pass-docker/eclipse-pass.local.yml at main · eclipse-pass/pass-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Env customizations for a local development instance

include:
  - ./certs/cert-gen-idp.yml

services:
  pass-core:
    depends_on:
      postgres:
        condition: service_started
      localstack:
        condition: service_healthy
      idp:
        condition: service_healthy
    env_file:
      - .env
      - .eclipse-pass.local_env
    healthcheck:
      test: 'curl -u "$$PASS_CORE_USER:$$PASS_CORE_PASSWORD" -f http://pass-core:8080/data/user || exit 1'
      start_period: 60s
      interval: 5s
    ports:
      - 8080:8080
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./pass-core/saml2/:/saml2/:Z

  pass-ui:
    env_file:
      - .env
      - .eclipse-pass.local_env
    user: "0"

  postgres:
    image: postgres:15-alpine
    restart: always
    env_file:
      - .env
      - .eclipse-pass.local_env
    networks:
      - back
    volumes:
      - db:/var/lib/postgresql/data:Z
      - ./postgres/demo/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh:Z

  idp:
    image: "tier/shib-idp:4.3.3_20240415"
    container_name: idp
    depends_on:
      cert-gen-idp:
        condition: service_completed_successfully
      ldap:
        condition: service_healthy
    env_file:
      - .env
      - .eclipse-pass.local_env
    ports:
      - 9080:${IDP_INTERNAL_PORT-8080}
    command:
      - /bin/bash
      - -c
      - |
        cp /idp-config/config/tomcat/* /usr/local/tomcat/conf
        cp /idp-config/credentials/tomcat/* /opt/certs
        cp /idp-config/config/shib-idp/conf/* /opt/shibboleth-idp/conf
        cp /idp-config/credentials/shib-idp/* /opt/shibboleth-idp/credentials
        cp /idp-config/config/shib-idp/metadata/* /opt/shibboleth-idp/metadata
        cp /idp-config/dummylogo.png /opt/shibboleth-idp/edit-webapp/images/placeholder-logo.png

        sed -i "s#IDP_HOST#$$IDP_HOST#g" /opt/shibboleth-idp/metadata/idp-metadata.xml
        sed -i "s#IDP_HOST#$$IDP_HOST#g" /opt/shibboleth-idp/conf/idp.properties
        sed -i "s#SP_LOGIN#$$SP_LOGIN#g" /opt/shibboleth-idp/metadata/sp-metadata.xml

        /usr/bin/startup.sh
    healthcheck:
      # http_code will return "000" if server is not up
      test: 'curl http://localhost:8080 -s -o /dev/null -w "%{http_code}" | grep -qv "^000$" || exit 1'
      start_period: 60s
      interval: 5s
      timeout: 5s
      retries: 3
    #   - label=disable
    volumes:
      - ./idp:/idp-config:Z
    networks:
      - back

  ldap:
    image: "389ds/dirsrv:3.1"
    container_name: ldap
    env_file:
      - .env
      - .eclipse-pass.local_env
    # Healthy when users found or successfully created
    healthcheck:
      test: '(dsconf -D "cn=Directory Manager" localhost backend create --suffix="$$DS_SUFFIX_NAME" --be-name="pass"; ldapsearch  -H ldap://localhost:3389 -w "$$DS_DM_PASSWORD" -D "cn=Directory Manager" || ldapadd -f /pass.ldif -H ldap://localhost:3389 -w "$$DS_DM_PASSWORD" -D "cn=Directory Manager") || exit 1'
      start_period: 60s
      interval: 5s
    volumes:
      - ./ldap/pass.ldif:/pass.ldif:Z
    networks:
      - back

  loader:
    image: curlimages/curl:8.11.0
    container_name: loader
    env_file:
      - .env
      - .eclipse-pass.local_env
    entrypoint: /bin/sh -c
    command: [ 'curl http://pass-core:8080/data/ -u "$$PASS_CORE_USER:$$PASS_CORE_PASSWORD" -X PATCH -H "content-type: application/vnd.api+json;ext=jsonpatch" -H "accept:application/vnd.api+json; ext=jsonpatch" -H "X-XSRF-TOKEN:moo" -H "Cookie:XSRF-TOKEN=moo" -d "@/data.json"' ]
    networks:
      - back
    depends_on:
      pass-core:
        condition: service_healthy
    volumes:
      - ./demo_data.json:/data.json:Z

  localstack:
    container_name: "localstack"
    image: localstack/localstack:3.8.1
    ports:
      - "127.0.0.1:4566:4566"            # LocalStack Gateway
      - "127.0.0.1:4510-4559:4510-4559"  # external services port range
    environment:
      - DOCKER_HOST=unix:///var/run/docker.sock
    volumes:
      - "./localstack/aws_bootstrap.sh:/etc/localstack/init/ready.d/init-aws.sh:Z"
    networks:
      - back