From ab1173182c473a1b2768260f76e729255d969983 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Tue, 5 Dec 2023 15:54:39 -0300
Subject: [PATCH] Make sure realm is available from session when migrating to
 23

 Closes #25183

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---
 .../migration/migrators/MigrateTo23_0_0.java  | 12 ++++++-
 .../models/utils/RepresentationToModel.java   |  9 +++++-
 .../AbstractQuarkusDeployableContainer.java   | 31 +++++++++++++++++++
 .../KeycloakQuarkusConfiguration.java         | 10 ++++++
 ...cloakQuarkusServerDeployableContainer.java |  1 +
 .../base/src/test/resources/arquillian.xml    |  1 +
 .../integration-arquillian/tests/pom.xml      |  2 ++
 7 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/model/legacy-private/src/main/java/org/keycloak/migration/migrators/MigrateTo23_0_0.java b/model/legacy-private/src/main/java/org/keycloak/migration/migrators/MigrateTo23_0_0.java
index 113c5b761e..ad3b79973c 100644
--- a/model/legacy-private/src/main/java/org/keycloak/migration/migrators/MigrateTo23_0_0.java
+++ b/model/legacy-private/src/main/java/org/keycloak/migration/migrators/MigrateTo23_0_0.java
@@ -25,6 +25,7 @@ import org.jboss.logging.Logger;
 import org.keycloak.authentication.AuthenticationFlow;
 import org.keycloak.component.ComponentModel;
 import org.keycloak.migration.ModelVersion;
+import org.keycloak.models.KeycloakContext;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.representations.idm.RealmRepresentation;
@@ -43,7 +44,16 @@ public class MigrateTo23_0_0 implements Migration {
 
     @Override
     public void migrate(KeycloakSession session) {
-        session.realms().getRealmsStream().forEach(this::migrateRealm);
+        session.realms().getRealmsStream().forEach(realm -> {
+            KeycloakContext context = session.getContext();
+
+            try {
+                context.setRealm(realm);
+                migrateRealm(realm);
+            } finally {
+                context.setRealm(null);
+            }
+        });
     }
 
     @Override
diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 91cda01844..ec47720d52 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -67,6 +67,7 @@ import org.keycloak.models.FederatedIdentityModel;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.IdentityProviderMapperModel;
 import org.keycloak.models.IdentityProviderModel;
+import org.keycloak.models.KeycloakContext;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelException;
 import org.keycloak.models.ProtocolMapperModel;
@@ -121,7 +122,13 @@ public class RepresentationToModel {
 
 
     public static void importRealm(KeycloakSession session, RealmRepresentation rep, RealmModel newRealm, boolean skipUserDependent) {
-        session.getProvider(DatastoreProvider.class).getExportImportManager().importRealm(rep, newRealm, skipUserDependent);
+        KeycloakContext context = session.getContext();
+        try {
+            context.setRealm(newRealm);
+            session.getProvider(DatastoreProvider.class).getExportImportManager().importRealm(rep, newRealm, skipUserDependent);
+        } finally {
+            context.setRealm(null);
+        }
     }
 
     public static void importRoles(RolesRepresentation realmRoles, RealmModel realm) {
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java
index 093eff1c74..8ce563540f 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java
@@ -31,6 +31,7 @@ import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
@@ -59,6 +60,7 @@ import org.jboss.shrinkwrap.descriptor.api.Descriptor;
 import org.keycloak.common.crypto.FipsMode;
 import org.keycloak.testsuite.arquillian.SuiteContext;
 import org.keycloak.testsuite.model.StoreProvider;
+import org.keycloak.utils.StringUtil;
 
 public abstract class AbstractQuarkusDeployableContainer implements DeployableContainer<KeycloakQuarkusConfiguration> {
 
@@ -206,10 +208,39 @@ public abstract class AbstractQuarkusDeployableContainer implements DeployableCo
         }
 
         addStorageOptions(storeProvider, commands);
+        addFeaturesOption(commands);
 
         return commands;
     }
 
+    protected void addFeaturesOption(List<String> commands) {
+        String defaultFeatures = configuration.getDefaultFeatures();
+
+        if (StringUtil.isBlank(defaultFeatures)) {
+            return;
+        }
+
+        if (commands.stream().anyMatch(List.of("import", "export")::contains)) {
+            return;
+        }
+
+        StringBuilder featuresOption = new StringBuilder("--features=").append(defaultFeatures);
+        Iterator<String> iterator = commands.iterator();
+
+        while (iterator.hasNext()) {
+            String command = iterator.next();
+
+            if (command.startsWith("--features")) {
+                featuresOption = new StringBuilder(command);
+                featuresOption.append(",").append(defaultFeatures);
+                iterator.remove();
+                break;
+            }
+        }
+
+        commands.add(featuresOption.toString());
+    }
+
     protected List<String> configureArgs(List<String> commands) {
         return commands;
     }
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusConfiguration.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusConfiguration.java
index 461aea3168..b57e896e19 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusConfiguration.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusConfiguration.java
@@ -47,6 +47,8 @@ public class KeycloakQuarkusConfiguration implements ContainerConfiguration {
 
     private FipsMode fipsMode = FipsMode.valueOfOption(System.getProperty("auth.server.fips.mode"));
 
+    private String defaultFeatures;
+
     @Override
     public void validate() throws ConfigurationException {
         int basePort = getBindHttpPort();
@@ -229,4 +231,12 @@ public class KeycloakQuarkusConfiguration implements ContainerConfiguration {
     public void setFipsMode(FipsMode fipsMode) {
         this.fipsMode = fipsMode;
     }
+
+    public void setDefaultFeatures(String defaultFeatures) {
+        this.defaultFeatures = defaultFeatures;
+    }
+
+    public String getDefaultFeatures() {
+        return defaultFeatures;
+    }
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusServerDeployableContainer.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusServerDeployableContainer.java
index 25e0f5116f..50025b3d53 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusServerDeployableContainer.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusServerDeployableContainer.java
@@ -73,6 +73,7 @@ public class KeycloakQuarkusServerDeployableContainer extends AbstractQuarkusDep
         commands.add(getCommand());
         commands.add("-v");
         commands.add(command);
+        addFeaturesOption(commands);
         if (args != null) {
             commands.addAll(Arrays.asList(args));
         }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
index 498b46bcd9..18269b3fa1 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
@@ -649,6 +649,7 @@
             <property name="javaOpts">-Xms512m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=512m
                 -Djava.net.preferIPv4Stack=true -Dauth.server.db.host=some
             </property>
+            <property name="defaultFeatures">${auth.server.feature}</property>
         </configuration>
     </container>
 
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index 2a8c0ae7b3..d05252f18e 100644
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -1534,6 +1534,8 @@
                                     <auth.server.migration>true</auth.server.migration>
                                     <keycloak.migration.home>${containers.home}/auth-server-migration</keycloak.migration.home>
                                     <migration.import.props.previous>${migration.import.props.previous}</migration.import.props.previous>
+                                    <auth.server.feature>${auth.server.feature}</auth.server.feature>
+                                    <auth.server.feature>declarative-user-profile</auth.server.feature>
                                 </systemPropertyVariables>
                             </configuration>
                         </plugin>