Finalize Dev Services for OIDC

quarkusio · Dec 25, 2024 · a3ccaa3 · a3ccaa3
1 parent 2d55e97
commit a3ccaa3
Show file tree

Hide file tree

Showing 25 changed files with 1,422 additions and 667 deletions.
diff --git a/.github/native-tests.json b/.github/native-tests.json
@@ -75,7 +75,7 @@
         {
             "category": "Security2",
             "timeout": 75,
-            "test-modules": "oidc, oidc-code-flow, oidc-tenancy, oidc-client, oidc-client-reactive, oidc-token-propagation, oidc-wiremock, oidc-client-wiremock, oidc-wiremock-providers",
+            "test-modules": "oidc, oidc-code-flow, oidc-tenancy, oidc-client, oidc-client-reactive, oidc-token-propagation, oidc-wiremock, oidc-client-wiremock, oidc-wiremock-providers, oidc-dev-services",
             "os-name": "ubuntu-latest"
         },
         {

diff --git a/bom/application/pom.xml b/bom/application/pom.xml
@@ -1099,6 +1099,11 @@
                 <artifactId>quarkus-devservices-keycloak</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-devservices-oidc</artifactId>
+                <version>${project.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.quarkus</groupId>
                 <artifactId>quarkus-flyway</artifactId>

diff --git a/docs/src/main/asciidoc/security-openid-connect-dev-services.adoc b/docs/src/main/asciidoc/security-openid-connect-dev-services.adoc
@@ -26,6 +26,7 @@ Additionally, xref:dev-ui.adoc[Dev UI] available at http://localhost:8080/q/dev[
 If `quarkus.oidc.auth-server-url` is already set, then a generic OpenID Connect Dev Console, which can be used with all OpenID Connect providers, is activated.
 For more information, see <<dev-ui-all-oidc-providers,Dev UI for all OpenID Connect providers>>.
 
+[[dev-services-for-keycloak]]
 == Dev Services for Keycloak
 
 Start your application without configuring `quarkus.oidc` properties in the `application.properties` file:
@@ -406,6 +407,19 @@ This document refers to the `http://localhost:8080/q/dev-ui` Dev UI URL in sever
 If you customize `quarkus.http.root-path` or `quarkus.http.non-application-root-path` properties, then replace `q` accordingly.
 For more information, see the https://quarkus.io/blog/path-resolution-in-quarkus/[Path resolution in Quarkus] blog post.
 
+== Dev Services for OIDC
+
+When you work with Keycloak in production, <<dev-services-for-keycloak>> provides the best dev mode experience.
+For other OpenID Connect providers, it is recommended to enable the Dev Services for OIDC like in the example below:
+
+[source,properties]
+----
+quarkus.oidc.devservices.enabled=true
+----
+
+Once enabled, Quarkus starts a new server that supports most common OpenID Connect operations.
+Note, the Dev Services for OIDC are enabled by default if Docker and Podman are not available.
+
 == References
 
 * xref:dev-ui.adoc[Dev UI]

diff --git a/...ces/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesConfig.java b/...ces/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesConfig.java
@@ -28,12 +28,6 @@ public interface KeycloakDevServicesConfig {
     @WithDefault("true")
     boolean enabled();
 
-    /**
-     * Use lightweight dev services instead of Keycloak
-     */
-    @ConfigItem(defaultValue = "false")
-    public boolean lightweight;
-
     /**
      * The container image name for Dev Services providers.
      *

diff --git a/.../keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesProcessor.java b/.../keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesProcessor.java
@@ -145,7 +145,8 @@ DevServicesResultBuildItem startKeycloakContainer(
             DevServicesConfig devServicesConfig, DockerStatusBuildItem dockerStatusBuildItem) {
 
         if (devSvcRequiredMarkerItems.isEmpty()
-                || linuxContainersNotAvailable(dockerStatusBuildItem, devSvcRequiredMarkerItems)) {
+                || linuxContainersNotAvailable(dockerStatusBuildItem, devSvcRequiredMarkerItems)
+                || oidcDevServicesEnabled()) {
             if (devService != null) {
                 closeDevService();
             }
@@ -248,6 +249,10 @@ public void run() {
         return devService.toBuildItem();
     }
 
+    private static boolean oidcDevServicesEnabled() {
+        return ConfigProvider.getConfig().getOptionalValue("quarkus.oidc.devservices.enabled", boolean.class).orElse(false);
+    }
+
     private static boolean linuxContainersNotAvailable(DockerStatusBuildItem dockerStatusBuildItem,
             List<KeycloakDevServicesRequiredBuildItem> devSvcRequiredMarkerItems) {
         if (dockerStatusBuildItem.isContainerRuntimeAvailable()) {

diff --git a/extensions/devservices/oidc/pom.xml b/extensions/devservices/oidc/pom.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>quarkus-devservices-parent</artifactId>
+        <groupId>io.quarkus</groupId>
+        <version>999-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>quarkus-devservices-oidc</artifactId>
+    <name>Quarkus - DevServices - OIDC</name>
+    <dependencies>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-core-deployment</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-devservices-common</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.smallrye.reactive</groupId>
+            <artifactId>smallrye-mutiny-vertx-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.smallrye</groupId>
+            <artifactId>smallrye-jwt-build</artifactId>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>default-compile</id>
+                        <configuration>
+                            <annotationProcessorPaths>
+                                <path>
+                                    <groupId>io.quarkus</groupId>
+                                    <artifactId>quarkus-extension-processor</artifactId>
+                                    <version>${project.version}</version>
+                                </path>
+                            </annotationProcessorPaths>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/...ons/devservices/oidc/src/main/java/io/quarkus/devservices/oidc/OidcDevServicesConfig.java b/...ons/devservices/oidc/src/main/java/io/quarkus/devservices/oidc/OidcDevServicesConfig.java
@@ -0,0 +1,35 @@
+package io.quarkus.devservices.oidc;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+import io.quarkus.runtime.annotations.ConfigDocDefault;
+import io.quarkus.runtime.annotations.ConfigDocMapKey;
+import io.quarkus.runtime.annotations.ConfigRoot;
+import io.smallrye.config.ConfigMapping;
+
+/**
+ * OpenID Connect Dev Services configuration.
+ */
+@ConfigRoot
+@ConfigMapping(prefix = "quarkus.oidc.devservices")
+public interface OidcDevServicesConfig {
+
+    /**
+     * Use OpenID Connect Dev Services instead of Keycloak.
+     */
+    @ConfigDocDefault("Enabled when Docker and Podman are not available")
+    Optional<Boolean> enabled();
+
+    /**
+     * A map of roles for OIDC identity provider users.
+     * <p>
+     * If empty, default roles are assigned: `alice` receives `admin` and `user` roles, while other users receive
+     * `user` role.
+     * This map is used for role creation when no realm file is found at the `realm-path`.
+     */
+    @ConfigDocMapKey("role-name")
+    Map<String, List<String>> roles();
+
+}
diff --git a/...ightweightDevServicesConfigBuildItem.java → .../oidc/OidcDevServicesConfigBuildItem.java b/...ightweightDevServicesConfigBuildItem.java → .../oidc/OidcDevServicesConfigBuildItem.java
@@ -1,18 +1,22 @@
-package io.quarkus.oidc.deployment.devservices.keycloak;
+package io.quarkus.devservices.oidc;
 
 import java.util.Map;
 
 import io.quarkus.builder.item.SimpleBuildItem;
 
-public final class LightweightDevServicesConfigBuildItem extends SimpleBuildItem {
+/**
+ * OIDC Dev Services configuration properties.
+ */
+public final class OidcDevServicesConfigBuildItem extends SimpleBuildItem {
 
     private final Map<String, String> config;
 
-    public LightweightDevServicesConfigBuildItem(Map<String, String> config) {
+    OidcDevServicesConfigBuildItem(Map<String, String> config) {
         this.config = config;
     }
 
     public Map<String, String> getConfig() {
         return config;
     }
+
 }