Add support for deployment to aca and ssl.

anderly · anderly · commit d82f636aaecb · 2025-04-23T13:20:11.000-05:00
diff --git a/src/Aspire.Hosting.Keycloak/KeycloakResourceBuilderExtensions.cs b/src/Aspire.Hosting.Keycloak/KeycloakResourceBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using Aspire.Hosting.ApplicationModel;
 using Aspire.Hosting.Keycloak;
+using System.Globalization;
 
 namespace Aspire.Hosting;
 
@@ -14,8 +15,17 @@ public static class KeycloakResourceBuilderExtensions
     private const string AdminEnvVarName = "KC_BOOTSTRAP_ADMIN_USERNAME";
     private const string AdminPasswordEnvVarName = "KC_BOOTSTRAP_ADMIN_PASSWORD";
     private const string HealthCheckEnvVarName = "KC_HEALTH_ENABLED"; // As per https://www.keycloak.org/observability/health
+    private const string ProxyEdgeEnvVarName = "KC_PROXY";
+    private const string HttpPortEnvVarName = "KC_HTTP_PORT";
+    private const string HttpEnabledEnvVarName = "KC_HTTP_ENABLED";
+    private const string HostNamePortEnvVarName = "KC_HOSTNAME_PORT";
+    private const string HostNameStrictBackchannelEnvVarName = "KC_HOSTNAME_STRICT_BACKCHANNEL";
+    private const string ProxyHeadersEnvVarName = "KC_PROXY_HEADERS";
+    private const string HostNameStrictEnvVarName = "KC_HOSTNAME_STRICT";
+    private const string HostNameStrictHttpsEnvVarName = "KC_HOSTNAME_STRICT_HTTPS";
 
     private const int DefaultContainerPort = 8080;
+    private const int HttpsContainerPort = 8443;
     private const int ManagementInterfaceContainerPort = 9000; // As per https://www.keycloak.org/server/management-interface
     private const string ManagementEndpointName = "management";
     private const string RealmImportDirectory = "/opt/keycloak/data/import";
@@ -56,12 +66,14 @@ public static IResourceBuilder<KeycloakResource> AddKeycloak(
 
         var resource = new KeycloakResource(name, adminUsername?.Resource, passwordParameter);
 
+        var targetPort = port == HttpsContainerPort ? HttpsContainerPort : DefaultContainerPort;
+
         var keycloak = builder
             .AddResource(resource)
             .WithImage(KeycloakContainerImageTags.Image)
             .WithImageRegistry(KeycloakContainerImageTags.Registry)
             .WithImageTag(KeycloakContainerImageTags.Tag)
-            .WithHttpEndpoint(port: port, targetPort: DefaultContainerPort)
+            .WithHttpEndpoint(port: port, targetPort: targetPort)
             .WithHttpEndpoint(targetPort: ManagementInterfaceContainerPort, name: ManagementEndpointName)
             .WithHttpHealthCheck(endpointName: ManagementEndpointName, path: "/health/ready")
             .WithEnvironment(context =>
diff --git a/tests/Aspire.Hosting.Keycloak.Tests/KeycloakResourceBuilderTests.cs b/tests/Aspire.Hosting.Keycloak.Tests/KeycloakResourceBuilderTests.cs
@@ -107,7 +107,7 @@ public void AddAddKeycloakDoesNotAddGeneratedPasswordParameterWithUserSecretsPar
     }
 
     [Fact]
-    public async Task VerifyManifest()
+    public async Task VerifyManifestForHttp()
     {
         using var builder = TestDistributedApplicationBuilder.Create();
         var keycloak = builder.AddKeycloak("keycloak");
@@ -145,4 +145,52 @@ public async Task VerifyManifest()
             """;
         Assert.Equal(expectedManifest, manifest.ToString());
     }
+
+    [Fact]
+    public async Task VerifyManifestForHttps()
+    {
+        using var builder = TestDistributedApplicationBuilder.Create();
+        var keycloak = builder.AddKeycloak("keycloak", 8443);
+
+        var manifest = await ManifestUtils.GetManifest(keycloak.Resource);
+
+        var expectedManifest = $$"""
+            {
+              "type": "container.v0",
+              "image": "{{KeycloakContainerImageTags.Registry}}/{{KeycloakContainerImageTags.Image}}:{{KeycloakContainerImageTags.Tag}}",
+              "args": [
+                "start-dev",
+                "--import-realm"
+              ],
+              "env": {
+                "KC_BOOTSTRAP_ADMIN_USERNAME": "admin",
+                "KC_BOOTSTRAP_ADMIN_PASSWORD": "{keycloak-password.value}",
+                "KC_HEALTH_ENABLED": "true",
+                "KC_PROXY": "edge",
+                "KC_HTTP_PORT": "8443",
+                "KC_HTTP_ENABLED": "true",
+                "KC_HOSTNAME_PORT": "8443",
+                "KC_HOSTNAME_STRICT_BACKCHANNEL": "false",
+                "KC_PROXY_HEADERS": "xforwarded",
+                "KC_HOSTNAME_STRICT": "false",
+                "KC_HOSTNAME_STRICT_HTTPS": "false"
+              },
+              "bindings": {
+                "http": {
+                  "scheme": "http",
+                  "protocol": "tcp",
+                  "transport": "http",
+                  "targetPort": 8443
+                },
+                "management": {
+                  "scheme": "http",
+                  "protocol": "tcp",
+                  "transport": "http",
+                  "targetPort": 9000
+                }
+              }
+            }
+            """;
+        Assert.Equal(expectedManifest, manifest.ToString());
+    }
 }
