Commit graph

147 commits

Author SHA1 Message Date
Jon Koops
a2eb619e0e
Include Account Console version 3 as a theme (#19641) 2023-04-13 09:41:40 -04:00
mposolda
863d28e232 Promote FIPS 140-2 to supported in Keycloak 22
closes #17234
2023-04-12 15:29:54 +02:00
Pedro Igor
83676bf927 Extract JUnit5 support in the distributoin testsuite to a separate module
Closes #19552
2023-04-11 10:48:56 +02:00
Sebastian Schuster
1c9992fdae
Removed lots of unnecessary quotes and allowed passing quoted argument values
Closes #16189
Closes #16319
2023-04-04 11:53:47 -03:00
Pedro Igor
d857ea8ec2 Removing custom classloader and allow loading drivers at runtime
Closes #13205

Co-authored-by: Brett Lounsbury <brett.lounsbury@nasdaq.com>
2023-03-31 18:05:55 +02:00
Pedro Igor
cda0c9dce0 Avoid initing the profile multiple times during re-augmentation
Closes keycloak#19324
2023-03-27 14:39:48 -03:00
Alexander Schwartz
251f6151e8 Rework the Import SPI to be configurable via the Config API
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
2023-03-24 15:28:55 -03:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA
Closes #14734
2023-03-21 08:21:11 +01:00
Pedro Igor
af475ffe23 Fixing classloading issue due to the curated application being eagerly closed 2023-03-13 09:34:49 +01:00
vramik
31e4c5cb7e Add storage-jpa-db property into Quarkus. Distinguish postgres and crdb for jpa map store.
Closes #17305
2023-03-09 11:09:56 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Pedro Igor
2b98fcdecb Support for standard Forwarded header
Closes #11580
2023-02-22 19:28:04 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview (#17228)
* Polish fips-mode switch for preview
Closes #17208 #17210 


Co-authored-by: mposolda <mposolda@gmail.com>
2023-02-22 12:12:52 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode
Closes #17119
2023-02-16 08:00:21 -03:00
Pedro Igor
3be2775f9e Do not enable storage chm by default if db option is set 2023-02-16 08:30:45 +01:00
Alex Szczuczko
6319b462c7 Upgrade to ubi9 parent image
This PR switches the Quarkus Dockerfile to use `ubi9` parent images instead of `ubi8` ones.

ubi-null.sh has some minor changes to handle differences in RHEL 9. It's also been renamed.

Closes #17057
2023-02-14 09:46:58 +01:00
Václav Muzikář
a266cdcba9 Fix bug, add tests 2023-02-13 17:09:36 -03:00
Pedro Igor
2059ffb219 Make sure the distribution is using FIPS providers
Closes #12428
2023-02-10 17:26:55 +01:00
Pedro Igor
22e256149c Make it possible to run the embedded distribution in FIPS mode
Closes keycloak#16962
2023-02-09 16:14:01 -03:00
Alex Szczuczko
610e3044ad Minimize the RPM content of the Quarkus container
Even though we use `ubi8-minimal` as the parent of our container, it
still has many RPMs installed that aren't necessary to run the Keycloak
server. Also, since the JDK RPM (that we install on top of
`ubi8-minimal`) is designed for general use, it pulls in more dependency
RPMs than it strictly needs to, like cups and avahi. Keycloak will never
need to access a printer itself!

Trimming down these excess RPMs will improve our CVE statistics with
automated scanners, and therefore let us perform fewer CVE rebuilds.

`ubi8-null.sh` uses the low-level `rpm` command to identify and forcibly
remove dependencies and operating system files that are not required to
boot our Quarkus-based server. This includes `microdnf` and `rpm`
itself! I have preserved bash however, so it's still possible to debug
the container from a shell.

I've created an initial set of allow/disallow lists, that seems to pass
a smoke test (server boots, admin console works). This leaves 37
packages installed, with 96 removed relative to `ubi8-minimal`. We could
go more minimal than this, or less minimal if required. Trial and error
is required.

Closes #16902
2023-02-09 11:20:09 +01:00
vramik
fc9e9e6fda Add support for file store configuration into Quarkus
Closes #16821
2023-02-08 14:49:53 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861)
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00
Pedro Igor
263e86e434 Support paths without a beginning slash when setting the root path
Closes #16002
2023-02-02 17:41:22 +01:00
Pedro Igor
b5fb528508 Do not enable caching metrics by default and provide a guide
Closes #16751
2023-02-01 18:55:43 +01:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS
closes #14966
2023-01-25 18:38:46 +01:00
Sebastian Schuster
54c34dc75b 15901 enabled Infinispan metrics 2023-01-25 04:26:35 -08:00
Pedro Igor
33cb1ad7cd Support runnning tests using an embedded distribution
Closes #16420
2023-01-13 12:03:36 -08:00
Pedro Igor
4d2f86202d Remove Hashicorp Support
Closes #9144
2023-01-13 15:52:19 +01:00
Pedro Igor
6ac65f62d7 tests 2023-01-12 12:19:40 -08:00
Pedro Igor
522bf1c0b0 Keep consistency when importing realms at startup when they are exported via the export command
Closes #16281

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-01-06 18:53:01 +01:00
Alexander Schwartz
0fee33bb95 Normalize JVM heap usage in tests and handle OOM situations
Closes #16089
2022-12-20 13:26:07 +01:00
Alexander Schwartz
1d758fac2b
Adding CRDB into GHA for the new store (#16021)
The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds.

Closes #16020
2022-12-17 08:50:21 +01:00
Pedro Igor
f32e012c11 Make it possible to set a custom user and cache providers when using legacy store
Closes #15008
2022-12-15 16:56:20 +01:00
Pedro Igor
d27a5d5b42
Do not execute test methods before HTTPS listener is not ready (#15984)
Closes #15904
2022-12-14 07:47:43 +01:00
Pedro Igor
0c4ac62a5f Disabling strict https if hostname is diasabled
Closes #15287
2022-12-12 09:10:39 -08:00
Pedro Igor
a861d633e2 Resolving dns names used from tests from local host file
Closes #15904
2022-12-12 02:35:59 -08:00
Pedro Igor
1673906a54 Improving quarkus testsuite execution time
Closes #13544
2022-12-05 15:06:36 +01:00
Sebastian Schuster
3c6e2c3c1e 15234 switch to micrometer metrics 2022-12-05 08:11:35 -03:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Peter Zaoral
13fcb9ca34 Unstable CustomJpaUserProviderDistTest on Windows
* remove the starting slash from file URI

Closes #15371

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-11-14 17:24:03 +01:00
stianst
1de9c201c6 Refactor Profile
Closes #15206
2022-11-07 07:28:11 -03:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697)
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677)
Closes #13334
2022-10-13 09:26:44 +02:00
Stian Thorgersen
fda26385ec
Add profile feature for hosting keycloak.js on the server (#14771)
* Add profile feature for hosting keycloak.js on the server

Closes #14770

* Updated txt files for HelpCommandTest
2022-10-10 08:00:50 +02:00
Pedro Igor
cff5cfb6df Avoid including user managed entities into the default PU
Closes #12442
2022-09-23 18:01:43 +02:00
Pedro Igor
00e4c3567a Make it possible to switch between BC and BC-FIPS libraries
Closes #12424
2022-09-23 07:50:02 -03:00
Pedro Igor
54c1f1b85a Upgrade Quarkus 2.12.2
Closes #14408
2022-09-14 15:36:50 -03:00
Thomas Darimont
962a685b7b KEYCLOAK-15773 Control availability of admin api and admin-console via feature flags
Inline profile checks for enabled admin-console to avoid issues during
static initialization with quarkus.

Potentially Re-enable admin-api feature if admin-console is enabled
via the admin/admin2 feature flag.

Add legacy admin console as deprecated feature flag
Throw exception if admin-api feature is disabled but admin-console is enabled

Adapt ProfileTest

Consider adminConsoleEnabled flag in QuarkusWelcomeResource
Fix check for Admin-Console / Admin-API feature dependency.

Add new features to approved help output files

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2022-09-09 18:18:51 -03:00
Pedro Igor
ced18f2722 Requests to health endpoint still dispatched to worker threads when http-relative-path is set
Closes #14011
2022-08-31 12:42:41 +02:00
Pedro Igor
127569ed2f
Upgrade to Quarkus 2.12.0.Final (#14006)
Closes #14003
2022-08-30 16:48:20 +02:00