Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade keycloak to version 18.0.0 #498

Merged
merged 2 commits into from
Jun 27, 2022
Merged

Conversation

pjgg
Copy link
Contributor

@pjgg pjgg commented Jun 23, 2022

Summary

Motivation: https://github.com/quarkusio/quarkus/wiki/Migration-Guide-2.10

Keycloak 18.0.0 changes (that impact Quarkus test framework):

  • Environment variable KEYCLOAK_IMPORT is not supported anymore
  • A new way to import a realm at start time was created
  • Environment variables KEYCLOAK_USER and KEYCLOAK_PASSWORD was replaced by KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD

This PR is trying to integrate all of these required changes into QuarkusTestFramework.

PR Design decision

  1. New container annotation was created in order to handle Keycloak scenarios: Currently keycloak component doesn't have its own annotation instead we are using a generic approach, through @Container where the developers could set any keycloak version image. The proposal is to use a new annotation called KeycloakContainer where the default values are already set

KeycloakContainer default values:
- image: quay.io/keycloak/keycloak:18.0.0
- port: 8080
- expected started log: started
- io.quarkus.test.bootstrap.KeycloakService has new constructors:

Keycloak 18.0 requires that the imported realms are located into one specific folder: /opt/keycloak/data/import
The new KeycloakService has two constructors:

public KeycloakService(String realmFile, String realm) // by default realmDestPath is set to /opt/keycloak/data/import
public KeycloakService(String realm) // could be useful if you want to setup a keycloak without realm

  1. A new way to attach resources to a container has been created:

Nowadays if you want to attach some file to your container you should add a property with the following value:

myContainer.withProperty("KEYCLOAK_IMPORT", "resource::/tmp/myRealm.json")

The value "prefix", resource:: will trigger a background command in order to create a configMap or to push the above file into the container. However, this "prefix" assume that the file destination path was the same as the original location. Unfortunately on Keycloak this is not valid, the realm.json must be under the folder /opt/keycloak/data/import in order to be imported at the start time. To accomplish this task, we have developed a new "prefix" action:

resource_with_destination::<DEST_PATH> | <ORIGIN_PATH>

For example: withProperty("KEYCLOAK_IMPORT", "resource_with_destination::/opt/keycloak/data/import | /keycloak-realm.json")

  1. Add container "arguments"(${ARGS}) to default openshift-deployment-template.yml (required in order to launch keycloak 18.0.0)
  2. Add sub-paths to openshiftClient Volumes (required in order to read a configMap from keycloak import command)

How to use it

Keycloak 18

 @KeycloakContainer(command = { "start-dev --import-realm --hostname-strict=false" })
    static KeycloakService keycloak = new KeycloakService("/keycloak-realm.json", "test-realm", "/realms");

Note: Previous versions of keycloak as Keycloak 16 or 14 could still use the old way

@Container(image = "${keycloak.image}", expectedLog = "Admin console listening", port = KEYCLOAK_PORT)
    static KeycloakService keycloak = new KeycloakService("/keycloak-realm.json", "test-realm");

Please check the relevant options

  • New feature (non-breaking change which adds functionality)
  • Refactoring
  • Breaking change (fix or feature that would cause existing functionality to change)
  • This change requires a documentation update

Checklist:

  • Example scenarios has been updated / added
  • Methods and classes used in PR scenarios are meaningful
  • Commits are well encapsulated and follow the best practices

@pjgg pjgg requested review from rsvoboda and mjurc June 23, 2022 14:12
@pjgg pjgg force-pushed the feat/upgrade_keycloak branch from a16b950 to 7ed408f Compare June 23, 2022 15:39
@rsvoboda
Copy link
Member

@pjgg pls share Jenkins jobs links with OpenShift runs in native and JVM mode

@pjgg
Copy link
Contributor Author

pjgg commented Jun 23, 2022

@pjgg pjgg force-pushed the feat/upgrade_keycloak branch 2 times, most recently from 94d8805 to e39f89e Compare June 24, 2022 14:02
@pjgg pjgg force-pushed the feat/upgrade_keycloak branch from e39f89e to eb535e3 Compare June 24, 2022 14:05
@pjgg pjgg force-pushed the feat/upgrade_keycloak branch from d37e19a to d183c63 Compare June 27, 2022 10:35
Copy link
Member

@mjurc mjurc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the implemented feature!

LGTM.

@mjurc mjurc merged commit 5488216 into quarkus-qe:main Jun 27, 2022
Copy link
Member

@rsvoboda rsvoboda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only one comment to the PR: CustomVolume is in both kube and openshift module

If there are more cases like this in the future, there should be shared module / dependency on kube module

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants