From fdb42af20b9093a45b95dd014389b2b60ab60b4f Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Mon, 30 Jan 2023 16:26:19 +0100
Subject: [PATCH] Switch to non-legacy keycloak images

This switches the keycloak service to the more recent quarkus based images. Away
from the legacy wildfly based image.
---
 .../keycloak/docker-entrypoint-override.sh    |  6 ++--
 .../examples/ocis_keycloak/docker-compose.yml | 30 +++++++++----------
 2 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh b/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh
index c6948c50a..26e94a6dc 100644
--- a/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh
+++ b/deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 printenv
 # replace oCIS domain in keycloak realm import
-cp /opt/jboss/keycloak/ocis-realm.dist.json /opt/jboss/keycloak/ocis-realm.json
-sed -i "s/ocis.owncloud.test/${OCIS_DOMAIN}/g" /opt/jboss/keycloak/ocis-realm.json
+mkdir /opt/keycloak/data/import
+sed -e "s/ocis.owncloud.test/${OCIS_DOMAIN}/g" /opt/keycloak/data/import-dist/ocis-realm.json > /opt/keycloak/data/import/ocis-realm.json
 
 # run original docker-entrypoint
-/opt/jboss/tools/docker-entrypoint.sh
+/opt/keycloak/bin/kc.sh "$@"
diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml
index 29394d3d8..b486ca858 100644
--- a/deployments/examples/ocis_keycloak/docker-compose.yml
+++ b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -60,7 +60,7 @@ services:
     environment:
       # Keycloak IDP specific configuration
       PROXY_AUTOPROVISION_ACCOUNTS: "true"
-      OCIS_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-oCIS}
+      OCIS_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/realms/${KEYCLOAK_REALM:-oCIS}
       PROXY_OIDC_REWRITE_WELLKNOWN: "true"
       WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web}
       # general config
@@ -99,26 +99,24 @@ services:
     restart: always
 
   keycloak:
-    # Keycloak WildFly distribution, Quarkus is not ready yet for automatic setup https://github.com/keycloak/keycloak/issues/10216
-    image: quay.io/keycloak/keycloak:legacy
+    image: quay.io/keycloak/keycloak:20.0
     networks:
       ocis-net:
-    entrypoint: ["/bin/sh", "/opt/jboss/tools/docker-entrypoint-override.sh"]
+    command: ["start", "--proxy edge", "--import-realm"]
+    entrypoint: ["/bin/sh", "/opt/keycloak/bin/docker-entrypoint-override.sh"]
     volumes:
-      - ./config/keycloak/docker-entrypoint-override.sh:/opt/jboss/tools/docker-entrypoint-override.sh
-      - ./config/keycloak/ocis-realm.dist.json:/opt/jboss/keycloak/ocis-realm.dist.json
+      - "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh"
+      - "./config/keycloak/ocis-realm.dist.json:/opt/keycloak/data/import-dist/ocis-realm.json"
     environment:
       OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
-      DB_VENDOR: POSTGRES
-      DB_ADDR: postgres
-      DB_DATABASE: keycloak
-      DB_USER: keycloak
-      DB_SCHEMA: public
-      DB_PASSWORD: keycloak
-      KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin}
-      KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
-      PROXY_ADDRESS_FORWARDING: "true"
-      KEYCLOAK_IMPORT: /opt/jboss/keycloak/ocis-realm.json
+      KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
+      KC_DB: postgres
+      KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: keycloak
+      KC_FEATURES: impersonation
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER:-admin}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.keycloak.entrypoints=https"