From 2508ed9a79581186c1b886ac8989380c1357ce4d Mon Sep 17 00:00:00 2001
From: Maros Orsak <maros.orsak159@gmail.com>
Date: Tue, 29 Oct 2024 18:46:53 +0100
Subject: [PATCH] Include OAuth libs into images  (#29)

* Include OAuth libs into images

Signed-off-by: see-quick <maros.orsak159@gmail.com>

* remove un-necessary

Signed-off-by: see-quick <maros.orsak159@gmail.com>

* delete oauth libs

Signed-off-by: see-quick <maros.orsak159@gmail.com>

* remove also include

Signed-off-by: see-quick <maros.orsak159@gmail.com>

* also update docker cmd

Signed-off-by: see-quick <maros.orsak159@gmail.com>

* update also jackson libs for server-side

Signed-off-by: see-quick <maros.orsak159@gmail.com>

---------

Signed-off-by: see-quick <maros.orsak159@gmail.com>
---
 Makefile                         | 11 ++++++-----
 images/Dockerfile                |  8 ++++++++
 images/base/Dockerfile           | 32 +++++++++++++++++++++++++++++---
 images/base/build_base_images.sh | 17 +++++++++++------
 images/build_push_images.sh      |  5 +++--
 images/tag_push_images.sh        | 15 ++++++++-------
 6 files changed, 65 insertions(+), 23 deletions(-)

diff --git a/Makefile b/Makefile
index 14b12a1..53b2351 100644
--- a/Makefile
+++ b/Makefile
@@ -7,21 +7,22 @@ REGISTRY_ORGANIZATION ?= strimzi-test-container
 IMAGE_TAG ?= main
 DOCKER_VERSION_ARG ?= latest
 ARCHS ?= amd64
+DOCKER_CMD ?= docker
 
 all: docker_prepare_base_images prepare docker_build docker_tag_push clean
 
 docker_prepare_base_images:
-	./images/base/build_base_images.sh $(DOCKER_VERSION_ARG) $(PROJECT_NAME_BASE) "$(ARCHS)" $(DOCKERFILE_BASE_DIR)
+	./images/base/build_base_images.sh $(DOCKER_VERSION_ARG) $(PROJECT_NAME_BASE) "$(ARCHS)" $(DOCKERFILE_BASE_DIR) $(DOCKER_CMD)
 
 docker_build:
-	./images/build_push_images.sh $(DOCKER_VERSION_ARG) $(PROJECT_NAME) $(DOCKERFILE_DIR) "$(ARCHS)"
+	./images/build_push_images.sh $(DOCKER_VERSION_ARG) $(PROJECT_NAME) $(DOCKERFILE_DIR) "$(ARCHS)" $(DOCKER_CMD)
 
 docker_tag_push:
-	./images/tag_push_images.sh $(PROJECT_NAME) $(REGISTRY) $(REGISTRY_ORGANIZATION) $(QUAY_USER) $(QUAY_PASS) "$(ARCHS)"
+	./images/tag_push_images.sh $(PROJECT_NAME) $(REGISTRY) $(REGISTRY_ORGANIZATION) $(QUAY_USER) $(QUAY_PASS) "$(ARCHS)" $(DOCKER_CMD)
 
 prepare: clean
 	./images/download_kafka.sh
 
 clean:
-	rm -rf images/kafka_binaries
-	rm -rf images/kafka_tars
\ No newline at end of file
+	rm -rf images/kafka_binaries || true
+	rm -rf images/kafka_tars || true
\ No newline at end of file
diff --git a/images/Dockerfile b/images/Dockerfile
index e9518db..f1944d4 100644
--- a/images/Dockerfile
+++ b/images/Dockerfile
@@ -27,6 +27,14 @@ ENV SCALA_VERSION=${SCALA_VERSION}
 
 COPY ./kafka_binaries/kafka_${SCALA_VERSION}\-${KAFKA_VERSION} $KAFKA_HOME
 
+# Copy OAuth libraries into $KAFKA_HOME/libs/ after copying Kafka binaries
+RUN if [ -d "/opt/kafka/oauth-libs" ]; then \
+        echo "Including OAuth libraries in the derived image..."; \
+        cp -r /opt/kafka/oauth-libs/* $KAFKA_HOME/libs/; \
+    else \
+        echo "OAuth libraries not found in base image. Skipping OAuth libraries in the derived image."; \
+    fi
+
 WORKDIR $KAFKA_HOME
 
 USER 1001
\ No newline at end of file
diff --git a/images/base/Dockerfile b/images/base/Dockerfile
index 1925cb0..29f78fb 100644
--- a/images/base/Dockerfile
+++ b/images/base/Dockerfile
@@ -2,6 +2,32 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
 
 USER root
 
-RUN microdnf update \
-    && microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install java-17-openjdk-headless shadow-utils \
-    && microdnf clean all
\ No newline at end of file
+ARG OAUTH_LIB_VERSION=0.15.0
+ARG NIMBUS_JOSE_JWT_VERSION=9.37.2
+ARG JACKSON_ANNOTATION_VERSION=2.16.2
+ARG JACKSON_DATABIND_VERSION=2.16.2
+ARG JSON_PATH_VERSION=2.9.0
+
+# Install Java and other necessary packages
+RUN microdnf update -y && \
+    microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y \
+    java-17-openjdk-headless shadow-utils wget && \
+    microdnf clean all
+
+# Download OAuth libraries
+RUN echo "Including OAuth libraries in the base image..." && \
+    mkdir -p /opt/kafka/oauth-libs && \
+    OAUTH_COMMON_URL="https://repo1.maven.org/maven2/io/strimzi/kafka-oauth-common/${OAUTH_LIB_VERSION}/kafka-oauth-common-${OAUTH_LIB_VERSION}.jar" && \
+    OAUTH_SERVER_URL="https://repo1.maven.org/maven2/io/strimzi/kafka-oauth-server/${OAUTH_LIB_VERSION}/kafka-oauth-server-${OAUTH_LIB_VERSION}.jar" && \
+    OAUTH_SERVER_PLAIN_URL="https://repo1.maven.org/maven2/io/strimzi/kafka-oauth-server-plain/${OAUTH_LIB_VERSION}/kafka-oauth-server-plain-${OAUTH_LIB_VERSION}.jar" && \
+    OAUTH_KEYCLOAK_AUTHORIZER_URL="https://repo1.maven.org/maven2/io/strimzi/kafka-oauth-keycloak-authorizer/${OAUTH_LIB_VERSION}/kafka-oauth-keycloak-authorizer-${OAUTH_LIB_VERSION}.jar" && \
+    OAUTH_CLIENT_URL="https://repo1.maven.org/maven2/io/strimzi/kafka-oauth-client/${OAUTH_LIB_VERSION}/kafka-oauth-client-${OAUTH_LIB_VERSION}.jar" && \
+    NIMBUS_JOSE_JWT_URL="https://repo1.maven.org/maven2/com/nimbusds/nimbus-jose-jwt/${NIMBUS_JOSE_JWT_VERSION}/nimbus-jose-jwt-${NIMBUS_JOSE_JWT_VERSION}.jar" && \
+    # Jackson Libraries
+    JACKSON_ANNOTATION_URL="https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-annotations/${JACKSON_ANNOTATION_VERSION}/jackson-annotations-${JACKSON_ANNOTATION_VERSION}.jar" && \
+    JACKSON_DATABIND_URL="https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-databind/${JACKSON_DATABIND_VERSION}/jackson-databind-${JACKSON_DATABIND_VERSION}.jar" && \
+    # Json Path Library
+    JSON_PATH_URL="https://repo1.maven.org/maven2/com/jayway/jsonpath/json-path/${JSON_PATH_VERSION}/json-path-${JSON_PATH_VERSION}.jar" && \
+    # Download all JARs
+    wget -P /opt/kafka/oauth-libs "$OAUTH_COMMON_URL" "$OAUTH_SERVER_URL" "$OAUTH_SERVER_PLAIN_URL" \
+    "$OAUTH_KEYCLOAK_AUTHORIZER_URL" "$OAUTH_CLIENT_URL" "$NIMBUS_JOSE_JWT_URL" "$JACKSON_ANNOTATION_URL" "$JACKSON_DATABIND_URL" "$JSON_PATH_URL"
\ No newline at end of file
diff --git a/images/base/build_base_images.sh b/images/base/build_base_images.sh
index f310598..3a94ccd 100755
--- a/images/base/build_base_images.sh
+++ b/images/base/build_base_images.sh
@@ -7,29 +7,34 @@ DOCKER_VERSION_ARG=$1
 PROJECT_NAME_BASE=$2
 ARCHITECTURES=$3
 DOCKERFILE_BASE_DIR=$4
+DOCKER_CMD=$5
 
 CURRENT_TAG=${CURRENT_TAG:-"local"}
+OAUTH_LIB_VERSION=${OAUTH_LIB_VERSION:-0.15.0}
 
 ####
 # BUILD BASE IMAGES
 ####
 for ARCH in $ARCHITECTURES
 do
-    echo "[INFO] Building image with name: strimzi/$PROJECT_NAME_BASE:$CURRENT_TAG-$ARCH)."
-    docker build --platform linux/$ARCH --build-arg version=$DOCKER_VERSION_ARG -t strimzi/$PROJECT_NAME_BASE:$CURRENT_TAG-$ARCH $DOCKERFILE_BASE_DIR
+    echo "[INFO] Building classic image with name: strimzi/$PROJECT_NAME_BASE:$CURRENT_TAG-$ARCH)."
+    $DOCKER_CMD build --platform linux/$ARCH \
+                    --build-arg version=$DOCKER_VERSION_ARG \
+                    --build-arg OAUTH_LIB_VERSION=$OAUTH_LIB_VERSION \
+                    -t strimzi/$PROJECT_NAME_BASE:$CURRENT_TAG-$ARCH $DOCKERFILE_BASE_DIR
 
     # "refresh" Docker's awareness of the image
-    docker save strimzi/$PROJECT_NAME_BASE:$CURRENT_TAG-$ARCH -o strimzi_base_$ARCH.tar
-    docker load -i strimzi_base_$ARCH.tar
+    $DOCKER_CMD save strimzi/$PROJECT_NAME_BASE:$CURRENT_TAG-$ARCH -o strimzi_base_$ARCH.tar
+    $DOCKER_CMD load -i strimzi_base_$ARCH.tar
     # tagging this image eliminate this error
     #  ```
     #      ERROR: failed to solve: strimzi/base:local: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
     #  ```
     # May be more likely to recognize this new tag as a local entity without trying to fetch it from a remote repository.
     # This specific tagging can help in resolving ambiguities that Docker might have had with the original image name and tag.
-    docker tag strimzi/$PROJECT_NAME_BASE:$CURRENT_TAG-$ARCH strimzi/$PROJECT_NAME_BASE:latest-$ARCH``
+    $DOCKER_CMD tag strimzi/$PROJECT_NAME_BASE:$CURRENT_TAG-$ARCH strimzi/$PROJECT_NAME_BASE:latest-$ARCH``
 done
 
 # PRINT ALL IMAGES
-docker images
+$DOCKER_CMD images
 
diff --git a/images/build_push_images.sh b/images/build_push_images.sh
index b7c6876..daadfb0 100755
--- a/images/build_push_images.sh
+++ b/images/build_push_images.sh
@@ -22,9 +22,10 @@ DOCKER_VERSION_ARG=$1
 PROJECT_NAME=$2
 DOCKERFILE_DIR=$3
 ARCHITECTURES=$4
+DOCKER_CMD=$5
 
 # PRINT ALL IMAGES
-docker images
+$DOCKER_CMD images
 
 #####
 # FOR EACH KAFKA VERSION BUILD IMAGE WITH DIFFERENT TAG (i.e., 'strimzi-test-container/test-container:0.1.0-kafka-2.8.1)
@@ -37,7 +38,7 @@ do
     for ARCH in $ARCHITECTURES
     do
         echo "[INFO] Building image with name: strimzi-test-container/$PROJECT_NAME:$CURRENT_TAG-$ARCH $KAFKA_VERSION with $SCALA_VERSION)."
-        docker build --platform linux/$ARCH --build-arg version=$DOCKER_VERSION_ARG --build-arg KAFKA_VERSION=$KAFKA_VERSION --build-arg SCALA_VERSION=$SCALA_VERSION --build-arg ARCH=$ARCH -t strimzi/$PROJECT_NAME:$CURRENT_TAG-$ARCH $DOCKERFILE_DIR
+        $DOCKER_CMD build --platform linux/$ARCH --build-arg version=$DOCKER_VERSION_ARG --build-arg KAFKA_VERSION=$KAFKA_VERSION --build-arg SCALA_VERSION=$SCALA_VERSION --build-arg ARCH=$ARCH -t strimzi/$PROJECT_NAME:$CURRENT_TAG-$ARCH $DOCKERFILE_DIR
     done
 done
 
diff --git a/images/tag_push_images.sh b/images/tag_push_images.sh
index 131fb91..89d5169 100755
--- a/images/tag_push_images.sh
+++ b/images/tag_push_images.sh
@@ -24,12 +24,13 @@ REGISTRY_ORGANIZATION=$3
 QUAY_USER=$4
 QUAY_PASS=$5
 ARCHITECTURES=$6
+DOCKER_CMD=$7
 
 # PRINT ALL IMAGES
-docker images
+$DOCKER_CMD images
 
 echo "Login into registry..."
-docker login -u $QUAY_USER -p $QUAY_PASS $REGISTRY
+$DOCKER_CMD login -u $QUAY_USER -p $QUAY_PASS $REGISTRY
 
 #####
 # FOR EACH KAFKA VERSION TAG AND PUSH IMAGE
@@ -38,16 +39,16 @@ for KAFKA_VERSION in $KAFKA_VERSIONS
 do
     CURRENT_TAG="$PRODUCT_VERSION-kafka-$KAFKA_VERSION"
     echo "[INFO] Delete the manifest to the registry, ignore the error if manifest doesn't exist"
-	docker manifest rm $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG || true
+	  $DOCKER_CMD manifest rm $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG || true
     for ARCH in $ARCHITECTURES
     do
         echo "[INFO] Tagging strimzi/$PROJECT_NAME:$CURRENT_TAG-$ARCH to $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG-$ARCH ..."
-        docker tag strimzi/$PROJECT_NAME:$CURRENT_TAG-$ARCH $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG-$ARCH
+        $DOCKER_CMD tag strimzi/$PROJECT_NAME:$CURRENT_TAG-$ARCH $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG-$ARCH
         echo "[INFO] Pushing image with name: $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG-$ARCH ..."
-	    docker push $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG-$ARCH
+	    $DOCKER_CMD push $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG-$ARCH
         echo "[INFO] Create / Amend the manifest"
-	    docker manifest create $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG --amend $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG-$ARCH
+	    $DOCKER_CMD manifest create $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG --amend $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG-$ARCH
     done
     echo "[INFO] Push the manifest to the registry"
-	docker manifest push $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG
+	  $DOCKER_CMD manifest push $REGISTRY/$REGISTRY_ORGANIZATION/$PROJECT_NAME:$CURRENT_TAG
 done
\ No newline at end of file