[KEYCLOAK-8289] - Remove authorization services from product preview profile

This commit is contained in:
Pedro Igor 2018-09-25 12:02:11 -03:00 committed by Stian Thorgersen
parent 723ba42264
commit 43f5983613
35 changed files with 27 additions and 220 deletions

View file

@ -34,7 +34,7 @@ public class Profile {
public enum Feature {
ACCOUNT2,
AUTHORIZATION,
ADMIN_FINE_GRAINED_AUTHZ,
DOCKER,
IMPERSONATION,
OPENSHIFT_INTEGRATION,
@ -54,7 +54,7 @@ public class Profile {
}
private enum ProfileValue {
PRODUCT(Feature.AUTHORIZATION, Feature.SCRIPTS, Feature.DOCKER, Feature.ACCOUNT2, Feature.TOKEN_EXCHANGE),
PRODUCT(Feature.ADMIN_FINE_GRAINED_AUTHZ, Feature.SCRIPTS, Feature.DOCKER, Feature.ACCOUNT2, Feature.TOKEN_EXCHANGE),
PREVIEW(Feature.ACCOUNT2),
COMMUNITY(Feature.DOCKER, Feature.ACCOUNT2);

View file

@ -547,14 +547,12 @@ public class ModelToRepresentation {
rep.setProtocolMappers(mappings);
}
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
if (resourceServer != null) {
rep.setAuthorizationServicesEnabled(true);
}
}
return rep;
}

View file

@ -257,8 +257,6 @@ public class RealmsResource {
@Path("{realm}/authz")
public Object getAuthorizationService(@PathParam("realm") String name) {
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
init(name);
AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class);
AuthorizationService service = new AuthorizationService(authorization);

View file

@ -109,7 +109,7 @@ public class AccountConsole {
EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled());
map.put("isAuthorizationEnabled", Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
map.put("isAuthorizationEnabled", true);
FreeMarkerUtil freeMarkerUtil = new FreeMarkerUtil();
String result = freeMarkerUtil.processTemplate(map, "index.ftl", theme);

View file

@ -172,7 +172,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
account.setUser(auth.getUser());
}
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, Profile.isFeatureEnabled(Feature.AUTHORIZATION));
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, true);
}
public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {

View file

@ -606,8 +606,6 @@ public class ClientResource {
@Path("/authz")
public AuthorizationService authorization() {
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(resource);
@ -691,7 +689,6 @@ public class ClientResource {
}
private void updateAuthorizationSettings(ClientRepresentation rep) {
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
authorization().enable(false);
} else {
@ -699,4 +696,3 @@ public class ClientResource {
}
}
}
}

View file

@ -177,7 +177,6 @@ public class ClientsResource {
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
AuthorizationService authorizationService = getAuthorizationService(clientModel);
@ -189,7 +188,6 @@ public class ClientsResource {
authorizationService.resourceServer().importSettings(authorizationSettings);
}
}
}
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
} catch (ModelDuplicateException e) {

View file

@ -55,9 +55,6 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl
protected static final String REALM_NAME = "servlet-authz";
protected static final String RESOURCE_SERVER_ID = "servlet-authz-app";
@BeforeClass
public static void enabled() { ProfileAssume.assumePreview(); }
@ArquillianResource
private Deployer deployer;

View file

@ -122,9 +122,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
testRealmPage.setAuthRealm(REALM_NAME);
}
@BeforeClass
public static void enabled() { ProfileAssume.assumePreview(); }
@Before
public void beforePhotozExampleAdapterTest() throws Exception {
DroneUtils.addWebDriver(jsDriver);

View file

@ -57,9 +57,6 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
private static final String REALM_NAME = "hello-world-authz";
private static final String RESOURCE_SERVER_ID = "hello-world-authz-service";
@BeforeClass
public static void enabled() { ProfileAssume.assumePreview(); }
@ArquillianResource
private Deployer deployer;

View file

@ -63,9 +63,6 @@ public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
protected static final String REALM_NAME = "servlet-policy-enforcer-authz";
protected static final String RESOURCE_SERVER_ID = "servlet-policy-enforcer";
@BeforeClass
public static void enabled() { ProfileAssume.assumePreview(); }
@ArquillianResource
private Deployer deployer;

View file

@ -50,11 +50,6 @@ import org.keycloak.util.JsonSerialization;
*/
public class AuthzCleanupTest extends AbstractKeycloakTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumePreview();
}
@Deployment
public static WebArchive deploy() {
return RunOnServerDeployment.create();

View file

@ -809,8 +809,6 @@ public class PermissionsTest extends AbstractKeycloakTest {
@Test
public void clientAuthorization() {
ProfileAssume.assumePreview();
ClientRepresentation newClient = new ClientRepresentation();
newClient.setClientId("foo-authz");
adminClient.realms().realm(REALM_NAME).clients().create(newClient);

View file

@ -128,8 +128,6 @@ public class InstallationTest extends AbstractClientTest {
@Test
public void testOidcBearerOnlyWithAuthzJson() {
ProfileAssume.assumePreview();
oidcBearerOnlyClientWithAuthzId = createOidcBearerOnlyClientWithAuthz(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
oidcBearerOnlyClientWithAuthz = findClientResource(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);

View file

@ -57,11 +57,6 @@ public abstract class AbstractAuthorizationTest extends AbstractClientTest {
return "authz-test";
}
@BeforeClass
public static void enabled() {
ProfileAssume.assumePreview();
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(createTestRealm().build());

View file

@ -52,11 +52,6 @@ import org.keycloak.testsuite.util.UserBuilder;
*/
public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumePreview();
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(createTestRealm().build());

View file

@ -1,53 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.admin.client.authorization;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.client.AbstractClientTest;
import javax.ws.rs.ServerErrorException;
import javax.ws.rs.core.Response;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class AuthorizationDisabledInPreviewTest extends AbstractClientTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumePreviewDisabled();
}
@Test
public void testAuthzServicesRemoved() {
String id = testRealmResource().clients().findAll().get(0).getId();
try {
testRealmResource().clients().get(id).authorization().getSettings();
} catch (ServerErrorException e) {
assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
return;
}
fail("Feature Authorization should be disabled.");
}
}

View file

@ -75,7 +75,6 @@ public class ClaimInformationPointProviderTest extends AbstractKeycloakTest {
@BeforeClass
public static void onBeforeClass() {
ProfileAssume.assumePreview();
httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> {
if (exchange.isInIoThread()) {
try {

View file

@ -40,9 +40,6 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
*/
public class EnforcerConfigTest extends AbstractKeycloakTest {
@BeforeClass
public static void enabled() { ProfileAssume.assumePreview(); }
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json"));

View file

@ -82,11 +82,6 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
protected static final String REALM_NAME = "authz-test";
@BeforeClass
public static void onBeforeClass() {
ProfileAssume.assumePreview();
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(RealmBuilder.create().name(REALM_NAME)

View file

@ -86,11 +86,6 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
protected static final String REALM_NAME = "authz-test";
@BeforeClass
public static void onBeforeClass() {
ProfileAssume.assumePreview();
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(RealmBuilder.create().name(REALM_NAME)

View file

@ -12,11 +12,6 @@ import org.keycloak.testsuite.ProfileAssume;
*/
public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumePreview();
}
protected AccessToken toAccessToken(String rpt) {
AccessToken accessToken;

View file

@ -182,8 +182,6 @@ public class InvalidationCrossDCTest extends AbstractAdminCrossDCTest {
@Test
public void authzResourceInvalidationTest() throws Exception {
ProfileAssume.assumePreview();
enableDcOnLoadBalancer(DC.FIRST);
enableDcOnLoadBalancer(DC.SECOND);

View file

@ -384,10 +384,8 @@ public class ExportImportUtil {
Assert.assertNotNull(linked);
Assert.assertEquals("my-service-user", linked.getUsername());
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
assertAuthorizationSettings(realmRsc);
}
}
private static boolean isClientScopeGranted(Map<String, Object> consent, String clientScopeName) {

View file

@ -64,11 +64,6 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
public static final String EXECUTION_ID = "scriptAuth";
@BeforeClass
public static void enabled() {
ProfileAssume.assumePreview();
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {

View file

@ -355,8 +355,6 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
}
private void testResourceWithMultipleUris() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
ClientsResource clients = migrationRealm.clients();
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);

View file

@ -43,11 +43,6 @@ public abstract class AbstractAuthorizationSettingsTest extends AbstractClientTe
protected ClientRepresentation newClient;
@BeforeClass
public static void enabled() {
ProfileAssume.assumePreview();
}
@Before
public void configureTest() {
this.newClient = createResourceServer();

View file

@ -1,64 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.console.clients;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Test;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
import org.openqa.selenium.By;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
/**
*
* @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
*/
public class ClientAuthorizationServicesAvailableTest extends AbstractClientTest {
private ClientRepresentation newClient;
@Page
private ClientSettings clientSettingsPage;
@Test
public void authzServicesAvailable() {
ProfileAssume.assumePreview();
newClient = createClientRep("oidc-public", OIDC);
createClient(newClient);
assertEquals("oidc-public", clientSettingsPage.form().getClientId());
assertTrue(driver.findElement(By.xpath("//*[@for='authorizationServicesEnabled']")).isDisplayed());
}
@Test
public void authzServicesUnavailable() throws InterruptedException {
ProfileAssume.assumePreviewDisabled();
newClient = createClientRep("oidc-public", OIDC);
createClient(newClient);
assertEquals("oidc-public", clientSettingsPage.form().getClientId());
assertFalse(driver.findElement(By.xpath("//*[@for='authorizationServicesEnabled']")).isDisplayed());
}
}

View file

@ -132,7 +132,7 @@
<input ng-model="clientEdit.serviceAccountsEnabled" name="serviceAccountsEnabled" id="serviceAccountsEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
</div>
</div>
<div class="form-group" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && protocol == 'openid-connect'">
<div class="form-group" data-ng-show="protocol == 'openid-connect'">
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
<div class="col-md-6">

View file

@ -5,7 +5,7 @@
<ul class="nav nav-tabs" data-ng-show="!create">
<li ng-class="{active: !path[6]}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/roles/{{role.id}}">{{:: 'details' | translate}}</a></li>
<li ng-class="{active: path[6] && path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageAuthorization && client.access.configure">
<li ng-class="{active: path[6] && path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageAuthorization && client.access.configure">
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/roles/{{role.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
<kc-tooltip>{{:: 'manage-permissions-role.tooltip' | translate}}</kc-tooltip>
</li>

View file

@ -27,7 +27,7 @@
<kc-tooltip>{{:: 'scope.tooltip' | translate}}</kc-tooltip>
</li>
<li ng-class="{active: path[4] == 'authz'}"
data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && !disableAuthorizationTab && client.authorizationServicesEnabled && !client.origin">
data-ng-show="!disableAuthorizationTab && client.authorizationServicesEnabled && !client.origin">
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' |
translate}}</a></li>
<li ng-class="{active: path[4] == 'revocation'}" data-ng-show="client.protocol != 'docker-v2' && client.protocol != 'saml' && !client.origin"><a
@ -55,7 +55,7 @@
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/service-account-roles">{{:: 'service-account-roles' | translate}}</a>
<kc-tooltip>{{:: 'service-account-roles.tooltip' | translate}}</kc-tooltip>
</li>
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && client.access.manage && access.manageAuthorization">
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && client.access.manage && access.manageAuthorization">
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
<kc-tooltip>{{:: 'manage-permissions-client.tooltip' | translate}}</kc-tooltip>
</li>

View file

@ -9,7 +9,7 @@
<li ng-class="{active: path[4] == 'attributes'}"><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/attributes">{{:: 'attributes' | translate}}</a></li>
<li ng-class="{active: path[4] == 'role-mappings'}" ><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/role-mappings">{{:: 'role-mappings' | translate}}</a></li>
<li ng-class="{active: path[4] == 'members'}"><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/members">{{:: 'members' | translate}}</a></li>
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && group.access.manage && access.manageAuthorization">
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && group.access.manage && access.manageAuthorization">
<a href="#/realms/{{realm.realm}}/groups/{{group.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
<kc-tooltip>{{:: 'manage-permissions-group.tooltip' | translate}}</kc-tooltip>
</li>

View file

@ -12,6 +12,6 @@
<li ng-class="{active: !path[6] && path.length > 5}"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">{{:: 'settings' | translate}}</a></li>
<li ng-class="{active: path[4] == 'mappers'}"><a href="#/realms/{{realm.realm}}/identity-provider-mappers/{{identityProvider.alias}}/mappers">{{:: 'mappers' | translate}}</a></li>
<li ng-class="{active: path[6] == 'export'}"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/export" data-ng-show="!importFile && !newIdentityProvider && identityProvider.providerId == 'saml'">{{:: 'export' | translate}}</a></li>
<li ng-class="{active: path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && !newIdentityProvider && access.manageAuthorization"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/permissions">{{:: 'authz-permissions' | translate}}</a></li>
<li ng-class="{active: path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && !newIdentityProvider && access.manageAuthorization"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/permissions">{{:: 'authz-permissions' | translate}}</a></li>
</ul>
</div>

View file

@ -5,7 +5,7 @@
<ul class="nav nav-tabs" data-ng-show="!create">
<li ng-class="{active: !path[4]}"><a href="#/realms/{{realm.realm}}/roles/{{role.id}}">{{:: 'details' | translate}}</a></li>
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageRealm && access.manageAuthorization">
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageRealm && access.manageAuthorization">
<a href="#/realms/{{realm.realm}}/roles/{{role.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
<kc-tooltip>{{:: 'manage-permissions-role.tooltip' | translate}}</kc-tooltip>
</li>

View file

@ -3,7 +3,7 @@
<ul class="nav nav-tabs">
<li ng-class="{active: path[2] == 'users'}"><a href="#/realms/{{realm.realm}}/users">{{:: 'lookup' | translate}}</a></li>
<li ng-class="{active: path[2] == 'users-permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageUsers && access.manageAuthorization">
<li ng-class="{active: path[2] == 'users-permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageUsers && access.manageAuthorization">
<a href="#/realms/{{realm.realm}}/users-permissions">{{:: 'authz-permissions' | translate}}</a>
<kc-tooltip>{{:: 'manage-permissions-users.tooltip' | translate}}</kc-tooltip>
</li>