`idm` Image

The idm Docker image contains the IDM configuration.

Customization Overview

Customize IDM’s configuration data by using the Admin UI and the REST APIs.
Capture changes to the IDM configuration by exporting them from the IDM service running on Kubernetes to the staging area.
Save the modified IDM configuration to a configuration profile in your forgeops repository clone.
Build an updated idm Docker image that contains your customizations.
Redeploy IDM.
Verify that changes you’ve made to the IDM configuration are in the new Docker image.

Detailed Steps

Perform the following steps iteratively when developing a custom idm Docker image:

If this is your first time building a custom Docker image, verify that you performed these setup activities, which are required for developers:
- Configuration profile creation
- Docker registry configuration
- Installation of all required third-party software in your local environment (Minikube|GKE|EKS|AKS)
Verify that:
- The CDK is deployed.
- The namespace in which the CDK is deployed is set in your Kubernetes context.
Perform version control activities on your forgeops repository clone:
1. Run the git status command.
2. Review the state of the config directory.
3. (Optional) Run the git commit command to commit changes to files that have been modified.
Modify the IDM configuration using the IDM Admin UI or the REST APIs.

For information about how to access the IDM Admin UI or REST APIs, see IDM Services.

See About Property Value Substitution for important information about configuring values that vary at run-time, such as passwords and host names.
Export the changes you made to the IDM configuration in the running ForgeRock Identity Platform to the staging area:
```
$ cd /path/to/forgeops/bin
$ ./config.sh export --component idm
Exporting IDM configuration…

tar: Removing leading `/' from member names

IDM configuration files have been exported to docker/7.0/idm/config.
```
The config.sh export --component idm command copies IDM static configuration from the running CDK instance to the staging area.

Review the differences between the files you exported to the staging area and files that you previously saved to your configuration profile.

Use the config.sh diff command to review the changes. For example:

$ ./config.sh diff --component idm --profile my-profile
diff  -u --recursive config/7.0/my-profile/idm docker/7.0/idm
diff -u --recursive -x '.' -x Dockerfile -x '.sh' config/7.0/my-profile/idm/conf/audit.json docker/7.0/idm/conf/audit.json
--- config/7.0/my-profile/idm/conf/audit.json	2022-01-06 11:35:36.000000000 -0800
+ docker/7.0/idm/conf/audit.json	2022-01-06 11:54:19.000000000 -0800
@@ -135,6 +135,9 @@
     },
     "exceptionFormatter" : {
         "type" : "text/javascript",
+        "globals" : {
+            "fred" : "aaa"
+        },
         "file" : "bin/defaults/script/audit/stacktraceFormatter.js"
     }
-}
+}
. . .
Only in docker/7.0/idm: resolver
Only in docker/7.0/idm: ui
. . .

Save the IDM configuration to your configuration profile:
```
$ ./config.sh save --component idm --profile my-profile
Saving IDM configuration.
```
The config.sh save --component idm command copies IDM static configuration from the staging area to your configuration profile.
Perform version control activities on your forgeops repository clone:
1. Run the git status command.
2. Review the state of the config directory.
3. (Optional) Run the git commit command to commit changes to files that have been modified.

Build a new idm image that includes your changes to IDM static configuration:

$ ./cdk build idm
Building [idm]…
Sending build context to Docker daemon    276kB
FROM us-docker.pkg.dev/forgeops-public/images/idm:7.1.5
7.1.5: Pulling from us-docker.pkg.dev/forgeops-public/images/idm
79d3b412d726: Already exists
. . .
Step 7/7 : COPY --chown=forgerock:root . /opt/openidm
 --→ 4c47ecbce819
Successfully built 4c47ecbce819
Successfully tagged idm:24f2f9a16

Updated the image_defaulter with your new image for idm: "idm:4c47ecbce819a8cc9b1b4af9821bf3653b33d06469ae6d25f82caae17805c195"

The cdk build command calls Skaffold to build a new idm Docker image and push the image to your Docker registry^[1]. It also updates the image defaulter file so that the next time you install IDM, the cdk install command gets IDM static configuration from your new custom Docker image.

Redeploy IDM:

Remove IDM from your CDK installation:

$ cd /path/to/forgeops/bin
$ ./cdk delete idm
OK to delete these components? [Y/N] Y
configmap "idm" deleted
configmap "idm-logging-properties" deleted
service "idm" deleted
deployment.apps "idm" deleted

Redeploy IDM:

$ ./cdk install idm
Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster.
Checking ds-operator and related CRDs: ds-operator CRD found in cluster.

Installing component(s): ['idm']

configmap/idm created
configmap/idm-logging-properties created
service/idm created
deployment.apps/idm created

Enjoy your deployment!

Run the kubectl get pods command to monitor the status of the IDM pod. Wait until the pod is ready before proceeding to the next step.

To validate that IDM has the expected configuration:
- Describe the IDM pod. Locate the tag of the Docker image that Kubernetes loaded, and verify that it’s your new custom Docker image’s tag.
- Start the IDM Admin UI and verify that your configuration changes are present.

Additional Topics of Interest

Cloud Deployment Model

Deploy the CDM, ForgeRock’s reference implementation for cloud deployment.

How-Tos

Customize CDM deployments.

Shutdown

Shut down and remove your CDK deployment.

1. Occasionally, Skaffold has issues with cached images. To work around a caching problem, remove Skaffold’s cache by running the rm -rf $HOME/.skaffold/cache command. If removing the cache still does not resolve the problem, use the docker pull command to manually pull the images.

ForgeOps

idm Image