-
Notifications
You must be signed in to change notification settings - Fork 4.2k
/
keycloak-env.sh
188 lines (178 loc) · 8.62 KB
/
keycloak-env.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for keycloak
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-keycloak}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
keycloak_env_vars=(
KEYCLOAK_MOUNTED_CONF_DIR
KC_RUN_IN_CONTAINER
KEYCLOAK_ADMIN
KEYCLOAK_ADMIN_PASSWORD
KEYCLOAK_HTTP_RELATIVE_PATH
KEYCLOAK_HTTP_PORT
KEYCLOAK_HTTPS_PORT
KEYCLOAK_BIND_ADDRESS
KEYCLOAK_HOSTNAME
KEYCLOAK_INIT_MAX_RETRIES
KEYCLOAK_CACHE_TYPE
KEYCLOAK_CACHE_STACK
KEYCLOAK_CACHE_CONFIG_FILE
KEYCLOAK_EXTRA_ARGS
KEYCLOAK_ENABLE_STATISTICS
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS
KEYCLOAK_ENABLE_HTTPS
KEYCLOAK_HTTPS_TRUST_STORE_FILE
KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD
KEYCLOAK_HTTPS_KEY_STORE_FILE
KEYCLOAK_HTTPS_KEY_STORE_PASSWORD
KEYCLOAK_HTTPS_USE_PEM
KEYCLOAK_HTTPS_CERTIFICATE_FILE
KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE
KEYCLOAK_SPI_TRUSTSTORE_FILE
KEYCLOAK_SPI_TRUSTSTORE_PASSWORD
KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY
KEYCLOAK_LOG_LEVEL
KEYCLOAK_LOG_OUTPUT
KEYCLOAK_ROOT_LOG_LEVEL
KEYCLOAK_PROXY
KEYCLOAK_PRODUCTION
KEYCLOAK_EXTRA_ARGS_PREPENDED
KEYCLOAK_DATABASE_VENDOR
KEYCLOAK_DATABASE_HOST
KEYCLOAK_DATABASE_PORT
KEYCLOAK_DATABASE_USER
KEYCLOAK_DATABASE_NAME
KEYCLOAK_DATABASE_PASSWORD
KEYCLOAK_DATABASE_SCHEMA
KEYCLOAK_JDBC_PARAMS
KEYCLOAK_JDBC_DRIVER
KEYCLOAK_DAEMON_USER
KEYCLOAK_DAEMON_GROUP
KEYCLOAK_ADMIN_USER
KC_HOSTNAME
KC_HTTPS_TRUST_STORE_FILE
KC_HTTPS_TRUST_STORE_PASSWORD
KC_HTTPS_KEY_STORE_FILE
KC_HTTPS_KEY_STORE_PASSWORD
KC_HTTPS_CERTIFICATE_FILE
KC_HTTPS_CERTIFICATE_KEY_FILE
KC_SPI_TRUSTSTORE_FILE_FILE
KC_SPI_TRUSTSTORE_PASSWORD
KC_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY
DB_ADDR
DB_PORT
DB_USER
DB_DATABASE
DB_PASSWORD
DB_SCHEMA
JDBC_PARAMS
)
for env_var in "${keycloak_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset keycloak_env_vars
# Paths
export BITNAMI_VOLUME_DIR="/bitnami"
export JAVA_HOME="/opt/bitnami/java"
export KEYCLOAK_BASE_DIR="/opt/bitnami/keycloak"
export KEYCLOAK_BIN_DIR="$KEYCLOAK_BASE_DIR/bin"
export KEYCLOAK_PROVIDERS_DIR="$KEYCLOAK_BASE_DIR/providers"
export KEYCLOAK_LOG_DIR="$KEYCLOAK_PROVIDERS_DIR/log"
export KEYCLOAK_TMP_DIR="$KEYCLOAK_PROVIDERS_DIR/tmp"
export KEYCLOAK_DOMAIN_TMP_DIR="$KEYCLOAK_BASE_DIR/domain/tmp"
export WILDFLY_BASE_DIR="/opt/bitnami/wildfly"
export KEYCLOAK_VOLUME_DIR="/bitnami/keycloak"
export KEYCLOAK_CONF_DIR="$KEYCLOAK_BASE_DIR/conf"
export KEYCLOAK_DEFAULT_CONF_DIR="$KEYCLOAK_BASE_DIR/conf.default"
export KEYCLOAK_MOUNTED_CONF_DIR="${KEYCLOAK_MOUNTED_CONF_DIR:-${KEYCLOAK_VOLUME_DIR}/conf}"
export KEYCLOAK_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export KEYCLOAK_CONF_FILE="keycloak.conf"
export KEYCLOAK_DEFAULT_CONF_FILE="keycloak.conf"
# Keycloak kc.sh context
export KC_RUN_IN_CONTAINER="${KC_RUN_IN_CONTAINER:-true}"
# Keycloak configuration
KEYCLOAK_ADMIN="${KEYCLOAK_ADMIN:-"${KEYCLOAK_ADMIN_USER:-}"}"
export KEYCLOAK_ADMIN="${KEYCLOAK_ADMIN:-user}"
export KEYCLOAK_ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-bitnami}"
export KEYCLOAK_HTTP_RELATIVE_PATH="${KEYCLOAK_HTTP_RELATIVE_PATH:-/}"
export KEYCLOAK_HTTP_PORT="${KEYCLOAK_HTTP_PORT:-8080}"
export KEYCLOAK_HTTPS_PORT="${KEYCLOAK_HTTPS_PORT:-8443}"
export KEYCLOAK_BIND_ADDRESS="${KEYCLOAK_BIND_ADDRESS:-$(hostname --fqdn)}"
KEYCLOAK_HOSTNAME="${KEYCLOAK_HOSTNAME:-"${KC_HOSTNAME:-}"}"
export KEYCLOAK_HOSTNAME="${KEYCLOAK_HOSTNAME:-}"
export KEYCLOAK_INIT_MAX_RETRIES="${KEYCLOAK_INIT_MAX_RETRIES:-10}"
export KEYCLOAK_CACHE_TYPE="${KEYCLOAK_CACHE_TYPE:-ispn}"
export KEYCLOAK_CACHE_STACK="${KEYCLOAK_CACHE_STACK:-}"
export KEYCLOAK_CACHE_CONFIG_FILE="${KEYCLOAK_CACHE_CONFIG_FILE:-}"
export KEYCLOAK_EXTRA_ARGS="${KEYCLOAK_EXTRA_ARGS:-}"
export KEYCLOAK_ENABLE_STATISTICS="${KEYCLOAK_ENABLE_STATISTICS:-false}"
export KEYCLOAK_ENABLE_HEALTH_ENDPOINTS="${KEYCLOAK_ENABLE_HEALTH_ENDPOINTS:-false}"
export KEYCLOAK_ENABLE_HTTPS="${KEYCLOAK_ENABLE_HTTPS:-false}"
KEYCLOAK_HTTPS_TRUST_STORE_FILE="${KEYCLOAK_HTTPS_TRUST_STORE_FILE:-"${KC_HTTPS_TRUST_STORE_FILE:-}"}"
export KEYCLOAK_HTTPS_TRUST_STORE_FILE="${KEYCLOAK_HTTPS_TRUST_STORE_FILE:-}"
KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD="${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD:-"${KC_HTTPS_TRUST_STORE_PASSWORD:-}"}"
export KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD="${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD:-}"
KEYCLOAK_HTTPS_KEY_STORE_FILE="${KEYCLOAK_HTTPS_KEY_STORE_FILE:-"${KC_HTTPS_KEY_STORE_FILE:-}"}"
export KEYCLOAK_HTTPS_KEY_STORE_FILE="${KEYCLOAK_HTTPS_KEY_STORE_FILE:-}"
KEYCLOAK_HTTPS_KEY_STORE_PASSWORD="${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD:-"${KC_HTTPS_KEY_STORE_PASSWORD:-}"}"
export KEYCLOAK_HTTPS_KEY_STORE_PASSWORD="${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD:-}"
export KEYCLOAK_HTTPS_USE_PEM="${KEYCLOAK_HTTPS_USE_PEM:-false}"
KEYCLOAK_HTTPS_CERTIFICATE_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_FILE:-"${KC_HTTPS_CERTIFICATE_FILE:-}"}"
export KEYCLOAK_HTTPS_CERTIFICATE_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_FILE:-}"
KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE:-"${KC_HTTPS_CERTIFICATE_KEY_FILE:-}"}"
export KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE:-}"
KEYCLOAK_SPI_TRUSTSTORE_FILE="${KEYCLOAK_SPI_TRUSTSTORE_FILE:-"${KC_SPI_TRUSTSTORE_FILE_FILE:-}"}"
export KEYCLOAK_SPI_TRUSTSTORE_FILE="${KEYCLOAK_SPI_TRUSTSTORE_FILE:-}"
KEYCLOAK_SPI_TRUSTSTORE_PASSWORD="${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD:-"${KC_SPI_TRUSTSTORE_PASSWORD:-}"}"
export KEYCLOAK_SPI_TRUSTSTORE_PASSWORD="${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD:-}"
KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-"${KC_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-}"}"
export KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-}"
export KEYCLOAK_LOG_LEVEL="${KEYCLOAK_LOG_LEVEL:-info}"
export KEYCLOAK_LOG_OUTPUT="${KEYCLOAK_LOG_OUTPUT:-default}"
export KEYCLOAK_ROOT_LOG_LEVEL="${KEYCLOAK_ROOT_LOG_LEVEL:-INFO}"
export KEYCLOAK_PROXY="${KEYCLOAK_PROXY:-passthrough}"
export KEYCLOAK_PRODUCTION="${KEYCLOAK_PRODUCTION:-false}"
export KEYCLOAK_EXTRA_ARGS_PREPENDED="${KEYCLOAK_EXTRA_ARGS_PREPENDED:-}"
export KEYCLOAK_DATABASE_VENDOR="${KEYCLOAK_DATABASE_VENDOR:-postgresql}"
KEYCLOAK_DATABASE_HOST="${KEYCLOAK_DATABASE_HOST:-"${DB_ADDR:-}"}"
export KEYCLOAK_DATABASE_HOST="${KEYCLOAK_DATABASE_HOST:-postgresql}"
KEYCLOAK_DATABASE_PORT="${KEYCLOAK_DATABASE_PORT:-"${DB_PORT:-}"}"
export KEYCLOAK_DATABASE_PORT="${KEYCLOAK_DATABASE_PORT:-5432}"
KEYCLOAK_DATABASE_USER="${KEYCLOAK_DATABASE_USER:-"${DB_USER:-}"}"
export KEYCLOAK_DATABASE_USER="${KEYCLOAK_DATABASE_USER:-bn_keycloak}"
KEYCLOAK_DATABASE_NAME="${KEYCLOAK_DATABASE_NAME:-"${DB_DATABASE:-}"}"
export KEYCLOAK_DATABASE_NAME="${KEYCLOAK_DATABASE_NAME:-bitnami_keycloak}"
KEYCLOAK_DATABASE_PASSWORD="${KEYCLOAK_DATABASE_PASSWORD:-"${DB_PASSWORD:-}"}"
export KEYCLOAK_DATABASE_PASSWORD="${KEYCLOAK_DATABASE_PASSWORD:-}"
KEYCLOAK_DATABASE_SCHEMA="${KEYCLOAK_DATABASE_SCHEMA:-"${DB_SCHEMA:-}"}"
export KEYCLOAK_DATABASE_SCHEMA="${KEYCLOAK_DATABASE_SCHEMA:-public}"
KEYCLOAK_JDBC_PARAMS="${KEYCLOAK_JDBC_PARAMS:-"${JDBC_PARAMS:-}"}"
export KEYCLOAK_JDBC_PARAMS="${KEYCLOAK_JDBC_PARAMS:-}"
export KEYCLOAK_JDBC_DRIVER="${KEYCLOAK_JDBC_DRIVER:-postgresql}"
# System users (when running with a privileged user)
export KEYCLOAK_DAEMON_USER="${KEYCLOAK_DAEMON_USER:-keycloak}"
export KEYCLOAK_DAEMON_GROUP="${KEYCLOAK_DAEMON_GROUP:-keycloak}"
# Custom environment variables may be defined below