Remove JBoss-based auth servers from the testsuite (#14317)

Closes #14299
This commit is contained in:
Martin Bartoš 2022-09-30 03:41:57 -04:00 committed by GitHub
parent 22713bc144
commit a20d6e2f1f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
142 changed files with 43 additions and 3002 deletions

View file

@ -67,9 +67,9 @@ As an example, to run tests using a MySQL docker container on Undertow auth-serv
If you want to run tests using a pre-configured Keycloak distribution (instead of Undertow):
mvn -f testsuite/integration-arquillian clean verify -Pdb-mysql,jpa,auth-server-wildfly
mvn -f testsuite/integration-arquillian clean verify -Pdb-mysql,jpa,auth-server-quarkus
Note that you must always activate the `jpa` profile when using auth-server-wildfly.
Note that you must always activate the `jpa` profile when using auth-server-quarkus.
If the mvn command fails for any reason, it may also fail to remove the container which
must be then removed manually.
@ -102,11 +102,11 @@ the allocation and deallocation need to happen when building the `integration-ar
it happens in other cases).
In order to use the DB Allocator Service, you must use the `jpa` profile with one of the `db-allocator-*`. Here's a full example to
run JPA with Auth Server Wildfly and MSSQL 2016:
run JPA with Auth Server Quarkus and MSSQL 2016:
```
mvn -f testsuite/integration-arquillian/pom.xml clean verify \
-Pjpa,auth-server-wildfly,db-allocator-db-mssql2016 \
-Pjpa,auth-server-quarkus,db-allocator-db-mssql2016 \
-Ddballocator.uri=<<db-allocator-servlet-url>> \
-Ddballocator.user=<<db-allocator-user>> \
-Dmaven.test.failure.ignore=true

View file

@ -34,12 +34,12 @@ And then re-run the LoginTest (or any other test you wish) and the changes shoul
If you use Intellij Idea, you don't even need to re-build anything with the maven. After doing any
change in the codebase, the change is immediately effective when running the test with Junit runner.
### Running tests in the production mode (Keycloak on Wildfly)
### Running tests in the production mode (Keycloak on Quarkus)
For the "production" testing, it is possible to run the Keycloak server deployed on real Wildfly server.
This can be achieved by add the `auth-server-wildfly` profile when running the testsuite.
For the "production" testing, it is possible to run the Keycloak server deployed on real Quarkus server.
This can be achieved by add the `auth-server-quarkus` profile when running the testsuite.
mvn -f testsuite/integration-arquillian/pom.xml -Pauth-server-wildfly clean install
mvn -f testsuite/integration-arquillian/pom.xml -Pauth-server-quarkus clean install
Unlike the "development" setup described above, this requires re-build the whole distribution
after doing any change in the code.
@ -425,18 +425,6 @@ The setup includes:
* two clustered nodes of Keycloak server on Wildfly/EAP or on embedded undertow
* shared DB
### Cluster tests with Keycloak on Wildfly
After you build the distribution, you run this command to setup servers and run cluster tests using shared Docker database:
mvn -f testsuite/integration-arquillian/pom.xml \
-Pauth-server-wildfly,auth-server-cluster,db-mysql,jpa \
-Dsession.cache.owners=2 \
-Dbackends.console.output=true \
-Dauth.server.log.check=false \
-Dfrontend.console.output=true \
-Dtest=org.keycloak.testsuite.cluster.**.*Test clean install
### Cluster tests with Keycloak on Quarkus
Make sure the `testsuite/integration-arquillian/servers/auth-server/quarkus` module was built as follows:
@ -574,6 +562,8 @@ For Data Grid 7 and older use: `-Dfile=jboss-datagrid-${DATAGRID_VERSION}-server
### Run Cross-DC Tests from Maven
Warning: The Cross-DC tests doesn't work with Quarkus distribution
Note: Profile `auth-servers-crossdc-undertow` currently doesn't work (see [KEYCLOAK-18335](https://issues.redhat.com/browse/KEYCLOAK-18335)).
Use `-Pauth-servers-crossdc-jboss,auth-server-wildfly` instead.
@ -770,11 +760,11 @@ Then, before running the test, setup Keycloak Server distribution for the tests:
mvn -f testsuite/integration-arquillian/servers/pom.xml \
clean install \
-Pauth-server-wildfly
-Pauth-server-quarkus
When running the test, add the following arguments to the command line:
-Pauth-server-wildfly -Pauth-server-enable-disable-feature -Dfeature.name=docker -Dfeature.value=enabled
-Pauth-server-quarkus -Pauth-server-enable-disable-feature -Dfeature.name=docker -Dfeature.value=enabled
## Java 11 support
Java 11 requires some arguments to be passed to JVM. Those can be activated using `-Pjava11-auth-server` and

View file

@ -16,24 +16,17 @@ Keycloak server is automatically started by the testsuite on the `BeforeSuite` e
By default the server runs in embedded Undertow.
#### Wildfly/EAP
Testsuite supports running server on Wildfly/EAP. For this it's necessary to:
- build the project including the `distribution` module
(artifact `keycloak-server-dist`/`-overlay` needs to be available before running the testsuite),
- activate profile `auth-server-wildfly` or `auth-server-eap7`.
[More details...](servers/auth-server/README.md)
#### Cluster Setup
The cluster setup for server can be enabled by activating profile `auth-server-cluster`.
The cluster setup for server can be enabled by activating profile `auth-server-cluster-quarkus`.
The cluster setup is not supported for server on Undertow. Profile `auth-server-wildfly` or `auth-server-eap` needs to be activated.
The cluster setup is not supported for server on Undertow.
The setup includes:
- a `mod_cluster` load balancer on Wildfly
- two clustered nodes of Keycloak server on Wildfly/EAP
- a `mod_cluster` load balancer on Quarkus
- two clustered nodes of Keycloak server on Quarkus
Clustering tests require MULTICAST to be enabled on machine's `loopback` network interface.
This can be done by running the following commands under root privileges:

View file

@ -18,9 +18,6 @@ Submodules are enabled with profiles: `-Papp-server-MODULE`
* __`wildfly` Wildfly 11__
* __`eap6` EAP 6__ Requires access to EAP product repo, or setting `-Deap6.version` to public EAP 6 Alpha.
* __`eap` EAP 7__ Requires access to EAP product repo.
* __`relative`__ Activate with `-Papp-server-relative`.
* __`wildfly` Relative Wildfly 10__ Based on [`auth-server/jboss/wildfly`](../auth-server/README.md). Activate with `-Pauth-server-wildfly`.
* __`eap` Relative EAP 7__ Based on [`auth-server/jboss/eap`](../auth-server/README.md). Activate with `-Pauth-server-eap`.
### Adapter Configs Location

View file

@ -759,18 +759,6 @@
<module>wildfly</module>
</modules>
</profile>
<profile>
<id>app-server-relative</id>
<activation>
<property>
<name>app.server</name>
<value>relative</value>
</property>
</activation>
<modules>
<module>relative</module>
</modules>
</profile>
</profiles>
</project>

View file

@ -1,37 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jboss-relative</artifactId>
<version>999-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-relative-eap</artifactId>
<packaging>pom</packaging>
<name>App Server - JBoss - Relative EAP</name>
<properties>
<auth.server.jboss>eap</auth.server.jboss>
<app.server.jboss.artifactId>integration-arquillian-servers-auth-server-eap</app.server.jboss.artifactId>
</properties>
</project>

View file

@ -1,61 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jboss</artifactId>
<version>999-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-jboss-relative</artifactId>
<packaging>pom</packaging>
<name>App Server - JBoss - Relative</name>
<properties>
<common.resources>${project.parent.parent.basedir}/common</common.resources>
<assembly.xml>${project.parent.parent.basedir}/assembly.xml</assembly.xml>
<app.server.jboss>relative-${auth.server.jboss}</app.server.jboss>
<app.server.jboss.groupId>org.keycloak.testsuite</app.server.jboss.groupId>
<app.server.jboss.version>${project.version}</app.server.jboss.version>
<app.server.jboss.unpacked.folder.name>auth-server-${auth.server.jboss}</app.server.jboss.unpacked.folder.name>
<app.server.oidc.adapter.artifactId>keycloak-wildfly-adapter-dist</app.server.oidc.adapter.artifactId>
<app.server.saml.adapter.artifactId>keycloak-saml-wildfly-adapter-dist</app.server.saml.adapter.artifactId>
</properties>
<profiles>
<profile>
<id>auth-server-wildfly</id>
<modules>
<module>wildfly</module>
</modules>
</profile>
<profile>
<id>auth-server-eap</id>
<modules>
<module>eap</module>
</modules>
</profile>
</profiles>
</project>

View file

@ -1,37 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jboss-relative</artifactId>
<version>999-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-relative-wildfly</artifactId>
<packaging>pom</packaging>
<name>App Server - JBoss - Relative Wildfly</name>
<properties>
<auth.server.jboss>wildfly</auth.server.jboss>
<app.server.jboss.artifactId>integration-arquillian-servers-auth-server-wildfly</app.server.jboss.artifactId>
</properties>
</project>

View file

@ -5,42 +5,18 @@
- Keycloak Arquillian Integration TestSuite - Test Servers - Auth Server
- [Keycloak Arquillian Integration TestSuite - Test Servers - App Servers](../app-server/README.md)
## Auth Server - JBoss
### Common directory
- Contains all necessary files for all Auth servers
Common configurations of Keycloak server on JBoss-based container (Wildfly/EAP).
### Auth Server Services
- Contains usually test providers and its associated factories used in the testsuite
### Submodules
## Auth servers
#### `wildfly` Wildfly latest
- Builds keycloak server on top of latest Wildfly.
- Activated by __`-Pauth-server-wildfly`__
### Undertow
- Arquillian extension for running Keycloak server in embedded Undertow.
- Activated by default, or explicitly by __`-Pauth-server-undertow`__
#### `eap` EAP 7
- Builds keycloak server on top of latest EAP.
- Activated by __`-Pauth-server-eap`__
- Requires access to product repo.
- Requires additional properties:
- `product.version`
- `product.unpacked.folder.name` (optional; the default value is based on the POM versions)
- `product` to activate the product profile; NOT required if `product.unpacked.folder.name` is specified
### Server dist vs overlay
By default `keycloak-server-dist` artifact is used for the build.
By setting `-Dserver-overlay=true` you can switch to server overlay instead. See profile `server-overlay`.
### JPA
Configures Keycloak JDBC datasource in `standalone.xml`. See profile `jpa`.
### Cluster
Configures in `standalone-ha.xml`:
- h2 datasource over TCP (if not executed together with jpa)
- parameters of Keycloak Infinispan caches
See profile `auth-server-cluster`.
## Auth Server - Undertow
Arquillian extension for running Keycloak server in embedded Undertow.
### Quarkus
- Builds keycloak server on top of used Quarkus with a particular version.
- Activated by __`-Pauth-server-quarkus`__

View file

@ -1,46 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<assembly>
<id>${auth.server.jboss}</id>
<formats>
<format>zip</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<fileSets>
<fileSet>
<directory>${auth.server.home}</directory>
<outputDirectory>auth-server-${auth.server.jboss}</outputDirectory>
<excludes>
<exclude>**/*.sh</exclude>
</excludes>
</fileSet>
<fileSet>
<directory>${auth.server.home}</directory>
<outputDirectory>auth-server-${auth.server.jboss}</outputDirectory>
<includes>
<include>**/*.sh</include>
</includes>
<fileMode>0755</fileMode>
</fileSet>
</fileSets>
</assembly>

View file

@ -1,274 +0,0 @@
<project xmlns:if="ant:if">
<property name="cli.tmp.dir" value="${project.build.directory}/cli" />
<target name="set-server-config">
<condition property="server.config" value="standalone.xml">
<equals arg1="${ant.scenario}" arg2="scenario-standalone"/>
</condition>
<condition property="server.config" value="standalone-ha.xml">
<or>
<equals arg1="${ant.scenario}" arg2="scenario-cluster"/>
<equals arg1="${ant.scenario}" arg2="scenario-crossdc"/>
</or>
</condition>
<fail message="Property $${ant.scenario} must be set.">
<condition>
<not>
<isset property="server.config" />
</not>
</condition>
</fail>
<echo>server.config: ${server.config}</echo>
</target>
<macrodef name="bin-chmod">
<sequential>
<chmod perm="ug+x">
<fileset dir="${auth.server.home}/bin">
<include name="*.sh"/>
</fileset>
</chmod>
</sequential>
</macrodef>
<macrodef name="cleanup">
<sequential>
<delete dir="${auth.server.home}/standalone/configuration/standalone_xml_history"/>
<delete dir="${auth.server.home}/standalone/log"/>
<delete dir="${auth.server.home}/standalone/data"/>
<delete dir="${auth.server.home}/standalone/tmp"/>
</sequential>
</macrodef>
<target name="apply-cli-scripts" depends="set-server-config">
<concat destfile="${cli.tmp.dir}/result.cli" fixlastline="true">
<header filtering="no" trimleading="yes">
embed-server --server-config=${server.config}
</header>
<fileset dir="${cli.tmp.dir}" includes="*.cli"/>
</concat>
<bin-chmod/>
<!-- Workaround for WFCORE-5335 issue -->
<exec osfamily="unix" dir="${auth.server.home}/bin" executable="bash" failonerror="true">
<arg value="${jboss.cli.executable}"/>
<arg value="--file=${cli.tmp.dir}/result.cli"/>
</exec>
<exec osfamily="windows" executable="powershell" failonerror="true">
<arg value="${auth.server.home}/bin/${jboss.cli.executable}"/>
<arg value="--file=${cli.tmp.dir}/result.cli"/>
</exec>
<cleanup/>
</target>
<target name="scenario-standalone-generate" depends="io-worker-threads,
inject-provider,
inject-truststore,
log-level">
<echo>cli scripts for standalone prepared</echo>
</target>
<target name="scenario-cluster-generate" depends="io-worker-threads,
inject-provider,
inject-truststore,
undertow-subsystem-cluster,
ispn-cache-owners,
log-level">
<echo>cli scripts for cluster prepared</echo>
</target>
<target name="scenario-crossdc-generate" depends="io-worker-threads,
inject-provider,
inject-truststore,
cross-dc-setup,
log-level">
<echo>cli scripts for crossdc prepared</echo>
</target>
<target name="io-worker-threads">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/io.cli"/>
</resources>
<filterset>
<filter token="IO_WORKER_IO_THREADS" value="${auth.server.worker.io-threads}"/>
<filter token="IO_WORKER_TASK_MAX_THREADS" value="${auth.server.worker.task-max-threads}"/>
</filterset>
</copy>
</target>
<target name="inject-provider">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/keycloak-server-subsystem.cli"/>
</resources>
</copy>
</target>
<target name="inject-truststore">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/truststore.cli"/>
</resources>
</copy>
</target>
<target name="set-manual-migration-strategy">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/set-manual-migration-strategy.cli"/>
</resources>
</copy>
</target>
<target name="configure-server-jpa" depends="update-jpa-schema">
<!-- I'm intentionally leaving this here. This shows up environment variables that are used during the build.
If anything goes wrong, this is the first place to look at -->
<echoproperties/>
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/configure-server-jpa.cli"/>
</resources>
<filterset>
<filter token="DATABASE" value="${jdbc.mvn.artifactId}"/>
<filter token="DRIVER_VERSION" value="${jdbc.mvn.version}"/>
<filter token="DRIVER_TMP_DIR" value="${jdbc.driver.tmp.dir}"/>
<filter token="JDBC_URL" value="${keycloak.connectionsJpa.url}"/>
<filter token="USER" value="${keycloak.connectionsJpa.user}"/>
<filter token="PASSWORD" value="${keycloak.connectionsJpa.password}"/>
</filterset>
</copy>
</target>
<target name="update-jpa-schema" if="update.schema" depends="schema-update-required">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/update-jpa-schema.cli"/>
</resources>
<filterset>
<filter token="SCHEMA" value="${keycloak.connectionsJpa.schema}"/>
</filterset>
</copy>
</target>
<target name="schema-update-required">
<condition property="update.schema">
<not>
<equals arg1="${keycloak.connectionsJpa.schema}" arg2="DEFAULT"/>
</not>
</condition>
<echo>Updating schema?: ${update.schema}</echo>
<echo>keycloak.connectionsJpa.schema: ${keycloak.connectionsJpa.schema}</echo>
</target>
<target name="undertow-subsystem-cluster">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/undertow-subsystem-cluster-setup.cli"/>
</resources>
</copy>
</target>
<target name="ispn-cache-owners">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/ispn-cache-owners.cli"/>
</resources>
<filterset>
<filter token="SESSION_CACHE_OWNERS" value="${session.cache.owners}"/>
<filter token="OFFLINE_SESSION_CACHE_OWNERS" value="${offline.session.cache.owners}"/>
<filter token="LOGIN_FAILURE_CACHE_OWNERS" value="${login.failure.cache.owners}"/>
</filterset>
</copy>
</target>
<target name="log-level" if="set.log.level" depends="log-level-update-required">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/add-log-level.cli"/>
</resources>
<filterset>
<filter token="INFINISPAN_LOG_LEVEL" value="${infinispan.log.level}"/>
<filter token="SCHEDULED_TASKS_LOG_LEVEL" value="${scheduled.tasks.log.level}"/>
</filterset>
</copy>
</target>
<target name="log-level-update-required">
<!-- Default log levels -->
<property name="infinispan.log.level" value="INFO"/>
<property name="scheduled.tasks.log.level" value="INFO"/>
<condition property="set.log.level">
<or>
<equals arg1="${infinispan.log.level}" arg2="DEBUG"/>
<equals arg1="${infinispan.log.level}" arg2="TRACE"/>
<equals arg1="${scheduled.tasks.log.level}" arg2="DEBUG"/>
<equals arg1="${scheduled.tasks.log.level}" arg2="TRACE"/>
</or>
</condition>
<echo>Updating log level?: ${set.log.level}</echo>
<echo>infinispan.log.level: ${infinispan.log.level}</echo>
<echo>sheduled.tasks.log.level: ${scheduled.tasks.log.level}</echo>
</target>
<target name="replace-jdbc-url">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/replace-jdbc-url.cli"/>
</resources>
<filterset>
<filter token="JDBC_URL" value="${h2.jdbc.url}"/>
</filterset>
</copy>
</target>
<target name="cross-dc-setup">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/cross-dc-setup.cli"/>
<file file="${common.resources}/jboss-cli/cross-dc-setup_cache-auth.cli" if:true="${crossdc.cache.auth}" />
</resources>
<filterset>
<filter token="HOTROD_SASL_MECHANISM" value="${hotrod.sasl.mechanism}"/>
<filter token="PRELOADING_ENABLED" value="${keycloak.userSessions.infinispan.preloadOfflineSessionsFromDatabase}"/>
</filterset>
</copy>
<copy todir="${auth.server.home}/standalone/configuration">
<resources>
<file file="${common.resources}/keystore/hotrod-client-truststore.jks"/>
</resources>
</copy>
</target>
<!--following target is used by testsuite/integration-arquillian/servers/migration-->
<target name="configure-server-jpa-legacy">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/migration/configure-server-jpa-legacy.cli"/>
</resources>
<filterset>
<filter token="DATABASE" value="${jdbc.mvn.artifactId}"/>
<filter token="DRIVER_VERSION" value="${jdbc.mvn.version}"/>
<filter token="DRIVER_TMP_DIR" value="${jdbc.driver.tmp.dir}"/>
<filter token="JDBC_URL" value="${keycloak.connectionsJpa.url}"/>
<filter token="USER" value="${keycloak.connectionsJpa.user}"/>
<filter token="PASSWORD" value="${keycloak.connectionsJpa.password}"/>
</filterset>
</copy>
</target>
<!-- Needed on Java 15 and later -->
<target name="deploy-nashorn-module">
<copy todir="${cli.tmp.dir}">
<resources>
<file file="${common.resources}/jboss-cli/deploy-nashorn-module.cli"/>
</resources>
<filterset>
<filter token="NASHORN_JAR" value="${project.build.directory}/nashorn/nashorn-core-${nashorn.version}.jar"/>
</filterset>
</copy>
<echo>Nashorn module deployed</echo>
</target>
</project>

View file

@ -1,9 +0,0 @@
set NOPAUSE=true
call %JBOSS_HOME%\bin\jboss-cli.bat --file=keycloak-install.cli
call %JBOSS_HOME%\bin\jboss-cli.bat --file=keycloak-install-ha.cli
if %ERRORLEVEL% neq 0 set ERROR=%ERRORLEVEL%
exit /b %ERROR%

View file

@ -1,17 +0,0 @@
#!/bin/bash
echo "JBOSS_HOME=$JBOSS_HOME"
if [ ! -d "$JBOSS_HOME/bin" ] ; then
>&2 echo "JBOSS_HOME/bin doesn't exist"
exit 1
fi
cd $JBOSS_HOME/bin
RESULT=0
./jboss-cli.sh --file=keycloak-install.cli
if [ $? -ne 0 ]; then exit 1; fi
./jboss-cli.sh --file=keycloak-install-ha.cli
if [ $? -ne 0 ]; then exit 1; fi
exit 0

View file

@ -1,14 +0,0 @@
set NOPAUSE=true
setlocal EnableDelayedExpansion
for %%a in (%AUTH_PATCH_ZIPS%) do (
set patch=%%a
if "!patch:~0,4!"=="http" (
powershell -command "& { iwr %%a -OutFile %cd%\patch.zip }"
call %JBOSS_HOME%\bin\jboss-cli.bat --command="patch apply %cd%\patch.zip
) else (
call %JBOSS_HOME%\bin\jboss-cli.bat --command="patch apply %%a"
)
if %ERRORLEVEL% neq 0 set ERROR=%ERRORLEVEL%
)
exit /b %ERROR%

View file

@ -1,23 +0,0 @@
#!/bin/bash
echo "JBOSS_HOME=$JBOSS_HOME"
if [ ! -d "$JBOSS_HOME/bin" ] ; then
>&2 echo "JBOSS_HOME/bin doesn't exist"
exit 1
fi
cd $JBOSS_HOME/bin
RESULT=0
patches=$(echo $AUTH_PATCH_ZIPS | tr "," "\n")
for patch in $patches
do
if [[ $patch == http* ]];
then
wget -O ./patch.zip $patch >/dev/null 2>&1
patch=./patch.zip
fi
./jboss-cli.sh --command="patch apply $patch"
if [ $? -ne 0 ]; then exit 1; fi
done
exit 0

View file

@ -1,10 +0,0 @@
echo *** Adding infinispan logger ***
/subsystem=logging/logger=org.infinispan:add(level=@INFINISPAN_LOG_LEVEL@)
echo *** Adding scheduled tasks logger ***
/subsystem=logging/logger=org.keycloak.services.scheduled:add(level=@SCHEDULED_TASKS_LOG_LEVEL@)
echo *** Switching console handler logger to TRACE ***
/subsystem=logging/console-handler=CONSOLE:change-log-level(level=TRACE)

View file

@ -1,23 +0,0 @@
echo *** Creating module.xml in modules ***
module add --module-root-dir=../modules/system/layers/base/ \
--name=test.jdbc.@DATABASE@ \
--resources=@DRIVER_TMP_DIR@/@DATABASE@-@DRIVER_VERSION@.jar \
--dependencies=javax.api,javax.transaction.api,javax.xml.bind.api
echo *** Updating datasource subsystem ***
echo ** Adding driver definition **
/subsystem=datasources/jdbc-driver=@DATABASE@:add(driver-name=@DATABASE@,driver-module-name=test.jdbc.@DATABASE@)
echo ** Updating connection properties **
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=connection-url,value="@JDBC_URL@")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=driver-name,value="@DATABASE@")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=user-name,value="@USER@")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=password,value="@PASSWORD@")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=min-pool-size,value="10")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value="50")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=pool-prefill,value="true")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=idle-timeout-minutes,value="5")
echo *** Adding dialect logger ***
/subsystem=logging/logger=org.hibernate.dialect:add(level=${org.hibernate.dialect.Dialect:ALL})

View file

@ -1,151 +0,0 @@
echo *** Update jgroups subsystem ***
/subsystem=jgroups/stack=udp/transport=UDP:write-attribute(name=site, value=${jboss.site.name})
echo *** Update infinispan subsystem ***
/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module, value=org.keycloak.keycloak-model-infinispan)
echo ** Add remote socket binding to infinispan server **
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-cache:add(host=${remote.cache.host:localhost}, port=${remote.cache.port:11222})
echo ** Update replicated-cache work element **
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/store=remote:add( \
passivation=false, \
fetch-state=false, \
purge=false, \
preload=false, \
shared=true, \
remote-servers=["remote-cache"], \
cache=work, \
properties={ \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache sessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=remote:add( \
passivation=false, \
fetch-state=false, \
purge=false, \
preload=false, \
shared=true, \
remote-servers=["remote-cache"], \
cache=sessions, \
properties={ \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache offlineSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions/store=remote:add( \
passivation=false, \
fetch-state=false, \
purge=false, \
preload=false, \
shared=true, \
remote-servers=["remote-cache"], \
cache=offlineSessions, \
properties={ \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache clientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=remote:add( \
passivation=false, \
fetch-state=false, \
purge=false, \
preload=false, \
shared=true, \
remote-servers=["remote-cache"], \
cache=clientSessions, \
properties={ \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache offlineClientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/store=remote:add( \
passivation=false, \
fetch-state=false, \
purge=false, \
preload=false, \
shared=true, \
remote-servers=["remote-cache"], \
cache=offlineClientSessions, \
properties={ \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache loginFailures element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures/store=remote:add( \
passivation=false, \
fetch-state=false, \
purge=false, \
preload=false, \
shared=true, \
remote-servers=["remote-cache"], \
cache=loginFailures, \
properties={ \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache actionTokens element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/store=remote:add( \
passivation=false, \
fetch-state=false, \
purge=false, \
preload=false, \
shared=true, \
cache=actionTokens, \
remote-servers=["remote-cache"], \
properties={ \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache authenticationSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=statistics-enabled,value=true)
echo *** Enable debug logging ***
/subsystem=logging/logger=org.keycloak.cluster.infinispan:add(level=DEBUG)
/subsystem=logging/logger=org.keycloak.connections.infinispan:add(level=DEBUG)
/subsystem=logging/logger=org.keycloak.models.cache.infinispan:add(level=DEBUG)
/subsystem=logging/logger=org.keycloak.models.sessions.infinispan:add(level=DEBUG)
echo *** Update undertow subsystem ***
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
echo *** Update keycloak-server subsystem, infinispan remoteStoreSecurity ***
/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:map-put(name=properties,key=remoteStoreSecurityEnabled,value=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled:true})
echo *** Enable offline user session preloading ***
/subsystem=keycloak-server/spi=userSessions:add(default-provider=infinispan)
/subsystem=keycloak-server/spi=userSessions/provider=infinispan:add(properties={preloadOfflineSessionsFromDatabase => @PRELOADING_ENABLED@},enabled=true)

View file

@ -1,125 +0,0 @@
echo ** Update replicated-cache work element **
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/store=remote:write-attribute( \
name=properties, \
value={ \
infinispan.client.hotrod.auth_username=myuser, \
infinispan.client.hotrod.auth_password=qwer1234!, \
infinispan.client.hotrod.auth_realm=default, \
infinispan.client.hotrod.auth_server_name=infinispan, \
infinispan.client.hotrod.sasl_mechanism=@HOTROD_SASL_MECHANISM@, \
infinispan.client.hotrod.trust_store_file_name=${jboss.server.config.dir}/hotrod-client-truststore.jks, \
infinispan.client.hotrod.trust_store_type=JKS, \
infinispan.client.hotrod.trust_store_password=password, \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
echo ** Update distributed-cache sessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=remote:write-attribute( \
name=properties, \
value={ \
infinispan.client.hotrod.auth_username=myuser, \
infinispan.client.hotrod.auth_password=qwer1234!, \
infinispan.client.hotrod.auth_realm=default, \
infinispan.client.hotrod.auth_server_name=infinispan, \
infinispan.client.hotrod.sasl_mechanism=@HOTROD_SASL_MECHANISM@, \
infinispan.client.hotrod.trust_store_file_name=${jboss.server.config.dir}/hotrod-client-truststore.jks, \
infinispan.client.hotrod.trust_store_type=JKS, \
infinispan.client.hotrod.trust_store_password=password, \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
echo ** Update distributed-cache offlineSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions/store=remote:write-attribute( \
name=properties, \
value={ \
infinispan.client.hotrod.auth_username=myuser, \
infinispan.client.hotrod.auth_password=qwer1234!, \
infinispan.client.hotrod.auth_realm=default, \
infinispan.client.hotrod.auth_server_name=infinispan, \
infinispan.client.hotrod.sasl_mechanism=@HOTROD_SASL_MECHANISM@, \
infinispan.client.hotrod.trust_store_file_name=${jboss.server.config.dir}/hotrod-client-truststore.jks, \
infinispan.client.hotrod.trust_store_type=JKS, \
infinispan.client.hotrod.trust_store_password=password, \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
echo ** Update distributed-cache clientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=remote:write-attribute( \
name=properties, \
value={ \
infinispan.client.hotrod.auth_username=myuser, \
infinispan.client.hotrod.auth_password=qwer1234!, \
infinispan.client.hotrod.auth_realm=default, \
infinispan.client.hotrod.auth_server_name=infinispan, \
infinispan.client.hotrod.sasl_mechanism=@HOTROD_SASL_MECHANISM@, \
infinispan.client.hotrod.trust_store_file_name=${jboss.server.config.dir}/hotrod-client-truststore.jks, \
infinispan.client.hotrod.trust_store_type=JKS, \
infinispan.client.hotrod.trust_store_password=password, \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
echo ** Update distributed-cache offlineClientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/store=remote:write-attribute( \
name=properties, \
value={ \
infinispan.client.hotrod.auth_username=myuser, \
infinispan.client.hotrod.auth_password=qwer1234!, \
infinispan.client.hotrod.auth_realm=default, \
infinispan.client.hotrod.auth_server_name=infinispan, \
infinispan.client.hotrod.sasl_mechanism=@HOTROD_SASL_MECHANISM@, \
infinispan.client.hotrod.trust_store_file_name=${jboss.server.config.dir}/hotrod-client-truststore.jks, \
infinispan.client.hotrod.trust_store_type=JKS, \
infinispan.client.hotrod.trust_store_password=password, \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
echo ** Update distributed-cache loginFailures element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures/store=remote:write-attribute( \
name=properties, \
value={ \
infinispan.client.hotrod.auth_username=myuser, \
infinispan.client.hotrod.auth_password=qwer1234!, \
infinispan.client.hotrod.auth_realm=default, \
infinispan.client.hotrod.auth_server_name=infinispan, \
infinispan.client.hotrod.sasl_mechanism=@HOTROD_SASL_MECHANISM@, \
infinispan.client.hotrod.trust_store_file_name=${jboss.server.config.dir}/hotrod-client-truststore.jks, \
infinispan.client.hotrod.trust_store_type=JKS, \
infinispan.client.hotrod.trust_store_password=password, \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)
echo ** Update distributed-cache actionTokens element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/store=remote:write-attribute( \
name=properties, \
value={ \
infinispan.client.hotrod.auth_username=myuser, \
infinispan.client.hotrod.auth_password=qwer1234!, \
infinispan.client.hotrod.auth_realm=default, \
infinispan.client.hotrod.auth_server_name=infinispan, \
infinispan.client.hotrod.sasl_mechanism=@HOTROD_SASL_MECHANISM@, \
infinispan.client.hotrod.trust_store_file_name=${jboss.server.config.dir}/hotrod-client-truststore.jks, \
infinispan.client.hotrod.trust_store_type=JKS, \
infinispan.client.hotrod.trust_store_password=password, \
rawValues=true, \
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory, \
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion} \
} \
)

View file

@ -1,5 +0,0 @@
echo *** Installing nashorn-core module ***
module add --module-root-dir=../modules/system/layers/keycloak/ \
--name=org.openjdk.nashorn.nashorn-core \
--resources=@NASHORN_JAR@ \
--dependencies=asm.asm,jdk.dynalink

View file

@ -1,4 +0,0 @@
echo *** Update io subsystem ***
/subsystem=io/worker=default:write-attribute(name=io-threads,value=@IO_WORKER_IO_THREADS@)
/subsystem=io/worker=default:write-attribute(name=task-max-threads,value=@IO_WORKER_TASK_MAX_THREADS@)

View file

@ -1,10 +0,0 @@
echo *** Updating infinispan cache owners ***
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=@SESSION_CACHE_OWNERS@)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=@SESSION_CACHE_OWNERS@)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=owners, value=@SESSION_CACHE_OWNERS@)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=@OFFLINE_SESSION_CACHE_OWNERS@)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=owners, value=@OFFLINE_SESSION_CACHE_OWNERS@)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=@LOGIN_FAILURE_CACHE_OWNERS@)

View file

@ -1,28 +0,0 @@
echo *** Updating keycloak-server subsystem ***
echo ** Adding login-protocol spi **
/subsystem=keycloak-server/spi=login-protocol/:add
/subsystem=keycloak-server/spi=login-protocol/provider=saml/:add(enabled=true,properties={knownProtocols => "[\"http=${auth.server.http.port}\",\"https=${auth.server.https.port}\"]"})
echo ** Adding theme modules **
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=modules,value=[org.keycloak.testsuite.integration-arquillian-testsuite-providers])
echo ** Adding provider **
/subsystem=keycloak-server/:write-attribute(name=providers, \
value=[ classpath:${jboss.home.dir}/providers/*, \
module:org.keycloak.testsuite.integration-arquillian-testsuite-providers \
] \
)
echo ** Adding max-detail-length to eventsStore spi **
/subsystem=keycloak-server/spi=eventsStore/provider=jpa/:write-attribute(name=properties.max-detail-length,value=${keycloak.eventsStore.maxDetailLength:1000})
echo ** Adding spi=userProfile with default provider and legacy-user-profile configuration of read-only attributes **
/subsystem=keycloak-server/spi=userProfile/:add(default-provider="declarative-user-profile")
/subsystem=keycloak-server/spi=userProfile/provider=declarative-user-profile/:add(properties={},enabled=true)
/subsystem=keycloak-server/spi=userProfile/provider=declarative-user-profile/:map-put(name=properties,key=read-only-attributes,value="[\"deniedFoo\",\"deniedBar*\",\"deniedSome/thing\",\"deniedsome*thing\"]")
/subsystem=keycloak-server/spi=userProfile/provider=declarative-user-profile/:map-put(name=properties,key=admin-read-only-attributes,value="[\"deniedSomeAdmin\"]")
echo ** Do not reuse connections for HttpClientProvider within testsuite **
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default/:map-put(name=properties,key=reuse-connections,value=false)

View file

@ -1,21 +0,0 @@
echo *** Creating module.xml in modules ***
module add --name=test.jdbc.@DATABASE@ \
--resources=@DRIVER_TMP_DIR@/@DATABASE@-@DRIVER_VERSION@.jar \
--dependencies=javax.api,javax.transaction.api,javax.xml.bind.api
echo *** Updating datasource subsystem ***
echo ** Adding driver definition **
/subsystem=datasources/jdbc-driver=@DATABASE@:add(driver-name=@DATABASE@,driver-module-name=test.jdbc.@DATABASE@)
echo ** Updating connection properties **
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=connection-url,value="@JDBC_URL@")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=driver-name,value="@DATABASE@")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=user-name,value="@USER@")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=password,value="@PASSWORD@")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=min-pool-size,value="10")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value="50")
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=pool-prefill,value="true")
echo *** Adding dialect logger ***
/subsystem=logging/logger=org.hibernate.dialect:add(level=${org.hibernate.dialect.Dialect:ALL})

View file

@ -1,3 +0,0 @@
echo ** Updating jdbc url properties **
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=connection-url,value="@JDBC_URL@")

Some files were not shown because too many files have changed in this diff Show more