🐳 [#80] Set up infra + test for live integration test

maykinmedia · Feb 5, 2024 · b641a81 · b641a81
1 parent e8b216d
commit b641a81
Show file tree

Hide file tree

Showing 10 changed files with 2,122 additions and 16 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,24 @@
+# Config taken from https://stackoverflow.com/a/77257732
+#
+# This docker-compose is for development and test purposes. Tests are recorded with
+# VCR against this instance.
+#
+#   Log in to http://localhost:8080/admin/master/console/ with `admin`/`admin`
+#   credentials.
+#
+# DO NOT USE THIS IN PRODUCTION.
+#
+
+version: '3.8'
+
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:23.0.6
+    command: start-dev --import-realm
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+    volumes:
+      - ./docker/import:/opt/keycloak/data/import
+    ports:
+      - 8080:8080
diff --git a/docker/README.md b/docker/README.md
@@ -0,0 +1,33 @@
+# Keycloak Realm export and import
+
+The `import/realm.json` is loaded when the Keycloak service is spun up through
+docker-compose. In the top-level directory:
+
+```bash
+docker-compose up -d
+```
+
+You can now log in via `http://localhost:8080` with the `admin`/`admin` credentials.
+
+## Exporting the Realm
+
+In short - exporting through the admin UI (rightfully) obfuscates client secrets and
+user credentials. However, for reproducible builds/environments, we want to include
+this data in the Realm export.
+
+Ensure the service is up and running through docker-compose.
+
+Ensure that UID `1000` can write to `./docker/import/`:
+
+```bash
+chmod o+rwx ./docker/import/
+```
+
+Then open another terminal and run:
+
+   ```bash
+   docker-compose exec keycloak ./bin/kc.sh \
+    export \
+    --file /opt/keycloak/data/import/test-realm.json \
+    --realm test
+   ```