libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Import migration step for kc22

Browse source 
Closes #24031

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Vlasta Ramik 2023-10-19 09:00:49 +02:00 committed by GitHub
parent d10ccc7245
commit f6d582c761
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 148 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate22_0_0_RemoveRhssoThemes.java
View file

@ -43,10 +43,11 @@ public class JpaUpdate22_0_0_RemoveRhssoThemes extends CustomKeycloakTask {
.addWhereParameter("rh-sso"));
// remove account theme for realms
statements.add(new UpdateStatement(null, null, database.correctObjectName("REALM", Table.class))
.addNewColumnValue("ACCOUNT_THEME", null)
.setWhereClause("ACCOUNT_THEME=? OR ACCOUNT_THEME=?")
.addNewColumnValue("ACCOUNT_THEME", "keycloak.v2")
.setWhereClause("ACCOUNT_THEME=? OR ACCOUNT_THEME=? OR ACCOUNT_THEME=?")
.addWhereParameter("rh-sso")
.addWhereParameter("rh-sso.v2"));
.addWhereParameter("rh-sso.v2")
.addWhereParameter("keycloak"));
// remove login_theme for clients
if ("oracle".equals(database.getShortName())) {
statements.add(new DeleteStatement(null, null, database.correctObjectName("CLIENT_ATTRIBUTES", Table.class))

41
model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate22_0_5_UpdateAccountTheme.java Normal file
View file

@ -0,0 +1,41 @@
/*
* Copyright 2023 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.connections.jpa.updater.liquibase.custom;
import liquibase.exception.CustomChangeException;
import liquibase.statement.core.UpdateStatement;
import liquibase.structure.core.Table;
/**
* <p>Migration class to update themes for those who had upgraded to 22.0.0 already.</p>
*/
public class JpaUpdate22_0_5_UpdateAccountTheme extends CustomKeycloakTask {
@Override
protected void generateStatementsImpl() throws CustomChangeException {
statements.add(new UpdateStatement(null, null, database.correctObjectName("REALM", Table.class))
.addNewColumnValue("ACCOUNT_THEME", "keycloak.v2")
.setWhereClause("ACCOUNT_THEME=?")
.addWhereParameter("keycloak"));
}
@Override
protected String getTaskId() {
return "Update account theme for keycloak 22.0.5";
}
}

14
model/jpa/src/main/resources/META-INF/jpa-changelog-22.0.0.xml
View file

@ -17,8 +17,20 @@
-->
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="keycloak" id="22.0.0-17484">
<changeSet author="keycloak" id="22.0.0-17484-updated">
<preConditions onSqlOutput="TEST" onFail="MARK_RAN">
<not>
<changeSetExecuted id="22.0.0-17484" author="keycloak" changeLogFile="META-INF/jpa-changelog-22.0.0.xml"/>
</not>
</preConditions>
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate22_0_0_RemoveRhssoThemes"/>
</changeSet>
<changeSet author="keycloak" id="22.0.5-24031">
<preConditions onSqlOutput="TEST" onFail="MARK_RAN">
<changeSetExecuted id="22.0.0-17484" author="keycloak" changeLogFile="META-INF/jpa-changelog-22.0.0.xml"/>
</preConditions>
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate22_0_5_UpdateAccountTheme"/>
</changeSet>
</databaseChangeLog>

34
model/legacy-private/src/main/java/org/keycloak/migration/migrators/MigrateTo22_0_0.java
View file

@ -41,16 +41,17 @@ public class MigrateTo22_0_0 implements Migration {
@Override
public void migrate(KeycloakSession session) {
session.realms().getRealmsStream().forEach((realm) -> {
removeHttpChallengeFlow(realm);
updateAccountTheme(realm);
});
session.realms().getRealmsStream().forEach(this::removeHttpChallengeFlow);
//login, account, email themes are handled by JpaUpdate22_0_0_RemoveRhssoThemes
}
@Override
public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
removeHttpChallengeFlow(realm);
updateLoginTheme(realm);
updateAccountTheme(realm);
updateEmailTheme(realm);
updateClientAttributes(realm);
}
private void removeHttpChallengeFlow(RealmModel realm) {
@ -69,11 +70,34 @@ public class MigrateTo22_0_0 implements Migration {
private void updateAccountTheme(RealmModel realm) {
String accountTheme = realm.getAccountTheme();
if ("keycloak".equals(accountTheme) || "rh-sso".equals(accountTheme)) {
if ("keycloak".equals(accountTheme) || "rh-sso".equals(accountTheme) || "rh-sso.v2".equals(accountTheme)) {
realm.setAccountTheme("keycloak.v2");
}
}
private void updateEmailTheme(RealmModel realm) {
String emailTheme = realm.getEmailTheme();
if ("rh-sso".equals(emailTheme)) {
realm.setEmailTheme(null);
}
}
private void updateLoginTheme(RealmModel realm) {
String loginTheme = realm.getLoginTheme();
if ("rh-sso".equals(loginTheme)) {
realm.setLoginTheme(null);
}
}
private void updateClientAttributes(RealmModel realm) {
realm.getClientsStream()
.filter(client -> {
String clientLoginTheme = client.getAttribute("login_theme");
return clientLoginTheme != null && clientLoginTheme.equals("rh-sso");
})
.forEach(client -> client.setAttribute("login_theme", null));
}
@Override
public ModelVersion getVersion() {
return VERSION;

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
View file

@ -90,10 +90,12 @@ import static net.bytebuddy.matcher.ElementMatchers.is;
import static org.hamcrest.CoreMatchers.not;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasEntry;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@ -161,7 +163,8 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
RealmRepresentation rep = realm.toRepresentation();
Assert.assertNull("Login theme was not modified", rep.getLoginTheme());
Assert.assertNull("Email theme was not modified", rep.getEmailTheme());
Assert.assertNull("Account theme was not modified", rep.getAccountTheme());
// there should be either new default or left null if not set
assertThat("Account theme was not modified", rep.getAccountTheme(), anyOf(equalTo("keycloak.v2"), nullValue()));
// check the client theme is also removed
List<ClientRepresentation> client = realm.clients().findByClientId("migration-saml-client");
Assert.assertNotNull("migration-saml-client client is missing", client);

56
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport1903MigrationTest.java Normal file
View file

@ -0,0 +1,56 @@
/*
* Copyright 2023 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.migration;
import org.junit.Test;
import org.keycloak.exportimport.util.ImportUtils;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.utils.io.IOUtil;
import org.keycloak.util.JsonSerialization;
import java.io.IOException;
import java.util.List;
import java.util.Map;
/**
* Tests that we can import json file from previous version. MigrationTest only tests DB.
*/
public class JsonFileImport1903MigrationTest extends AbstractJsonFileImportMigrationTest {
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
Map<String, RealmRepresentation> reps = null;
try {
reps = ImportUtils.getRealmsFromStream(JsonSerialization.mapper, IOUtil.class.getResourceAsStream("/migration-test/migration-realm-19.0.3.json"));
masterRep = reps.remove("master");
} catch (IOException e) {
throw new RuntimeException(e);
}
for (RealmRepresentation rep : reps.values()) {
testRealms.add(rep);
}
}
@Test
public void migration19_0_3Test() throws Exception {
checkRealmsImported();
testMigrationTo20_x();
testMigrationTo21_x();
testMigrationTo22_x();
}
}

2
testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-19.0.3.json
View file

@ -5811,7 +5811,7 @@
"clientOfflineSessionIdleTimeout" : "0",
"cibaInterval" : "5"
},
"keycloakVersion" : "17.0.0",
"keycloakVersion" : "19.0.3",
"userManagedAccessAllowed" : false,
"clientProfiles" : {
"profiles" : [ ]