search

egovernments / DIVOC

Open source digital platform for large scale vaccination and digital credentialing programs. Built for India scale, addresses future vaccination scenarios, digital credentialing, and beyond.
MIT License
161 stars 204 forks source link

[BUG] #845

Open supersaiyane opened 2 years ago

supersaiyane commented 2 years ago

Not able to upload Divoc Realm

To Reproduce

  1. Create Keycloak DB and execute following commands

    • Create user keycloak;
    • Create user keycloak with encrypted password ‘keycloak’;
    • grant all privileges on database keycloak to keycloak;

  2. Create Registry DB and execute the following commands

    • create database registry
    • grant all privileges on database registry to postgres;
    • Setting Keycloak HTTPS value
      • \c registry
      • select * from realm
      • update realm set ssl_required='NONE' where id='master'

  3. Deploy Keycloak and registry with appropriate env values in kubernetes.

4 . Use REST API

Request 1

RESTful command: POST URL: https://KEYCLOAKSERVER/auth/realms/master/protocol/openid-connect/token Header: Key Value
Content-Type application/x-www-form-urlencoded
Body: Key Value
grant_type password
client_id admin-cli
username admin
password admin

Request 2

RESTful command: POST URL: https://KEYCLOAKSERVER/auth/admin/realms Header: Copy the access_token value and past the token value into the authorization.

Key Value
Authorization bearer access_token value
Content-Type application/json

Body: <@Divoc Realm as json> raw JSON(application/json)

  1. Direct from Keycloak Console.
  2. Directly going into keycloak Pod in kubernetes.
    • this gives issue that curl: (7) Failed to connect to localhost port 8596: Connection refused 
      
curl --location --request POST 'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data-urlencode 'grant_type=password' \
 --data-urlencode 'client_id=admin-cli' \
 --data-urlencode 'username=admin' \
--data-urlencode 'password=admin'

curl --location --request POST 'http://localhost:8080/auth/admin/realms' \ --header 'Authorization: bearer \ --header 'Content-Type: application/json' \ --data-raw ''



**Expected behavior**
Divoc realm should be update properly in keycloak.

**Additional context**
Keycloak YAML is taken from Divoc github
dileepbapat commented 2 years ago

what is the port 8596? are you using default configuration from the repo?

supersaiyane commented 2 years ago

Aahh its 8080, got it typo.

supersaiyane commented 2 years ago

Have resolved this Issue by

  1. Creating image from keycloak
  2. Adding realm to the image
  3. Executing Realm script with realm.
  4. IMP: adding config.batch is optional

Though the issue is not resolved, this the way around i did.

Dockerfile

FROM dockerhub/keycloak:1.23.3-generic

COPY --chown=jboss ./config.batch /tmp/config.batch
COPY ./divoc.json /opt/jboss/keycloak/divoc.json

RUN cd $JBOSS_HOME \
  && ./bin/jboss-cli.sh --file=/tmp/config.batch \
  && rm -rf $JBOSS_HOME/standalone/configuration/standalone_xml_history \
  && rm -rf $JBOSS_HOME/standalone/data \
  && rm -rf $JBOSS_HOME/standalone/tmp \
  && rm -rf /tmp/config.batch

config.batch

embed-server --std-out=echo --server-config=standalone-ha.xml
batch
/system-property=jboss.as.management.blocking.timeout:add(value=900)
/subsystem=deployment-scanner/scanner=default:write-attribute(name=deployment-timeout,value=900)
/subsystem=transactions:write-attribute(name=default-timeout,value=900)
run-batch
stop-embedded-server

Then added env below to the keycloak deployment yaml 

- name: KEYCLOAK_IMPORT
   value: "/opt/jboss/keycloak/divoc.json -Dkeycloak.migration.realmName='divoc' -Dkeycloak.profile.feature.upload_scripts=enabled"