+                - RUN /opt/keycloak/bin/kc.sh build
+
+                - FROM quay.io/keycloak/keycloak:$$cap_keycloak_version
+                - COPY --from=builder /opt/keycloak/ /opt/keycloak/
+                - WORKDIR /opt/keycloak
+                - ENV KC_DB_URL=jdbc:postgresql://srv-captain--$$cap_appname-db/keycloak
+                - ENV KC_DB_USERNAME=keycloak
+                - ENV KC_DB_PASSWORD=$$cap_pg_pass
+                - ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--hostname=$$cap_appname.$$cap_root_domain", "--proxy=edge"]
+
 caproverOneClickApp:
     variables:
         - id: $$cap_postgres_version
           label: Postgres Version
-          defaultValue: '9.6'
-          description: Check out their Docker page for the valid tags https://hub.docker.com/r/library/postgres/tags/
+          defaultValue: '10.21'
+          description: Check out their DB page for any valid major tested https://www.keycloak.org/server/db
           validRegex: /^([^\s^\/])+$/
         - id: $$cap_keycloak_version
           label: Keycloak Version
-          defaultValue: 16.1.0
-          description: v16.1.0 current as of 2021-12-21.  Check out their Docker page for the valid tags https://hub.docker.com/r/jboss/keycloak/tags
+          defaultValue: 18.0.2
+          description: v18.0.2 current as of 2022-07-04.  Check out their Docker page for the valid tags https://quay.io/repository/keycloak/keycloak?tab=tags
           validRegex: /^([^\s^\/])+$/
         - id: $$cap_pg_pass
           label: Postgres Password
           description: 'App-to-app database credential.  12-20 characters.'
           defaultValue: $$cap_gen_random_hex(20)
           validRegex: /.{12,20}/
-        - id: $$cap_keycloak_user
-          label: Keycloak user
-          description: 'Login username for the first web user.'
+        - id: $$cap_keycloak_admin
+          label: Keycloak admin user
+          description: 'Login username for the admin web user.'
           validRegex: /.{1,}/
         - id: $$cap_keycloak_password
-          label: Keycloak password
-          description: 'Login password for the first web user.  12-20 characters.'
+          label: Keycloak admin password
+          description: 'Login password for the admin web user.  12-20 characters.'
           defaultValue: $$cap_gen_random_hex(20)
           validRegex: /.{12,20}/
     instructions:
@@ -62,11 +71,21 @@ caproverOneClickApp:
 
             For source code, see: https://github.com/keycloak/keycloak
 
-            For docker image, see: https://hub.docker.com/r/jboss/keycloak
+            For docker image, see: https://quay.io/repository/keycloak/keycloak
 
-            Enter your Keycloak Configuration parameters and click on next. It will take about a minute for the process to finish.
-        end: Keycloak is deployed and available as srv-captain--$$cap_appname:8080 to other apps
+            Enter your Keycloak Configuration parameters and click on next.
+        end: >
+            Keycloak is deployed and available as $$cap_appname. 
+
+            Before starting using Keycloak, you'll need to
+
+            - Enable HTTPS
+
+            - Force HTTPS by redirecting all HTTP traffic to HTTPS
+
+
+            IMPORTANT: It will take up to 1 minutes for Keycloak to be ready. Before that, you might see 502 error page.
     displayName: ''
     isOfficial: true
     description: Keycloak is an open source identity and access management solution
-    documentation: Taken from https://github.com/jboss-dockerfiles/keycloak/blob/master/server/README.md
+    documentation: Taken from https://github.com/keycloak/keycloak-containers/blob/main/docker-compose-examples/keycloak-postgres.yml