idm Image

This documentation describes new, pre-release CDK features. If you want to work with a stable feature set, use the CDK as described in this section of the documentation.

The idm Docker image contains the IDM configuration.

Customization Overview

  • Customize IDM’s configuration data by using the Admin UI and the REST APIs.

  • Capture changes to the IDM configuration by exporting them from the IDM service running on Kubernetes back to the staging area.

  • Save the modified IDM configuration to a configuration profile in your forgeops repository clone.

  • Build an updated idm Docker image that contains your customizations, and configure the CDK installer to use the updated idm image.

  • Redeploy IDM.

  • Verify that changes you’ve made to the IDM configuration are in the new Docker image.

Detailed Steps

Perform the following steps iteratively when developing a custom idm Docker image:

  1. Verify that:

  2. Perform version control activities on your forgeops repository clone:

    1. Run the git status command.

    2. Review the state of the config directory.

    3. (Optional) Run the git commit command to commit changes to files that have been modified.

  3. Modify the IDM configuration using the IDM Admin UI or the REST APIs.

    For information about how to access the IDM Admin UI or REST APIs, see IDM Services.

    See About Property Value Substitution for important information about configuring values that vary at run-time, such as passwords and host names, in containerized deployments.

  4. Export the changes you made to the IDM configuration in the running ForgeRock Identity Platform to the staging area:

    $ cd /path/to/forgeops/bin
    $ ./config.sh export --component idm
    Exporting IDM configuration…​
    
    tar: Removing leading `/' from member names
    
    IDM configuration files have been exported to docker/7.0/idm/config.
  5. Review the differences between the files you exported to the staging area and files that you previously saved to your configuration profile.

    Use the config.sh diff command to review the changes. For example:

    $ ./config.sh diff --component idm --profile my-profile
    diff  -u --recursive config/7.0/my-profile/idm docker/7.0/idm
    diff -u --recursive -x '.' -x Dockerfile -x '.sh' config/7.0/my-profile/idm/conf/audit.json docker/7.0/idm/conf/audit.json
    --- config/7.0/my-profile/idm/conf/audit.json	2021-04-27 09:09:48.000000000 -0700
    + docker/7.0/idm/conf/audit.json	2021-04-27 09:10:13.000000000 -0700
    @@ -136,7 +136,7 @@
         "exceptionFormatter" : {
             "type" : "text/javascript",
             "globals" : {
    -            "some-string" : "old-value"
    +            "some-string" : "new-value"
             },
             "file" : "bin/defaults/script/audit/stacktraceFormatter.js"
         }
    Only in docker/7.0/idm: resolver
    Only in docker/7.0/idm: ui
  6. Save the IDM configuration to your configuration profile:

    $ ./config.sh save --component idm --profile my-profile
    Saving IDM configuration.
  7. Perform version control activities on your forgeops repository clone:

    1. Run the git status command.

    2. Review the state of the config directory.

    3. (Optional) Run the git commit command to commit changes to files that have been modified.

  8. Build a new idm image that includes your changes to the IDM configuration, and configure the CDK installer to use the new idm image:

    $ ./cdk build idm
  9. Redeploy IDM:

    1. Remove IDM from your CDK installation:

      $ cd /path/to/forgeops/bin
      $ ./cdk delete idm
      OK to delete these components? [Y/N] Y
      configmap "idm" deleted
      configmap "idm-logging-properties" deleted
      service "idm" deleted
      deployment.apps "idm" deleted
    2. Redeploy IDM:

      $ ./cdk install idm
      Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster.
      Checking ds-operator and related CRDs: ds-operator CRD found in cluster.
      
      Installing component(s): ['idm']
      
      configmap/idm created
      configmap/idm-logging-properties created
      service/idm created
      deployment.apps/idm created
      
      Enjoy your deployment!
    3. Run the kubectl get pods command to monitor the status of the IDM pod. Wait until the pod is ready before proceeding to the next step.

  10. To validate that IDM has the expected configuration:

    • Describe the IDM pod. Locate the tag of the Docker image that Kubernetes loaded, and verify that it’s your new custom Docker image’s tag.

    • Start the IDM Admin UI and verify that your configuration changes are present.