Add possibility to configure AWS JDBC Wrapper for Keycloak driver

Closes #698

Signed-off-by: Michal Hajas <mhajas@redhat.com>

provision/keycloak-tasks/Utils.yaml

@@ -43,6 +43,24 @@ tasks:
       - quarkus/dist/target/keycloak-*.tar.gz
       - operator/target/keycloak-*.jar
 
+  install-keycloak-build-configs:
+    desc: "Install the Keycloak build configs"
+    internal: true
+    requires:
+      vars:
+        - NAMESPACE
+        - KUBECONFIG
+    cmds:
+      - KUBECONFIG="{{.KUBECONFIG}}" oc create namespace "{{.NAMESPACE}}" || true
+      - >
+        KUBECONFIG="{{.KUBECONFIG}}" helm upgrade --install keycloak-build-config --namespace "{{.NAMESPACE}}" ./keycloak-image-helm
+        --set "namespace={{.NAMESPACE}}"
+        --set "customImage={{if .KC_REPOSITORY}}true{{else}}false{{end}}"
+    status:
+      - test -n "$(KUBECONFIG="{{.KUBECONFIG}}" helm list --namespace {{.NAMESPACE}} --filter keycloak-build-config -q)"
+    preconditions:
+      - test -f {{.KUBECONFIG}}
+
   prepare-keycloak-images-openshift:
     desc: "Create images for the current build of Keycloak distribution"
     label: "{{.TASK}}-{{.ROSA_CLUSTER_NAME}}"
@@ -78,11 +96,23 @@ tasks:
     sources:
       - quarkus/dist/target/keycloak-*.tar.gz
       - operator/target/keycloak-*.jar
-    status:
-      - test -n "$(KUBECONFIG="{{.KUBECONFIG}}" helm list --namespace {{.NAMESPACE}} --filter keycloak-build-config -q)"
     preconditions:
       - test -f {{.KUBECONFIG}}
 
+  prepare-keycloak-image-with-aws-jdbc-wrapper-openshift:
+    desc: "Create images for the current build of Keycloak distribution"
+    label: "{{.TASK}}-{{.ROSA_CLUSTER_NAME}}"
+    internal: true
+    requires:
+      vars:
+        - NAMESPACE
+        - KUBECONFIG
+        - ROSA_CLUSTER_NAME
+    cmds:
+      # Creates .task if it does not exist
+      - if [ ! -d .task ]; then mkdir .task; fi
+      - echo "image-registry.openshift-image-registry.svc:5000/{{.NAMESPACE}}/keycloak-with-aws-jdbc-wrapper:latest" > .task/var-CUSTOM_CONTAINER_IMAGE_FILE
+
   install-keycloak-operator:
     desc: "Install the Keycloak operator"
     internal: true
@@ -156,12 +186,21 @@ tasks:
         - ROSA_CLUSTER_NAME
     vars:
       CURRENT_KC_CONTAINER_IMAGE: '{{ ternary "$(cat .task/var-CUSTOM_CONTAINER_IMAGE_FILE 2> /dev/null || echo \"\")" .KC_CONTAINER_IMAGE (empty .KC_CONTAINER_IMAGE) }}'
+      KC_USE_AWS_JDBC_WRAPPER: '{{ .KC_USE_AWS_JDBC_WRAPPER | default "true" }}'
     cmds:
+      - task: install-keycloak-build-configs
+        vars:
+          NAMESPACE: "{{.NAMESPACE}}"
+          KUBECONFIG: "{{.KUBECONFIG}}"
       - task: '{{if .KC_REPOSITORY}}prepare-custom-images{{else}}no-op{{end}}'
         vars:
           KUBECONFIG: "{{.KUBECONFIG}}"
           NAMESPACE: "{{.NAMESPACE}}"
           ROSA_CLUSTER_NAME: "{{.ROSA_CLUSTER_NAME}}"
+      - task: '{{if .KC_USE_AWS_JDBC_WRAPPER}}prepare-keycloak-image-with-aws-jdbc-wrapper-openshift{{else}}no-op{{end}}'
+        vars:
+          NAMESPACE: "{{.NAMESPACE}}"
+          KUBECONFIG: "{{.KUBECONFIG}}"
       - task: install-keycloak-operator
         vars:
           NAMESPACE: "{{.NAMESPACE}}"

provision/keycloak-tasks/keycloak-image-helm/templates/keycloak-build-config.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.customImage }}
 kind: ImageStream
 apiVersion: image.openshift.io/v1
 metadata:
@@ -34,3 +35,4 @@ spec:
         kind: ImageStreamTag
         name: ubi9:latest
     type: Docker
+{{ end }}

provision/keycloak-tasks/keycloak-image-helm/templates/keycloak-nightly-imagestream.yaml

@@ -0,0 +1,20 @@
+{{- if and (.Values.useAWSJDBCWrapper) (not .Values.customImage) }}
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: keycloak
+  namespace: {{ .Values.namespace }}
+spec:
+  lookupPolicy:
+    local: false
+  tags:
+    - name: latest
+      from:
+        kind: DockerImage
+        name: quay.io/keycloak/keycloak:nightly
+      generation: 2
+      importPolicy:
+        importMode: Legacy
+      referencePolicy:
+        type: Source
+{{ end }}

provision/keycloak-tasks/keycloak-image-helm/templates/keycloak-operator-build-config.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.customImage }}
 kind: ImageStream
 apiVersion: image.openshift.io/v1
 metadata:
@@ -31,3 +32,4 @@ spec:
         kind: ImageStreamTag
         name: ubi9:latest
     type: Docker
+  {{ end }}

provision/keycloak-tasks/keycloak-image-helm/templates/keycloak-with-AWS-JDBC-wrapper.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.useAWSJDBCWrapper }}
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: keycloak-with-aws-jdbc-wrapper
+  namespace: {{ .Values.namespace }}
+  labels:
+    build: keycloak
+spec:
+  lookupPolicy:
+    local: false
+---
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  labels:
+    build: keycloak
+  name: keycloak-with-aws-jdbc-wrapper
+  namespace: {{ .Values.namespace }}
+spec:
+  output:
+    to:
+      kind: ImageStreamTag
+      name: keycloak-with-aws-jdbc-wrapper:latest
+  runPolicy: Serial
+  triggers:
+    - type: "ImageChange"
+      imageChange:
+        from:
+          kind: "ImageStreamTag"
+          name: "keycloak:latest"
+  strategy:
+    dockerStrategy:
+      from:
+        kind: "ImageStreamTag"
+        name: "keycloak:latest"
+      forcePull: true
+  source:
+    dockerfile: |
+      FROM keycloak:latest
+      ADD --chmod=0666 {{ .Values.jdbcWrapperURL }} /opt/keycloak/providers/
+      ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+{{ end }}

provision/keycloak-tasks/keycloak-image-helm/templates/ubi9-imagestream.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.customImage }}
 kind: ImageStream
 apiVersion: image.openshift.io/v1
 metadata:
@@ -16,3 +17,4 @@ spec:
         importMode: Legacy
       referencePolicy:
         type: Source
+{{ end }}

provision/keycloak-tasks/keycloak-image-helm/values.yaml

@@ -3,3 +3,6 @@
 # Declare variables to be passed into your templates.
 
 namespace: keycloak
+customImage: false
+useAWSJDBCWrapper: true
+jdbcWrapperURL: https://github.com/awslabs/aws-advanced-jdbc-wrapper/releases/download/2.3.3/aws-advanced-jdbc-wrapper-2.3.3.jar

provision/minikube/keycloak/templates/keycloak.yaml

@@ -26,7 +26,11 @@ spec:
   db:
 {{ if or (eq .Values.database "aurora-postgres") (eq .Values.database "postgres") (eq .Values.database "postgres+infinispan") }}
     vendor: postgres
+{{- if .Values.useAWSJDBCWrapper}}
+    url: jdbc:aws-wrapper:postgresql://postgres:5432/keycloak
+{{- else }}
     url: jdbc:postgresql://postgres:5432/keycloak
+{{ end }}
 {{ end }}
     poolMinSize: {{ .Values.dbPoolMinSize }} # <1>
     poolInitialSize: {{ .Values.dbPoolInitialSize }}
@@ -130,6 +134,12 @@ spec:
         name: keycloak-jgroups-pkcs12-password
         key: password
 {{- end }}
+{{ if .Values.useAWSJDBCWrapper }}
+    - name: db-driver
+      value: software.amazon.jdbc.Driver
+    - name: transaction-xa-enabled
+      value: 'false'
+{{ end }}
   http:
     tlsSecret: keycloak-tls-secret
   instances: {{ .Values.instances }}
@@ -244,7 +254,7 @@ spec:
             #       - 'true'
             volumeMounts:
               - name: keycloak-providers
-                mountPath: /opt/keycloak/providers
+                mountPath: /opt/keycloak/providers/mounted-providers
                 readOnly: true
 {{ if .Values.infinispan.jgroupsTls }}
               - name: cache-embedded-mtls-volume

provision/minikube/keycloak/values.yaml

@@ -18,6 +18,7 @@ dbPoolInitialSize: 15
 dbPoolMaxSize: 15
 dbPoolMinSize: 15
 dbUrl: ''
+useAWSJDBCWrapper: true
 storage: ''
 database: postgres
 disableCaches: false