Use liquibase to prepare example database instead of SQL scripts

.gitignore

@@ -7,4 +7,5 @@ certs/example.*
 token-handler-proxy*.zip
 cookie-encryption
 kong.yml
-default.conf
+default.conf
+data/

DEPLOYMENT.md

@@ -77,7 +77,7 @@ export OAUTH_PROXY_TYPE='kong'
 
 Wait a few minutes for components to come up and then access components:
 
-- Curity admin UI: `https://localhost:6749` using `admin / Password1`.
+- Curity admin UI: `https://localhost:6749/admin` using `admin / Password1`.
 
 ## Use the System
 

deployments/curity/docker-compose.yml

@@ -97,8 +97,26 @@ services:
     image: postgres:18.1
     hostname: dbserver
     volumes:
-      - ./idsvr/data-backup.sql:/docker-entrypoint-initdb.d/data-backup.sql
+      - ./idsvr/data:/var/lib/postgresql
     environment:
       POSTGRES_USER: 'postgres'
       POSTGRES_PASSWORD: 'Password1'
       POSTGRES_DB: 'idsvr'
+
+  #
+  # A job container to initialize the database
+  #
+  curity-data-init:
+    image: curity.azurecr.io/curity/idsvr:latest
+    hostname: dbserverinitializer
+    volumes:
+      - ./idsvr/dbinit/init.sh:/tmp/init.sh
+      - ./idsvr/dbinit/test-user-accounts.xml:/opt/idsvr/etc/liquibase/test-user-accounts.xml
+    command: ["/tmp/init.sh"]
+    environment:
+      JDBC_URL: jdbc:postgresql://dbserver:5432/idsvr
+      JDBC_USERNAME: 'postgres'
+      JDBC_PASSWORD: 'Password1'
+    depends_on:
+      curity-data:
+        condition: service_started

deployments/curity/idsvr/dbinit/init.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+######################################################################################
+# An example script that performs the following steps for the demo deployment:
+# - Create the database schema if required
+# - Upgrade the database schema if required
+# - Import test users if required
+#
+# All commands use the JDBC_URL, JDBC_USERNAME and JDBC_PASSWORD environment variables
+# The database user must have permissions to create schema objects, e.g. a DBO user
+#
+
+# Once the script completes, query data in the database container
+# See documentation for further details:
+# - https://curity.io/resources/data-management/
+# - https://curity.io/docs/identity-server/facilities/data-sources/schema-migration/
+######################################################################################
+
+#
+# Wait a few seconds, so that the database server is ready to accept commands
+#
+echo 'Waiting for the database server to reach a ready state ...'
+sleep 5
+
+#
+# Create the schema if it does not exist
+#
+echo 'Initializing the database schema if required ...'
+/opt/idsvr/bin/idsvr -I
+ if [ $? -ne 0 ]; then
+  echo 'Problem encountered creating the database schema'
+  exit 1
+fi
+
+#
+# Upgrade the schema to the latest product version if required
+#
+echo 'Upgrading the database schema if required ...'
+/opt/idsvr/bin/idsvr -L default
+if [ $? -ne 0 ]; then
+  echo 'Problem encountered upgrading the database schema'
+  exit 1
+fi
+
+#
+# Import test user accounts if they do not exist
+#
+echo 'Importing test user accounts if required ...'
+cd /opt/idsvr/etc/liquibase
+idsvr -L ./test-user-accounts.xml
+if [ $? -ne 0 ]; then
+  echo 'Problem encountered importing test user accounts'
+  exit 1
+fi

deployments/curity/idsvr/dbinit/test-user-accounts.xml

@@ -0,0 +1,33 @@
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+        xmlns:pro="http://www.liquibase.org/xml/ns/pro"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
+        http://www.liquibase.org/xml/ns/dbchangelog-ext
+        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd
+        http://www.liquibase.org/xml/ns/pro
+        http://www.liquibase.org/xml/ns/pro/liquibase-pro-latest.xsd"
+        objectQuotingStrategy="QUOTE_ALL_OBJECTS">
+    <changeSet id="1" author="curity">
+        <insert tableName="accounts">
+            <column name="account_id" type="varchar">79b6852c-8062-403b-b0a9-3b19d7175233</column>
+            <column name="username">demouser</column>
+            <column name="email">[email protected]</column>
+            <column name="phone">07711</column>
+            <column name="active" type="smallint">1</column>
+            <column name="attributes" type="text">{"name": {"givenName": "Demo", "familyName": "User"}, "emails": [{"value": "[email protected]", "primary": true}], "agreeToTerms": "on", "phoneNumbers": [{"value": "07711", "primary": true}], "urn:se:curity:scim:2.0:Devices": []}</column>
+            <column name="created" type="bigint">1708008810</column>
+            <column name="updated" type="bigint">1708008810</column>
+        </insert>
+         <insert tableName="credentials">
+              <column name="id">6a273e20-6015-4243-8117-44379cadf582</column>
+              <column name="subject">demouser</column>
+              <column name="password">$5$rounds=20000$p32Fp4ecezzC0BSk$kaqe1ol1ShkqespXd9QiX.NNRasd0nOOQiC6ES1wOiB</column>
+              <column name="attributes">{}</column>
+              <column name="created">2024-02-15 14:53:30.623009</column>
+              <column name="updated">2024-02-15 14:53:30.623009</column>
+          </insert>
+    </changeSet>
+</databaseChangeLog>