Client Scope updates are not replicated between Keycloak nodes

Fixes #33731 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-10-23 15:59:37 +01:00 · 2024-10-23 15:59:37 +01:00 · 84f4bd8af1
commit 84f4bd8af1
parent e41553bcfb
2 changed files with 108 additions and 0 deletions
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java
@ -264,6 +264,7 @@ public class RealmCacheSession implements CacheRealmProvider {
    public void registerClientScopeInvalidation(String id, String realmId) {
        invalidateClientScope(id);
        cache.clientScopeUpdated(realmId, invalidations);
        invalidationEvents.add(new CacheKeyInvalidatedEvent(id));
    }
    private void invalidateClientScope(String id) {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cluster/ClientScopeInvalidationClusterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cluster/ClientScopeInvalidationClusterTest.java
@ -0,0 +1,107 @@
 /*
 * Copyright 2024 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.testsuite.cluster;
 import java.util.Map;
 import jakarta.ws.rs.NotFoundException;
 import org.keycloak.admin.client.resource.ClientScopeResource;
 import org.keycloak.admin.client.resource.ClientScopesResource;
 import org.keycloak.representations.idm.ClientScopeRepresentation;
 import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.arquillian.ContainerInfo;
 import static org.junit.Assert.assertNull;
 public class ClientScopeInvalidationClusterTest extends AbstractInvalidationClusterTestWithTestRealm<ClientScopeRepresentation, ClientScopeResource> {
    @Override
    protected ClientScopeRepresentation createTestEntityRepresentation() {
        var clientScope = new ClientScopeRepresentation();
        clientScope.setName("client-scope-name");
        clientScope.setDescription("client-scope-description");
        clientScope.setProtocol("openid-connect");
        clientScope.setAttributes(Map.of("a", "b", "c", "d"));
        return clientScope;
    }
    @Override
    protected ClientScopeResource entityResource(ClientScopeRepresentation testEntity, ContainerInfo node) {
        return entityResource(testEntity.getId(), node);
    }
    @Override
    protected ClientScopeResource entityResource(String idOrName, ContainerInfo node) {
        return clientScopes(node).get(idOrName);
    }
    @Override
    protected ClientScopeRepresentation createEntity(ClientScopeRepresentation testEntity, ContainerInfo node) {
        try (var rsp = clientScopes(node).create(testEntity)) {
            testEntity.setId(ApiUtil.getCreatedId(rsp));
        }
        return readEntity(testEntity, node);
    }
    @Override
    protected ClientScopeRepresentation readEntity(ClientScopeRepresentation entity, ContainerInfo node) {
        try {
            return entityResource(entity, node).toRepresentation();
        } catch (NotFoundException nfe) {
            // expected when client scope doesn't exist
            return null;
        }
    }
    @Override
    protected ClientScopeRepresentation updateEntity(ClientScopeRepresentation entity, ContainerInfo node) {
        entityResource(entity, node).update(entity);
        return readEntity(entity, node);
    }
    @Override
    protected void deleteEntity(ClientScopeRepresentation testEntity, ContainerInfo node) {
        entityResource(testEntity, node).remove();
        assertNull(readEntity(testEntity, node));
    }
    @Override
    protected ClientScopeRepresentation testEntityUpdates(ClientScopeRepresentation testEntity, boolean backendFailover) {
        // groupname
        testEntity.setName("name-updated");
        testEntity = updateEntityOnCurrentFailNode(testEntity, "name");
        verifyEntityUpdateDuringFailover(testEntity, backendFailover);
        testEntity.setProtocol("protocol-updated");
        testEntity = updateEntityOnCurrentFailNode(testEntity, "protocol");
        verifyEntityUpdateDuringFailover(testEntity, backendFailover);
        testEntity.setDescription("description-updated");
        testEntity = updateEntityOnCurrentFailNode(testEntity, "description");
        verifyEntityUpdateDuringFailover(testEntity, backendFailover);
        testEntity.setAttributes(Map.of("updated", "updated"));
        testEntity = updateEntityOnCurrentFailNode(testEntity, "attributes");
        verifyEntityUpdateDuringFailover(testEntity, backendFailover);
        return testEntity;
    }
    private ClientScopesResource clientScopes(ContainerInfo node) {
        return getAdminClientFor(node).realm(testRealmName).clientScopes();
    }
 }