Merge remote-tracking branch 'adorsys/main'

# Conflicts:
#	CHANGELOG.md

.github/workflows/ci.yaml

@@ -40,7 +40,7 @@ jobs:
           - KEYCLOAK_VERSION: 25.0.1
           - KEYCLOAK_VERSION: 26.0.1
     steps:
-      - uses: actions/checkout@v4.2.0
+      - uses: actions/checkout@v4.2.1
         with:
           fetch-depth: 0
 
@@ -50,7 +50,7 @@ jobs:
           distribution: 'temurin'
           java-version: 21
 
-      - uses: actions/cache@v4.0.2
+      - uses: actions/cache@v4.1.1
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }}-${{ hashFiles('**/pom.xml') }}
@@ -81,7 +81,7 @@ jobs:
         run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} ${ADJUSTED_RESTEASY_VERSION} clean verify -Pcoverage ${COMPATIBILITY_PROFILE}
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4.5.0
+        uses: codecov/codecov-action@v4.6.0
         if: github.ref == 'refs/heads/main'
         with:
           file: "${{ github.workspace }}/target/site/jacoco/jacoco.xml"
@@ -139,10 +139,10 @@ jobs:
         uses: docker/setup-qemu-action@v3.2.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.6.1
+        uses: docker/setup-buildx-action@v3.7.1
 
       - name: Build and push
-        uses: docker/build-push-action@v6.7.0
+        uses: docker/build-push-action@v6.9.0
         with:
           build-args: |-
             KEYCLOAK_VERSION=${{ matrix.env.KEYCLOAK_VERSION }}
@@ -177,15 +177,15 @@ jobs:
       matrix:
         java: [17, 21]
     steps:
-      - uses: actions/checkout@v4.2.0
+      - uses: actions/checkout@v4.2.1
 
       - name: Setup java ${{ matrix.java }}
         uses: actions/setup-java@v4.4.0
         with:
           distribution: 'temurin'
           java-version: ${{ matrix.java }}
 
-      - uses: actions/cache@v4.0.2
+      - uses: actions/cache@v4.1.1
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom-${{ hashFiles('**/pom.xml') }}
@@ -214,15 +214,15 @@ jobs:
         env:
           - KEYCLOAK_VERSION: 19.0.3
     steps:
-      - uses: actions/checkout@v4.2.0
+      - uses: actions/checkout@v4.2.1
 
       - name: Setup java
         uses: actions/setup-java@v4.4.0
         with:
           distribution: 'temurin'
           java-version: '21'
 
-      - uses: actions/cache@v4.0.2
+      - uses: actions/cache@v4.1.1
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-keycloak-legacy-${{ hashFiles('**/pom.xml') }}
@@ -244,7 +244,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
-      - uses: actions/checkout@v4.2.0
+      - uses: actions/checkout@v4.2.1
 
       - name: Lint .github/workflows/*.yaml files
         uses: ibiqlik/action-yamllint@v3.1.1
@@ -270,7 +270,7 @@ jobs:
         with:
           python-version: 3.7
 
-      - uses: actions/cache@v4.0.2
+      - uses: actions/cache@v4.1.1
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-chart-testing-action

CHANGELOG.md

@@ -6,26 +6,38 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
-### Added
-
 - Updated CI to use Keycloak 26.0.1
-
 - Added support for User Profile Setting: `unmanagedAttributePolicy`
 
 ### Fixed
+
+- Allow executions of same provider with different configurations in Sub-Auth-Flows
+- Fix enabling a realm clears the value of eventsExpiration
+
+## [6.1.11] - 2024-10-14
+
+- Fix env.JAVA_HOME test failures by ensuring env is set before build
+
+## [6.1.10] - 2024-10-04
+
+
+- Fixed securityContext entries in job template
+
+
+- Added support for User Profile Setting: `unmanagedAttributePolicy`
+
 - Crash after inserting more than 100 roles in realm-management authorization
   [#1090](/adorsys/keycloak-config-cli/issues/1090):
 
 - NPE when using custom policy in AuthorizationPolicy [#1095](/adorsys/keycloak-config-cli/issues/1095):
 
-### Fixed
-
 - Fix Keycloak startup issue with admin-fine-grained-authz feature flag
 
 ## [6.1.7] - 2024-09-30
 
 ## [6.1.6] - 2024-07-26
 
+
 ## [6.1.5] - 2024-06-27
 
 ## [6.1.3] - 2024-06-27

contrib/charts/keycloak-config-cli/templates/job.yaml

@@ -34,7 +34,7 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- with .Values.resources }}
           resources:
-          {{- toYaml . | nindent 10 }}
+          {{- toYaml . | nindent 12 }}
           {{- end }}
           env:
             {{- range $name, $value := .Values.env }}
@@ -55,9 +55,9 @@ spec:
                   name: "{{ tpl .Values.existingSecret . }}"
                   key: "{{ .Values.existingSecretKey }}"
           {{- end }}
-          {{- with .Values.securityContext }}
+          {{- with .Values.containerSecurityContext }}
           securityContext:
-          {{- toYaml . | nindent 10 }}
+          {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
             - name: config
@@ -83,4 +83,4 @@ spec:
       {{- with .Values.securityContext }}
       securityContext:
       {{- toYaml . | nindent 8 }}
-  {{- end }}
+      {{- end }}

mvnw

@@ -130,6 +130,7 @@ fi
 
 if [ -z "$JAVA_HOME" ] ; then
   echo "Warning: JAVA_HOME environment variable is not set."
+  exit 1
 fi
 
 # traverses directory structure from process work directory to filesystem root

pom.xml

@@ -5,7 +5,7 @@
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
         <version>3.2.3</version>
-        <relativePath />
+        <relativePath/>
     </parent>
 
     <groupId>de.adorsys.keycloak</groupId>
@@ -70,24 +70,24 @@
         <git-commit-id-plugin.version>4.9.10</git-commit-id-plugin.version>
         <jackson.version>2.17.2</jackson.version>
         <jacoco.version>0.8.12</jacoco.version>
-        <junit-pioneer.version>2.2.0</junit-pioneer.version>
+        <junit-pioneer.version>2.3.0</junit-pioneer.version>
         <keepachangelog.version>2.1.1</keepachangelog.version>
         <license-plugin.version>2.4.0</license-plugin.version>
-        <logstash-logback-encoder.version>7.4</logstash-logback-encoder.version>
+        <logstash-logback-encoder.version>8.0</logstash-logback-encoder.version>
         <maven-failsafe-plugin.version>3.2.5</maven-failsafe-plugin.version>
         <maven-release-plugin.version>3.1.1</maven-release-plugin.version>
         <maven-replacer.version>1.5.3</maven-replacer.version>
         <maven-scm-plugin.version>2.1.0</maven-scm-plugin.version>
         <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
         <mockserver.version>5.15.0</mockserver.version>
         <pmd-plugin.version>3.25.0</pmd-plugin.version>
-        <pmd.version>7.5.0</pmd.version>
+        <pmd.version>7.6.0</pmd.version>
         <reproducible-build-maven-plugin.version>0.17</reproducible-build-maven-plugin.version>
         <resteasy.version>7.0.0.Alpha2</resteasy.version>
-        <snakeyaml.version>2.2</snakeyaml.version>
+        <snakeyaml.version>2.3</snakeyaml.version>
         <spotbugs-plugin.version>4.8.6.4</spotbugs-plugin.version>
         <spotbugs.version>4.8.6</spotbugs.version>
-        <testcontainers.version>1.20.1</testcontainers.version>
+        <testcontainers.version>1.20.2</testcontainers.version>
         <unboundid-ldapsdk.version>7.0.1</unboundid-ldapsdk.version>
         <wiremock-jre8.version>2.27.2</wiremock-jre8.version>
 
@@ -96,7 +96,7 @@
         <sonar.host.url>https://sonarcloud.io</sonar.host.url>
 
         <release.signTag>true</release.signTag>
-        <release.additionalArguments />
+        <release.additionalArguments/>
 
         <argLine>
             --add-exports=java.base/sun.security.x509=ALL-UNNAMED
@@ -285,6 +285,11 @@
         <finalName>${project.artifactId}</finalName>
         <pluginManagement>
             <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-enforcer-plugin</artifactId>
+                    <version>3.5.0</version>
+                </plugin>
                 <plugin>
                     <artifactId>maven-release-plugin</artifactId>
                     <version>${maven-release-plugin.version}</version>
@@ -380,6 +385,27 @@
         </pluginManagement>
 
         <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>enforce-java-home</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <requireEnvironmentVariable>
+                                    <variableName>JAVA_HOME</variableName>
+                                    <message>JAVA_HOME environment variable must be set!</message>
+                                </requireEnvironmentVariable>
+                            </rules>
+                            <fail>true</fail>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>

src/main/java/de/adorsys/keycloak/config/repository/ExecutionFlowRepository.java

@@ -57,7 +57,8 @@ public List<AuthenticationExecutionInfoRepresentation> getExecutionFlowsByAlias(
             String topLevelFlowAlias,
             AuthenticationExecutionExportRepresentation execution) {
         List<AuthenticationExecutionInfoRepresentation> executions = searchByAlias(
-                realmName, topLevelFlowAlias, execution.getAuthenticator(), execution.getFlowAlias());
+                realmName, topLevelFlowAlias, execution.getAuthenticator(),
+                execution.getFlowAlias(), execution.getAuthenticatorConfig());
 
         if (executions.isEmpty()) {
             String withSubFlow = execution.getFlowAlias() != null
@@ -147,11 +148,18 @@ private List<AuthenticationExecutionInfoRepresentation> searchByAlias(
             String realmName,
             String topLevelFlowAlias,
             String executionProviderId,
-            String subFlowAlias
+            String subFlowAlias,
+            String authenticationConfig
     ) {
         return getExecutionsByAuthFlow(realmName, topLevelFlowAlias)
                 .stream()
                 .filter(f -> Objects.equals(f.getProviderId(), executionProviderId))
+                .filter(f -> {
+                    if (authenticationConfig != null && f.getAlias() != null) {
+                        return Objects.equals(f.getAlias(), authenticationConfig);
+                    }
+                    return true;
+                })
                 .filter(f -> {
                     if (subFlowAlias != null) {
                         return Objects.equals(f.getDisplayName(), subFlowAlias);

src/main/java/de/adorsys/keycloak/config/service/RealmImportService.java

@@ -187,8 +187,11 @@ private void updateRealm(RealmImport realmImport) {
 
         RealmRepresentation realm = CloneUtil.deepClone(realmImport, RealmRepresentation.class, ignoredPropertiesForRealmImport);
 
-        // The state must be loaded before we update realm to prevent
-        // the state erasure by custom attributes from configuration
+        RealmRepresentation existingRealm = realmRepository.get(realmImport.getRealm());
+
+        if (existingRealm.getEventsExpiration() != null) {
+            realm.setEventsExpiration(existingRealm.getEventsExpiration());
+        }
         stateService.loadState(realm);
 
         realmRepository.update(realm);

src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java

@@ -33,6 +33,7 @@
 import java.io.IOException;
 import java.util.List;
 import java.util.Objects;
+import java.util.stream.Collectors;
 
 import static de.adorsys.keycloak.config.test.util.KeycloakRepository.getAuthenticatorConfig;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -798,6 +799,62 @@ void shouldUpdateMultipleExecutionsWithSameAuthenticatorWithConfig() throws IOEx
         assertThat(authConfig.get(0).getConfig(), hasEntry(is("defaultProvider"), is("id4")));
     }
 
+    @Test
+    @Order(33)
+    void shouldCreateMultipleSubFlowExecutionsWithSameAuthenticator() throws IOException {
+        doImport("33_update_realm__add_multiple_subflow_executions_with_same_authenticator.json");
+
+        RealmRepresentation realm = keycloakProvider.getInstance().realm(REALM_NAME).partialExport(true, true);
+
+        AuthenticationFlowRepresentation topLevelFlow = getAuthenticationFlow(realm, "my top level auth flow");
+        assertThat(topLevelFlow.isBuiltIn(), is(false));
+        assertThat(topLevelFlow.isTopLevel(), is(true));
+        assertThat(topLevelFlow.getAuthenticationExecutions().size(), is(1));
+        assertThat(topLevelFlow.getAuthenticationExecutions().get(0).getFlowAlias(), is("my sub auth flow"));
+
+        AuthenticationFlowRepresentation subFlow = getAuthenticationFlow(realm, "my sub auth flow");
+        assertThat(subFlow.isBuiltIn(), is(false));
+        assertThat(subFlow.isTopLevel(), is(false));
+        assertThat(subFlow.getAuthenticationExecutions().size(), is(3));
+
+        List<AuthenticationExecutionExportRepresentation> execution;
+        execution = getExecutionFromFlow(subFlow, "identity-provider-redirector");
+        assertThat(execution, hasSize(2));
+
+        List<AuthenticationExecutionExportRepresentation> executionsId1 = execution.stream()
+          .filter((config) -> config.getAuthenticatorConfig() != null)
+          .filter((config) -> config.getAuthenticatorConfig().equals("config-1"))
+          .collect(Collectors.toList());
+
+        assertThat(executionsId1, hasSize(1));
+        assertThat(executionsId1.get(0).getAuthenticator(), is("identity-provider-redirector"));
+        assertThat(executionsId1.get(0).getAuthenticatorConfig(), is("config-1"));
+        assertThat(executionsId1.get(0).getRequirement(), is("ALTERNATIVE"));
+
+        List<AuthenticationExecutionExportRepresentation> executionsId2 = execution.stream()
+          .filter((config) -> config.getAuthenticatorConfig() != null)
+          .filter((config) -> config.getAuthenticatorConfig().equals("config-2"))
+          .collect(Collectors.toList());
+
+        assertThat(executionsId2, hasSize(1));
+        assertThat(executionsId2.get(0).getAuthenticator(), is("identity-provider-redirector"));
+        assertThat(executionsId2.get(0).getAuthenticatorConfig(), is("config-2"));
+        assertThat(executionsId2.get(0).getRequirement(), is("ALTERNATIVE"));
+
+        assertThat(executionsId2.get(0).getPriority(), greaterThan(executionsId1.get(0).getPriority()));
+
+        List<AuthenticatorConfigRepresentation> authConfig;
+        authConfig = getAuthenticatorConfig(realm, "config-1");
+        assertThat(authConfig, hasSize(1));
+        assertThat(authConfig.get(0).getAlias(), is("config-1"));
+        assertThat(authConfig.get(0).getConfig(), hasEntry(is("defaultProvider"), is("id1")));
+
+        authConfig = getAuthenticatorConfig(realm, "config-2");
+        assertThat(authConfig, hasSize(1));
+        assertThat(authConfig.get(0).getAlias(), is("config-2"));
+        assertThat(authConfig.get(0).getConfig(), hasEntry(is("defaultProvider"), is("id2")));
+    }
+
     @Test
     @Order(40)
     void shouldFailWhenTryingToUpdateBuiltInFlow() throws IOException {

src/test/java/de/adorsys/keycloak/config/service/ImportSimpleRealmIT.java

@@ -302,4 +302,17 @@ void shouldNotUpdateSimpleRealmWithInvalidSyntax() {
 
         assertThat(thrown.getMessage(), matchesPattern("(?s)^Unable to parse file 'file:.+/import-files/simple-realm/81_invalid_json.json': while parsing a flow mapping.+"));
     }
+    @Test
+    @Order(83)
+    void shouldPreserveEventsExpirationWhenUpdatingRealm() throws Exception {
+        doImport("08.3_update_simple-realm_with_events-expiration.json");
+
+        RealmRepresentation realm = keycloakProvider.getInstance().realm(REALM_NAME).toRepresentation();
+        assertThat(realm.getEventsExpiration(), is(3600L));
+
+        doImport("08.4_update_simple-realm_without_events-expiration.json");
+
+        realm = keycloakProvider.getInstance().realm(REALM_NAME).toRepresentation();
+        assertThat(realm.getEventsExpiration(), is(3600L));
+    }
 }