chore: convert to Unix file format (#2)

Signed-off-by: Gabriele Bartolini <[email protected]>

Author: gbartolini

docker/Dockerfile

@@ -1,28 +1,28 @@
-# syntax=docker/dockerfile:1.7
-FROM postgres:18 AS builder
-ARG DEBIAN_FRONTEND=noninteractive
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-    set -eux; \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-    build-essential libcurl4-openssl-dev postgresql-server-dev-18; \
-    apt-get clean; \
-    rm -rf /var/lib/apt/lists/*
-WORKDIR /work
-COPY src/ ./src/
-RUN make -C src
-
-FROM ghcr.io/cloudnative-pg/postgresql:18-standard-trixie
-ARG DEBIAN_FRONTEND=noninteractive
-USER root
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-    set -eux; \
-    apt-get update; \
-    apt-get install -y --no-install-recommends libcurl4 ca-certificates; \
-    apt-get clean; \
-    rm -rf /var/lib/apt/lists/*
-COPY --chmod=0644 docker/certs/server.crt /usr/local/share/ca-certificates/kc-root.crt
-RUN update-ca-certificates
-ENV CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
-USER postgres
-COPY --from=builder /work/src/kc_validator.so /usr/lib/postgresql/18/lib/
+# syntax=docker/dockerfile:1.7
+FROM postgres:18 AS builder
+ARG DEBIAN_FRONTEND=noninteractive
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+    build-essential libcurl4-openssl-dev postgresql-server-dev-18; \
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/*
+WORKDIR /work
+COPY src/ ./src/
+RUN make -C src
+
+FROM ghcr.io/cloudnative-pg/postgresql:18-standard-trixie
+ARG DEBIAN_FRONTEND=noninteractive
+USER root
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends libcurl4 ca-certificates; \
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/*
+COPY --chmod=0644 docker/certs/server.crt /usr/local/share/ca-certificates/kc-root.crt
+RUN update-ca-certificates
+ENV CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
+USER postgres
+COPY --from=builder /work/src/kc_validator.so /usr/lib/postgresql/18/lib/

examples/cnpg/cluster.yaml

@@ -1,36 +1,36 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: pg-oauth
-spec:
-  imageName: pg18-kc-validator:18.0
-  instances: 1
-
-  # Bootstrap from scratch and run our init SQL from a ConfigMap
-  bootstrap:
-    initdb:
-      database: appdb
-      owner: app
-      postInitApplicationSQLRefs:
-        configMapRefs:
-          - name: pg-init-sql
-            key: init.sql
-
-  storage:
-    size: 1Gi
-  postgresql:
-    parameters:
-      oauth_validator_libraries: "kc_validator"
-
-      kc.token_endpoint: "https://<keycloak>/realms/<realm>/protocol/openid-connect/token"
-      kc.audience:       "postgres-resource"
-      kc.resource_name:  "appdb"
-      kc.client_id:      "postgres-resource"
-      kc.http_timeout_ms: "2000"
-      kc.expected_issuer: "https://<keycloak>/realms/<realm>"
-      kc.debug: "on"
-      kc.log_body: "on"
-      log_min_messages: "debug1"
-
-    pg_hba:
-      - host all all 0.0.0.0/0 oauth issuer="https://<keycloak>/realms/<realm>" scope=db_access validator="kc_validator" delegate_ident_mapping=1
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: pg-oauth
+spec:
+  imageName: pg18-kc-validator:18.0
+  instances: 1
+
+  # Bootstrap from scratch and run our init SQL from a ConfigMap
+  bootstrap:
+    initdb:
+      database: appdb
+      owner: app
+      postInitApplicationSQLRefs:
+        configMapRefs:
+          - name: pg-init-sql
+            key: init.sql
+
+  storage:
+    size: 1Gi
+  postgresql:
+    parameters:
+      oauth_validator_libraries: "kc_validator"
+
+      kc.token_endpoint: "https://<keycloak>/realms/<realm>/protocol/openid-connect/token"
+      kc.audience:       "postgres-resource"
+      kc.resource_name:  "appdb"
+      kc.client_id:      "postgres-resource"
+      kc.http_timeout_ms: "2000"
+      kc.expected_issuer: "https://<keycloak>/realms/<realm>"
+      kc.debug: "on"
+      kc.log_body: "on"
+      log_min_messages: "debug1"
+
+    pg_hba:
+      - host all all 0.0.0.0/0 oauth issuer="https://<keycloak>/realms/<realm>" scope=db_access validator="kc_validator" delegate_ident_mapping=1

examples/cnpg/pg-init-sql.yaml

@@ -1,66 +1,66 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: pg-init-sql
-data:
-  init.sql: |
-    -- Create the 'users' table
-    CREATE TABLE IF NOT EXISTS users (
-      id SERIAL PRIMARY KEY,
-      username VARCHAR(50) NOT NULL UNIQUE,
-      email VARCHAR(100) NOT NULL,
-      created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-    );
-
-    -- Create the 'orders' table
-    CREATE TABLE IF NOT EXISTS orders (
-      id SERIAL PRIMARY KEY,
-      user_id INTEGER REFERENCES users(id),
-      product VARCHAR(100),
-      amount INTEGER,
-      ordered_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-    );
-
-    -- Insert sample users
-    INSERT INTO users (username, email) VALUES
-      ('alice', '[email protected]'),
-      ('bob', '[email protected]');
-
-    -- Insert sample orders
-    INSERT INTO orders (user_id, product, amount) VALUES
-      (1, 'Widget', 3),
-      (2, 'Gadget', 5);
-
-    DO $$
-    BEGIN
-      IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_readonly') THEN
-        CREATE ROLE app_readonly LOGIN;
-      END IF;
-      IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_readwrite') THEN
-        CREATE ROLE app_readwrite LOGIN;
-      END IF;
-    END$$;
-
-    REVOKE CONNECT ON DATABASE appdb FROM PUBLIC;
-    GRANT  CONNECT ON DATABASE appdb TO app_readonly, app_readwrite;
-
-    REVOKE ALL ON SCHEMA public FROM PUBLIC;
-    GRANT  USAGE ON SCHEMA public TO app_readonly, app_readwrite;
-    GRANT  CREATE ON SCHEMA public TO app_readwrite;
-
-    GRANT SELECT ON ALL TABLES IN SCHEMA public TO app_readonly;
-    GRANT SELECT ON ALL TABLES IN SCHEMA public TO app_readwrite;
-    GRANT INSERT ON ALL TABLES IN SCHEMA public TO app_readwrite;
-
-    GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO app_readonly;
-    GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO app_readwrite;
-
-    ALTER DEFAULT PRIVILEGES IN SCHEMA public
-      GRANT SELECT ON TABLES TO app_readonly;
-    ALTER DEFAULT PRIVILEGES IN SCHEMA public
-      GRANT USAGE, SELECT ON SEQUENCES TO app_readonly;
-
-    ALTER DEFAULT PRIVILEGES IN SCHEMA public
-      GRANT SELECT, INSERT ON TABLES TO app_readwrite;
-    ALTER DEFAULT PRIVILEGES IN SCHEMA public
-      GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO app_readwrite;
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: pg-init-sql
+data:
+  init.sql: |
+    -- Create the 'users' table
+    CREATE TABLE IF NOT EXISTS users (
+      id SERIAL PRIMARY KEY,
+      username VARCHAR(50) NOT NULL UNIQUE,
+      email VARCHAR(100) NOT NULL,
+      created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    );
+
+    -- Create the 'orders' table
+    CREATE TABLE IF NOT EXISTS orders (
+      id SERIAL PRIMARY KEY,
+      user_id INTEGER REFERENCES users(id),
+      product VARCHAR(100),
+      amount INTEGER,
+      ordered_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    );
+
+    -- Insert sample users
+    INSERT INTO users (username, email) VALUES
+      ('alice', '[email protected]'),
+      ('bob', '[email protected]');
+
+    -- Insert sample orders
+    INSERT INTO orders (user_id, product, amount) VALUES
+      (1, 'Widget', 3),
+      (2, 'Gadget', 5);
+
+    DO $$
+    BEGIN
+      IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_readonly') THEN
+        CREATE ROLE app_readonly LOGIN;
+      END IF;
+      IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_readwrite') THEN
+        CREATE ROLE app_readwrite LOGIN;
+      END IF;
+    END$$;
+
+    REVOKE CONNECT ON DATABASE appdb FROM PUBLIC;
+    GRANT  CONNECT ON DATABASE appdb TO app_readonly, app_readwrite;
+
+    REVOKE ALL ON SCHEMA public FROM PUBLIC;
+    GRANT  USAGE ON SCHEMA public TO app_readonly, app_readwrite;
+    GRANT  CREATE ON SCHEMA public TO app_readwrite;
+
+    GRANT SELECT ON ALL TABLES IN SCHEMA public TO app_readonly;
+    GRANT SELECT ON ALL TABLES IN SCHEMA public TO app_readwrite;
+    GRANT INSERT ON ALL TABLES IN SCHEMA public TO app_readwrite;
+
+    GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO app_readonly;
+    GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO app_readwrite;
+
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public
+      GRANT SELECT ON TABLES TO app_readonly;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public
+      GRANT USAGE, SELECT ON SEQUENCES TO app_readonly;
+
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public
+      GRANT SELECT, INSERT ON TABLES TO app_readwrite;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA public
+      GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO app_readwrite;

examples/keycloak/demo-realm.json

@@ -2292,4 +2292,4 @@
   "clientPolicies" : {
     "policies" : [ ]
   }
-}
+}

examples/keycloak/keycloak.yaml

@@ -193,4 +193,4 @@ spec:
     - protocol: TCP
       port: 5432
       targetPort: 5432
-  type: ClusterIP
+  type: ClusterIP

src/Makefile

@@ -1,9 +1,9 @@
-# Makefile for kc_validator (server module via PGXS)
-MODULE_big = kc_validator
-OBJS = kc_validator.o
-PG_CONFIG = pg_config
-
-SHLIB_LINK += -lcurl
-
-PGXS := $(shell $(PG_CONFIG) --pgxs)
-include $(PGXS)
+# Makefile for kc_validator (server module via PGXS)
+MODULE_big = kc_validator
+OBJS = kc_validator.o
+PG_CONFIG = pg_config
+
+SHLIB_LINK += -lcurl
+
+PGXS := $(shell $(PG_CONFIG) --pgxs)
+include $(PGXS)