From b742c2d78e4a89aa29a360e53ac50510172a6abc Mon Sep 17 00:00:00 2001 From: Aleksandra Onych Date: Thu, 10 Oct 2024 11:15:27 +0200 Subject: [PATCH] [ACS-8862] Bump Keycloak to 25.0.6 (#171) Co-authored-by: Domenico Sibilio --- .github/workflows/ci.yml | 2 +- README.md | 20 ++++++------- distribution/build.properties | 2 +- helm/alfresco-keycloak/Chart.yaml | 4 +-- helm/alfresco-keycloak/README.md | 8 ++--- helm/alfresco-keycloak/alfresco-realm.json | 34 +++++++++++----------- helm/alfresco-keycloak/values.yaml | 4 +-- test/saml/pom.xml | 2 +- test/scripts/set_idp_config.sh | 2 +- 9 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cf2ee07..03631f5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -175,7 +175,7 @@ jobs: --set keycloakx.command[1]="start" \ --set keycloakx.command[2]="--import-realm" \ --set keycloakx.command[3]="--http-relative-path=/auth" \ - --set keycloakx.command[4]="--hostname=${HOST}" \ + --set keycloakx.command[4]="--hostname=https://${HOST}/auth" \ --set keycloakx.imagePullSecrets[0].name="regcred" \ --wait diff --git a/README.md b/README.md index 25e6908..2465e7c 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ *Keycloak* is a central component responsible for identity-related capabilities needed by other Alfresco software, such as managing users, groups, roles, profiles, and authentication. Currently it deals just with authentication. This project contains the open-source core of this service. For installing Keycloak you can choose either a sample Kubernetes distribution or a sample standalone distribution. Both methods are described in the following sections. -For upgrading, it is recommended to follow the official [Keycloak upgrading guide](https://www.keycloak.org/docs/24.0.3/upgrading/). +For upgrading, it is recommended to follow the official [Keycloak upgrading guide](https://www.keycloak.org/docs/25.0.6/upgrading/). Check the [Kubernetes deployment prerequisites](https://github.com/Alfresco/alfresco-dbp-deployment/blob/master/README-prerequisite.md) and [standalone prerequisites](#prerequisites) before you start. @@ -65,7 +65,7 @@ http://:8080/auth/admin/alfresco/console/ #### Modifying the valid redirect URIs -**Note**: for security reasons, the redirect URIs should be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/24.0.3/securing_apps/#redirect-uris). +**Note**: for security reasons, the redirect URIs should be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/25.0.6/securing_apps/#redirect-uris). 1. After logging in to the Alfresco realm follow the left side menu and choose clients. 2. Choose the Alfresco client from the client list. @@ -146,7 +146,7 @@ The above steps will deploy _Keycloak_ with the **default example realm applied* #### Changing Alfresco Client redirectUris -**Note**: for security reasons, the redirect URIs should be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/24.0.3/securing_apps/#redirect-uris). +**Note**: for security reasons, the redirect URIs should be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/25.0.6/securing_apps/#redirect-uris). You can override the default redirectUri of `http://localhost*` for your environment with the `realm.alfresco.client.redirectUris` property: @@ -201,7 +201,7 @@ For added resilience, we rely on support in the Keycloak chart for specifying mu In addition, for high availability, Keycloak supports clustering. For more information on how to configure high availability and clustering, you can consult this additional documentation. -[Keycloak-X chart Readme](https://github.com/codecentric/helm-charts/blob/keycloakx-2.2.1/charts/keycloakx/README.md#high-availability-and-clustering) +[Keycloak-X chart Readme](https://github.com/codecentric/helm-charts/blob/keycloakx-2.5.1/charts/keycloakx/README.md#high-availability-and-clustering) [Configuring Keycloak for production](https://www.keycloak.org/server/configuration-production) @@ -256,21 +256,21 @@ helm install $RELEASENAME helm/alfresco-keycloak --devel \ For further details see [Setting a Custom Realm](https://github.com/codecentric/helm-charts/tree/keycloak-18.0.0/charts/keycloak#setting-a-custom-realm). -Once Keycloak is up and running, login to the [Management Console](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#using-the-admin-console) to configure the required realm. +Once Keycloak is up and running, login to the [Management Console](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#using-the-admin-console) to configure the required realm. #### Manually -1. [Add a realm](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#proc-creating-a-realm_server_administration_guide) named "Alfresco" +1. [Add a realm](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#proc-creating-a-realm_server_administration_guide) named "Alfresco" -2. [Create an OIDC client](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#_oidc_clients) named "alfresco" within the Alfresco realm +2. [Create an OIDC client](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#_oidc_clients) named "alfresco" within the Alfresco realm -3. [Create a group](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#proc-managing-groups_server_administration_guide) named "admin" +3. [Create a group](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#proc-managing-groups_server_administration_guide) named "admin" -4. [Add a new user](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#proc-creating-user_server_administration_guide) with a username of "testuser", email of "test@test.com" and first and last name of "test" +4. [Add a new user](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#proc-creating-user_server_administration_guide) with a username of "testuser", email of "test@test.com" and first and last name of "test" #### Using the Sample Realm File -1. Go to the [Add Realm](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#proc-creating-a-realm_server_administration_guide) page and click the "Select File" button next to the **Import** label. +1. Go to the [Add Realm](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#proc-creating-a-realm_server_administration_guide) page and click the "Select File" button next to the **Import** label. 2. Choose the [sample realm](./alfresco-realm.json) file and click the "Create" button. diff --git a/distribution/build.properties b/distribution/build.properties index 69156e6..db468e9 100644 --- a/distribution/build.properties +++ b/distribution/build.properties @@ -1,2 +1,2 @@ -KEYCLOAK_VERSION=24.0.3 +KEYCLOAK_VERSION=25.0.6 THEME_VERSION=0.3.5 diff --git a/helm/alfresco-keycloak/Chart.yaml b/helm/alfresco-keycloak/Chart.yaml index 7622ac8..4474cf2 100644 --- a/helm/alfresco-keycloak/Chart.yaml +++ b/helm/alfresco-keycloak/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: alfresco-keycloak version: 1.0.0 -appVersion: 24.0.3 +appVersion: 25.0.6 description: This is just a sample Helm installation of raw Keycloak with the Alfresco Realm and Theme pre-installed. keywords: - alfresco @@ -13,7 +13,7 @@ maintainers: - name: Alfresco dependencies: - name: keycloakx - version: 2.2.1 + version: 2.5.1 repository: https://codecentric.github.io/helm-charts - name: common version: 1.11.3 diff --git a/helm/alfresco-keycloak/README.md b/helm/alfresco-keycloak/README.md index 18369a4..566d18c 100644 --- a/helm/alfresco-keycloak/README.md +++ b/helm/alfresco-keycloak/README.md @@ -1,6 +1,6 @@ # alfresco-keycloak -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 24.0.3](https://img.shields.io/badge/AppVersion-24.0.3-informational?style=flat-square) +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square) This is just a sample Helm installation of raw Keycloak with the Alfresco Realm and Theme pre-installed. @@ -22,7 +22,7 @@ This is just a sample Helm installation of raw Keycloak with the Alfresco Realm |------------|------|---------| | https://charts.bitnami.com/bitnami | common | 1.11.3 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | -| https://codecentric.github.io/helm-charts | keycloakx | 2.2.1 | +| https://codecentric.github.io/helm-charts | keycloakx | 2.5.1 | ## Values @@ -44,12 +44,12 @@ This is just a sample Helm installation of raw Keycloak with the Alfresco Realm | keycloakx.extraInitContainers | string | `"- name: theme-provider\n image: busybox:1.36\n imagePullPolicy: IfNotPresent\n command:\n - sh\n args:\n - -c\n - |\n THEME_VERSION=0.3.5\n wget https://github.com/Alfresco/alfresco-keycloak-theme/releases/download/${THEME_VERSION}/alfresco-keycloak-theme-${THEME_VERSION}.zip -O /alfresco.zip\n unzip alfresco.zip\n mv alfresco/* /theme/\n volumeMounts:\n - name: theme\n mountPath: /theme\n"` | | | keycloakx.extraVolumeMounts | string | `"- name: realm-secret\n mountPath: \"/opt/keycloak/data/import/\"\n readOnly: true\n- name: theme\n mountPath: \"/opt/keycloak/themes/alfresco\"\n readOnly: true\n"` | | | keycloakx.extraVolumes | string | `"- name: realm-secret\n secret:\n secretName: realm-secret\n- name: theme\n emptyDir: {}\n"` | | -| keycloakx.image.tag | string | `"24.0.3"` | | +| keycloakx.image.tag | string | `"25.0.6"` | | | keycloakx.imagePullSecrets[0].name | string | `"quay-registry-secret"` | | | keycloakx.rbac.create | bool | `false` | | | keycloakx.service.httpPort | int | `80` | | | keycloakx.serviceAccount.create | bool | `true` | | -| postgresql.enabled | bool | `false` | Flag introduced for testing purposes, to actually run this with postgresql follow the approach explained [here](https://github.com/codecentric/helm-charts/blob/keycloakx-2.2.1/charts/keycloakx/examples/postgresql/readme.md). | +| postgresql.enabled | bool | `false` | Flag introduced for testing purposes, to actually run this with postgresql follow the approach explained [here](https://github.com/codecentric/helm-charts/blob/keycloakx-2.5.1/charts/keycloakx/examples/postgresql/readme.md). | | realm.alfresco.adminPassword | string | `"admin"` | | | realm.alfresco.client.redirectUris | list | `["*"]` | For security reasons, override the default value and use URIs to be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/latest/securing_apps/#redirect-uris). | | realm.alfresco.client.webOrigins[0] | string | `"http://localhost*"` | | diff --git a/helm/alfresco-keycloak/alfresco-realm.json b/helm/alfresco-keycloak/alfresco-realm.json index aadbb52..29ec19e 100644 --- a/helm/alfresco-keycloak/alfresco-realm.json +++ b/helm/alfresco-keycloak/alfresco-realm.json @@ -2613,7 +2613,7 @@ "clientOfflineSessionIdleTimeout": "0", "cibaInterval": "5" }, - "users": [ + "users": [ { "id": "60a9b6c5-64ef-405f-8c6f-66bd8cd3878a", "createdTimestamp": 1533234734911, @@ -2633,8 +2633,8 @@ "value" : "{{ .Values.realm.alfresco.adminPassword}}" } ], - "disableableCredentialTypes": [ - "password" + "disableableCredentialTypes": [ + "password" ], "requiredActions": [], "realmRoles": [ @@ -2646,24 +2646,24 @@ , {{ . | toJson }} {{- end }} - {{- end }} + {{- end }} ], "clientRoles": { - "realm-management": [ - "view-clients", - "manage-users", - "manage-clients", - "view-users", - "manage-realm", - "view-realm" + "realm-management": [ + "view-clients", + "manage-users", + "manage-clients", + "view-users", + "manage-realm", + "view-realm" ], - "account": [ - "manage-account", - "view-profile" + "account": [ + "manage-account", + "view-profile" ] }, - "groups": [ - "/admin" + "groups": [ + "/admin" ] } {{- if .Values.realm.alfresco.extraUsers -}} {{- range .Values.realm.alfresco.extraUsers -}} @@ -2671,6 +2671,6 @@ {{- end }} {{- end }} ], - "keycloakVersion": "24.0.3", + "keycloakVersion": "25.0.6", "userManagedAccessAllowed": false } diff --git a/helm/alfresco-keycloak/values.yaml b/helm/alfresco-keycloak/values.yaml index d8c6988..5168abb 100644 --- a/helm/alfresco-keycloak/values.yaml +++ b/helm/alfresco-keycloak/values.yaml @@ -67,7 +67,7 @@ keycloakx: rbac: create: false image: - tag: 24.0.3 + tag: 25.0.6 imagePullSecrets: - name: quay-registry-secret serviceAccount: @@ -115,5 +115,5 @@ keycloakx: mountPath: /theme postgresql: - # -- Flag introduced for testing purposes, to actually run this with postgresql follow the approach explained [here](https://github.com/codecentric/helm-charts/blob/keycloakx-2.2.1/charts/keycloakx/examples/postgresql/readme.md). + # -- Flag introduced for testing purposes, to actually run this with postgresql follow the approach explained [here](https://github.com/codecentric/helm-charts/blob/keycloakx-2.5.1/charts/keycloakx/examples/postgresql/readme.md). enabled: false diff --git a/test/saml/pom.xml b/test/saml/pom.xml index 8e668c4..672a47d 100644 --- a/test/saml/pom.xml +++ b/test/saml/pom.xml @@ -23,7 +23,7 @@ 3.8.0 2.21.0 3.1.2 - + 1.8.0.1 diff --git a/test/scripts/set_idp_config.sh b/test/scripts/set_idp_config.sh index abacb02..6ad77ef 100755 --- a/test/scripts/set_idp_config.sh +++ b/test/scripts/set_idp_config.sh @@ -36,7 +36,7 @@ while [ "$PODS_COUNTER" -lt "$PODS_COUNTER_MAX" ]; do continue done if [ "$PODS_COUNTER" -ge "$PODS_COUNTER_MAX" ]; then - log_info "AIS did not started properly - exit" + log_info "AIS did not start properly - exit" exit 1 fi