Commit graph

491 commits

Author SHA1 Message Date
vramik
31e4c5cb7e Add storage-jpa-db property into Quarkus. Distinguish postgres and crdb for jpa map store.
Closes #17305
2023-03-09 11:09:56 +01:00
mposolda
bc0e2d04b7 Make Keycloak container working on FIPS environment - adding sqlite-libs package back to the dist
closes #17253
2023-03-09 10:38:26 +01:00
Alexander Schwartz
4cf5c11020 Fix start-dev mode on Windows by avoiding backslashes escaping expressions
Closes #17413
2023-03-07 10:38:43 -03:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers
Also, adding the wiring to support Model tests for the export.

Closes #13613
2023-03-07 08:22:12 +01:00
Jon Koops
6d2e57f93a
Move Keycloak JS into the NPM workspace (#17401) 2023-03-03 13:56:53 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
hanouard
4a96afb374
Removing nonexistent path '../lib/bootstrap/*' from the classpath (#15914)
Closes #15911
2023-03-01 16:14:19 -03:00
Alexander Schwartz
42f66f2c6f Avoid recording metrics for http server endpoints while they contain resource IDs
Closes #17281
2023-03-01 09:58:30 +01:00
Pedro Igor
9874da150e Avoid resolving expressions twice but rely on MP config expression support
Closes #16573
2023-03-01 09:22:27 +01:00
Joerg Matysiak
8a2d645dd4 Avoid internal server error when root path and non-appliation root path are both set and the wrong metrics/health endpoint is called.
Fixes #17166

Avoid internal server error when root path and non-appliation root path are both set and the wrong metrics/health endpoint is called.

Fixes #17166
2023-02-27 11:14:10 -03:00
Pedro Igor
2b98fcdecb Support for standard Forwarded header
Closes #11580
2023-02-22 19:28:04 +01:00
rmartinc
f91ac2970d
Polish fips-mode switch for preview (#17228)
* Polish fips-mode switch for preview
Closes #17208 #17210 


Co-authored-by: mposolda <mposolda@gmail.com>
2023-02-22 12:12:52 +01:00
mposolda
4f068fcdcc Make https-trust-store-type set to bcfks by default in strict-mode
Closes #17119
2023-02-16 08:00:21 -03:00
Alexander Schwartz
e76418e3de Removing unused code, as JPA Map storage always uses JTA nowadays
Closes #13222
2023-02-16 11:08:37 +01:00
Alexander Schwartz
febe134d5b Make the event listeners specific to the persistence unit
Closes #13219
2023-02-16 11:08:15 +01:00
Pedro Igor
3be2775f9e Do not enable storage chm by default if db option is set 2023-02-16 08:30:45 +01:00
rmartinc
fbc9177f27 Doublecheck if we need to override properties in java.security
Closes https://github.com/keycloak/keycloak/issues/16702
2023-02-15 12:33:48 +01:00
Michal Hajas
1f929c78af Make lockTimeout more friendly for JPA map storage
Closes #16616
2023-02-15 10:38:18 +01:00
Alex Szczuczko
6319b462c7 Upgrade to ubi9 parent image
This PR switches the Quarkus Dockerfile to use `ubi9` parent images instead of `ubi8` ones.

ubi-null.sh has some minor changes to handle differences in RHEL 9. It's also been renamed.

Closes #17057
2023-02-14 09:46:58 +01:00
Václav Muzikář
a266cdcba9 Fix bug, add tests 2023-02-13 17:09:36 -03:00
Václav Muzikář
a57821ed80 Fix JDK 17 InaccessibleObjectException with infinispan 2023-02-13 17:09:36 -03:00
Pedro Igor
2059ffb219 Make sure the distribution is using FIPS providers
Closes #12428
2023-02-10 17:26:55 +01:00
Pedro Igor
22e256149c Make it possible to run the embedded distribution in FIPS mode
Closes keycloak#16962
2023-02-09 16:14:01 -03:00
Alex Szczuczko
610e3044ad Minimize the RPM content of the Quarkus container
Even though we use `ubi8-minimal` as the parent of our container, it
still has many RPMs installed that aren't necessary to run the Keycloak
server. Also, since the JDK RPM (that we install on top of
`ubi8-minimal`) is designed for general use, it pulls in more dependency
RPMs than it strictly needs to, like cups and avahi. Keycloak will never
need to access a printer itself!

Trimming down these excess RPMs will improve our CVE statistics with
automated scanners, and therefore let us perform fewer CVE rebuilds.

`ubi8-null.sh` uses the low-level `rpm` command to identify and forcibly
remove dependencies and operating system files that are not required to
boot our Quarkus-based server. This includes `microdnf` and `rpm`
itself! I have preserved bash however, so it's still possible to debug
the container from a shell.

I've created an initial set of allow/disallow lists, that seems to pass
a smoke test (server boots, admin console works). This leaves 37
packages installed, with 96 removed relative to `ubi8-minimal`. We could
go more minimal than this, or less minimal if required. Trial and error
is required.

Closes #16902
2023-02-09 11:20:09 +01:00
vramik
fc9e9e6fda Add support for file store configuration into Quarkus
Closes #16821
2023-02-08 14:49:53 +01:00
Stian Thorgersen
4782a85166
Remove old admin console feature (#16861)
* Remove old admin console feature

Closes #16860

* Update help txt files for Quarkus tests
2023-02-07 12:59:35 +01:00
Pedro Igor
263e86e434 Support paths without a beginning slash when setting the root path
Closes #16002
2023-02-02 17:41:22 +01:00
Pedro Igor
b5fb528508 Do not enable caching metrics by default and provide a guide
Closes #16751
2023-02-01 18:55:43 +01:00
Alexander Schwartz
c6aba2e3de Make LockAcquiringTimeoutException a RuntimeException
Closes #16690
2023-01-31 08:21:32 +01:00
Alexander Schwartz
7933f0489d Align startup of Quarkus with the regular startup to ensure boostrap locks are created.
Also fixing an issue where DBLockGlobalLockProviderFactory held on to an old session, which lead to a closed DB connection on Quarkus.

Closes #16642
2023-01-30 12:59:40 +01:00
mposolda
a804400c84 Added KERBEROS feature. Disable it when running tests on FIPS
closes #14966
2023-01-25 18:38:46 +01:00
Sebastian Schuster
54c34dc75b 15901 enabled Infinispan metrics 2023-01-25 04:26:35 -08:00
Stian Thorgersen
8d05895adb
Move Admin REST extension to main repository (#16530)
Closes #16529
2023-01-19 13:06:21 +01:00
Pedro Igor
33cb1ad7cd Support runnning tests using an embedded distribution
Closes #16420
2023-01-13 12:03:36 -08:00
Pedro Igor
4d2f86202d Remove Hashicorp Support
Closes #9144
2023-01-13 15:52:19 +01:00
Pedro Igor
6ac65f62d7 tests 2023-01-12 12:19:40 -08:00
Dominik Guhr
7398d7e1ed initial impl of running export/import without serving 2023-01-12 12:19:40 -08:00
Pedro Igor
522bf1c0b0 Keep consistency when importing realms at startup when they are exported via the export command
Closes #16281

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-01-06 18:53:01 +01:00
Michal Hajas
6566b58be1 Introduce Infinispan GlobalLock implementation
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41 Move transaction processing into session close
Fixes: #15223
2023-01-05 16:12:32 +01:00
Martin Kanis
c0e103dc95 Replace old HotRod index annotation with new one 2022-12-21 12:50:08 +01:00
mposolda
36bd76957d Make Keycloak FIPS working with OpenJDK 17 on FIPS enabled RHEL
Closes #15721
2022-12-20 21:03:55 +01:00
Alexander Schwartz
0fee33bb95 Normalize JVM heap usage in tests and handle OOM situations
Closes #16089
2022-12-20 13:26:07 +01:00
Alexander Schwartz
1d758fac2b
Adding CRDB into GHA for the new store (#16021)
The CockroachDB database is slower than PostgreSQL, therefore it will only run branches and nightly builds.

Closes #16020
2022-12-17 08:50:21 +01:00
Pedro Igor
4d00da2df7 Use git checkout to rever changes
Closes #15644
2022-12-15 13:46:48 -08:00
Pedro Igor
f32e012c11 Make it possible to set a custom user and cache providers when using legacy store
Closes #15008
2022-12-15 16:56:20 +01:00
Martin Bartoš
445e953501 Java 17 support not given
Fixes #15916
2022-12-14 11:59:50 -08:00
Stian Thorgersen
a5670af745
Keycloak CI workflow refactoring (#15968)
* Keycloak CI workflow refactoring

Closes #15861

* Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>

* Update CodeQL actions

Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2022-12-14 16:12:23 +01:00
Pedro Igor
d27a5d5b42
Do not execute test methods before HTTPS listener is not ready (#15984)
Closes #15904
2022-12-14 07:47:43 +01:00
Pedro Igor
0c4ac62a5f Disabling strict https if hostname is diasabled
Closes #15287
2022-12-12 09:10:39 -08:00
Pedro Igor
a861d633e2 Resolving dns names used from tests from local host file
Closes #15904
2022-12-12 02:35:59 -08:00
Alexander Schwartz
e4804de9e3 Changing Quarkus transaction handling for JPA map storage to JTA
This has been recommended as the supported way of transaction handling by the Quarkus team.
Adding handling of exceptions thrown when committing JTA.
Re-adding handling of exceptions when interacting with the entity manager, plus wrapping access to queries to map exceptions during auto-flushing.

Closes #13222
2022-12-09 10:07:05 -03:00
Peter Zaoral
1073a342cf Cleanup dependencies and align with Quarkus
* aligned parent POM dependency versions with the Quarkus BOM

Closes #15325

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-12-09 09:10:30 -03:00
Pedro Igor
1673906a54 Improving quarkus testsuite execution time
Closes #13544
2022-12-05 15:06:36 +01:00
Sebastian Schuster
3c6e2c3c1e 15234 switch to micrometer metrics 2022-12-05 08:11:35 -03:00
Pedro Igor
168734b817 Removing references to request and response from Resteasy
Closes #15374
2022-12-01 08:38:24 -03:00
Stefan Guilhen
55b2162421 Create map-file module with empty implementations
Closes #15706
2022-11-29 12:58:55 +01:00
Pedro Igor
17bf092da6 Keycloak wrongly assumes that the default datasource is the first one
Closes #15608
2022-11-25 16:32:47 +01:00
Bruno Oliveira da Silva
c31ad8424c
Update to Quarkus 2.14.1.Final (#15601) 2022-11-23 16:00:52 +01:00
Martin Kanis
8478b01758 Stop reindexing indexes on new version 2022-11-23 10:57:28 +01:00
Michal Hajas
6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider
Closes #9388
2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Stefan Guilhen
bc014d3e69 Upgrade Liquibase to version 4.16.1
* aligns with version used in quarkus

Closes #15089
2022-11-16 13:14:23 +01:00
Peter Zaoral
13fcb9ca34 Unstable CustomJpaUserProviderDistTest on Windows
* remove the starting slash from file URI

Closes #15371

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-11-14 17:24:03 +01:00
Fouad Almalki
316479f3f5
Fix classpath separator for windows startup script (#15300)
Closes #15281

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-11-07 15:08:11 +01:00
stianst
1de9c201c6 Refactor Profile
Closes #15206
2022-11-07 07:28:11 -03:00
Alexander Schwartz
1b7ae48dcb Use RESOURCE_LOCAL transactions for JPA map storage
Closes #15248
2022-11-01 16:43:46 -03:00
Pedro Igor
f6985949b6
Close the session within resteasy boundaries (#15193)
Closes #15192
2022-11-01 11:06:34 +01:00
Bruno Oliveira da Silva
ec73533895 Upgrade to Quarkus 2.13.3
Resolves #15032
Resolves #14785
Resolves #14833
2022-10-24 12:40:24 -03:00
Alexander Schwartz
1059b3a837
Log errors when welcome page can't be shown on Quarkus (#14995)
Closes #14994
2022-10-21 07:38:33 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697)
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
Marek Posolda
0756ef9a75
Initial integration tests with BCFIPS distribution (#14895)
Closes #14886
2022-10-17 23:33:22 +02:00
Bruno Oliveira da Silva
90369f7540
Upgrade to latest Quarkus 2.13.2 (#14834)
Upgrade to latest Quarkus 2.13.2

Resolves #14817
2022-10-17 12:05:35 +02:00
Alexander Schwartz
97c4495c4f Updating H2 database to 2.x
Closes #12607

Co-authored-by: Stian Thorgersen <stian@redhat.com>
2022-10-14 11:52:34 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677)
Closes #13334
2022-10-13 09:26:44 +02:00
Stian Thorgersen
fda26385ec
Add profile feature for hosting keycloak.js on the server (#14771)
* Add profile feature for hosting keycloak.js on the server

Closes #14770

* Updated txt files for HelpCommandTest
2022-10-10 08:00:50 +02:00
Pedro Igor
cff5cfb6df Avoid including user managed entities into the default PU
Closes #12442
2022-09-23 18:01:43 +02:00
Pedro Igor
00e4c3567a Make it possible to switch between BC and BC-FIPS libraries
Closes #12424
2022-09-23 07:50:02 -03:00
Pedro Igor
54c1f1b85a Upgrade Quarkus 2.12.2
Closes #14408
2022-09-14 15:36:50 -03:00
Thomas Darimont
962a685b7b KEYCLOAK-15773 Control availability of admin api and admin-console via feature flags
Inline profile checks for enabled admin-console to avoid issues during
static initialization with quarkus.

Potentially Re-enable admin-api feature if admin-console is enabled
via the admin/admin2 feature flag.

Add legacy admin console as deprecated feature flag
Throw exception if admin-api feature is disabled but admin-console is enabled

Adapt ProfileTest

Consider adminConsoleEnabled flag in QuarkusWelcomeResource
Fix check for Admin-Console / Admin-API feature dependency.

Add new features to approved help output files

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2022-09-09 18:18:51 -03:00
Marek Posolda
040e52cfd7
SAML javascript protocol mapper: disable uploading scripts through admin console by default (#14293)
Closes #14292
2022-09-09 13:47:51 +02:00
Pedro Igor
ced18f2722 Requests to health endpoint still dispatched to worker threads when http-relative-path is set
Closes #14011
2022-08-31 12:42:41 +02:00
Pedro Igor
127569ed2f
Upgrade to Quarkus 2.12.0.Final (#14006)
Closes #14003
2022-08-30 16:48:20 +02:00
Knut Sander
d5b3fb98d1 replace backtick in kc.sh by $() 2022-08-30 08:38:52 -03:00
Knut Sander
2cbbde499b fix kc.sh to work with cygwin environments 2022-08-30 08:38:52 -03:00
Stian Thorgersen
aeba5e9f4b
Add FreeMarkerProvider to prevent multiple instances of FreeMarker templates (#14062)
* Add FreeMarkerProvider to prevent multiple instances of FreeMarker templates

Closes #19185
2022-08-29 08:42:53 -03:00
Pedro Igor
52aad0bbdc Allow setting a URL to configure frontend and admin URLs
Closes #13524

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-25 23:03:09 -03:00
Erik Jan de Wit
e7a3e4b601
Revert "removing admin ui excludes (#13752)" (#13958)
This reverts commit 15b258bf26.

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2022-08-25 14:43:58 +02:00
Pedro Igor
2b9a0bff51
Do not run build when executing import and export commands (#13942)
Closes #13940
2022-08-25 13:43:18 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910)
Closes #12306
2022-08-25 13:09:34 +02:00
Dominik Guhr
a76b597b35 Remove unused ALL_OPTIONS pattern from options.
Closes #13850
Closes #13947
2022-08-24 17:12:11 -03:00
Pedro Igor
2a2ada9575
Improve how expected values are set to options (#13842)
Closes #13841
2022-08-19 14:55:01 +02:00
Pedro Igor
5f2191813a
Remove unnecessary code paths during startup (#13848)
Closes #13847
2022-08-19 14:54:11 +02:00
Alexander Schwartz
bd926b8fd0 Remove warning from StoragePropertyMappers about the deployment state version seed
It duplicates the logic in the provider and is incomplete. A follow-up issue will investigate how a provider can defer a configuration option.

Closes #13807
2022-08-17 13:55:05 -03:00
Erik Jan de Wit
15b258bf26
removing admin ui excludes (#13752)
fixes: #13751
2022-08-17 07:18:27 -04:00
Pedro Igor
e3af0610e2 Support running base testsuite on Windows
Closes #12648

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2022-08-10 20:03:53 -03:00
Michal Hajas
ec808d28bb Remove possibility to start embedded HotRod server in hotrod-map module
Closes #13247
2022-08-05 21:08:38 +02:00
Pedro Igor
f7d258f333 IDELauncher not recognizing CLI options at runtime
Closes #13517
2022-08-04 09:55:19 -03:00
Pedro Igor
333a4c900f Revert changes that block themes being loaded from custom providers
Closes #13401
2022-08-04 13:34:12 +02:00
Pedro Igor
0d3ca438ed Aligning kc.bat with latest changes to kc.sh
Closes #11185
Closes #13472
2022-08-03 13:05:07 +02:00