Commit graph

124 commits

Author SHA1 Message Date
Pedro Igor
2059ffb219 Make sure the distribution is using FIPS providers
Closes #12428
2023-02-10 17:26:55 +01:00
Pedro Igor
22e256149c Make it possible to run the embedded distribution in FIPS mode
Closes keycloak#16962
2023-02-09 16:14:01 -03:00
Alex Szczuczko
610e3044ad Minimize the RPM content of the Quarkus container
Even though we use `ubi8-minimal` as the parent of our container, it
still has many RPMs installed that aren't necessary to run the Keycloak
server. Also, since the JDK RPM (that we install on top of
`ubi8-minimal`) is designed for general use, it pulls in more dependency
RPMs than it strictly needs to, like cups and avahi. Keycloak will never
need to access a printer itself!

Trimming down these excess RPMs will improve our CVE statistics with
automated scanners, and therefore let us perform fewer CVE rebuilds.

`ubi8-null.sh` uses the low-level `rpm` command to identify and forcibly
remove dependencies and operating system files that are not required to
boot our Quarkus-based server. This includes `microdnf` and `rpm`
itself! I have preserved bash however, so it's still possible to debug
the container from a shell.

I've created an initial set of allow/disallow lists, that seems to pass
a smoke test (server boots, admin console works). This leaves 37
packages installed, with 96 removed relative to `ubi8-minimal`. We could
go more minimal than this, or less minimal if required. Trial and error
is required.

Closes #16902
2023-02-09 11:20:09 +01:00
vramik
fc9e9e6fda Add support for file store configuration into Quarkus
Closes #16821
2023-02-08 14:49:53 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861)
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00
Pedro Igor
263e86e434 Support paths without a beginning slash when setting the root path
Closes #16002
2023-02-02 17:41:22 +01:00
Pedro Igor
b5fb528508 Do not enable caching metrics by default and provide a guide
Closes #16751
2023-02-01 18:55:43 +01:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS
closes #14966
2023-01-25 18:38:46 +01:00
Sebastian Schuster
54c34dc75b 15901 enabled Infinispan metrics 2023-01-25 04:26:35 -08:00
Pedro Igor
33cb1ad7cd Support runnning tests using an embedded distribution
Closes #16420
2023-01-13 12:03:36 -08:00
Pedro Igor
4d2f86202d Remove Hashicorp Support
Closes #9144
2023-01-13 15:52:19 +01:00
Pedro Igor
6ac65f62d7 tests 2023-01-12 12:19:40 -08:00
Pedro Igor
522bf1c0b0 Keep consistency when importing realms at startup when they are exported via the export command
Closes #16281

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-01-06 18:53:01 +01:00
Pedro Igor
f32e012c11 Make it possible to set a custom user and cache providers when using legacy store
Closes #15008
2022-12-15 16:56:20 +01:00
Pedro Igor
d27a5d5b42
Do not execute test methods before HTTPS listener is not ready (#15984)
Closes #15904
2022-12-14 07:47:43 +01:00
Pedro Igor
0c4ac62a5f Disabling strict https if hostname is diasabled
Closes #15287
2022-12-12 09:10:39 -08:00
Pedro Igor
a861d633e2 Resolving dns names used from tests from local host file
Closes #15904
2022-12-12 02:35:59 -08:00
Pedro Igor
1673906a54 Improving quarkus testsuite execution time
Closes #13544
2022-12-05 15:06:36 +01:00
Sebastian Schuster
3c6e2c3c1e 15234 switch to micrometer metrics 2022-12-05 08:11:35 -03:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Peter Zaoral
13fcb9ca34 Unstable CustomJpaUserProviderDistTest on Windows
* remove the starting slash from file URI

Closes #15371

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-11-14 17:24:03 +01:00
stianst
1de9c201c6 Refactor Profile
Closes #15206
2022-11-07 07:28:11 -03:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697)
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677)
Closes #13334
2022-10-13 09:26:44 +02:00
Stian Thorgersen
fda26385ec
Add profile feature for hosting keycloak.js on the server (#14771)
* Add profile feature for hosting keycloak.js on the server

Closes #14770

* Updated txt files for HelpCommandTest
2022-10-10 08:00:50 +02:00
Pedro Igor
cff5cfb6df Avoid including user managed entities into the default PU
Closes #12442
2022-09-23 18:01:43 +02:00
Pedro Igor
00e4c3567a Make it possible to switch between BC and BC-FIPS libraries
Closes #12424
2022-09-23 07:50:02 -03:00
Pedro Igor
54c1f1b85a Upgrade Quarkus 2.12.2
Closes #14408
2022-09-14 15:36:50 -03:00
Thomas Darimont
962a685b7b KEYCLOAK-15773 Control availability of admin api and admin-console via feature flags
Inline profile checks for enabled admin-console to avoid issues during
static initialization with quarkus.

Potentially Re-enable admin-api feature if admin-console is enabled
via the admin/admin2 feature flag.

Add legacy admin console as deprecated feature flag
Throw exception if admin-api feature is disabled but admin-console is enabled

Adapt ProfileTest

Consider adminConsoleEnabled flag in QuarkusWelcomeResource
Fix check for Admin-Console / Admin-API feature dependency.

Add new features to approved help output files

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2022-09-09 18:18:51 -03:00
Pedro Igor
ced18f2722 Requests to health endpoint still dispatched to worker threads when http-relative-path is set
Closes #14011
2022-08-31 12:42:41 +02:00
Pedro Igor
127569ed2f
Upgrade to Quarkus 2.12.0.Final (#14006)
Closes #14003
2022-08-30 16:48:20 +02:00
Pedro Igor
52aad0bbdc Allow setting a URL to configure frontend and admin URLs
Closes #13524

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-25 23:03:09 -03:00
Pedro Igor
2b9a0bff51
Do not run build when executing import and export commands (#13942)
Closes #13940
2022-08-25 13:43:18 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910)
Closes #12306
2022-08-25 13:09:34 +02:00
Pedro Igor
2a2ada9575
Improve how expected values are set to options (#13842)
Closes #13841
2022-08-19 14:55:01 +02:00
Pedro Igor
0d3ca438ed Aligning kc.bat with latest changes to kc.sh
Closes #11185
Closes #13472
2022-08-03 13:05:07 +02:00
Dominik Guhr
43afcf11ac add gelf log level option
also aligns writing in logging.adoc to always use GELF instead of gelf/Gelf in plain text.

Closes #13397
2022-08-01 12:28:47 -03:00
Dominik Guhr
10e3c797a3 Only show non-hidden options in --help-all for options where supportlevel is not SUPPORTED
Closes #13385
2022-08-01 10:03:28 -03:00
Dominik Guhr
059a132476 Fixes the regression in 19 for MariaDB, MySQL and other DBs
databases that are not using an official liquibase type in Database.java could not be seeded anymore because

the liquibase types we use in model-jpa were not indexed and loaded during the build anymore.

Introduces highly needed tests for other databases than postgres, because postgres has an official liquibase databasetype in its list

in database.java and as such differs from nearly all other vendors.

Closes #13389
2022-07-28 20:40:51 +02:00
Alexander Schwartz
8470a30446 Introduce CLI parameter to set the deployment state version seed
Closes #12710
2022-07-27 20:10:17 +02:00
Alexander Schwartz
7f355b43f8 Add prefix to the area Map storage options for Quarkus
Closes #13355
2022-07-27 11:00:25 +02:00
Stian Thorgersen
ae33af92d9
Promote new admin console to default (#13243)
Closes #13242
2022-07-27 10:13:49 +02:00
Alexander Schwartz
67e2f342a9 Allow Quarkus configuration to mix different storage providers
Closes #13312
2022-07-26 21:56:16 +02:00
Michal Hajas
3589778a10 Add possibility to configure HotRod storage in Quarkus distribution
Closes #12617
2022-07-26 14:13:39 +02:00
Dominik Guhr
878e3e0cbc
change --help to only show "supported" options (#13304)
* Unsupported options only shown when using help-all
* reworked impl based on comment in #13284
* Also fixes minor things of #13284 as unused imports

Closes #13283

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2022-07-25 19:34:10 +02:00
Dominik Guhr
9bb1299d89 change optimised to optimized
also: fix kc.bat to not use autobuild in devmode anymore, fix containers.adoc to not use auto_build naming, fix build command cli help as it is not required anymore to run it beforehand.
2022-07-22 10:29:07 -03:00
Pedro Igor
e14bd51656 Properly enable/disable metrics and health endpoints
Closes #11506

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-07-22 09:41:29 -03:00
nchopra
4fd3049c85 [12826] Configuring Postgres and MariaDb version 2022-07-20 11:31:59 -03:00
Dominik Guhr
b563028f42 Rename Cluster to Cache in cli help and rename classes to refer to caching
Should be merged after the changes to auto-build are in to avoid more merge conflicts

Closes #13124
2022-07-19 08:17:39 -03:00
Pedro Igor
89028613d8 Introducing --optimise option
Closes #10737
2022-07-15 15:12:17 -03:00