version: "3.9"

# Identity Provider testing containers for LDAP, SAML, and OIDC integration tests.
# Usage: docker compose -f docker-compose.idp-testing.yml --profile idp up -d

networks:
  stellaops-testing:
    name: stellaops-testing
    driver: bridge

services:
  openldap:
    image: osixia/openldap:1.5.0
    profiles: ["idp"]
    container_name: stellaops-openldap
    hostname: openldap.stellaops.test
    environment:
      LDAP_ORGANISATION: "StellaOps Test"
      LDAP_DOMAIN: "stellaops.test"
      LDAP_ADMIN_PASSWORD: "admin-secret"
      LDAP_CONFIG_PASSWORD: "config-secret"
      LDAP_READONLY_USER: "true"
      LDAP_READONLY_USER_USERNAME: "readonly"
      LDAP_READONLY_USER_PASSWORD: "readonly-secret"
      LDAP_TLS: "false"
    ports:
      - "3389:389"
      - "3636:636"
    volumes:
      - ./fixtures/ldap/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-bootstrap.ldif:ro
    command: "--copy-service"
    networks:
      - stellaops-testing
    healthcheck:
      test: ["CMD", "ldapsearch", "-x", "-H", "ldap://localhost:389", "-b", "dc=stellaops,dc=test", "-D", "cn=admin,dc=stellaops,dc=test", "-w", "admin-secret"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 15s

  keycloak:
    image: quay.io/keycloak/keycloak:24.0
    profiles: ["idp"]
    container_name: stellaops-keycloak
    hostname: keycloak.stellaops.test
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin-secret
      KC_HEALTH_ENABLED: "true"
    ports:
      - "8280:8080"
    volumes:
      - ./fixtures/keycloak/stellaops-realm.json:/opt/keycloak/data/import/stellaops-realm.json:ro
    command: ["start-dev", "--import-realm"]
    networks:
      - stellaops-testing
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080 && echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost\r\n\r\n' >&3 && cat <&3 | grep -q '\"status\":\"UP\"'"]
      interval: 15s
      timeout: 10s
      retries: 10
      start_period: 60s