feat: kc 26 upgrade

docker/keycloak/Dockerfile-26

@@ -0,0 +1,36 @@
+FROM maven:3.9.9-eclipse-temurin-21 AS extensions-builder
+
+COPY ./extensions-26 /tmp/
+WORKDIR /tmp/
+RUN mvn -B clean package --file pom.xml
+
+FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-3 as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+# Configure a database vendor
+ENV KC_DB=postgres
+
+COPY --from=extensions-builder /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
+
+WORKDIR /opt/keycloak
+
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-3
+
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+# copy the theme directory to `/opt/keycloak/themes/` for now, but we can consider to archive to be deployed later.
+COPY ./extensions-26/themes/src/main/resources/theme /opt/keycloak/themes
+
+COPY ./configuration/26/keycloak.conf /opt/keycloak/conf
+
+COPY ./configuration/26/quarkus.properties /opt/keycloak/conf
+
+COPY ./configuration/26/keycloak-default-user-profile.json /tmp
+
+# change these values to point to a running postgres instance
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

docker/keycloak/configuration/26/keycloak-default-user-profile.json

@@ -0,0 +1,61 @@
+{
+  "unmanagedAttributePolicy": "ENABLED",
+  "attributes": [
+    {
+      "name": "username",
+      "displayName": "${username}",
+      "permissions": {
+        "view": ["admin", "user"],
+        "edit": ["admin", "user"]
+      },
+      "validations": {
+        "length": { "min": 3, "max": 255 },
+        "username-prohibited-characters": {},
+        "up-username-not-idn-homograph": {}
+      }
+    },
+    {
+      "name": "email",
+      "displayName": "${email}",
+      "permissions": {
+        "view": ["admin", "user"],
+        "edit": ["admin", "user"]
+      },
+      "validations": {
+        "email": {},
+        "length": { "max": 255 }
+      }
+    },
+    {
+      "name": "firstName",
+      "displayName": "${firstName}",
+      "permissions": {
+        "view": ["admin", "user"],
+        "edit": ["admin", "user"]
+      },
+      "validations": {
+        "length": { "max": 255 },
+        "person-name-prohibited-characters": {}
+      }
+    },
+    {
+      "name": "lastName",
+      "displayName": "${lastName}",
+      "permissions": {
+        "view": ["admin", "user"],
+        "edit": ["admin", "user"]
+      },
+      "validations": {
+        "length": { "max": 255 },
+        "person-name-prohibited-characters": {}
+      }
+    }
+  ],
+  "groups": [
+    {
+      "name": "user-metadata",
+      "displayHeader": "User metadata",
+      "displayDescription": "Attributes, which refer to user metadata"
+    }
+  ]
+}

docker/keycloak/configuration/26/keycloak.conf

@@ -0,0 +1,40 @@
+health-enabled=true
+metrics-enabled=true
+
+# database
+db-pool-min-size=5
+db-pool-max-size=20
+
+# theme
+spi-theme-static-max-age=2592000
+spi-theme-cache-themes=true
+spi-theme-cache-templates=true
+
+# logging
+log=console,file
+log-console-color=false
+log-file=/var/log/eap/${HOSTNAME}.log
+
+# root-logger-level:INFO
+log-level=info,com.arjuna:warn,io.jaegertracing.Configuration:warn,org.jboss.as.config:debug,org.keycloak.events:debug,sun.rmi:warn
+log-console-output=json
+log-file-output=json
+
+# SPIs
+spi-events-listener-jboss-logging-quotes=none
+spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
+spi-user-profile-declarative-user-profile-config-file=/tmp/keycloak-default-user-profile.json
+
+# cache
+cache=ispn
+# DNS_PING is particularly useful in environments like Kubernetes and Red Hat OpenShift where UDP multicast, a different cluster discovery method, might not be available. This is because DNS is a standard service that's always available, making DNS_PING a reliable way for Infinispan nodes to discover each other.
+# The below option requires passing -Djgroups.dns.query=sso-keycloak-ping.<NAMESPACE>.svc.cluster.local to start command
+cache-stack=kubernetes
+#cache-config-file=cache-ispn-custom.xml
+
+# tls
+# https-key-store-file=server.keystore
+# https-key-store-password=password
+
+http-enabled=true
+proxy-headers=forwarded

docker/keycloak/configuration/26/quarkus.properties

@@ -0,0 +1,16 @@
+quarkus.http.access-log.enabled=${QUARKUS_HTTP_ACCESS_LOG_ENABLED:false}
+quarkus.pattern.json={ "client":"%{REMOTE_HOST}", "method": "%{METHOD}", "request_url": %{REQUEST_URL}, "status":"%{RESPONSE_CODE}", "duration":"%{RESPONSE_TIME}", "bytes":"%{BYTES_SENT}" }
+quarkus.http.access-log.pattern=${quarkus.pattern.json}
+quarkus.http.record-request-start-time=${QUARKUS_HTTP_RECORD_REQUEST_START_TIME:false}
+quarkus.log.console.json.exception-output-type=formatted
+quarkus.log.console.json.key-overrides=timestamp=@timestamp
+quarkus.log.console.json.additional-field."@version".value=1
+quarkus.log.file.json.exception-output-type=formatted
+quarkus.log.file.json.key-overrides=timestamp=@timestamp
+quarkus.log.file.json.additional-field."@version".value=1
+# Quarkus will auto-compress if ending with .zip: https://quarkus.io/guides/logging.
+quarkus.log.file.rotation.file-suffix=${QUARKUS_LOG_FILE_ROTATION_FILE_SUFFIX:.zip}
+# Optional: Disable rotation by size (adjust value as needed)
+quarkus.log.file.rotation.max-file-size=${QUARKUS_LOG_FILE_ROTATION_MAX_FILE_SIZE:200M}
+# The number of rotated files per pod. From above configuration, this will keep 200M * 14 files * 3pods ~= 8Gigabytes of data before replacing.
+quarkus.log.file.rotation.max-backup-index=${QUARKUS_LOG_FILE_ROTATION_MAX_BACKUP_INDEX:14}