From f3bf1456abecf66e326f4b7dcd8b610f58243df2 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Mon, 19 Nov 2018 17:32:21 +0100 Subject: [PATCH] KEYCLOAK-8781 Mark OpenShift integration as preview. Fix issue in Profile where preview features was not enabled in preview mode. (#5738) --- common/src/main/java/org/keycloak/common/Profile.java | 6 +++--- common/src/test/java/org/keycloak/common/ProfileTest.java | 7 +++++-- .../protocol/openshift/OpenShiftTokenReviewEndpoint.java | 8 +++++++- .../openshift/OpenShiftTokenReviewEndpointTest.java | 5 ++++- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java index 50bda6f4c8..01030ab914 100755 --- a/common/src/main/java/org/keycloak/common/Profile.java +++ b/common/src/main/java/org/keycloak/common/Profile.java @@ -47,10 +47,10 @@ public class Profile { ADMIN_FINE_GRAINED_AUTHZ(Type.PREVIEW), DOCKER(Type.DISABLED_BY_DEFAULT), IMPERSONATION(Type.DEFAULT), - OPENSHIFT_INTEGRATION(Type.DEFAULT), + OPENSHIFT_INTEGRATION(Type.PREVIEW), SCRIPTS(Type.PREVIEW), TOKEN_EXCHANGE(Type.PREVIEW), - AUTHZ_DROOLS_POLICY(Type.PREVIEW);; + AUTHZ_DROOLS_POLICY(Type.PREVIEW); private Type type; @@ -106,7 +106,7 @@ public class Profile { break; case PREVIEW: previewFeatures.add(f); - if (enabled == null || !enabled) { + if ((enabled == null || !enabled) && !profile.equals(ProfileValue.PREVIEW)) { disabledFeatures.add(f); } else { logger.info("Preview feature enabled: " + f.name().toLowerCase()); diff --git a/common/src/test/java/org/keycloak/common/ProfileTest.java b/common/src/test/java/org/keycloak/common/ProfileTest.java index d18def61a3..72760f5155 100644 --- a/common/src/test/java/org/keycloak/common/ProfileTest.java +++ b/common/src/test/java/org/keycloak/common/ProfileTest.java @@ -22,8 +22,8 @@ public class ProfileTest { @Test public void checkDefaults() { Assert.assertEquals("community", Profile.getName()); - assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY); - assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY); + assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY, Profile.Feature.OPENSHIFT_INTEGRATION); + assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY, Profile.Feature.OPENSHIFT_INTEGRATION); assertEquals(Profile.getExperimentalFeatures(), Profile.Feature.ACCOUNT2); } @@ -31,6 +31,7 @@ public class ProfileTest { public void configWithSystemProperties() { Assert.assertEquals("community", Profile.getName()); Assert.assertFalse(Profile.isFeatureEnabled(Profile.Feature.DOCKER)); + Assert.assertFalse(Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION)); Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.IMPERSONATION)); System.setProperty("keycloak.profile", "preview"); @@ -41,6 +42,7 @@ public class ProfileTest { Assert.assertEquals("preview", Profile.getName()); Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.DOCKER)); + Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION)); Assert.assertFalse(Profile.isFeatureEnabled(Profile.Feature.IMPERSONATION)); System.getProperties().remove("keycloak.profile"); @@ -73,6 +75,7 @@ public class ProfileTest { Assert.assertEquals("preview", Profile.getName()); Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.DOCKER)); + Assert.assertTrue(Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION)); Assert.assertFalse(Profile.isFeatureEnabled(Profile.Feature.IMPERSONATION)); System.getProperties().remove("jboss.server.config.dir"); diff --git a/services/src/main/java/org/keycloak/protocol/openshift/OpenShiftTokenReviewEndpoint.java b/services/src/main/java/org/keycloak/protocol/openshift/OpenShiftTokenReviewEndpoint.java index efe9aa2a2f..bdfa1e2ae7 100644 --- a/services/src/main/java/org/keycloak/protocol/openshift/OpenShiftTokenReviewEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/openshift/OpenShiftTokenReviewEndpoint.java @@ -17,6 +17,7 @@ package org.keycloak.protocol.openshift; import org.keycloak.TokenVerifier; +import org.keycloak.common.Profile; import org.keycloak.common.VerificationException; import org.keycloak.crypto.SignatureProvider; import org.keycloak.crypto.SignatureVerifierContext; @@ -30,6 +31,7 @@ import org.keycloak.models.RealmModel; import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.protocol.oidc.ext.OIDCExtProvider; import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil; +import org.keycloak.provider.EnvironmentDependentProviderFactory; import org.keycloak.representations.AccessToken; import org.keycloak.services.ErrorResponseException; import org.keycloak.services.Urls; @@ -47,7 +49,7 @@ import java.util.List; * @author Bill Burke * @version $Revision: 1 $ */ -public class OpenShiftTokenReviewEndpoint implements OIDCExtProvider { +public class OpenShiftTokenReviewEndpoint implements OIDCExtProvider, EnvironmentDependentProviderFactory { private KeycloakSession session; private TokenManager tokenManager; @@ -169,4 +171,8 @@ public class OpenShiftTokenReviewEndpoint implements OIDCExtProvider { throw new ErrorResponseException(response); } + @Override + public boolean isSupported() { + return Profile.isFeatureEnabled(Profile.Feature.OPENSHIFT_INTEGRATION); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/openshift/OpenShiftTokenReviewEndpointTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/openshift/OpenShiftTokenReviewEndpointTest.java index 4ecfe5534e..e61050399c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/openshift/OpenShiftTokenReviewEndpointTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/openshift/OpenShiftTokenReviewEndpointTest.java @@ -34,7 +34,6 @@ import org.keycloak.testsuite.util.UserBuilder; import javax.ws.rs.core.Response; import java.util.Arrays; -import java.util.Collections; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -42,6 +41,8 @@ import java.util.Map; import static org.hamcrest.collection.IsIterableContainingInAnyOrder.containsInAnyOrder; import static org.junit.Assert.*; +import static org.keycloak.common.Profile.Feature.OPENSHIFT_INTEGRATION; +import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled; public class OpenShiftTokenReviewEndpointTest extends AbstractTestRealmKeycloakTest { @@ -76,6 +77,8 @@ public class OpenShiftTokenReviewEndpointTest extends AbstractTestRealmKeycloakT @Before public void enablePassthroughAuthenticator() { + assumeFeatureEnabled(OPENSHIFT_INTEGRATION); + if (!flowConfigured) { HashMap data = new HashMap<>(); data.put("newName", "testsuite-client-dummy");