seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove keycloak and postgres. Move che dockerfiles to build/dockerfiles. Add brew.Dockerfile.

pull/573/head
sdawley 2023-03-16 14:06:23 -07:00 committed by ivinokur
parent ce54dc864a
commit 48d3aee9db
64 changed files with 40 additions and 3692 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/next-build.yml vendored
View File

@ -49,12 +49,6 @@ jobs:
./dockerfiles/build.sh --tag:next --sha-tag
- name: Push docker images
run: |
docker push quay.io/eclipse/che-keycloak:next
docker push quay.io/eclipse/che-keycloak:${{ steps.build.outputs.short_sha1 }}
docker push quay.io/eclipse/che-postgres:next
docker push quay.io/eclipse/che-postgres:${{ steps.build.outputs.short_sha1 }}
docker push quay.io/eclipse/che-server:next
docker push quay.io/eclipse/che-server:${{ steps.build.outputs.short_sha1 }}
- name: Create failure MM message

0
dockerfiles/README.md → build/README.md
View File

0
dockerfiles/build.include → build/build.include
View File

0
dockerfiles/build.sh → build/build.sh
View File

0
dockerfiles/che/.cccp.yml → build/dockerfiles/.cccp.yml
View File

0
dockerfiles/che/Dockerfile → build/dockerfiles/Dockerfile
View File

40
build/dockerfiles/brew.Dockerfile Normal file
View File

@ -0,0 +1,40 @@
# Copyright (c) 2018-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# https://access.redhat.com/containers/?tab=tags#/registry.access.redhat.com/ubi8-minimal
FROM ubi8-minimal:8.7-1085
USER root
ENV CHE_HOME=/home/user/devspaces
ENV JAVA_HOME=/usr/lib/jvm/jre
RUN microdnf install java-11-openjdk-headless tar gzip shadow-utils findutils && \
microdnf update -y && \
microdnf -y clean all && rm -rf /var/cache/yum && echo "Installed Packages" && rpm -qa | sort -V && echo "End Of Installed Packages" && \
adduser -G root user && mkdir -p /home/user/devspaces
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
# see fetch-artifacts-pnc.yaml
COPY artifacts/assembly-main.tar.gz /tmp/assembly-main.tar.gz
RUN tar xzf /tmp/assembly-main.tar.gz --strip-components=1 -C /home/user/devspaces; rm -f /tmp/assembly-main.tar.gz
# this should fail if the startup script is not found in correct path /home/user/devspaces/tomcat/bin/catalina.sh
RUN mkdir /logs /data && \
chmod 0777 /logs /data && \
chgrp -R 0 /home/user /logs /data && \
chown -R user /home/user && \
chmod -R g+rwX /home/user && \
find /home/user -type d -exec chmod 777 {} \; && \
java -version && echo -n "Server startup script in: " && \
find /home/user/devspaces -name catalina.sh | grep -z /home/user/devspaces/tomcat/bin/catalina.sh
USER user
# append Brew metadata here

0
dockerfiles/che/build.sh → build/dockerfiles/build.sh
View File

0
dockerfiles/che/entrypoint.sh → build/dockerfiles/entrypoint.sh
View File

23
dockerfiles/keycloak/Dockerfile
View File

@ -1,23 +0,0 @@
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
FROM quay.io/keycloak/keycloak:15.0.2
ADD che /opt/jboss/keycloak/themes/che
ADD che-username-readonly /opt/jboss/keycloak/themes/che-username-readonly
ADD . /scripts/
ADD cli /scripts/cli
USER root
RUN microdnf install findutils && microdnf clean all && \
ln -s /opt/jboss/tools/docker-entrypoint.sh && chmod +x /opt/jboss/tools/docker-entrypoint.sh
USER root
RUN chown -R 1000:0 /scripts && \
chmod -R g+rwX /scripts
USER 1000:1000

15
dockerfiles/keycloak/build.sh
View File

@ -1,15 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
base_dir=$(cd "$(dirname "$0")"; pwd)
. "${base_dir}"/../build.include
init --name:keycloak "$@"
build

606
dockerfiles/keycloak/che-realm.json.erb
View File

@ -1,606 +0,0 @@
{
"id" : "che",
"realm" : "che",
"notBefore" : 0,
"revokeRefreshToken" : false,
"accessTokenLifespan" : 300,
"accessTokenLifespanForImplicitFlow" : 900,
"ssoSessionIdleTimeout" : 36000,
"ssoSessionMaxLifespan" : 36000,
"offlineSessionIdleTimeout" : 2592000,
"accessCodeLifespan" : 60,
"accessCodeLifespanUserAction" : 300,
"accessCodeLifespanLogin" : 1800,
"enabled" : true,
"sslRequired" : "none",
"registrationAllowed" : true,
"registrationEmailAsUsername" : false,
"rememberMe" : false,
"verifyEmail" : false,
"loginWithEmailAllowed" : true,
"duplicateEmailsAllowed" : false,
"resetPasswordAllowed" : true,
"editUsernameAllowed" : false,
"bruteForceProtected" : false,
"maxFailureWaitSeconds" : 900,
"minimumQuickLoginWaitSeconds" : 60,
"waitIncrementSeconds" : 60,
"quickLoginCheckMilliSeconds" : 1000,
"maxDeltaTimeSeconds" : 43200,
"failureFactor" : 30,
"groups" : [ ],
"requiredCredentials" : [ "password" ],
"passwordPolicy" : "hashIterations(20000)",
"otpPolicyType" : "totp",
"otpPolicyAlgorithm" : "HmacSHA1",
"otpPolicyInitialCounter" : 0,
"otpPolicyDigits" : 6,
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"clients" : [ {
"id" : "40162c8f-5c44-4b61-91cf-a6eac6b9e61a",
"clientId" : "che-public",
"surrogateAuthRequired" : false,
"enabled" : true,
"clientAuthenticatorType" : "client-secret",
"secret" : "56abc663-1c41-4ab2-81d1-d4b704249221",
"redirectUris" : [ "<%= scope.lookupvar('che::che_server_url') %>/*" ],
"webOrigins" : [ "<%= scope.lookupvar('che::che_server_url') %>" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : true,
"serviceAccountsEnabled" : false,
"publicClient" : true,
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"saml.assertion.signature" : "false",
"saml.force.post.binding" : "false",
"saml.multivalued.roles" : "false",
"saml.encrypt" : "false",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "false",
"saml.authnstatement" : "false",
"saml.server.signature" : "false",
"saml.server.signature.keyinfo.ext" : "false",
"saml.onetimeuse.condition" : "false"
},
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "baf9d083-ada2-4a91-b75d-23b2bc639ab0",
"name" : "username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${username}",
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "preferred_username",
"jsonType.label" : "String"
}
}, {
"id" : "a32d7fa0-12e7-4032-b7f2-1e473f0f7b09",
"name" : "given name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${givenName}",
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "firstName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "given_name",
"jsonType.label" : "String"
}
}, {
"id" : "c4e9e195-4420-479b-b28d-e1791d29596f",
"name" : "full name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-full-name-mapper",
"consentRequired" : true,
"consentText" : "${fullName}",
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true",
"userinfo.token.claim" : "true"
}
}, {
"id" : "bd31d88f-4605-44de-bc6e-03ce7bade978",
"name" : "family name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${familyName}",
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "lastName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "family_name",
"jsonType.label" : "String"
}
}, {
"id" : "1a2d4749-19d8-4d1c-b62e-084541644323",
"name" : "email",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${email}",
"config" : {
"userinfo.token.claim" : "true",
"user.attribute" : "email",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "email",
"jsonType.label" : "String"
}
}, {
"id" : "6e55493a-57ca-4d31-8f0a-ae8a046f13b1",
"name" : "role list",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "false",
"attribute.nameformat" : "Basic",
"attribute.name" : "Role"
}
} ],
"useTemplateConfig" : false,
"useTemplateScope" : false,
"useTemplateMappers" : false
} ],
"clientTemplates" : [ ],
"browserSecurityHeaders" : {
"xContentTypeOptions" : "nosniff",
"xRobotsTag" : "none",
"xFrameOptions" : "SAMEORIGIN",
"xXSSProtection" : "1; mode=block",
"contentSecurityPolicy" : "frame-src 'self'"
},
"loginTheme" : "che",
"accountTheme" : "che",
"emailTheme" : "che",
"smtpServer" : { },
"eventsEnabled" : false,
"eventsListeners" : [ "jboss-logging", "email" ],
"enabledEventTypes" : [ ],
"adminEventsEnabled" : false,
"adminEventsDetailsEnabled" : false,
"components" : {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
"id" : "aff05d47-02ea-4e0d-a0b9-cc95373c7015",
"name" : "Trusted Hosts",
"providerId" : "trusted-hosts",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"host-sending-registration-request-must-match" : [ "true" ],
"client-uris-must-match" : [ "true" ]
}
}, {
"id" : "a94ae6e0-c99f-4e16-8f78-943950cdc175",
"name" : "Consent Required",
"providerId" : "consent-required",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"id" : "c4ccdc54-c827-4c43-b38f-802046d1eef0",
"name" : "Full Scope Disabled",
"providerId" : "scope",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"id" : "6ce2d388-0a46-4ad4-b57a-d330467bdd5d",
"name" : "Max Clients Limit",
"providerId" : "max-clients",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"max-clients" : [ "200" ]
}
}, {
"id" : "ea856e2e-1442-4b44-b458-00a02e9228e1",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper" ],
"consent-required-for-all-mappers" : [ "true" ]
}
}, {
"id" : "a9872891-68cc-4620-828d-be936f9e202e",
"name" : "Allowed Client Templates",
"providerId" : "allowed-client-templates",
"subType" : "anonymous",
"subComponents" : { },
"config" : { }
}, {
"id" : "a2b4ca87-e7db-4ae9-84f8-e7df9bb018f9",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper" ],
"consent-required-for-all-mappers" : [ "true" ]
}
}, {
"id" : "cbcd0895-6551-4ac9-99e2-abc384a71a17",
"name" : "Allowed Client Templates",
"providerId" : "allowed-client-templates",
"subType" : "authenticated",
"subComponents" : { },
"config" : { }
} ],
"org.keycloak.keys.KeyProvider" : [ {
"id" : "b7f1417f-b956-4c99-9e38-d43504dcdb84",
"name" : "rsa-generated",
"providerId" : "rsa-generated",
"subComponents" : { },
"config" : {
"privateKey" : [ "MIIEowIBAAKCAQEAhTRwl5+7W6y0upRhyX69a2O2AlfYzm9Dy/dnzYS9H+V9a4fbI9mIjrYjreU9pP6L5gpXKcGsaAiDaEvL37Io7wlbW09jY6zt3/8DQGZ1fxuvJD9MkeiLtTNBczU+aClXeg3or6zmFkRTdWv+pp1X92vSlErE8UWUtdk8HhCyKIyTzfdRMwM4JSi4AN3bJbS+Wagv4Y7Vo1O1r7xXa8byzgGA+dTih5bfQRHAj9+YQzGmeb/YbGpdQmmmOQk1bEwYDl5TYb4H7VzYrLzwWcBaHmxDug5obrvLqnbPGdkWP1sy9GcNeHziAOiFFWcMNuJcvsCL44jtidZX4cZNlCN8bQIDAQABAoIBAD5gukEm2fQqQlAFYG2dXlLF1NvwC2VQkW0YpJGHkZE4RK1wZ1y4Z8x82uR6L43ubdECEqNJQNVO90qGBCjzI1wdA50U5jQtLQ/yObGUyX0Gl9PfmJnTTmlCYWn0Cw94HLDZhpeN3gmbYYHhWtTnZeRFp80t3mAl92fZHN/vbZ6y14MmEE0utp3+FWSLl2trEJbh0Q/Pb7CyFphEUfTbZv5glefHULAnWkktfWMutaazeh/TJhrl+Hv1f9n0mvA31K3FiBdHsfgSuL0PCAlvQQu1UTn4qJ3kbYJvZ+jLE247s78KRbiebMWzNz6VB4s5C03hzSzVQyqR0ZKOrAEjXoECgYEA0/VPacGoiqSsmJGCzJ6TYoDzInWjleVORABu1rLqJGzK+EXlfAu8g6/QEb0F0HAfWliS5F4i/25egT3wE7MwA4tTYbVSNxdDW55wwPfBmHw5Le6CkzRpfGo+PBgAtlWUg7BwbF1IvaciKQLNdMJUtW87e6dpgcqwJGPHbGCe3zECgYEAoOIAen4f+NpZoKfrXViuUCKxWWphRLZy9PoI5o/PpQIBw3DGrF+GY4EK6HUojPBGH9vdLQ+hJIXeCQqcCRNTIFwvtuSHGUJMqkB3FaMZE/1Ez7MBrSrdSJqVvuX+PjxuQ97/e0uVQjIJQB0bol0kab4m5V78iW1T6UiCDZifOf0CgYAfcvqBepaDW8OwL4b0zWKY7wEkT8gh6ZAfTuEjQhCzruC+zcArE6K491EsEJvYPYqpYRMKh10yATJMguAoTCIHpJiOmtTED9OSuIOKXjh/Y48oXYdKSDCOoUTyra0NYM1UbM2BhqXQXggXha7ucBcZhJOS2VgyRdy0yYlBb2SjQQKBgQCXxn5TEReSilORx7i4mIfiG8iaJUzcKQ9sY1HwSW3IKouFWKhlR70dtEiZIqX9yFMvjRksgJkyPoRInVS1DyEV30I4VYHKZ4yx9R0jMXngLMg09Zg4SL731rY8oPdouVQA/aiiJZ0LFO87J/rBAwPuKjDBpQmzkItgAkKHFxvn9QKBgD1qGk8cP5F56zDCQp5PBE9j2TNI40pcP2gw0rdt6RvGY0ht7YUzPEVhplDus3w/UvCI7AFbTpMJs6faeLXnDUlELM0rBzDcDQ6uDpZ5GCOKztrb7179c81N1kcIAfol3ABRFGi+zEdRwv+BxSWxxMg54X9LHOnzsjhefBVdGSEG" ],
"certificate" : [ "MIIClTCCAX0CBgFcwNsbqzANBgkqhkiG9w0BAQsFADAOMQwwCgYDVQQDDANjaGUwHhcNMTcwNjE5MTQ1NTAzWhcNMjcwNjE5MTQ1NjQzWjAOMQwwCgYDVQQDDANjaGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFNHCXn7tbrLS6lGHJfr1rY7YCV9jOb0PL92fNhL0f5X1rh9sj2YiOtiOt5T2k/ovmClcpwaxoCINoS8vfsijvCVtbT2NjrO3f/wNAZnV/G68kP0yR6Iu1M0FzNT5oKVd6DeivrOYWRFN1a/6mnVf3a9KUSsTxRZS12TweELIojJPN91EzAzglKLgA3dsltL5ZqC/hjtWjU7WvvFdrxvLOAYD51OKHlt9BEcCP35hDMaZ5v9hsal1CaaY5CTVsTBgOXlNhvgftXNisvPBZwFoebEO6Dmhuu8uqds8Z2RY/WzL0Zw14fOIA6IUVZww24ly+wIvjiO2J1lfhxk2UI3xtAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC36rlGrQ0fhEmQV1c13UWQd5YUQvBIVpL4t9RgrCmUpYlEsXRT8+XsHXngnSYkyEnoegVtWxY9C0m7llUCBhMkhaKuwebkHdr1/yHgEd1GXk77MBkYFugwrRj58LvzMjEpwkZLbo+z2YCocqrAiT8xRNOENVQsdulvVDUrLrd8sc1tYsKcKRreGwg1/upnAcOUYq9CX5xeu+6XL51ckUTEVdesoguvjK94dN4Ee1noMw8fIiib0QK3KWYJSO4FRu9poSO6qPGnlXztcuqqf4M5FfJj2GuGA96np+YfNn/ImONZocN2fqipSNOK5upfAw3ZL4mLKm6YxHtdg2YSk/ac=" ],
"priority" : [ "100" ]
}
}, {
"id" : "65669621-692a-48d7-81ee-d432bde0e354",
"name" : "hmac-generated",
"providerId" : "hmac-generated",
"subComponents" : { },
"config" : {
"kid" : [ "51276d4b-5b9b-46bb-a8f5-fb934855e20c" ],
"secret" : [ "O2wyrQXdNjHV70HvsXIQBBFMP3AU4ezJWEq56N_WL4I" ],
"priority" : [ "100" ]
}
} ]
},
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
"id" : "e2ab06c1-9944-401b-9481-950a7cf3a685",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-confirm-link",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "idp-email-verification",
"requirement" : "ALTERNATIVE",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "ALTERNATIVE",
"priority" : 30,
"flowAlias" : "Verify Existing Account by Re-authentication",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "76a32481-5864-4905-809c-7ecf1efb0d28",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-username-password-form",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "auth-otp-form",
"requirement" : "OPTIONAL",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "69febc58-ca1e-4fce-879f-0f250f450cb7",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-cookie",
"requirement" : "ALTERNATIVE",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "auth-spnego",
"requirement" : "DISABLED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "identity-provider-redirector",
"requirement" : "ALTERNATIVE",
"priority" : 25,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "ALTERNATIVE",
"priority" : 30,
"flowAlias" : "forms",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "9018edc3-d650-487b-84d5-e140c7f2fbb0",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "client-secret",
"requirement" : "ALTERNATIVE",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "client-jwt",
"requirement" : "ALTERNATIVE",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "e0b6874d-2996-4f2e-b2a0-cd44f537164e",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "direct-grant-validate-username",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "direct-grant-validate-password",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "direct-grant-validate-otp",
"requirement" : "OPTIONAL",
"priority" : 30,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "ce59cdae-cd38-4eac-b8e0-d844d4eb54e1",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticatorConfig" : "review profile config",
"authenticator" : "idp-review-profile",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticatorConfig" : "create unique user config",
"authenticator" : "idp-create-user-if-unique",
"requirement" : "ALTERNATIVE",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"requirement" : "ALTERNATIVE",
"priority" : 30,
"flowAlias" : "Handle Existing Account",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "39ba9cd2-0d0d-448c-ae3f-7d751a3c6f27",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-username-password-form",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "auth-otp-form",
"requirement" : "OPTIONAL",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "dfec6403-169e-43d9-9d48-762e573dc9a7",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-page-form",
"requirement" : "REQUIRED",
"priority" : 10,
"flowAlias" : "registration form",
"userSetupAllowed" : false,
"autheticatorFlow" : true
} ]
}, {
"id" : "d0969be5-b8fe-4400-857a-b186f58f79dd",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-user-creation",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "registration-profile-action",
"requirement" : "REQUIRED",
"priority" : 40,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "registration-password-action",
"requirement" : "REQUIRED",
"priority" : 50,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "registration-recaptcha-action",
"requirement" : "DISABLED",
"priority" : 60,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "100c254d-662e-4a01-807f-d4af498bb377",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "reset-credentials-choose-user",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "reset-credential-email",
"requirement" : "REQUIRED",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "reset-password",
"requirement" : "REQUIRED",
"priority" : 30,
"userSetupAllowed" : false,
"autheticatorFlow" : false
}, {
"authenticator" : "reset-otp",
"requirement" : "OPTIONAL",
"priority" : 40,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}, {
"id" : "e761034d-e1a9-4e2e-acb9-bb84205ea342",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "http-basic-authenticator",
"requirement" : "REQUIRED",
"priority" : 10,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
} ],
"authenticatorConfig" : [ {
"id" : "cb2c77b8-656b-40d0-a653-098037ca5730",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
"id" : "a9067668-e684-4b9c-a042-6c3c87ab18e5",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
}
} ],
"requiredActions" : [ {
"alias" : "CONFIGURE_TOTP",
"name" : "Configure OTP",
"providerId" : "CONFIGURE_TOTP",
"enabled" : true,
"defaultAction" : false,
"config" : { }
}, {
"alias" : "UPDATE_PASSWORD",
"name" : "Update Password",
"providerId" : "UPDATE_PASSWORD",
"enabled" : true,
"defaultAction" : false,
"config" : { }
}, {
"alias" : "UPDATE_PROFILE",
"name" : "Update Profile",
"providerId" : "UPDATE_PROFILE",
"enabled" : true,
"defaultAction" : false,
"config" : { }
}, {
"alias" : "VERIFY_EMAIL",
"name" : "Verify Email",
"providerId" : "VERIFY_EMAIL",
"enabled" : true,
"defaultAction" : false,
"config" : { }
}, {
"alias" : "terms_and_conditions",
"name" : "Terms and Conditions",
"providerId" : "terms_and_conditions",
"enabled" : false,
"defaultAction" : false,
"config" : { }
} ],
"browserFlow" : "browser",
"registrationFlow" : "registration",
"directGrantFlow" : "direct grant",
"resetCredentialsFlow" : "reset credentials",
"clientAuthenticationFlow" : "clients",
"attributes" : {
"_browser_header.xXSSProtection" : "1; mode=block",
"_browser_header.xFrameOptions" : "SAMEORIGIN",
"failureFactor" : "30",
"quickLoginCheckMilliSeconds" : "1000",
"maxDeltaTimeSeconds" : "43200",
"_browser_header.xContentTypeOptions" : "nosniff",
"_browser_header.xRobotsTag" : "none",
"bruteForceProtected" : "false",
"maxFailureWaitSeconds" : "900",
"_browser_header.contentSecurityPolicy" : "frame-src 'self'",
"minimumQuickLoginWaitSeconds" : "60",
"waitIncrementSeconds" : "60"
},
"keycloakVersion" : "3.2.1.Final"
}

56
dockerfiles/keycloak/che-username-readonly/login/login-update-profile.ftl
View File

@ -1,56 +0,0 @@
<#import "template.ftl" as layout>
<@layout.registrationLayout; section>
<#if section = "header">
${msg("loginProfileTitle")}
<#elseif section = "form">
<form id="kc-update-profile-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
<#if user.editUsernameAllowed>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('username',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="username" name="username" value="${(user.username!'')}" class="${properties.kcInputClass!}" readonly />
</div>
</div>
</#if>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('email',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="email" name="email" value="${(user.email!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('firstName',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="firstName" name="firstName" value="${(user.firstName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('lastName',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="lastName" name="lastName" value="${(user.lastName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
</div>
</div>
<div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
<input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}" />
</div>
</div>
</form>
</#if>
</@layout.registrationLayout>

1
dockerfiles/keycloak/che-username-readonly/login/theme.properties
View File

@ -1 +0,0 @@
parent=che

37
dockerfiles/keycloak/che-users-0.json.erb
View File

@ -1,37 +0,0 @@
{
"realm" : "che",
"users" : [ {
"id" : "b07e3a58-ed50-4a6e-be17-fcf49ff8b242",
"createdTimestamp" : 1498139671076,
"username" : "admin",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "Admin",
"lastName" : "Admin",
"email" : "admin@admin.com",
"credentials" : [ {
"type" : "password",
"hashedSaltedValue" : "5RAyLGBHmVbAOPfvjm+IdGpvEOEJx98UwA0pGpPQHEk6BwYpOc8WL8TtB7MdJyGlEYVF/L3uGurfdbRmihlXrA==",
"salt" : "dRvJ8IcAnfNiU5VMtuxuZQ==",
"hashIterations" : 20000,
"counter" : 0,
"algorithm" : "pbkdf2",
"digits" : 0,
"period" : 0,
"createdDate" : 1498139677908,
"config" : { }
} ],
"disableableCredentialTypes" : [ "password" ],
<% if scope.lookupvar('keycloak::che_keycloak_admin_require_update_password') == 'true' -%>
"requiredActions" : [ "UPDATE_PASSWORD" ],
<% else -%>
"requiredActions" : [ ],
<% end -%>
"realmRoles" : ["uma_authorization", "offline_access" ],
"clientRoles" : {
"account" : [ "manage-account", "view-profile" ]
},
"groups" : [ ]
} ]
}

166
dockerfiles/keycloak/che/account/messages/messages_en.properties
View File

@ -1,166 +0,0 @@
doSave=Save
doCancel=Cancel
doLogOutAllSessions=Log out all sessions
doRemove=Remove
doAdd=Add
doSignOut=Sign Out
editAccountHtmlTitle=Edit Account
federatedIdentitiesHtmlTitle=Federated Identities
accountLogHtmlTitle=Account Log
changePasswordHtmlTitle=Change Password
sessionsHtmlTitle=Sessions
accountManagementTitle=Keycloak Account Management
authenticatorTitle=Authenticator
applicationsHtmlTitle=Applications
authenticatorCode=One-time code
email=Email
firstName=First name
givenName=Given name
fullName=Full name
lastName=Last name
familyName=Family name
password=Password
passwordConfirm=Confirmation
passwordNew=New Password
username=Username
address=Address
street=Street
locality=City or Locality
region=State, Province, or Region
postal_code=Zip or Postal code
country=Country
emailVerified=Email verified
gssDelegationCredential=GSS Delegation Credential
role_admin=Admin
role_realm-admin=Realm Admin
role_create-realm=Create realm
role_view-realm=View realm
role_view-users=View users
role_view-applications=View applications
role_view-clients=View clients
role_view-events=View events
role_view-identity-providers=View identity providers
role_manage-realm=Manage realm
role_manage-users=Manage users
role_manage-applications=Manage applications
role_manage-identity-providers=Manage identity providers
role_manage-clients=Manage clients
role_manage-events=Manage events
role_view-profile=View profile
role_manage-account=Manage account
role_manage-account-links=Manage account links
role_read-token=Read token
role_offline-access=Offline access
role_uma_authorization=Obtain permissions
client_account=Account
client_security-admin-console=Security Admin Console
client_admin-cli=Admin CLI
client_realm-management=Realm Management
client_broker=Broker
requiredFields=Required fields
allFieldsRequired=All fields required
backToApplication=&laquo; Back to application
backTo=Back to Dashboard
date=Date
event=Event
ip=IP
client=Client
clients=Clients
details=Details
started=Started
lastAccess=Last Access
expires=Expires
applications=Applications
account=Account
federatedIdentity=Federated Identity
authenticator=Authenticator
sessions=Sessions
log=Log
application=Application
availablePermissions=Available Permissions
grantedPermissions=Granted Permissions
grantedPersonalInfo=Granted Personal Info
additionalGrants=Additional Grants
action=Action
inResource=in
fullAccess=Full Access
offlineToken=Offline Token
revoke=Revoke Grant
configureAuthenticators=Configured Authenticators
mobile=Mobile
totpStep1=Install <a href="https://freeotp.github.io/" target="_blank">FreeOTP</a> or Google Authenticator on your device. Both applications are available in <a href="https://play.google.com">Google Play</a> and Apple App Store.
totpStep2=Open the application and scan the barcode or enter the key.
totpStep3=Enter the one-time code provided by the application and click Save to finish the setup.
missingUsernameMessage=Please specify username.
missingFirstNameMessage=Please specify first name.
invalidEmailMessage=Invalid email address.
missingLastNameMessage=Please specify last name.
missingEmailMessage=Please specify email.
missingPasswordMessage=Please specify password.
notMatchPasswordMessage=Passwords don''t match.
missingTotpMessage=Please specify authenticator code.
invalidPasswordExistingMessage=Invalid existing password.
invalidPasswordConfirmMessage=Password confirmation doesn''t match.
invalidTotpMessage=Invalid authenticator code.
usernameExistsMessage=Username already exists.
emailExistsMessage=Email already exists.
readOnlyUserMessage=You can''t update your account as it is read only.
readOnlyPasswordMessage=You can''t update your password as your account is read only.
successTotpMessage=Mobile authenticator configured.
successTotpRemovedMessage=Mobile authenticator removed.
successGrantRevokedMessage=Grant revoked successfully.
accountUpdatedMessage=Your account has been updated.
accountPasswordUpdatedMessage=Your password has been updated.
missingIdentityProviderMessage=Identity provider not specified.
invalidFederatedIdentityActionMessage=Invalid or missing action.
identityProviderNotFoundMessage=Specified identity provider not found.
federatedIdentityLinkNotActiveMessage=This identity is not active anymore.
federatedIdentityRemovingLastProviderMessage=You can''t remove last federated identity as you don''t have password.
identityProviderRedirectErrorMessage=Failed to redirect to identity provider.
identityProviderRemovedMessage=Identity provider removed successfully.
identityProviderAlreadyLinkedMessage=Federated identity returned by {0} is already linked to another user.
staleCodeAccountMessage=The page expired. Please try one more time.
consentDenied=Consent denied.
accountDisabledMessage=Account is disabled, contact admin.
accountTemporarilyDisabledMessage=Account is temporarily disabled, contact admin or try again later.
invalidPasswordMinLengthMessage=Invalid password: minimum length {0}.
invalidPasswordMinLowerCaseCharsMessage=Invalid password: must contain at least {0} lower case characters.
invalidPasswordMinDigitsMessage=Invalid password: must contain at least {0} numerical digits.
invalidPasswordMinUpperCaseCharsMessage=Invalid password: must contain at least {0} upper case characters.
invalidPasswordMinSpecialCharsMessage=Invalid password: must contain at least {0} special characters.
invalidPasswordNotUsernameMessage=Invalid password: must not be equal to the username.
invalidPasswordRegexPatternMessage=Invalid password: fails to match regex pattern(s).
invalidPasswordHistoryMessage=Invalid password: must not be equal to any of last {0} passwords.
invalidPasswordGenericMessage=Invalid password: new password doesn''t match password policies.
locale_ca=Catal\u00E0
locale_de=Deutsch
locale_en=English
locale_es=Espa\u00F1ol
locale_fr=Fran\u00e7ais
locale_it=Italian
locale_ja=\u65E5\u672C\u8A9E
locale_no=Norsk
locale_lt=Lietuvi\u0173
locale_pt-BR=Portugu\u00EAs (Brasil)
locale_ru=\u0420\u0443\u0441\u0441\u043A\u0438\u0439

102
dockerfiles/keycloak/che/account/resources/css/che-account.css
View File

@ -1,102 +0,0 @@
body {
background-color: #fff;
}
header div.container {
width: 100%;
margin: 0;
}
#referrer {
max-height: 36px;
background-color: #fdb940;
border-radius: 5px;
padding: 5px 15px;
margin-top: 5px;
margin-right: 10px;
}
#referrer:hover {
background-color: #fca70e;
}
#content {
width: 100%;
margin: 0;
padding: 0;
}
#tabs-menu li a, #tabs-menu li a:hover {
font-size: 13px;
font-family: "Open Sans";
color: rgba(0, 0, 0, 0.54);
background-color: #fff;
padding: 12px 24px;
}
#tabs-menu li.active a {
color: #4a90e2;
border-bottom: 5px solid #fdb940;
}
#tabs-menu li a:active {
transition: background-color 0.35s cubic-bezier(0.35, 0, 0.25, 1);
background-color: #cce0f6;
}
#tab-content {
border-top: 1px solid #e4e4e4;
border-right: none;
border-left: none;
}
#tab-content div > label.control-label {
color: #5a5a5a;
text-align: left;
font-size: 13px;
font-weight: bold;
letter-spacing: 1.3px;
font-family: "Open Sans";
padding-top: 10px;
}
#tab-content div > input {
box-shadow: none;
border-color: #e4e4e4;
border-radius: 2px;
font-size: 13px;
font-family: "Open Sans";
height: 38px;
padding: 0 15px;
}
#tab-content div > input:focus {
border-color: #4a90e2;
}
#tab-content div > button {
min-width: 88px;
min-height: 36px;
border-radius: 2px;
border-color: rgba(255, 255, 255, 0.87);
box-shadow: none;
background-image: none;
}
#tab-content div > button[value="Save"] {
background-color: #46af00;
text-transform: uppercase;
}
#tab-content div > button[value="Save"]:hover {
background-color: #3f9d00;
}
#tab-content div > button[value="Cancel"] {
color: #9c9c9c;
background-color: #d7d7d7;
}
#tab-content div > button[value="Cancel"]:hover {
background-color: #c9c9c9;
}

82
dockerfiles/keycloak/che/account/template.ftl
View File

@ -1,82 +0,0 @@
<#macro mainLayout active bodyClass>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="robots" content="noindex, nofollow">
<title>${msg("accountManagementTitle")}</title>
<link rel="icon" href="${url.resourcesPath}/img/favicon.ico">
<#if properties.styles?has_content>
<#list properties.styles?split(' ') as style>
<link href="${url.resourcesPath}/${style}" rel="stylesheet" />
</#list>
</#if>
<#if properties.scripts?has_content>
<#list properties.scripts?split(' ') as script>
<script type="text/javascript" src="${url.resourcesPath}/${script}"></script>
</#list>
</#if>
</head>
<body class="admin-console user ${bodyClass}">
<header class="navbar navbar-default navbar-pf navbar-main header">
<nav class="navbar" role="navigation">
<div class="navbar-header">
<div class="container">
<h1 class="navbar-title">Keycloak</h1>
</div>
</div>
<div class="navbar-collapse navbar-collapse-1">
<div class="container">
<ul class="nav navbar-nav navbar-utility">
<#if realm.internationalizationEnabled>
<li>
<div class="kc-dropdown" id="kc-locale-dropdown">
<a href="#" id="kc-current-locale-link">${locale.current}</a>
<ul>
<#list locale.supported as l>
<li class="kc-dropdown-item"><a href="${l.url}">${l.label}</a></li>
</#list>
</ul>
</div>
<li>
</#if>
<#if referrer?has_content && referrer.url?has_content><li><a href="${referrer.url}" id="referrer">${msg("backTo",referrer.name)}</a></li></#if>
<li><a href="${url.logoutUrl}">${msg("doSignOut")}</a></li>
</ul>
</div>
</div>
</nav>
</header>
<div class="container" id="content">
<div id="tabs-menu">
<ul class="nav navbar-nav">
<li class="<#if active=='account'>active</#if>"><a href="${url.accountUrl}">${msg("account")}</a></li>
<#if features.passwordUpdateSupported><li class="<#if active=='password'>active</#if>"><a href="${url.passwordUrl}">${msg("password")}</a></li></#if>
<li class="<#if active=='totp'>active</#if>"><a href="${url.totpUrl}">${msg("authenticator")}</a></li>
<#if features.identityFederation><li class="<#if active=='social'>active</#if>"><a href="${url.socialUrl}">${msg("federatedIdentity")}</a></li></#if>
<li class="<#if active=='sessions'>active</#if>"><a href="${url.sessionsUrl}">${msg("sessions")}</a></li>
<li class="<#if active=='applications'>active</#if>"><a href="${url.applicationsUrl}">${msg("applications")}</a></li>
<#if features.log><li class="<#if active=='log'>active</#if>"><a href="${url.logUrl}">${msg("log")}</a></li></#if>
</ul>
</div>
<div class="col-sm-12 content-area" id="tab-content">
<#if message?has_content>
<div class="alert alert-${message.type}">
<#if message.type=='success' ><span class="pficon pficon-ok"></span></#if>
<#if message.type=='error' ><span class="pficon pficon-error-octagon"></span><span class="pficon pficon-error-exclamation"></span></#if>
${message.summary}
</div>
</#if>
<#nested "content">
</div>
</div>
</body>
</html>
</#macro>

4
dockerfiles/keycloak/che/account/theme.properties
View File

@ -1,4 +0,0 @@
parent=keycloak
locales=en
styles=lib/patternfly/css/patternfly.css css/account.css css/che-account.css

17
dockerfiles/keycloak/che/email/html/email-verification.ftl
View File

@ -1,17 +0,0 @@
<html>
<head>
${msg("robotoFontIncludeStyle")?no_esc}
</head>
<body style="${msg("mailBodyStyle")}">
<#assign letterTitle=msg("emailVerificationTitle")>
<#include "header.ftl">
<div style="${msg("mailContentStyle")}">
<p>${msg("emailVerificationLetterText")}</p>
${msg("button", msg('emailVerificationButtonText'), link)?no_esc}
<p>${msg("emailLinkExpirationText", linkExpiration)}</p>
</div>
<#include "footer.ftl">
</body>
</html>

15
dockerfiles/keycloak/che/email/html/event-login_error.ftl
View File

@ -1,15 +0,0 @@
<html>
<head>
${msg("robotoFontIncludeStyle")?no_esc}
</head>
<body style="${msg("mailBodyStyle")}">
<#assign letterTitle=msg("eventLoginErrorTitle")>
<#include "header.ftl">
<div style="${msg("mailContentStyle")}">
<p>${msg("eventLoginErrorLetterText", event.date, event.ipAddress)}</p>
</div>
<#include "footer.ftl">
</body>
</html>

15
dockerfiles/keycloak/che/email/html/event-remove_totp.ftl
View File

@ -1,15 +0,0 @@
<html>
<head>
${msg("robotoFontIncludeStyle")?no_esc}
</head>
<body style="${msg("mailBodyStyle")}">
<#assign letterTitle=msg("eventRemoveTotpTitle")>
<#include "header.ftl">
<div style="${msg("mailContentStyle")}">
<p>${msg("eventRemoveTotpLetterText", event.date, event.ipAddress)}</p>
</div>
<#include "footer.ftl">
</body>
</html>

15
dockerfiles/keycloak/che/email/html/event-update_password.ftl
View File

@ -1,15 +0,0 @@
<html>
<head>
${msg("robotoFontIncludeStyle")?no_esc}
</head>
<body style="${msg("mailBodyStyle")}">
<#assign letterTitle=msg("eventUpdatePasswordTitle")>
<#include "header.ftl">
<div style="${msg("mailContentStyle")}">
<p>${msg("eventUpdatePasswordLetterText",event.date, event.ipAddress)}</p>
</div>
<#include "footer.ftl">
</body>
</html>

15
dockerfiles/keycloak/che/email/html/event-update_totp.ftl
View File

@ -1,15 +0,0 @@
<html>
<head>
${msg("robotoFontIncludeStyle")?no_esc}
</head>
<body style="${msg("mailBodyStyle")}">
<#assign letterTitle=msg("eventUpdateTotpTitle")>
<#include "header.ftl">
<div style="${msg("mailContentStyle")}">
<p>${msg("eventUpdateTotpLetterText",event.date, event.ipAddress)}</p>
</div>
<#include "footer.ftl">
</body>
</html>

17
dockerfiles/keycloak/che/email/html/executeActions.ftl
View File

@ -1,17 +0,0 @@
<html>
<head>
${msg("robotoFontIncludeStyle")?no_esc}
</head>
<body style="${msg("mailBodyStyle")}">
<#assign letterTitle=msg("executeActionsTitle")>
<#include "header.ftl">
<div style="${msg("mailContentStyle")}">
<p>${msg("executeActionsLetterText", realmName)}</p>
${msg("button", msg('executeActionsButtonText'), link)?no_esc}
<p>${msg("emailLinkExpirationText", linkExpiration)}</p>
</div>
<#include "footer.ftl">
</body>
</html>

5
dockerfiles/keycloak/che/email/html/footer.ftl
View File

@ -1,5 +0,0 @@
<div style="${msg("mailBannerStyle")}">
<a href="${msg("eclipseCheMainSiteLink")}">
<img src="${msg("eclipseCheLogoLink")}" height="32" alt=" " />
</a>
</div>

5
dockerfiles/keycloak/che/email/html/header.ftl
View File

@ -1,5 +0,0 @@
<div style="${msg("mailBannerStyle")}">
<span style="${msg("productTitleStyle")}">${msg("product")}</span>
<div style="height: 50px"></div>
<span style="${msg("mailTitleStyle")}">${letterTitle}</span>
</div>

17
dockerfiles/keycloak/che/email/html/identity-provider-link.ftl
View File

@ -1,17 +0,0 @@
<html>
<head>
${msg("robotoFontIncludeStyle")?no_esc}
</head>
<body style="${msg("mailBodyStyle")}">
<#assign letterTitle=msg("identityProviderLinkTitle")>
<#include "header.ftl">
<div style="${msg("mailContentStyle")}">
<p>${msg("identityProviderLinkLetterText", identityProviderAlias, realmName, identityProviderContext.username)}</p>
${msg("button", msg('identityProviderLinkButtonText'), link)?no_esc}
<p>${msg("emailLinkExpirationText", linkExpiration)}</p>
</div>
<#include "footer.ftl">
</body>
</html>

17
dockerfiles/keycloak/che/email/html/password-reset.ftl
View File

@ -1,17 +0,0 @@
<html>
<head>
${msg("robotoFontIncludeStyle")?no_esc}
</head>
<body style="${msg("mailBodyStyle")}">
<#assign letterTitle=msg("passwordResetTitle")>
<#include "header.ftl">
<div style="${msg("mailContentStyle")}">
<p>${msg("passwordResetLetterText", realmName)}</p>
${msg("button", msg('passwordResetButtonText'), link)?no_esc}
<p>${msg("emailLinkExpirationText", linkExpiration)}</p>
</div>
<#include "footer.ftl">
</body>
</html>

51
dockerfiles/keycloak/che/email/messages/messages_en.properties
View File

@ -1,51 +0,0 @@
product=Eclipse Che
button=<p><span style="background-color: #fdb940; padding: 5px 20px; font-family: 'arial narrow'; font-weight: bold;"><a style="color: white; text-decoration: none;" href="{1}">{0}</a></span></p>
emailLinkExpirationText=Link will expire within {0} minutes.
emailVerificationSubject=Eclipse Che: Email address verification
emailVerificationTitle=Email address verification
emailVerificationLetterText=Please click on "Verify email" to complete the email address registration and get access to Che.
emailVerificationButtonText=Verify Email
identityProviderLinkSubject=Link {0}
identityProviderLinkTitle=Link Account
identityProviderLinkLetterText=Someone wants to link your "{1}" account with "{0}" account of user {2}. If this was you, click the link below to link accounts. If you don''t want to link account, just ignore this message. If you link accounts, you will be able to login to {1} through {0}.
identityProviderLinkButtonText=Link Account
passwordResetSubject=Reset password
passwordResetTitle=Reset your password
passwordResetLetterText=Someone just requested to change your {0} account''s credentials. If this was you, click on the link below to reset them. If you don''t want to reset your credentials, just ignore this message and nothing will be changed.
passwordResetButtonText=Reset Password
executeActionsSubject=Update Your Account
executeActionsTitle=Update Your Account
executeActionsLetterText=Your Che admin has just requested that you update your {0} account. Click on the link below to start this process. If you are unaware that your Che admin has requested this, just ignore this message and nothing will be changed.
executeActionsButtonText=Update Account
eventLoginErrorSubject=Login error
eventLoginErrorTitle=Login error
eventLoginErrorLetterText=A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin.
eventRemoveTotpSubject=Remove TOTP
eventRemoveTotpTitle=Remove TOTP
eventRemoveTotpLetterText=TOTP was removed from your account on {0} from {1}. If this was not you, please contact your Che admin.
eventUpdatePasswordSubject=Password successfully changed
eventUpdatePasswordTitle=Password successfully changed
eventUpdatePasswordLetterText=Your password was successfully changed on {0} from {1}. If this was not you, please contact your Che admin.
eventUpdateTotpSubject=Update TOTP
eventUpdateTotpTitle=Update TOTP
eventUpdateTotpLetterText=TOTP was updated for your account on {0} from {1}. If this was not you, please contact an admin.
eclipseCheMainSiteLink=http://www.eclipse.org/che/
eclipseCheLogoLink=https://www.eclipse.org/che/images/logo-eclipseche.svg
robotoFontIncludeStyle=<style>@import url('https://fonts.googleapis.com/css?family=Roboto');</style>
mailBodyStyle=width: 700px; margin: 0 auto; font-size: 16px; font-family: 'Roboto';
productTitleStyle=font-size: 26px; color: #cccccc;
mailTitleStyle=font-size: 24px; color: white;
mailBannerStyle=background-color: #292c2f; color: white; padding: 25px 10px;
mailContentStyle=padding: 10px;

8
dockerfiles/keycloak/che/email/text/email-verification.ftl
View File

@ -1,8 +0,0 @@
<#assign letterTitle=msg("emailVerificationTitle")>
<#include "header.ftl">
${msg("emailVerificationLetterText")}
${link}
${msg("emailLinkExpirationText", linkExpiration)}
<#include "footer.ftl">

6
dockerfiles/keycloak/che/email/text/event-login_error.ftl
View File

@ -1,6 +0,0 @@
<#assign letterTitle=msg("eventLoginErrorTitle")>
<#include "header.ftl">
${msg("eventLoginErrorLetterText", event.date, event.ipAddress)}
<#include "footer.ftl">

6
dockerfiles/keycloak/che/email/text/event-remove_totp.ftl
View File

@ -1,6 +0,0 @@
<#assign letterTitle=msg("eventRemoveTotpTitle")>
<#include "header.ftl">
${msg("eventRemoveTotpLetterText", event.date, event.ipAddress)}
<#include "footer.ftl">

6
dockerfiles/keycloak/che/email/text/event-update_password.ftl
View File

@ -1,6 +0,0 @@
<#assign letterTitle=msg("eventUpdatePasswordTitle")>
<#include "header.ftl">
${msg("eventUpdatePasswordLetterText", event.date, event.ipAddress)}
<#include "footer.ftl">

6
dockerfiles/keycloak/che/email/text/event-update_totp.ftl
View File

@ -1,6 +0,0 @@
<#assign letterTitle=msg("eventUpdateTotpTitle")>
<#include "header.ftl">
${msg("eventUpdateTotpLetterText", event.date, event.ipAddress)}
<#include "footer.ftl">

8
dockerfiles/keycloak/che/email/text/executeActions.ftl
View File

@ -1,8 +0,0 @@
<#assign letterTitle=msg("executeActionsTitle")>
<#include "header.ftl">
${msg("executeActionsLetterText")}
${link}
${msg("emailLinkExpirationText", linkExpiration)}
<#include "footer.ftl">

3
dockerfiles/keycloak/che/email/text/footer.ftl
View File

@ -1,3 +0,0 @@
--------------------------------------------------
${msg("eclipseCheMainSiteLink")}
--------------------------------------------------

3
dockerfiles/keycloak/che/email/text/header.ftl
View File

@ -1,3 +0,0 @@
--------------------------------------------------
${letterTitle}
--------------------------------------------------

8
dockerfiles/keycloak/che/email/text/identity-provider-link.ftl
View File

@ -1,8 +0,0 @@
<#assign letterTitle=msg("identityProviderLinkTitle")>
<#include "header.ftl">
${msg("identityProviderLinkLetterText", identityProviderAlias, realmName, identityProviderContext.username)}
${link}
${msg("emailLinkExpirationText", linkExpiration)}
<#include "footer.ftl">

8
dockerfiles/keycloak/che/email/text/password-reset.ftl
View File

@ -1,8 +0,0 @@
<#assign letterTitle=msg("passwordResetTitle")>
<#include "header.ftl">
${msg("passwordResetLetterText", realmName)}
${link}
${msg("emailLinkExpirationText", linkExpiration)}
<#include "footer.ftl">

2
dockerfiles/keycloak/che/email/theme.properties
View File

@ -1,2 +0,0 @@
parent=base
locales=en

34
dockerfiles/keycloak/che/login/login-reset-password.ftl
View File

@ -1,34 +0,0 @@
<#import "template.ftl" as layout>
<@layout.registrationLayout displayInfo=true; section>
<#if section = "title">
${msg("emailForgotTitle")}
<#elseif section = "header">
${msg("emailForgotTitle")}
<#elseif section = "form">
<#include "logo.ftl">
<form id="kc-reset-password-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
<div class="${properties.kcFormGroupClass!}">
<div class="kc-form-title">${msg("passwordRecover")}</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="username" name="username" class="${properties.kcInputClass!}" autofocus placeholder="<#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if>"/>
</div>
</div>
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
<span><a href="${url.loginUrl}">${msg("backToLogin")?no_esc}</a></span>
</div>
</div>
<div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
<input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
</div>
</div>
</form>
<#elseif section = "info" >
${msg("emailInstruction")}
</#if>
</@layout.registrationLayout>

40
dockerfiles/keycloak/che/login/login-update-password.ftl
View File

@ -1,40 +0,0 @@
<#import "template.ftl" as layout>
<@layout.registrationLayout displayInfo=true; section>
<#if section = "title">
${msg("updatePasswordTitle")}
<#elseif section = "header">
${msg("updatePasswordTitle")}
<#elseif section = "form">
<#include "logo.ftl">
<form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
<input type="text" readonly value="this is not a login form" style="display: none;">
<input type="password" readonly value="this is not a login form" style="display: none;">
<div class="kc-form-title">Setup your password.</div>
<div class="${properties.kcFormGroupClass!}">
<div class="${properties.kcInputWrapperClass!}">
<input type="password" id="password-new" name="password-new" class="${properties.kcInputClass!}" autofocus autocomplete="off" placeholder="${msg("passwordNew")}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!}">
<div class="${properties.kcInputWrapperClass!}">
<input type="password" id="password-confirm" name="password-confirm" class="${properties.kcInputClass!}" autocomplete="off" placeholder="${msg("passwordConfirm")}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
</div>
</div>
<div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
<input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
</div>
</div>
</form>
</#if>
</@layout.registrationLayout>

56
dockerfiles/keycloak/che/login/login-update-profile.ftl
View File

@ -1,56 +0,0 @@
<#import "template.ftl" as layout>
<@layout.registrationLayout; section>
<#if section = "header">
${msg("loginProfileTitle")}
<#elseif section = "form">
<form id="kc-update-profile-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
<#if user.editUsernameAllowed>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('username',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="username" name="username" value="${(user.username!'')}" class="${properties.kcInputClass!}" pattern="[a-z]([-a-z0-9]{0,61}[a-z0-9])?" title="${msg("usernameTitle")}" />
</div>
</div>
</#if>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('email',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="email" name="email" value="${(user.email!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('firstName',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="firstName" name="firstName" value="${(user.firstName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('lastName',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="lastName" name="lastName" value="${(user.lastName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
</div>
</div>
<div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
<input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}" />
</div>
</div>
</form>
</#if>
</@layout.registrationLayout>

75
dockerfiles/keycloak/che/login/login.ftl
View File

@ -1,75 +0,0 @@
<#import "template.ftl" as layout>
<@layout.registrationLayout displayInfo=social.displayInfo; section>
<#if section = "title">
${msg("loginTitle",(realm.displayName!''))}
<#elseif section = "header">
${msg("loginTitleHtml",(realm.displayNameHtml!''))}
<#elseif section = "form">
<#include "logo.ftl">
<#if realm.password>
<form id="kc-form-login" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
<div class="${properties.kcFormGroupClass!}">
<div class="kc-form-title">${msg("passwordLogin")}</div>
<div class="${properties.kcInputWrapperClass!}">
<#if usernameEditDisabled??>
<input id="username" class="${properties.kcInputClass!}" name="username" value="${(login.username!'')}" type="text" disabled />
<#else>
<input id="username" class="${properties.kcInputClass!}" name="username" value="${(login.username!'')}" type="text" autofocus autocomplete="off" placeholder="<#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if>" />
</#if>
</div>
</div>
<div class="${properties.kcFormGroupClass!}">
<div class="${properties.kcInputWrapperClass!}">
<input id="password" class="${properties.kcInputClass!}" name="password" type="password" autocomplete="off" placeholder="Password" />
</div>
</div>
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<#if realm.rememberMe && !usernameEditDisabled??>
<div class="checkbox">
<label>
<#if login.rememberMe??>
<input id="rememberMe" name="rememberMe" type="checkbox" tabindex="3" checked> ${msg("rememberMe")}
<#else>
<input id="rememberMe" name="rememberMe" type="checkbox" tabindex="3"> ${msg("rememberMe")}
</#if>
</label>
</div>
</#if>
<div class="${properties.kcFormOptionsWrapperClass!}">
<#if realm.resetPasswordAllowed>
<span><a href="${url.loginResetCredentialsUrl}">${msg("doForgotPassword")}</a></span>
</#if>
</div>
</div>
<div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
<div class="${properties.kcFormButtonsWrapperClass!}">
<input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
</div>
</div>
</div>
</form>
</#if>
<#elseif section = "info" >
<#if realm.password && social.providers??>
<div class="kc-form-title">${msg("oauthLogin")}</div>
<div id="kc-social-providers">
<ul>
<#list social.providers as p>
<li><a href="${p.loginUrl}" id="zocial-${p.alias}" class="zocial ${p.providerId}"> <span class="text">${p.displayName}</span></a></li>
</#list>
</ul>
</div>
</#if>
<#if realm.password && realm.registrationAllowed && !usernameEditDisabled??>
<div id="kc-registration">
<span>${msg("noAccount")} <a href="${url.registrationUrl}">${msg("doRegister")}</a></span>
</div>
</#if>
</#if>
</@layout.registrationLayout>

4
dockerfiles/keycloak/che/login/logo.ftl
View File

@ -1,4 +0,0 @@
<div id="logo-banner">
<img id="che-logo" src="${url.resourcesPath}/img/che-logo.svg" alt="Eclipse Che logo" />
<span>${msg("product")}</span>
</div>

8
dockerfiles/keycloak/che/login/messages/messages_en.properties
View File

@ -1,8 +0,0 @@
product=Eclipse Che
passwordLogin=Login with password
oauthLogin=Login with OAuth
formRegister=Create an account with a form
passwordRecover=Forgot your password? <br/> Enter your email below.
usernameTitle=Username has to comply with the DNS naming convention. An alphanumeric (a-z, and 0-9) string, with a maximum length of 63 characters, with the '-' character allowed anywhere except the first or last character.
registerWithTitle=Register with {0}
registerWithTitleHtml={0}

76
dockerfiles/keycloak/che/login/register.ftl
View File

@ -1,76 +0,0 @@
<#import "template.ftl" as layout>
<@layout.registrationLayout; section>
<#if section = "title">
${msg("registerWithTitle",(realm.displayName!''))}
<#elseif section = "header">
${msg("registerWithTitleHtml",(realm.displayNameHtml!''))?no_esc}
<#elseif section = "form">
<#include "logo.ftl">
<form id="kc-register-form" class="${properties.kcFormClass!}" action="${url.registrationAction}" method="post">
<input type="text" readonly value="this is not a login form" style="display: none;">
<input type="password" readonly value="this is not a login form" style="display: none;">
<div class="kc-form-title">${msg("formRegister")}</div>
<#if !realm.registrationEmailAsUsername>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('username',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')}" placeholder="${msg("username")}" />
</div>
</div>
</#if>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('firstName',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName" value="${(register.formData.firstName!'')}" placeholder="${msg("firstName")}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('lastName',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName" value="${(register.formData.lastName!'')}" placeholder="${msg("lastName")}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('email',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')}" placeholder=${msg("email")} />
</div>
</div>
<#if passwordRequired>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('password',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcInputWrapperClass!}">
<input type="password" id="password" class="${properties.kcInputClass!}" name="password" placeholder="${msg("password")}" />
</div>
</div>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('password-confirm',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcInputWrapperClass!}">
<input type="password" id="password-confirm" class="${properties.kcInputClass!}" name="password-confirm" placeholder="${msg("passwordConfirm")}" />
</div>
</div>
</#if>
<#if recaptchaRequired??>
<div class="form-group">
<div class="${properties.kcInputWrapperClass!}">
<div class="g-recaptcha" data-size="compact" data-sitekey="${recaptchaSiteKey}"></div>
</div>
</div>
</#if>
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
<span><a href="${url.loginUrl}">${msg("backToLogin")?no_esc}</a></span>
</div>
</div>
<div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
<input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doRegister")}"/>
</div>
</div>
</form>
</#if>
</@layout.registrationLayout>

244
dockerfiles/keycloak/che/login/resources/css/che-login.css
View File

@ -1,244 +0,0 @@
@import url('https://fonts.googleapis.com/css?family=Roboto');
body {
background-color: #1b2b57;
color: #4a90e2;
font-family: 'Roboto';
font-size: 14px;
}
a {
color: #fff;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
div#kc-content {
position: absolute;
top: 20%;
left: 50%;
width: 400px;
margin-left: -225px;
}
div#kc-form {
float: left;
width: 400px;
}
div#kc-form label {
display: block;
font-family: 'Roboto';
font-size: 24px;
margin-bottom: 10px;
}
div#info-area {
position: fixed;
bottom: 0;
left: 0;
margin-top: 40px;
background-color: rgba(0, 0, 0, 0.4);
padding: 20px;
width: 100%;
}
div#info-area p {
margin-right: 30px;
display: inline;
text-shadow: none;
}
input {
font-family: 'Roboto';
}
input[type=text], input[type=password] {
width: 375px;
height: 46px;
margin: 0 0 10px 0;
border-radius: 5px;
padding-left: 21px;
color: #fff;
background: #2d407d;
font-size: 16px;
font-size: 18px;
vertical-align: middle;
border: none;
}
input[type=text]:focus, input[type=password]:focus {
background: #3f55ae;
outline: none;
}
input[type=submit] {
border: none;
width: 180px;
height: 40px;
border-radius: 5px;
font-size: 16px;
font-weight: bold;
color: #fff;
background: #44a73b;
cursor: pointer;
padding: 10px;
margin-top: 20px;
margin-right: 10px;
margin-bottom: 25px;
}
input[type=submit]:hover {
background-color: #398842;
}
div#kc-form-options div {
display: inline-block;
margin-right: 20px;
font-size: 12px;
}
div#kc-form-options a {
font-size: 14px;
font-family: 'Roboto';
}
div#kc-form-options div label {
font-size: 14px;
}
div#kc-feedback {
box-shadow: 0px 0px 6px rgba(0,0,0,0.5);
position: fixed;
top: 0;
left: 0;
width: 100%;
text-align: center;
}
.kc-feedback-text {
color: #fff;
font-size: 18px;
text-align: left;
display: block;
margin-bottom: 25px;
padding: 15px;
}
div#kc-feedback-wrapper {
padding: 1em;
}
div.feedback-success {
background-color: rgba(155,155,255,0.1);
}
div.feedback-warning {
background-color: rgba(255,175,0,0.1);
}
div.feedback-error {
background-color: rgba(255,0,0,0.1);
}
.alert {
border-radius: 5px;
}
.alert-success {
background-color: #44a73b;
}
.alert-warning {
background-color: #8c9837;
}
.alert-error {
background-color: #d7342d;
}
div#kc-error-message {
color: #fff;
background-color: #d7342d;
border-radius: 5px;
text-align: center;
display: inline-block;
font-size: 16px;
padding-left: 15px;
padding-right: 15px;
}
div#kc-header {
display: none;
}
div#kc-registration {
font-size: 20px;
margin-top: 20px;
margin-bottom: 20px;
}
div#social-login {
border-left: 1px solid rgba(255, 255, 255, 0.2);
float: right;
width: 150px;
padding: 20px 0 200px 40px;
}
div.social-login span {
display: none;
}
div#kc-social-providers ul {
list-style: none;
margin: 0;
padding: 0;
font-size: 18px;
}
div#kc-social-providers ul li {
margin-bottom: 10px;
}
div#kc-social-providers ul li span {
display: inline;
}
a.zocial {
border: none;
padding-top: 0.2em;
padding-bottom: 0.2em;
}
#logo-banner {
color: #fff;
font-weight: bold;
font-size: 36px;
display: inline-block;
margin-bottom: 25px;
}
#logo-banner #che-logo {
width: 64px;
height: 64px;
vertical-align: middle;
}
#logo-banner span {
display: inline-block;
vertical-align: middle;
margin-left: 10px;
}
.kc-form-title {
font-family: 'Roboto';
font-size: 20px;
margin-bottom: 10px;
}

23
dockerfiles/keycloak/che/login/resources/img/che-logo.svg
View File

@ -1,23 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
Copyright (c) 2012-2019 Red Hat, Inc.
This program and the accompanying materials are made
available under the terms of the Eclipse Public License 2.0
which is available at https://www.eclipse.org/legal/epl-2.0/
SPDX-License-Identifier: EPL-2.0
Contributors:
Red Hat, Inc. - initial API and implementation
-->
<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="70px"
width="70px" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/"
viewBox="0 0 47 57">
<g fill-rule="evenodd" stroke="none" stroke-width="1" fill="none">
<path d="M0.032227,30.88l-0.032227-17.087,23.853-13.793,23.796,13.784-14.691,8.51-9.062-5.109-23.864,13.695z" fill="#fdb940"/>
<path d="M0,43.355l23.876,13.622,23.974-13.937v-16.902l-23.974,13.506-23.876-13.506v17.217z" fill="#525c86"/>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 987 B

BIN
dockerfiles/keycloak/che/login/resources/img/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 20 KiB

2
dockerfiles/keycloak/che/login/theme.properties
View File

@ -1,2 +0,0 @@
parent=base
styles=css/che-login.css

4
dockerfiles/keycloak/cli/add_openshift_certificate.cli
View File

@ -1,4 +0,0 @@
embed-server --server-config=standalone.xml --std-out=echo
/subsystem=keycloak-server/spi=truststore/:add
/subsystem=keycloak-server/spi=truststore/provider=file/:add(properties={file => "/scripts/openshift.jks", password => "openshift", disabled => "false" },enabled=true)
stop-embedded-server

105
dockerfiles/keycloak/kc_realm_user.sh
View File

@ -1,105 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
function jks_import_ca_bundle {
CA_FILE=$1
KEYSTORE_PATH=$2
KEYSTORE_PASSWORD=$3
if [ ! -f "$CA_FILE" ]; then
# CA bundle file doesn't exist, skip it
echo "Failed to import CA certificates from ${CA_FILE}. File doesn't exist"
return
fi
bundle_name=$(basename "$CA_FILE")
certs_imported=0
cert_index=0
tmp_file=/tmp/cert.pem
is_cert=false
while IFS= read -r line; do
if [ "$line" == "-----BEGIN CERTIFICATE-----" ]; then
# Start copying a new certificate
is_cert=true
cert_index=$((cert_index+1))
# Reset destination file and add header line
echo "$line" > ${tmp_file}
elif [ "$line" == "-----END CERTIFICATE-----" ]; then
# End of the certificate is reached, add it to trust store
is_cert=false
echo "$line" >> ${tmp_file}
keytool -importcert -alias "${bundle_name}_${cert_index}" -keystore "$KEYSTORE_PATH" -file $tmp_file -storepass "$KEYSTORE_PASSWORD" -noprompt && \
certs_imported=$((certs_imported+1))
elif [ "$is_cert" == true ]; then
# In the middle of a certificate, copy line to target file
echo "$line" >> ${tmp_file}
fi
done < "$CA_FILE"
echo "Imported ${certs_imported} certificates from ${CA_FILE}"
# Clean up
rm -f $tmp_file
}
echo "Configuring Keycloak by modifying realm and user templates..."
cat /scripts/che-users-0.json.erb | \
sed -e "/<% if scope.lookupvar('keycloak::che_keycloak_admin_require_update_password') == 'true' -%>/d" | \
sed -e "/<% else -%>/d" | \
sed -e "/<% end -%>/d" | \
sed -e "/\"requiredActions\" : \[ \],/d" > /scripts/che-users-0.json
if [ "${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}" == "false" ]; then
sed -i -e "s#\"UPDATE_PASSWORD\"##" /scripts/che-users-0.json
fi
DEFAULT_CHE_HOST="che-${NAMESPACE}.${ROUTING_SUFFIX}"
CHE_HOST=${CHE_HOST:-${DEFAULT_CHE_HOST}}
cat /scripts/che-realm.json.erb | \
sed -e "s@<%= scope\.lookupvar('che::che_server_url') %>@${PROTOCOL}://${CHE_HOST}@" \
> /scripts/che-realm.json
# Handle CA certificates
KEYSTORE_PATH=/scripts/openshift.jks
TRUST_STORE_PASSWORD=${TRUSTPASS:-openshift}
CUSTOM_CERTS_DIR=/public-certs
# Check for additional CA certificates propagated to Keycloak
if [[ -d $CUSTOM_CERTS_DIR && -n $(find "${CUSTOM_CERTS_DIR}" -type f) ]]; then
for certfile in ${CUSTOM_CERTS_DIR}/* ; do
jks_import_ca_bundle "$certfile" "$KEYSTORE_PATH" "$TRUST_STORE_PASSWORD"
done
fi
# Check for self-sighed certificate
if [ "${CHE_SELF__SIGNED__CERT}" != "" ]; then
echo "${CHE_SELF__SIGNED__CERT}" > /scripts/openshift.cer
keytool -importcert -alias HOSTDOMAIN -keystore $KEYSTORE_PATH -file /scripts/openshift.cer -storepass $TRUST_STORE_PASSWORD -noprompt
fi
# Export Java trust store into one that is propagated to Keycloak
if [ -f "$KEYSTORE_PATH" ]; then
keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -destkeystore $KEYSTORE_PATH -srcstorepass changeit -deststorepass $TRUST_STORE_PASSWORD
/opt/jboss/keycloak/bin/jboss-cli.sh --file=/scripts/cli/add_openshift_certificate.cli && rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history
fi
# POSTGRES_PORT is assigned by Kubernetes controller
# and it isn't fit to docker-entrypoin.sh.
unset POSTGRES_PORT
echo "Starting Keycloak server..."
SYS_PROPS="-Dkeycloak.migration.action=import \
-Dkeycloak.migration.provider=dir \
-Dkeycloak.migration.strategy=IGNORE_EXISTING \
-Dkeycloak.migration.dir=/scripts/ \
-Djboss.bind.address=0.0.0.0"
exec /opt/jboss/tools/docker-entrypoint.sh $SYS_PROPS

36
dockerfiles/keycloak/keycloak_config.sh
View File

@ -1,36 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
echo "Configuring Keycloak..."
cat /scripts/che-users-0.json.erb | \
sed -e "/<% if scope.lookupvar('keycloak::che_keycloak_admin_require_update_password') == 'true' -%>/d" | \
sed -e "/<% else -%>/d" | \
sed -e "/<% end -%>/d" | \
sed -e "/\"requiredActions\" : \[ \],/d" | \
jq .users[] > /scripts/che-user.json
if [ "${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}" == "false" ]; then
sed -i -e "s#\"UPDATE_PASSWORD\"##" /scripts/che-user.json
fi
cat /scripts/che-realm.json.erb | sed -e "s@<%= scope\.lookupvar('che::che_server_url') %>@${HTTP_PROTOCOL}://${CHE_HOST}@" > /scripts/realm.json
echo "Creating Che realm and che-public client..."
cd /opt/jboss/keycloak/bin
./kcadm.sh create realms -f /scripts/realm.json --no-config --server ${HTTP_PROTOCOL}://${KC_HOST}/auth --realm master --user admin --password admin
echo "Creating default Che user with the following credentials 'admin:admin'"
./kcadm.sh create users -r che -f /scripts/che-user.json --no-config --server ${HTTP_PROTOCOL}://${KC_HOST}/auth --realm master --user admin --password admin
echo "Done!"

1483
dockerfiles/keycloak/master-realm.json.erb
View File

File diff suppressed because it is too large Load Diff

29
dockerfiles/keycloak/master-users-0.json.erb
View File

@ -1,29 +0,0 @@
{
"realm" : "master",
"users" : [ {
"id" : "a4d4ecf5-e719-47d2-be81-718d87b9e26b",
"createdTimestamp" : 1497884129165,
"username" : "admin",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"type" : "password",
"hashedSaltedValue" : "YmXv1rWvJTpy9309iHNxNFkzQAhxe1/B7YIEH8268oe6LOAH7uVaYrxWPfEGhNh7qgAXpsXq7KdRxS0Vrr8lGw==",
"salt" : "Vh1keHKOBVXIwgCEJnmOIw==",
"hashIterations" : 20000,
"counter" : 0,
"algorithm" : "pbkdf2",
"digits" : 0,
"period" : 0,
"config" : { }
} ],
"disableableCredentialTypes" : [ "password" ],
"requiredActions" : [ ],
"realmRoles" : [ "admin", "uma_authorization", "offline_access" ],
"clientRoles" : {
"account" : [ "manage-account", "view-profile" ]
},
"groups" : [ ]
} ]
}

20
dockerfiles/postgres/Dockerfile
View File

@ -1,20 +0,0 @@
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
FROM centos/postgresql-96-centos7
ADD init-che-user-and-run.sh.erb init-che-user.sh.erb /var/lib/pgsql/
RUN cat /var/lib/pgsql/init-che-user.sh.erb | \
sed -e "/exit 0/d" > /var/lib/pgsql/init-che-user-and-run.sh && \
echo "exec run-postgresql \"\$@\"" >> /var/lib/pgsql/init-che-user-and-run.sh
USER root
RUN chmod +x /var/lib/pgsql/init-che-user-and-run.sh
USER postgres
ADD --chown=postgres postgresql.conf.debug /opt/app-root/src/postgresql-cfg/
ADD init-debug.sh /opt/app-root/src/postgresql-pre-start/
RUN chgrp -R 0 /opt/app-root/src/postgresql-cfg/ && chmod -R g+rwX /opt/app-root/src/postgresql-cfg/
CMD ["/var/lib/pgsql/init-che-user-and-run.sh"]

14
dockerfiles/postgres/build.sh
View File

@ -1,14 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
base_dir=$(cd "$(dirname "$0")"; pwd)
. "${base_dir}"/../build.include
init --name:postgres "$@"
build

4
dockerfiles/postgres/init-che-user-and-run.sh.erb
View File

@ -1,4 +0,0 @@
#!/bin/bash
$(dirname "$0")/init-che-user.sh
exec run-postgresql

34
dockerfiles/postgres/init-che-user.sh.erb
View File

@ -1,34 +0,0 @@
#!/bin/bash
echo "Initial call to run-postgresql..."
run-postgresql --version
export PGDATA=/var/lib/pgsql/data/userdata
pg_ctl -w start -o "-h ''"
echo "Initializing Che user..."
psql -v ON_ERROR_STOP=1 --username "postgres" <<-EOSQL
ALTER USER $POSTGRESQL_USER WITH SUPERUSER;
EOSQL
psql -v ON_ERROR_STOP=1 --username "$POSTGRESQL_USER" <<-EOSQL
CREATE USER $CHE_POSTGRES_USERNAME WITH PASSWORD '$CHE_POSTGRES_PASSWORD';
CREATE DATABASE $CHE_POSTGRES_DATABASE;
GRANT ALL PRIVILEGES ON DATABASE $CHE_POSTGRES_DATABASE TO $CHE_POSTGRES_USERNAME;
ALTER USER $CHE_POSTGRES_USERNAME WITH SUPERUSER;
EOSQL
if [[ $? -ne 0 ]]
then
echo "Warning: Failed initializing the Che user and database"
fi
psql -v ON_ERROR_STOP=1 --username "postgres" <<-EOSQL
ALTER USER $POSTGRESQL_USER WITH NOSUPERUSER;
EOSQL
pg_ctl -w stop
unset CHE_POSTGRES_DATABASE
unset CHE_POSTGRES_USERNAME
unset CHE_POSTGRES_PASSWORD
exit 0

22
dockerfiles/postgres/init-debug.sh
View File

@ -1,22 +0,0 @@
#!/bin/sh
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
if [ -n "${POSTGRESQL_LOG_DEBUG+set}" ] && [ "${POSTGRESQL_LOG_DEBUG}" == "true" ]; then
echo "POSTGRESQL_LOG_DEBUG is set, enabling additional logging configuration"
if [ ! -f /opt/app-root/src/postgresql-cfg/postgresql.log.debug.conf ]; then
echo "postgresql.conf not found!"
mv /opt/app-root/src/postgresql-cfg/postgresql.conf.debug /opt/app-root/src/postgresql-cfg/postgresql.log.debug.conf
else
echo OK
fi
fi

24
dockerfiles/postgres/postgresql.conf.debug
View File

@ -1,24 +0,0 @@
#------------------------------------------------------------------------------
# ERROR REPORTING AND LOGGING
#------------------------------------------------------------------------------
log_destination = 'stderr'
log_directory = 'pg_logs'
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'
log_file_mode = 0644
log_truncate_on_rotation = off
log_rotation_size = 10MB
client_min_messages = notice
log_min_messages = warning
log_min_error_statement = error
log_min_duration_statement = 0
log_checkpoints = on
log_connections = on
log_disconnections = on
log_duration = off
log_error_verbosity = default
log_line_prefix = '%t [%p]: [%l-1] user=%u,db=%d '
log_lock_waits = on
log_statement = 'none'
log_temp_files = 0
log_autovacuum_min_duration = 0
lc_messages='C'

4
make-release.sh
View File

@ -8,14 +8,10 @@ ORGANIZATION="eclipse"
# KEEP RIGHT ORDER!!!
DOCKER_FILES_LOCATIONS=(
che-server/dockerfiles/keycloak
che-server/dockerfiles/postgres
che-server/dockerfiles/che
)
IMAGES_LIST=(
quay.io/eclipse/che-keycloak
quay.io/eclipse/che-postgres
quay.io/eclipse/che-server
)