259 feature create unified start silver script with pluggable idp support

[Aravinda-HWK]

📌 Description

This PR is to create a unified start Silver script where any idp can plug and run this script to start the silver.

• Closes [FEATURE] Create Unified start-silver Script with Pluggable IdP Support #259

---

🔍 Changes Made

• Add unified silver start script
• Add some additional scripts to run the system.

---

✅ Checklist (Email System)

• Core services tested (SMTP, IMAP, mail storage, end-to-end delivery)
• Security & compliance verified (auth via Thunder IDP, TLS, DKIM/SPF/DMARC, spam/virus filtering)
• Configuration & deployment checked (configs generated, Docker/Compose updated)
• Reliability confirmed (error handling, logging, monitoring)
• Documentation & usage notes updated (README, deployment, API)

---

🧪 Testing Instructions

---

📷 Screenshots / Logs (if applicable)

---

⚠️ Notes for Reviewers

[gemini-code-assist]

Summary of Changes

Hello @Aravinda-HWK, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Silver Mail system by introducing a unified and flexible startup process. The core change is the implementation of a pluggable Identity Provider (IdP) architecture, enabling seamless integration with different IdPs like Thunder or Keycloak for user authentication. This simplifies the initial setup and configuration, provides greater choice in identity management, and streamlines the overall deployment and cleanup of the mail services.

Highlights

• Unified Start Script: Introduced a new start-silver-unified.sh script that orchestrates the entire Silver Mail system setup, including domain configuration, IdP loading, Docker service management, and IdP configuration.
• Pluggable Identity Provider (IdP) Support: Implemented a pluggable architecture for Identity Providers, allowing the system to use either Thunder (WSO2) or Keycloak for user authentication and management, configurable via silver.yaml.
• Keycloak Integration Utilities: Added dedicated utility scripts (keycloak-auth.sh) to handle Keycloak authentication, realm creation, client registration, and user management via its API.
• Shared Database Synchronization: Provided utility functions (shared-db-sync.sh) to synchronize user and domain information between the chosen Identity Provider and the shared.db used by the Raven IMAP/SMTP server.
• Docker Compose Refactoring: Refactored the main docker-compose.yaml to remove direct Thunder IdP service definitions, adjust the Mailhog port to avoid conflicts, and update webmail service dependencies and environment variables to support the new pluggable IdP approach.
• Enhanced Cleanup Script: Updated the cleanup-docker.sh script to properly stop and remove Docker containers related to both Thunder and Keycloak Identity Providers during system cleanup.

Changelog

• conf/silver.yaml
  • Added new configuration section for Identity Providers, including options for 'thunder' (WSO2) and 'keycloak' with example settings.
  • Included host, port, and HTTPS usage settings for IdPs.
• scripts/service/cleanup-docker.sh
  • Updated step numbering from 3 to 4 to reflect additional cleanup stages.
  • Added logic to stop both Thunder and Keycloak Identity Provider services.
  • Introduced a new step (Step 4) to clean up any remaining IdP Docker containers.
• scripts/service/start-silver-unified.sh
  • Added a new unified bash script for starting the Silver Mail system.
  • Implemented a pluggable IdP loading mechanism using a factory pattern.
  • Included steps for domain configuration, /etc/hosts update, Docker service startup (SeaweedFS, IdP, main services), and IdP configuration.
  • Incorporated an ASCII banner and final setup instructions.
• scripts/utils/keycloak-auth.sh
  • Added a new utility script providing functions for Keycloak API interactions.
  • Included functions for authenticating with Keycloak, creating/checking realms, creating/checking clients, and creating users.
  • Managed protocol (HTTP/HTTPS) and SSL verification options for curl commands.
• scripts/utils/shared-db-sync.sh
  • Added a new utility script for synchronizing user and domain data with the shared.db used by the SMTP server.
  • Provided functions to add, remove (soft delete), list, and check existence of users in the database.
  • Included a function to initialize domains in the shared.db.
• services/docker-compose.yaml
  • Removed the thunder-db-init, thunder-setup, and thunder service definitions.
  • Removed the thunder-db volume definition.
  • Updated the mailhog service's exposed port from 8080 to 8081 to prevent potential conflicts.
  • Modified the webmail service's environment variables, replacing THUNDER_API with KEYCLOAK_API.
  • Removed the thunder dependency from the webmail service.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a unified startup script with pluggable Identity Provider (IdP) support, which is a great architectural improvement. The changes are well-structured, using a factory pattern in shell scripts to load the appropriate IdP.

I've found a few issues, including a critical bug in the curl commands within the new Keycloak utility script, some hardcoded values that should be dynamic, and a security concern with default credentials in an example configuration. I've also left some suggestions to improve maintainability and robustness.

Once these points are addressed, this will be a solid contribution.