-
Notifications
You must be signed in to change notification settings - Fork 2
/
docker-compose.yml
152 lines (143 loc) · 4.24 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
version: '3'
services:
pg:
image: postgres:9.4
environment:
POSTGRES_HOST_AUTH_METHOD: trust
conjur:
image: cyberark/conjur:edge
command: server -a dev -f /policy/policy.yaml
environment:
CONJUR_DATA_KEY: 'OyXV68Mip14xj33huGaQKewmmS+gKtDlp6ECZ2iATpU='
DATABASE_URL: postgres://postgres@pg/postgres
RAILS_ENV: development
CONJUR_AUTHENTICATORS: authn-ldap/test,authn-oidc/test,authn
LDAP_URI: ldap://ldap-server:389
LDAP_BASE: dc=conjur,dc=net
LDAP_BINDDN: cn=admin,dc=conjur,dc=net
LDAP_BINDPW: ldapsecret
LDAP_FILTER: (uid=%s)
ports:
- "80:80"
volumes:
- ./test/config:/policy:ro
depends_on:
- pg
- ldap-server
- oidc-keycloak
links:
- oidc-keycloak:keycloak
conjur-https:
image: nginx:alpine
ports:
- "443:443"
volumes:
- ./config/https/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/https/conjur.conf:/etc/nginx/sites-enabled/conjur.conf:ro
- ./config/https/dhparams.pem:/etc/nginx/dhparams.pem:ro
- ./config/https/conjur.crt:/cert/tls.crt:ro
- ./config/https/conjur.key:/cert/tls.key:ro
- ./config/https/ca.crt:/ca/tls.crt:ro
depends_on:
- conjur
test-python:
build:
context: .
dockerfile: test/Dockerfile.python
command: ['sleep', '999d']
environment:
CONJUR_HTTP_APPLIANCE_URL: http://conjur
CONJUR_HTTPS_APPLIANCE_URL: https://conjur-https
CONJUR_ACCOUNT: dev
CONJUR_AUTHN_LOGIN: admin
CONJUR_AUTHN_API_KEY: Null
CONJUR_CA_BUNDLE: /opt/conjur-openapi-spec/config/https/ca.crt
depends_on:
- conjur
- conjur-https
volumes:
- .:/opt/conjur-openapi-spec
- ./test/config/ldap/certs:/ldap-certs:ro
test-api:
build:
context: .
dockerfile: test/Dockerfile.api
command: ['sleep', '999d']
environment:
CONJUR_CA_BUNDLE: /config/ca.crt
depends_on:
- conjur
- conjur-https
volumes:
- ./config/https/:/config
test-dotnet:
image: mcr.microsoft.com/dotnet/sdk:2.1
command: ['sleep', '999d']
depends_on:
- conjur
- conjur-https
environment:
CONJUR_HTTP_APPLIANCE_URL: http://conjur
CONJUR_HTTPS_APPLIANCE_URL: https://conjur-https
CONJUR_ACCOUNT: dev
CONJUR_AUTHN_LOGIN: admin
CONJUR_AUTHN_API_KEY: Null
CONJUR_CA_BUNDLE: /opt/conjur-openapi-spec/config/https/ca.crt
volumes:
- .:/opt/conjur-openapi-spec
- ./test/config/ldap/certs:/ldap-certs:ro
working_dir: /opt/conjur-openapi-spec
cli:
image: cyberark/conjur-cli:5
entrypoint: sleep
command: infinity
environment:
CONJUR_HTTP_APPLIANCE_URL: http://conjur
CONJUR_HTTPS_APPLIANCE_URL: https://conjur-https
CONJUR_ACCOUNT: dev
CONJUR_AUTHN_LOGIN: admin
CONJUR_CA_BUNDLE: /opt/conjur-openapi-spec/config/https/ca.crt
CONJUR_AUTHN_API_KEY: Null
volumes:
- ./:/src
depends_on:
- conjur
- conjur-https
ldap-server:
image: osixia/openldap
command: --copy-service --loglevel debug
hostname: ldap-server
environment:
LDAP_ORGANIZATION: CyberArk
LDAP_DOMAIN: conjur.net
LDAP_ADMIN_PASSWORD: ldapsecret
LDAP_TLS_CA_CRT_FILENAME: "ca-chain.cert.pem"
LDAP_TLS_CRT_FILENAME: "ldap-server.cert.pem"
LDAP_TLS_KEY_FILENAME: "ldap-server.key.pem"
LDAP_TLS_DH_PARAM_FILENAME: 'dhparam.pem'
LDAP_TLS_VERIFY_CLIENT: try
ports:
- "389:389"
volumes:
- ./test/config/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom
- ./test/config/ldap/certs:/container/service/slapd/assets/certs:ro
oidc-keycloak:
image: jboss/keycloak:4.3.0.Final
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- DB_VENDOR=H2
- KEYCLOAK_CLIENT_ID=conjurClient
- KEYCLOAK_REDIRECT_URI=http://locallhost.com/
- KEYCLOAK_CLIENT_SECRET=1234
- KEYCLOAK_SCOPE=openid
- KEYCLOAK_LOGLEVEL=ALL
ports:
- "7777:8080"
volumes:
- ./test/config/oidc:/scripts
- ./test/config/oidc/keycloak/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
networks:
default:
name: openapi-spec
external: true