02b4ec9ee3
- Create QUICK_REFERENCE.md for a concise guide on setting up temporal authorization. - Add README_AUTHORIZATION.md detailing the implementation steps and common issues. - Introduce REVERSE_PROXY_APPROACH.md as an alternative method for authorization using a reverse proxy. - Implement Dockerfile for building a custom Temporal server with authorization features. - Add main.go to initialize the custom Temporal server with JWT authorization. - Create example-keycloak-mapper.json for mapping Keycloak groups to Temporal permissions. - Add development.yaml for configuring the Temporal server with JWT settings. - Implement test-authorization.sh script to verify JWT token claims and Temporal server access. - Include go.mod for managing Go dependencies in the custom server. - Document troubleshooting steps and customization options in README.md.
29 lines
685 B
Docker
29 lines
685 B
Docker
# Multi-stage build for custom Temporal server with authorization
|
|
FROM golang:1.21 AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy go mod files
|
|
COPY go.mod go.sum* ./
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY main.go ./
|
|
|
|
# Build the server
|
|
RUN CGO_ENABLED=0 GOOS=linux go build -o temporal-server main.go
|
|
|
|
# Final stage
|
|
FROM temporalio/auto-setup:1.29.0
|
|
|
|
# Copy the custom server binary
|
|
COPY --from=builder /app/temporal-server /usr/local/bin/temporal-server
|
|
|
|
# Copy configuration
|
|
COPY config/ /etc/temporal/config/
|
|
|
|
# The auto-setup image's entrypoint will handle initialization
|
|
# We'll override the command to use our custom binary
|
|
ENTRYPOINT ["/entrypoint.sh"]
|
|
CMD ["temporal-server", "start"]
|