Skip to content

Commit fc85cbc

Browse files
vincentchalamonvincentchalamon
authored
chore: use keycloak 26 (#435)
1 parent dcab4ba commit fc85cbc

File tree

10 files changed

+2576
-84
lines changed

10 files changed

+2576
-84
lines changed

.github/workflows/cd.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ jobs:
123123
gke-project: ${{ secrets.GKE_PROJECT }}
124124
cloudflare-api-token: ${{ secrets.CF_API_TOKEN }}
125125
cloudflare-zone-id: ${{ secrets.CF_ZONE_ID }}
126-
keycloak-admin-password: ${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}
126+
keycloak-admin-password: ${{ secrets.KC_BOOTSTRAP_ADMIN_PASSWORD }}
127127

128128
check:
129129
name: Check

.github/workflows/ci.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,7 +126,7 @@ jobs:
126126
CADDY_MERCURE_JWT_SECRET: 33b04d361e437e0d7d715600fc24fdefba317154
127127
POSTGRES_PASSWORD: aae5bf316ef5fe87ad806c6a9240fff68bcfdaf7
128128
KEYCLOAK_POSTGRES_PASSWORD: 26d7f630f1524eb210bbf496443f2038a9316e9e
129-
KEYCLOAK_ADMIN_PASSWORD: 2f31e2fad93941b818449fd8d57fd019b6ce7fa5
129+
KC_BOOTSTRAP_ADMIN_PASSWORD: 2f31e2fad93941b818449fd8d57fd019b6ce7fa5
130130
# https://nextjs.org/docs/app/building-your-application/configuring/environment-variables#bundling-environment-variables-for-the-browser
131131
NEXT_PUBLIC_OIDC_SERVER_URL: https://localhost/oidc/realms/demo
132132
# https://docs.docker.com/compose/environment-variables/envvars/#compose_file

api/src/Security/Http/Protection/ResourceResourceHandler.php

Lines changed: 4 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ public function create(object $resource, UserInterface $owner, array $context =
3838
);
3939

4040
// create resource_set on OIDC server
41-
$this->securityAuthorizationClient->request('POST', $this->getResourceRegistrationEndpoint(), [
41+
$this->securityAuthorizationClient->request('POST', 'authz/protection/resource_set', [
4242
'auth_bearer' => $this->getPAT(),
4343
'json' => [
4444
'name' => \sprintf('%s_%s', $shortName, $resource->getId()->__toString()),
@@ -66,7 +66,7 @@ public function delete(object $resource, UserInterface $owner, array $context =
6666
// retrieve corresponding resource_set from OIDC server
6767
$response = $this->securityAuthorizationClient->request(
6868
'GET',
69-
$this->getResourceRegistrationEndpoint(),
69+
'authz/protection/resource_set',
7070
[
7171
'auth_bearer' => $this->getPAT(),
7272
'query' => [
@@ -85,7 +85,7 @@ public function delete(object $resource, UserInterface $owner, array $context =
8585
// delete corresponding resource_set on OIDC server
8686
$this->securityAuthorizationClient->request(
8787
'DELETE',
88-
\sprintf('%s/%s', $this->getResourceRegistrationEndpoint(), $resourceSet['_id']),
88+
\sprintf('%s/%s', 'authz/protection/resource_set', $resourceSet['_id']),
8989
[
9090
'auth_bearer' => $this->getPAT(),
9191
]
@@ -97,7 +97,7 @@ public function delete(object $resource, UserInterface $owner, array $context =
9797
*/
9898
private function getPAT(): string
9999
{
100-
$response = $this->securityAuthorizationClient->request('POST', $this->getTokenEndpoint(), [
100+
$response = $this->securityAuthorizationClient->request('POST', 'protocol/openid-connect/token', [
101101
'body' => [
102102
'grant_type' => 'client_credentials',
103103
'client_id' => $this->oidcClientId,
@@ -108,20 +108,4 @@ private function getPAT(): string
108108

109109
return $content['access_token'];
110110
}
111-
112-
private function getTokenEndpoint(): string
113-
{
114-
$response = $this->securityAuthorizationClient->request('GET', '.well-known/openid-configuration');
115-
$content = $response->toArray();
116-
117-
return $content['token_endpoint'];
118-
}
119-
120-
private function getResourceRegistrationEndpoint(): string
121-
{
122-
$response = $this->securityAuthorizationClient->request('GET', '.well-known/uma2-configuration');
123-
$content = $response->toArray();
124-
125-
return $content['resource_registration_endpoint'];
126-
}
127111
}

compose.e2e.yaml

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,8 @@ services:
55
KEYCLOAK_HTTPS_USE_PEM: "true"
66
KEYCLOAK_HTTPS_CERTIFICATE_FILE: /opt/bitnami/keycloak/certs/tls.crt
77
KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE: /opt/bitnami/keycloak/certs/tls.key
8+
KEYCLOAK_EXTRA_ARGS: "--import-realm"
89
volumes:
910
- ./helm/api-platform/keycloak/certs/tls.crt:/opt/bitnami/keycloak/certs/tls.crt:ro
1011
- ./helm/api-platform/keycloak/certs/tls.pem:/opt/bitnami/keycloak/certs/tls.key:ro
11-
12-
keycloak-config-cli:
13-
extends:
14-
file: compose.override.yaml
15-
service: keycloak-config-cli
12+
- ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import

compose.override.yaml

Lines changed: 3 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -56,20 +56,8 @@ services:
5656
build:
5757
context: ./helm/api-platform/keycloak/
5858
target: keycloak
59-
volumes:
60-
- ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo
61-
62-
keycloak-config-cli:
63-
image: bitnami/keycloak-config-cli:5-debian-12
64-
depends_on:
65-
keycloak:
66-
condition: service_healthy
6759
environment:
68-
KEYCLOAK_URL: http://keycloak:8080/oidc/
69-
KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin}
70-
KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-!ChangeMe!}
71-
KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true"
72-
KEYCLOAK_AVAILABILITYCHECK_TIMEOUT: 120s
73-
IMPORT_FILES_LOCATIONS: "/config/*"
60+
KEYCLOAK_EXTRA_ARGS: "--import-realm"
7461
volumes:
75-
- ./helm/api-platform/keycloak/config:/config
62+
- ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo
63+
- ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import

compose.prod.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,4 +44,4 @@ services:
4444
target: keycloak
4545
environment:
4646
KEYCLOAK_PRODUCTION: "true"
47-
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
47+
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}

compose.yaml

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -98,16 +98,12 @@ services:
9898
KEYCLOAK_DATABASE_NAME: ${KEYCLOAK_POSTGRES_DB:-keycloak}
9999
KEYCLOAK_DATABASE_USER: ${KEYCLOAK_POSTGRES_USER:-keycloak}
100100
KEYCLOAK_DATABASE_PASSWORD: ${KEYCLOAK_POSTGRES_PASSWORD:-!ChangeMe!}
101-
KEYCLOAK_ADMIN_USER: ${KEYCLOAK_ADMIN_USER:-admin}
102-
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-!ChangeMe!}
101+
KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME:-admin}
102+
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD:-!ChangeMe!}
103103
# Must finish with a trailing slash (https://github.com/bitnami/charts/issues/10885#issuecomment-1414279144)
104104
KEYCLOAK_HTTP_RELATIVE_PATH: /oidc/
105-
# https://www.keycloak.org/server/hostname
106-
KC_HOSTNAME_URL: https://${SERVER_NAME:-localhost}/oidc/
107-
KC_HOSTNAME_ADMIN_URL: https://${SERVER_NAME:-localhost}/oidc/
108-
# https://www.keycloak.org/server/features
109-
KC_FEATURES: "scripts"
110-
# https://github.com/bitnami/containers/pull/40893
105+
KEYCLOAK_HOSTNAME: https://${SERVER_NAME:-localhost}/oidc/
106+
KEYCLOAK_HOSTNAME_ADMIN: https://${SERVER_NAME:-localhost}/oidc/
111107
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS: "true"
112108
# https://www.keycloak.org/server/all-config#category-health
113109
healthcheck:

helm/api-platform/keycloak/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55

66
# Versions
7-
FROM bitnami/keycloak:24-debian-12 AS keycloak_upstream
7+
FROM bitnami/keycloak:26-debian-12 AS keycloak_upstream
88

99

1010
# The different stages of this Dockerfile are meant to be built into separate images

0 commit comments

Comments
 (0)