chore: create folder structure for keycloak 26 (#403)

bcgov · Nov 18, 2024 · f599a74 · f599a74
1 parent 1097913
commit f599a74
Show file tree

Hide file tree

Showing 83 changed files with 4,861 additions and 2 deletions.
diff --git a/.github/workflows/publish-image-rhbk-dev.yml b/.github/workflows/publish-image-rhbk-dev.yml
@@ -51,8 +51,8 @@ jobs:
         with:
           context: docker/keycloak
           push: true
-          tags: ${{ env.GITHUB_REGISTRY }}/${{env.IMAGE_NAME}}:dev-rhbk-24
-          file: docker/keycloak/Dockerfile-24
+          tags: ${{ env.GITHUB_REGISTRY }}/${{env.IMAGE_NAME}}:dev-jon-experiment-26
+          file: docker/keycloak/Dockerfile-26
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 

diff --git a/docker/keycloak/Dockerfile-26 b/docker/keycloak/Dockerfile-26
@@ -0,0 +1,36 @@
+FROM maven:3.8.5-openjdk-17-slim AS extensions-builder
+
+COPY ./extensions-26 /tmp/
+WORKDIR /tmp/
+RUN mvn -B clean package --file pom.xml
+
+FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-3 as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+# Configure a database vendor
+ENV KC_DB=postgres
+
+COPY --from=extensions-builder /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
+
+WORKDIR /opt/keycloak
+
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-3
+
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+# copy the theme directory to `/opt/keycloak/themes/` for now, but we can consider to archive to be deployed later.
+COPY ./extensions-26/themes/src/main/resources/theme /opt/keycloak/themes
+
+COPY ./configuration/26/keycloak.conf /opt/keycloak/conf
+
+COPY ./configuration/26/quarkus.properties /opt/keycloak/conf
+
+COPY ./configuration/26/keycloak-default-user-profile.json /tmp
+
+# change these values to point to a running postgres instance
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
diff --git a/docker/keycloak/configuration/26/keycloak-default-user-profile.json b/docker/keycloak/configuration/26/keycloak-default-user-profile.json
@@ -0,0 +1,61 @@
+{
+  "unmanagedAttributePolicy": "ENABLED",
+  "attributes": [
+    {
+      "name": "username",
+      "displayName": "${username}",
+      "permissions": {
+        "view": ["admin", "user"],
+        "edit": ["admin", "user"]
+      },
+      "validations": {
+        "length": { "min": 3, "max": 255 },
+        "username-prohibited-characters": {},
+        "up-username-not-idn-homograph": {}
+      }
+    },
+    {
+      "name": "email",
+      "displayName": "${email}",
+      "permissions": {
+        "view": ["admin", "user"],
+        "edit": ["admin", "user"]
+      },
+      "validations": {
+        "email": {},
+        "length": { "max": 255 }
+      }
+    },
+    {
+      "name": "firstName",
+      "displayName": "${firstName}",
+      "permissions": {
+        "view": ["admin", "user"],
+        "edit": ["admin", "user"]
+      },
+      "validations": {
+        "length": { "max": 255 },
+        "person-name-prohibited-characters": {}
+      }
+    },
+    {
+      "name": "lastName",
+      "displayName": "${lastName}",
+      "permissions": {
+        "view": ["admin", "user"],
+        "edit": ["admin", "user"]
+      },
+      "validations": {
+        "length": { "max": 255 },
+        "person-name-prohibited-characters": {}
+      }
+    }
+  ],
+  "groups": [
+    {
+      "name": "user-metadata",
+      "displayHeader": "User metadata",
+      "displayDescription": "Attributes, which refer to user metadata"
+    }
+  ]
+}
diff --git a/docker/keycloak/configuration/26/keycloak.conf b/docker/keycloak/configuration/26/keycloak.conf
@@ -0,0 +1,40 @@
+health-enabled=true
+metrics-enabled=true
+
+# database
+db-pool-min-size=5
+db-pool-max-size=20
+
+# theme
+spi-theme-static-max-age=2592000
+spi-theme-cache-themes=true
+spi-theme-cache-templates=true
+
+# logging
+log=console,file
+log-console-color=false
+log-file=/var/log/eap/${HOSTNAME}.log
+
+# root-logger-level:INFO
+log-level=info,com.arjuna:warn,io.jaegertracing.Configuration:warn,org.jboss.as.config:debug,org.keycloak.events:debug,sun.rmi:warn
+log-console-output=json
+log-file-output=json
+
+# SPIs
+spi-events-listener-jboss-logging-quotes=none
+spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
+spi-user-profile-declarative-user-profile-config-file=/tmp/keycloak-default-user-profile.json
+
+# cache
+cache=ispn
+# DNS_PING is particularly useful in environments like Kubernetes and Red Hat OpenShift where UDP multicast, a different cluster discovery method, might not be available. This is because DNS is a standard service that's always available, making DNS_PING a reliable way for Infinispan nodes to discover each other.
+# The below option requires passing -Djgroups.dns.query=sso-keycloak-ping.<NAMESPACE>.svc.cluster.local to start command
+cache-stack=kubernetes
+#cache-config-file=cache-ispn-custom.xml
+
+# tls
+# https-key-store-file=server.keystore
+# https-key-store-password=password
+
+http-enabled=true
+proxy-headers=forwarded
diff --git a/docker/keycloak/configuration/26/quarkus.properties b/docker/keycloak/configuration/26/quarkus.properties
@@ -0,0 +1,16 @@
+quarkus.http.access-log.enabled=${QUARKUS_HTTP_ACCESS_LOG_ENABLED:false}
+quarkus.pattern.json={ "client":"%{REMOTE_HOST}", "method": "%{METHOD}", "request_url": %{REQUEST_URL}, "status":"%{RESPONSE_CODE}", "duration":"%{RESPONSE_TIME}", "bytes":"%{BYTES_SENT}" }
+quarkus.http.access-log.pattern=${quarkus.pattern.json}
+quarkus.http.record-request-start-time=${QUARKUS_HTTP_RECORD_REQUEST_START_TIME:false}
+quarkus.log.console.json.exception-output-type=formatted
+quarkus.log.console.json.key-overrides=timestamp=@timestamp
+quarkus.log.console.json.additional-field."@version".value=1
+quarkus.log.file.json.exception-output-type=formatted
+quarkus.log.file.json.key-overrides=timestamp=@timestamp
+quarkus.log.file.json.additional-field."@version".value=1
+# Quarkus will auto-compress if ending with .zip: https://quarkus.io/guides/logging.
+quarkus.log.file.rotation.file-suffix=${QUARKUS_LOG_FILE_ROTATION_FILE_SUFFIX:.zip}
+# Optional: Disable rotation by size (adjust value as needed)
+quarkus.log.file.rotation.max-file-size=${QUARKUS_LOG_FILE_ROTATION_MAX_FILE_SIZE:200M}
+# The number of rotated files per pod. From above configuration, this will keep 200M * 14 files * 3pods ~= 8Gigabytes of data before replacing.
+quarkus.log.file.rotation.max-backup-index=${QUARKUS_LOG_FILE_ROTATION_MAX_BACKUP_INDEX:14}
diff --git a/docker/keycloak/extensions-26/.vscode/settings.json b/docker/keycloak/extensions-26/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+  "java.configuration.updateBuildConfiguration": "interactive"
+}
diff --git a/docker/keycloak/extensions-26/pom.xml b/docker/keycloak/extensions-26/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.github.bcgov.keycloak</groupId>
+    <artifactId>extensions-parent</artifactId>
+    <version>1.0.0</version>
+    <packaging>pom</packaging>
+
+    <properties>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <keycloak.version>24.0.5</keycloak.version>
+    </properties>
+
+    <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-jar-plugin</artifactId>
+                    <version>3.2.0</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+    </build>
+
+    <modules>
+        <module>services</module>
+        <module>themes</module>
+    </modules>
+</project>
diff --git a/docker/keycloak/extensions-26/services/pom.xml b/docker/keycloak/extensions-26/services/pom.xml
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.github.bcgov.keycloak</groupId>
+        <artifactId>extensions-parent</artifactId>
+        <version>1.0.0</version>
+    </parent>
+
+    <artifactId>bcgov-services</artifactId>
+    <packaging>jar</packaging>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>3.2.4</version>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <artifactSet>
+                                <excludes>
+                                    <exclude>classworlds:classworlds</exclude>
+                                    <exclude>junit:junit</exclude>
+                                    <exclude>jmock:*</exclude>
+                                    <exclude>*:xml-apis</exclude>
+                                    <exclude>org.apache.maven:lib:tests</exclude>
+                                </excludes>
+                            </artifactSet>
+                            <shadedArtifactAttached>false</shadedArtifactAttached>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>17</source>
+                    <target>17</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.22.0</version>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.keycloak.bom</groupId>
+                <artifactId>keycloak-spi-bom</artifactId>
+                <version>${keycloak.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-core</artifactId>
+                <version>2.14.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>2.14.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-annotations</artifactId>
+                <version>2.14.0</version>
+                <scope>provided</scope>
+            </dependency>
+
+            <!-- Tests -->
+            <dependency>
+                <groupId>junit</groupId>
+                <artifactId>junit</artifactId>
+                <version>4.13.2</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.hamcrest</groupId>
+                <artifactId>hamcrest-all</artifactId>
+                <version>1.3</version>
+                <scope>test</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-saml-core-public</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-spi</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-spi-private</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-model-infinispan</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-services</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+         <!-- Test -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.13.2</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>5.3.1</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-all</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <version>5.9.1</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <version>5.9.1</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/...vices/src/main/java/com/github/bcgov/keycloak/authenticators/BrokeredIdentityContext.java b/...vices/src/main/java/com/github/bcgov/keycloak/authenticators/BrokeredIdentityContext.java
@@ -0,0 +1,14 @@
+package com.github.bcgov.keycloak.authenticators;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class BrokeredIdentityContext {
+  @JsonProperty("identityProviderId")
+  protected String identityProviderId;
+
+  public String getIdentityProviderId() {
+    return identityProviderId;
+  }
+}