From a85aaee0af430ff464b2354ae2468abe5a9d485d Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Tue, 1 Aug 2023 10:46:22 +1000
Subject: [PATCH] feat: support changing more settings in keycloak

---
 Makefile                                      |  2 +-
 docker-compose.yaml                           |  5 ++-
 .../keycloak/keycloak-realm-settings.json     |  5 +++
 .../keycloak/keycloak-smtp-settings.json      | 16 ++++++++
 .../startup-scripts/00-configure-lagoon.sh    | 37 +++++++++++++++++++
 5 files changed, 63 insertions(+), 2 deletions(-)
 create mode 100644 local-dev/keycloak/keycloak-realm-settings.json
 create mode 100644 local-dev/keycloak/keycloak-smtp-settings.json

diff --git a/Makefile b/Makefile
index 9f8aac0d10..4dddffce58 100644
--- a/Makefile
+++ b/Makefile
@@ -342,7 +342,7 @@ api-development: build/api build/api-db build/local-api-data-watcher-pusher buil
 
 .PHONY: ui-logs-development
 ui-logs-development: build/actions-handler build/api build/api-db build/local-api-data-watcher-pusher build/keycloak build/keycloak-db build/broker-single build/api-redis build/logs2notifications build/local-minio
-	IMAGE_REPO=$(CI_BUILD_TAG) docker-compose -p $(CI_BUILD_TAG) --compatibility up -d api api-db actions-handler local-api-data-watcher-pusher ui keycloak keycloak-db broker api-redis logs2notifications local-minio local-minio-upload
+	IMAGE_REPO=$(CI_BUILD_TAG) docker-compose -p $(CI_BUILD_TAG) --compatibility up -d api api-db actions-handler local-api-data-watcher-pusher ui keycloak keycloak-db broker api-redis logs2notifications local-minio local-minio-upload mailhog
 
 ## CI targets
 
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 074db30664..0395d1b215 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -33,7 +33,7 @@ services:
   mailhog:
     image: mailhog/mailhog
     ports:
-      - 8025
+      - '32025:8025'
   webhooks2tasks:
     image: ${IMAGE_REPO:-lagoon}/webhooks2tasks
     command: yarn run dev
@@ -127,9 +127,12 @@ services:
       - keycloak-db
     ports:
       - '8088:8080'
+    environment:
+      - KEYCLOAK_ADMIN_EMAIL=admin@example.com
     volumes:
       - "./services/keycloak/profile.properties:/opt/jboss/keycloak/standalone/configuration/profile.properties"
       - "./services/keycloak/startup-scripts:/opt/jboss/startup-scripts"
+      - "./local-dev/keycloak:/lagoon/keycloak"
   keycloak-db:
     image: ${IMAGE_REPO:-lagoon}/keycloak-db
     ports:
diff --git a/local-dev/keycloak/keycloak-realm-settings.json b/local-dev/keycloak/keycloak-realm-settings.json
new file mode 100644
index 0000000000..604b2a5aeb
--- /dev/null
+++ b/local-dev/keycloak/keycloak-realm-settings.json
@@ -0,0 +1,5 @@
+{
+	"rememberMe": true,
+	"resetPasswordAllowed": true,
+	"verifyEmail": false
+}
\ No newline at end of file
diff --git a/local-dev/keycloak/keycloak-smtp-settings.json b/local-dev/keycloak/keycloak-smtp-settings.json
new file mode 100644
index 0000000000..60f114fa0d
--- /dev/null
+++ b/local-dev/keycloak/keycloak-smtp-settings.json
@@ -0,0 +1,16 @@
+{
+	"smtpServer": {
+		"envelopeFrom": "lagoon@example.com",
+		"from": "lagoon@example.com",
+		"fromDisplayName": "Lagoon",
+		"host": "mailhog",
+		"port": "1025",
+		"replyTo": "lagoon@example.com",
+		"replyToDisplayName": "Lagoon No-Reply",
+		"ssl": "false",
+		"starttls": "false",
+		"auth": "false",
+		"user": "not-used-if-auth=false",
+		"password": "not-used-if-auth=false"
+	}
+}
\ No newline at end of file
diff --git a/services/keycloak/startup-scripts/00-configure-lagoon.sh b/services/keycloak/startup-scripts/00-configure-lagoon.sh
index 88a0aba1c1..e7bd308498 100755
--- a/services/keycloak/startup-scripts/00-configure-lagoon.sh
+++ b/services/keycloak/startup-scripts/00-configure-lagoon.sh
@@ -71,6 +71,7 @@ function configure_lagoon_realm {
     CLIENT_ID=$(/opt/jboss/keycloak/bin/kcadm.sh get  -r lagoon clients?clientId=lagoon-ui --config $CONFIG_PATH | jq -r '.[0]["id"]')
     echo '{"protocol":"openid-connect","config":{"id.token.claim":"true","access.token.claim":"true","userinfo.token.claim":"true","user.attribute":"lagoon-uid","claim.name":"lagoon.user_id","jsonType.label":"int","multivalued":""},"name":"Lagoon User ID","protocolMapper":"oidc-usermodel-attribute-mapper"}' | /opt/jboss/keycloak/bin/kcadm.sh create -r ${KEYCLOAK_REALM:-master} clients/$CLIENT_ID/protocol-mappers/models --config $CONFIG_PATH -f -
 
+    # don't use KEYCLOAK_REALM_SETTINGS, use the 'configure_realm_settings' way to pass values from a file (inject by configmap/volume mount)
     if [ "$KEYCLOAK_REALM_SETTINGS" ]; then
         echo Applying extra Realm settings
         echo $KEYCLOAK_REALM_SETTINGS | /opt/jboss/keycloak/bin/kcadm.sh update realms/${KEYCLOAK_REALM:-master} --config $CONFIG_PATH -f -
@@ -90,6 +91,39 @@ function configure_lagoon_realm {
     fi
 }
 
+function configure_admin_email {
+  # Configure the admin user with an email address so that email configuration can be enabled in the lagoon realm
+  # this will always update the email address of the admin user if it is defined
+  if [ "$KEYCLOAK_ADMIN_EMAIL" != "" ]; then
+    echo Configuring admin user email to ${KEYCLOAK_ADMIN_EMAIL}
+    ADMIN_USER_ID=$(/opt/jboss/keycloak/bin/kcadm.sh get users -r master --config $CONFIG_PATH -q username=admin | jq -r '.[0]|.id')
+    /opt/jboss/keycloak/bin/kcadm.sh update users/${ADMIN_USER_ID} --config $CONFIG_PATH -s "email=${KEYCLOAK_ADMIN_EMAIL}"
+  fi
+
+}
+
+function configure_smtp_settings {
+  # this checks if the file containing the json data for email configuration exists
+  if [ "$KEYCLOAK_ADMIN_EMAIL" == "" ] && [ -f "/lagoon/keycloak/keycloak-smtp-settings.json" ]; then
+    echo "Admin email must be set to configure lagoon realm email server settings"
+    return 0
+  fi
+  if [ -f "/lagoon/keycloak/keycloak-smtp-settings.json" ]; then
+    echo Configuring lagoon realm email server settings
+    /opt/jboss/keycloak/bin/kcadm.sh update realms/lagoon --config $CONFIG_PATH -f /lagoon/keycloak/keycloak-smtp-settings.json
+  fi
+
+}
+
+function configure_realm_settings {
+  # this checks if the file containing the json data for realm settings exists
+  if [ -f "/lagoon/keycloak/keycloak-realm-settings.json" ]; then
+    echo Configuring lagoon realm settings
+    /opt/jboss/keycloak/bin/kcadm.sh update realms/lagoon --config $CONFIG_PATH -f /lagoon/keycloak/keycloak-realm-settings.json
+  fi
+
+}
+
 function configure_opendistro_security_client {
 
     # delete old SearchGuard Clients
@@ -2346,6 +2380,9 @@ function configure_keycloak {
 
     # Sets the order of migrations, add new ones at the end.
     configure_lagoon_realm
+    configure_admin_email
+    configure_smtp_settings
+    configure_realm_settings
     configure_opendistro_security_client
     configure_api_client
     add_group_viewall