libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-8781 Mark OpenShift integration as preview. Fix issue in Profile where preview features was not enabled in preview mode. (#5738)

Browse source
This commit is contained in:
Stian Thorgersen 2018-11-19 17:32:21 +01:00 committed by GitHub
parent 548950ed8e
commit f3bf1456ab
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
common/src/main/java/org/keycloak/common/Profile.java
View file

@ -47,10 +47,10 @@ public class Profile {
ADMIN_FINE_GRAINED_AUTHZ(Type.PREVIEW),
DOCKER(Type.DISABLED_BY_DEFAULT),
IMPERSONATION(Type.DEFAULT),
OPENSHIFT_INTEGRATION(Type.DEFAULT),
OPENSHIFT_INTEGRATION(Type.PREVIEW),
SCRIPTS(Type.PREVIEW),
TOKEN_EXCHANGE(Type.PREVIEW),
AUTHZ_DROOLS_POLICY(Type.PREVIEW);;
AUTHZ_DROOLS_POLICY(Type.PREVIEW);
private Type type;
@ -106,7 +106,7 @@ public class Profile {
break;
case PREVIEW:
previewFeatures.add(f);
if (enabled == null || !enabled) {
if ((enabled == null || !enabled) && !profile.equals(ProfileValue.PREVIEW)) {
disabledFeatures.add(f);
} else {
logger.info("Preview feature enabled: " + f.name().toLowerCase());

7
common/src/test/java/org/keycloak/common/ProfileTest.java
View file

@ -22,8 +22,8 @@ public class ProfileTest {
@Test
public void checkDefaults() {
Assert.assertEquals("community", Profile.getName());
assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY);
assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY);
assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY, Profile.Feature.OPENSHIFT_INTEGRATION);
assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY, Profile.Feature.OPENSHIFT_INTEGRATION);
assertEquals(Profile.getExperimentalFeatures(), Profile.Feature.ACCOUNT2);
}
@ -31,6 +31,7 @@ public class ProfileTest {
public void configWithSystemProperties() {
Assert.assertEquals("community", Profile.getName());
Assert.assertFalse(Profile.isFeatureEnabled(Profile.Feature.DOCKER));
Assert.assertFalse(Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION));
Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.IMPERSONATION));
System.setProperty("keycloak.profile", "preview");
@ -41,6 +42,7 @@ public class ProfileTest {
Assert.assertEquals("preview", Profile.getName());
Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.DOCKER));
Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION));
Assert.assertFalse(Profile.isFeatureEnabled(Profile.Feature.IMPERSONATION));
System.getProperties().remove("keycloak.profile");
@ -73,6 +75,7 @@ public class ProfileTest {
Assert.assertEquals("preview", Profile.getName());
Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.DOCKER));
Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION));
Assert.assertFalse(Profile.isFeatureEnabled(Profile.Feature.IMPERSONATION));
System.getProperties().remove("jboss.server.config.dir");

8
services/src/main/java/org/keycloak/protocol/openshift/OpenShiftTokenReviewEndpoint.java
View file

@ -17,6 +17,7 @@
package org.keycloak.protocol.openshift;
import org.keycloak.TokenVerifier;
import org.keycloak.common.Profile;
import org.keycloak.common.VerificationException;
import org.keycloak.crypto.SignatureProvider;
import org.keycloak.crypto.SignatureVerifierContext;
@ -30,6 +31,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.protocol.oidc.ext.OIDCExtProvider;
import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.Urls;
@ -47,7 +49,7 @@ import java.util.List;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OpenShiftTokenReviewEndpoint implements OIDCExtProvider {
public class OpenShiftTokenReviewEndpoint implements OIDCExtProvider, EnvironmentDependentProviderFactory {
private KeycloakSession session;
private TokenManager tokenManager;
@ -169,4 +171,8 @@ public class OpenShiftTokenReviewEndpoint implements OIDCExtProvider {
throw new ErrorResponseException(response);
}
@Override
public boolean isSupported() {
return Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION);
}
}

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/openshift/OpenShiftTokenReviewEndpointTest.java
View file

@ -34,7 +34,6 @@ import org.keycloak.testsuite.util.UserBuilder;
import javax.ws.rs.core.Response;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
@ -42,6 +41,8 @@ import java.util.Map;
import static org.hamcrest.collection.IsIterableContainingInAnyOrder.containsInAnyOrder;
import static org.junit.Assert.*;
import static org.keycloak.common.Profile.Feature.OPENSHIFT_INTEGRATION;
import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
public class OpenShiftTokenReviewEndpointTest extends AbstractTestRealmKeycloakTest {
@ -76,6 +77,8 @@ public class OpenShiftTokenReviewEndpointTest extends AbstractTestRealmKeycloakT
@Before
public void enablePassthroughAuthenticator() {
assumeFeatureEnabled(OPENSHIFT_INTEGRATION);
if (!flowConfigured) {
HashMap<String, String> data = new HashMap<>();
data.put("newName", "testsuite-client-dummy");