From 7e5734fd4815729bcf953b32388b6d5b88341e8c Mon Sep 17 00:00:00 2001 From: rmartinc Date: Thu, 10 Oct 2024 17:01:10 +0200 Subject: [PATCH] Fix incorrect filter in docker protocol Closes #33776 Signed-off-by: rmartinc --- .../protocol/ProtocolMapperUtils.java | 7 +++-- .../protocol/docker/DockerAuthV2Protocol.java | 1 - .../testsuite/docker/DockerClientTest.java | 29 +++++++++++++++---- 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java b/services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java index e2e09fe77e..8518456459 100755 --- a/services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java +++ b/services/src/main/java/org/keycloak/protocol/ProtocolMapperUtils.java @@ -144,8 +144,11 @@ public class ProtocolMapperUtils { .filter(Objects::nonNull) .filter(filter); - return Stream.concat(protocolMapperStream, DPoPUtil.getTransientProtocolMapper()) - .sorted(Comparator.comparing(ProtocolMapperUtils::compare)); + if (OIDCLoginProtocol.LOGIN_PROTOCOL.equals(ctx.getClientSession().getClient().getProtocol())) { + protocolMapperStream = Stream.concat(protocolMapperStream, DPoPUtil.getTransientProtocolMapper()); + } + + return protocolMapperStream.sorted(Comparator.comparing(ProtocolMapperUtils::compare)); } public static int compare(Entry entry) { diff --git a/services/src/main/java/org/keycloak/protocol/docker/DockerAuthV2Protocol.java b/services/src/main/java/org/keycloak/protocol/docker/DockerAuthV2Protocol.java index 0c1e8a558d..0ddcc5fa60 100644 --- a/services/src/main/java/org/keycloak/protocol/docker/DockerAuthV2Protocol.java +++ b/services/src/main/java/org/keycloak/protocol/docker/DockerAuthV2Protocol.java @@ -113,7 +113,6 @@ public class DockerAuthV2Protocol implements LoginProtocol { AtomicReference finalResponseToken = new AtomicReference<>(responseToken); ProtocolMapperUtils.getSortedProtocolMappers(session, clientSessionCtx, mapper -> mapper.getValue() instanceof DockerAuthV2AttributeMapper && ((DockerAuthV2AttributeMapper) mapper.getValue()).appliesTo(finalResponseToken.get())) - .filter(mapper -> mapper instanceof DockerAuthV2AttributeMapper) .forEach(mapper -> finalResponseToken.set(((DockerAuthV2AttributeMapper) mapper.getValue()) .transformDockerResponseToken(finalResponseToken.get(), mapper.getKey(), session, userSession, clientSession))); responseToken = finalResponseToken.get(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/docker/DockerClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/docker/DockerClientTest.java index c4723dc75c..9c41e4b167 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/docker/DockerClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/docker/DockerClientTest.java @@ -16,16 +16,18 @@ import org.testcontainers.containers.BindMode; import org.testcontainers.containers.Container; import org.testcontainers.containers.GenericContainer; import org.testcontainers.containers.output.Slf4jLogConsumer; +import org.testcontainers.containers.wait.strategy.Wait; import java.io.File; import java.io.PrintWriter; +import java.time.Duration; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Optional; import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.is; import static org.junit.Assume.assumeTrue; import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT; import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SCHEME; @@ -122,7 +124,9 @@ public class DockerClientTest extends AbstractKeycloakTest { dockerClientContainer = new GenericContainer(dockerioPrefix + "docker:dind") .withLogConsumer(new Slf4jLogConsumer(LoggerFactory.getLogger("dockerClientContainer"))) .withNetworkMode("host") - .withPrivilegedMode(true); + .withPrivilegedMode(true) + .waitingFor(Wait.forLogMessage(".*API listen on /var/run/docker.sock.*\\n", 1)) + .withStartupTimeout(Duration.ofSeconds(120)); dockerClientContainer.start(); } @@ -139,12 +143,25 @@ public class DockerClientTest extends AbstractKeycloakTest { @Test public void shouldPerformDockerAuthAgainstRegistry() throws Exception { log.info("Starting the attempt for login..."); - Container.ExecResult dockerLoginResult = dockerClientContainer.execInContainer("docker", "login", "-u", DOCKER_USER, "-p", DOCKER_USER_PASSWORD, REGISTRY_HOSTNAME + ":" + REGISTRY_PORT); - printCommandResult(dockerLoginResult); - assertThat(dockerLoginResult.getStdout(), containsString("Login Succeeded")); + Container.ExecResult result = dockerClientContainer.execInContainer("docker", "login", "-u", DOCKER_USER, "-p", DOCKER_USER_PASSWORD, REGISTRY_HOSTNAME + ":" + REGISTRY_PORT); + printCommandResult(result); + assertThat("Error performing login", result.getExitCode(), is(0)); + + result = dockerClientContainer.execInContainer("docker", "pull", "docker.io/hello-world:latest"); + printCommandResult(result); + assertThat("Error pulling from docker.io", result.getExitCode(), is(0)); + + result = dockerClientContainer.execInContainer("docker", "tag", "hello-world:latest", REGISTRY_HOSTNAME + ":" + REGISTRY_PORT + "/hello-world:latest"); + printCommandResult(result); + assertThat("Error tagging the image", result.getExitCode(), is(0)); + + result = dockerClientContainer.execInContainer("docker", "push", REGISTRY_HOSTNAME + ":" + REGISTRY_PORT + "/hello-world:latest"); + printCommandResult(result); + assertThat("Error pushing to registry", result.getExitCode(), is(0)); } private void printCommandResult(Container.ExecResult result) { - log.infof("Command executed. Output follows:\nSTDOUT: %s\n---\nSTDERR: %s", result.getStdout(), result.getStderr()); + log.infof("Command executed with exit code %d. Output follows:\nSTDOUT: %s\n---\nSTDERR: %s", + result.getExitCode(), result.getStdout(), result.getStderr()); } }