-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keycloak 25.0.1 #1052
Keycloak 25.0.1 #1052
Changes from all commits
b10ee2c
0e92a7c
b4d95bf
45122d9
e1e2e0e
391f091
46ca616
03d901b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
# Used in docker-compose | ||
# shellcheck disable=SC2034 | ||
KEYCLOAK_VERSION=24.0.5 | ||
KEYCLOAK_VERSION=25.0.1 |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -182,12 +182,24 @@ public void createAuthorizationResource(String realmName, String id, ResourceRep | |
|
||
public void updateAuthorizationResource(String realmName, String id, ResourceRepresentation resource) { | ||
ClientResource clientResource = getResourceById(realmName, id); | ||
clientResource.authorization().resources().resource(resource.getId()).update(resource); | ||
String resourceId = getResourceId(clientResource, resource.getName()); | ||
clientResource.authorization().resources().resource(resourceId).update(resource); | ||
} | ||
|
||
public void removeAuthorizationResource(String realmName, String id, String resourceId) { | ||
public void removeAuthorizationResource(String realmName, String id, String resourceName) { | ||
ClientResource clientResource = getResourceById(realmName, id); | ||
clientResource.authorization().resources().resource(resourceId).remove(); | ||
String resourceId = getResourceId(clientResource, resourceName); | ||
if (resourceId != null) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No warning, error or log when the resourceId was not found? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In my opinion idempotency requires not existing entries not to throw errors when they get deleted. I am not sure if this needs a debug log or not but it doesn't need a warn log. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Everytime there is an error with keycloak-config-cli we need to switch to debug log. I think there should be more warn logs in case of something unexpected. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hi @bohmber, you are free to push changes and open pull requests as well. 😉 |
||
clientResource.authorization().resources().resource(resourceId).remove(); | ||
} | ||
} | ||
|
||
private String getResourceId(ClientResource clientResource, String resourceName) { | ||
return clientResource.authorization().resources().resources().stream() | ||
.filter(resource -> resourceName.equals(resource.getName())) | ||
.findFirst() | ||
.map(ResourceRepresentation::getId) | ||
.orElse(null); | ||
} | ||
|
||
public void addAuthorizationScope(String realmName, String id, String name) { | ||
|
@@ -200,12 +212,24 @@ public void addAuthorizationScope(String realmName, String id, String name) { | |
|
||
public void updateAuthorizationScope(String realmName, String id, ScopeRepresentation scope) { | ||
ClientResource clientResource = getResourceById(realmName, id); | ||
clientResource.authorization().scopes().scope(scope.getId()).update(scope); | ||
String scopeId = getScopeId(clientResource, scope.getName()); | ||
clientResource.authorization().scopes().scope(scopeId).update(scope); | ||
} | ||
|
||
public void removeAuthorizationScope(String realmName, String id, String scopeId) { | ||
public void removeAuthorizationScope(String realmName, String id, String scopeName) { | ||
ClientResource clientResource = getResourceById(realmName, id); | ||
clientResource.authorization().scopes().scope(scopeId).remove(); | ||
String scopeId = getScopeId(clientResource, scopeName); | ||
if (scopeId != null) { | ||
clientResource.authorization().scopes().scope(scopeId).remove(); | ||
} | ||
} | ||
|
||
private String getScopeId(ClientResource clientResource, String scopeName) { | ||
return clientResource.authorization().scopes().scopes().stream() | ||
.filter(scope -> scopeName.equals(scope.getName())) | ||
.findFirst() | ||
.map(ScopeRepresentation::getId) | ||
.orElse(null); | ||
} | ||
|
||
public void createAuthorizationPolicy(String realmName, String id, PolicyRepresentation policy) { | ||
|
@@ -218,12 +242,24 @@ public void createAuthorizationPolicy(String realmName, String id, PolicyReprese | |
|
||
public void updateAuthorizationPolicy(String realmName, String id, PolicyRepresentation policy) { | ||
ClientResource clientResource = getResourceById(realmName, id); | ||
clientResource.authorization().policies().policy(policy.getId()).update(policy); | ||
String policyId = getPolicyId(clientResource, policy.getName()); | ||
clientResource.authorization().policies().policy(policyId).update(policy); | ||
} | ||
|
||
public void removeAuthorizationPolicy(String realmName, String id, String policyId) { | ||
public void removeAuthorizationPolicy(String realmName, String id, String policyName) { | ||
ClientResource clientResource = getResourceById(realmName, id); | ||
clientResource.authorization().policies().policy(policyId).remove(); | ||
String policyId = getPolicyId(clientResource, policyName); | ||
if (policyId != null) { | ||
clientResource.authorization().policies().policy(policyId).remove(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same here, no warn, error or log There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Explanation above 😉 |
||
} | ||
} | ||
|
||
private String getPolicyId(ClientResource clientResource, String policyName) { | ||
return clientResource.authorization().policies().policies().stream() | ||
.filter(policy -> policyName.equals(policy.getName())) | ||
.findFirst() | ||
.map(PolicyRepresentation::getId) | ||
.orElse(null); | ||
} | ||
|
||
public void addScopeMapping(String realmName, String clientId, | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -33,6 +33,7 @@ | |
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.stereotype.Service; | ||
|
||
import java.util.HashMap; | ||
import java.util.List; | ||
import java.util.Map; | ||
import java.util.Objects; | ||
|
@@ -86,7 +87,7 @@ public void createExecutionFlow( | |
logger.trace("Create non-top-level-flow in realm '{}' and top-level-flow '{}'", realmName, topLevelFlowAlias); | ||
|
||
AuthenticationManagementResource flowsResource = authenticationFlowRepository.getFlowResources(realmName); | ||
flowsResource.addExecutionFlow(topLevelFlowAlias, executionFlowData); | ||
flowsResource.addExecutionFlow(topLevelFlowAlias, new HashMap<>(executionFlowData)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is the order of the executionFlowData relevant here? If it is, then a LinkedHashMap that preserves the order would be more suitable here. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hi @thomasdarimont, as the source type is also HashMap, I suggest that the order is not important ;) |
||
} | ||
|
||
public void updateExecutionFlow( | ||
|
@@ -136,7 +137,7 @@ public void createSubFlowExecution( | |
realmName, subFlowAlias); | ||
|
||
AuthenticationManagementResource flowsResource = authenticationFlowRepository.getFlowResources(realmName); | ||
flowsResource.addExecution(subFlowAlias, executionData); | ||
flowsResource.addExecution(subFlowAlias, new HashMap<>(executionData)); | ||
|
||
logger.trace("Created flow-execution in realm '{}' and non-top-level-flow '{}'", | ||
realmName, subFlowAlias); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we not need an user and password anymore?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @mme-flendly,
the problem is, that we don't have a user in the env-vars and the Keycloak-API does not take empty values any more. This is only a helper script to generate the realm exports for the test suite as well as changing some files towards the new version so it's not part of the deliverable.