From 602258d93509a651e5bfe81fd460ab8f61e232a0 Mon Sep 17 00:00:00 2001 From: vramik Date: Thu, 3 Apr 2025 15:31:18 +0200 Subject: [PATCH] [FGAP] Switch the feature from Experimental to Supported Closes #38651 Signed-off-by: vramik --- .../java/org/keycloak/common/Profile.java | 2 +- .../java/org/keycloak/common/ProfileTest.java | 2 +- .../keycloak/storage/UserStorageManager.java | 1 + .../it/cli/dist/FeaturesDistTest.java | 6 +++ .../server/EmbeddedKeycloakServer.java | 2 +- .../server/KeycloakServerConfigBuilder.java | 3 +- ...=> FineGrainedPermissionsV1UsersTest.java} | 4 +- .../ClientResourceTypeEvaluationTest.java | 2 +- .../fgap/ClientResourceTypeFilteringTest.java | 2 +- .../ClientResourceTypePermissionTest.java | 2 +- .../admin/authz/fgap/FeatureDisabledTest.java | 40 ------------------- .../authz/fgap/FeatureV2EnabledTest.java | 2 +- .../fgap/GroupResourceTypeEvaluationTest.java | 2 +- .../fgap/GroupResourceTypeFilteringTest.java | 2 +- .../fgap/GroupResourceTypePermissionTest.java | 2 +- .../KeycloakAdminPermissionsServerConfig.java | 30 -------------- .../admin/authz/fgap/PermissionRESTTest.java | 2 +- .../fgap/RoleResourceTypeEvaluationTest.java | 2 +- .../fgap/RoleResourceTypePermissionTest.java | 2 +- .../UserResourceTypeEvaluationSpecTest.java | 2 +- .../fgap/UserResourceTypeEvaluationTest.java | 2 +- .../fgap/UserResourceTypeFilteringTest.java | 2 +- .../fgap/UserResourceTypePermissionTest.java | 2 +- .../rest/TestingResourceProvider.java | 27 +++++++------ .../client/KeycloakTestingClient.java | 28 +++++++++++-- ...abled.java => ExportImportTestFGAPV2.java} | 5 +-- .../ldap/LDAPProvidersIntegrationTest.java | 13 ++++++ .../AuthenticationSessionProviderTest.java | 3 ++ .../model/client/ClientModelTest.java | 7 ++++ .../session/UserSessionInitializerTest.java | 1 + 30 files changed, 92 insertions(+), 110 deletions(-) rename tests/base/src/test/java/org/keycloak/tests/admin/{FineGrainedPermissionsUsersTest.java => FineGrainedPermissionsV1UsersTest.java} (99%) delete mode 100644 tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureDisabledTest.java delete mode 100644 tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/KeycloakAdminPermissionsServerConfig.java rename testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/{ExportImportTestWithFGAPV2Enabled.java => ExportImportTestFGAPV2.java} (95%) diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java index a602ddf5879..ae4e4735771 100755 --- a/common/src/main/java/org/keycloak/common/Profile.java +++ b/common/src/main/java/org/keycloak/common/Profile.java @@ -55,7 +55,7 @@ public class Profile { ADMIN_FINE_GRAINED_AUTHZ("Fine-Grained Admin Permissions", Type.PREVIEW, 1), - ADMIN_FINE_GRAINED_AUTHZ_V2("Fine-Grained Admin Permissions version 2", Type.EXPERIMENTAL, 2, Feature.AUTHORIZATION), + ADMIN_FINE_GRAINED_AUTHZ_V2("Fine-Grained Admin Permissions version 2", Type.DEFAULT, 2, Feature.AUTHORIZATION), ADMIN_API("Admin API", Type.DEFAULT), diff --git a/common/src/test/java/org/keycloak/common/ProfileTest.java b/common/src/test/java/org/keycloak/common/ProfileTest.java index a45584a4d5d..d68b4a2d7f0 100644 --- a/common/src/test/java/org/keycloak/common/ProfileTest.java +++ b/common/src/test/java/org/keycloak/common/ProfileTest.java @@ -27,7 +27,7 @@ import static org.junit.Assert.assertThrows; public class ProfileTest { - private static final Profile.Feature DEFAULT_FEATURE = Profile.Feature.AUTHORIZATION; + private static final Profile.Feature DEFAULT_FEATURE = Profile.Feature.CLIENT_POLICIES; private static final Profile.Feature DISABLED_BY_DEFAULT_FEATURE = Profile.Feature.DOCKER; private static final Profile.Feature PREVIEW_FEATURE = Profile.Feature.TOKEN_EXCHANGE; private static final Profile.Feature EXPERIMENTAL_FEATURE = Profile.Feature.DYNAMIC_SCOPES; diff --git a/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java b/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java index 0c2c0bf8d2d..d33a6965651 100755 --- a/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java +++ b/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java @@ -227,6 +227,7 @@ public class UserStorageManager extends AbstractStorageManager { RealmModel realmModel = session.realms().getRealm(realm.getId()); if (realmModel == null) return; + session.getContext().setRealm(realm); UserModel deletedUser = UserStoragePrivateUtil.userLocalStorage(session).getUserById(realmModel, userId); if (deletedUser != null) { try { diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java index 48786ae6855..153ad8e89ca 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java @@ -17,6 +17,7 @@ import org.keycloak.quarkus.runtime.cli.command.Start; import org.keycloak.quarkus.runtime.cli.command.StartDev; import java.util.Arrays; +import java.util.Set; import java.util.stream.Collectors; import static org.hamcrest.CoreMatchers.containsString; @@ -31,6 +32,11 @@ public class FeaturesDistTest { private static final String PREVIEW_FEATURES_EXPECTED_LOG = "Preview features enabled: " + Arrays.stream(Profile.Feature.values()) .filter(feature -> feature.getType() == Profile.Feature.Type.PREVIEW) + .filter(feature -> { + Set versions = Profile.getFeatureVersions(feature.getKey()); + if (versions.size() == 1) return true; + return versions.iterator().next().getVersion() == feature.getVersion(); + }) .map(Profile.Feature::getVersionedKey) .sorted() .collect(Collectors.joining(", ")); diff --git a/test-framework/core/src/main/java/org/keycloak/testframework/server/EmbeddedKeycloakServer.java b/test-framework/core/src/main/java/org/keycloak/testframework/server/EmbeddedKeycloakServer.java index 6bfb91a31fd..354af820932 100644 --- a/test-framework/core/src/main/java/org/keycloak/testframework/server/EmbeddedKeycloakServer.java +++ b/test-framework/core/src/main/java/org/keycloak/testframework/server/EmbeddedKeycloakServer.java @@ -66,6 +66,6 @@ public class EmbeddedKeycloakServer implements KeycloakServer { @Override public String getManagementBaseUrl() { - return "http://localhost:9000"; + return "http://localhost:9001"; } } diff --git a/test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java b/test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java index 058cfd44127..e95997e0f5f 100644 --- a/test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java +++ b/test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java @@ -5,6 +5,7 @@ import io.quarkus.maven.dependency.DependencyBuilder; import io.smallrye.config.SmallRyeConfig; import org.eclipse.microprofile.config.spi.ConfigSource; import org.keycloak.common.Profile; +import org.keycloak.common.Profile.Feature; import java.net.URISyntaxException; import java.nio.file.Path; @@ -206,7 +207,7 @@ public class KeycloakServerConfigBuilder { private Set toFeatureStrings(Profile.Feature... features) { return Arrays.stream(features).map(f -> { - if (f.getVersion() > 1) { + if (Profile.getFeatureVersions(f.getKey()).size() > 1) { return f.getVersionedKey(); } return f.name().toLowerCase().replace('_', '-'); diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/FineGrainedPermissionsUsersTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/FineGrainedPermissionsV1UsersTest.java similarity index 99% rename from tests/base/src/test/java/org/keycloak/tests/admin/FineGrainedPermissionsUsersTest.java rename to tests/base/src/test/java/org/keycloak/tests/admin/FineGrainedPermissionsV1UsersTest.java index 0b9104b39d6..2ca9ee4b006 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/FineGrainedPermissionsUsersTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/FineGrainedPermissionsV1UsersTest.java @@ -41,8 +41,8 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasSize; -@KeycloakIntegrationTest(config = FineGrainedPermissionsUsersTest.ServerConfig.class) -public class FineGrainedPermissionsUsersTest { +@KeycloakIntegrationTest(config = FineGrainedPermissionsV1UsersTest.ServerConfig.class) +public class FineGrainedPermissionsV1UsersTest { @InjectRealm(lifecycle = LifeCycle.METHOD) ManagedRealm realm; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java index dc5b39bf9ad..b05ce7ec96f 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java @@ -70,7 +70,7 @@ import org.keycloak.testframework.annotations.InjectClient; import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.realm.ManagedClient; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class ClientResourceTypeEvaluationTest extends AbstractPermissionTest { @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java index a886924a043..4a11ffeeec3 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java @@ -42,7 +42,7 @@ import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; import org.keycloak.testframework.annotations.InjectAdminClient; import org.keycloak.testframework.annotations.KeycloakIntegrationTest; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class ClientResourceTypeFilteringTest extends AbstractPermissionTest { @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java index adcada03c37..1bfb93fb539 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java @@ -31,7 +31,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.injection.LifeCycle; import org.keycloak.testframework.realm.ManagedClient; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class ClientResourceTypePermissionTest extends AbstractPermissionTest { @InjectClient(ref = "testClient") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureDisabledTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureDisabledTest.java deleted file mode 100644 index e06bf37cd5c..00000000000 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureDisabledTest.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2025 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.tests.admin.authz.fgap; - -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.notNullValue; -import static org.hamcrest.Matchers.nullValue; -import org.junit.jupiter.api.Test; -import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; -import org.keycloak.testframework.annotations.InjectClient; -import org.keycloak.testframework.annotations.KeycloakIntegrationTest; -import org.keycloak.testframework.realm.ManagedClient; - -@KeycloakIntegrationTest -public class FeatureDisabledTest { - - @InjectClient(config = AuthzClientConfig.class) - private ManagedClient testClient; - - @Test - public void schemaNotAvailableFeatureDisabled() { - ResourceServerRepresentation authorizationSettings = testClient.admin().authorization().getSettings(); - assertThat(authorizationSettings, notNullValue()); - assertThat(authorizationSettings.getAuthorizationSchema(), nullValue()); - } -} diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureV2EnabledTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureV2EnabledTest.java index a2f3b50713d..c445ec03077 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureV2EnabledTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureV2EnabledTest.java @@ -34,7 +34,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.realm.ManagedClient; import org.keycloak.testframework.realm.ManagedRealm; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class FeatureV2EnabledTest { @InjectRealm diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java index 794000fcf11..0cc1252efea 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java @@ -61,7 +61,7 @@ import org.keycloak.testframework.realm.ManagedUser; import org.keycloak.testframework.realm.UserConfigBuilder; import org.keycloak.testframework.util.ApiUtil; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class GroupResourceTypeEvaluationTest extends AbstractPermissionTest { @InjectUser(ref = "alice") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java index 704b9753e31..127cfeaba30 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java @@ -47,7 +47,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.realm.ManagedUser; import org.keycloak.testframework.util.ApiUtil; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class GroupResourceTypeFilteringTest extends AbstractPermissionTest { @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java index 5499350ecc8..00390f7fb96 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java @@ -35,7 +35,7 @@ import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.util.ApiUtil; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class GroupResourceTypePermissionTest extends AbstractPermissionTest { @BeforeEach diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/KeycloakAdminPermissionsServerConfig.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/KeycloakAdminPermissionsServerConfig.java deleted file mode 100644 index f2182d39cc3..00000000000 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/KeycloakAdminPermissionsServerConfig.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2024 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.tests.admin.authz.fgap; - -import org.keycloak.common.Profile.Feature; -import org.keycloak.testframework.server.KeycloakServerConfig; -import org.keycloak.testframework.server.KeycloakServerConfigBuilder; - -public class KeycloakAdminPermissionsServerConfig implements KeycloakServerConfig { - - @Override - public KeycloakServerConfigBuilder configure(KeycloakServerConfigBuilder config) { - return config.features(Feature.ADMIN_FINE_GRAINED_AUTHZ_V2); - } -} diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java index e99a2a70446..f54f723ec00 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java @@ -38,7 +38,7 @@ import org.keycloak.testframework.annotations.InjectUser; import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.realm.ManagedUser; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class PermissionRESTTest extends AbstractPermissionTest { @InjectUser(ref = "alice") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java index b3d889d4867..50a92809440 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java @@ -49,7 +49,7 @@ import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE_CLIENT_ import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE_COMPOSITE; import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class RoleResourceTypeEvaluationTest extends AbstractPermissionTest { @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java index c9f7711a684..d98f0d9d28b 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java @@ -35,7 +35,7 @@ import org.keycloak.testframework.annotations.InjectClient; import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.realm.ManagedClient; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class RoleResourceTypePermissionTest extends AbstractPermissionTest { @InjectClient(ref = "testClient") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java index 45f41d05350..ea8976aa027 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java @@ -61,7 +61,7 @@ import org.keycloak.testframework.annotations.InjectUser; import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.realm.ManagedUser; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class UserResourceTypeEvaluationSpecTest extends AbstractPermissionTest { @InjectUser(ref = "alice") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java index 4c4a600fc33..99c807dc3a7 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java @@ -55,7 +55,7 @@ import org.keycloak.testframework.realm.ManagedUser; import org.keycloak.testframework.realm.UserConfigBuilder; import org.keycloak.testframework.util.ApiUtil; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class UserResourceTypeEvaluationTest extends AbstractPermissionTest { @InjectUser(ref = "alice") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java index 541ddb72233..a6283b747da 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java @@ -60,7 +60,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.realm.UserConfigBuilder; import org.keycloak.testframework.util.ApiUtil; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class UserResourceTypeFilteringTest extends AbstractPermissionTest { @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin") diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java index af6e45b0829..1044498c350 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java @@ -53,7 +53,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest; import org.keycloak.testframework.injection.LifeCycle; import org.keycloak.testframework.realm.ManagedUser; -@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class) +@KeycloakIntegrationTest public class UserResourceTypePermissionTest extends AbstractPermissionTest { @InjectUser(ref = "alice", lifecycle = LifeCycle.METHOD) diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java index c076e8d759d..b452a6612fc 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java @@ -889,11 +889,10 @@ public class TestingResourceProvider implements RealmResourceProvider { @Consumes(MediaType.APPLICATION_JSON) public void resetFeature(@PathParam("feature") String featureKey) { - Profile.Feature feature; + featureKey = featureKey.contains(":") ? featureKey.split(":")[0] : featureKey; + Profile.Feature feature = Profile.getFeatureVersions(featureKey).iterator().next(); - try { - feature = Profile.Feature.valueOf(featureKey); - } catch (IllegalArgumentException e) { + if (feature == null) { System.err.printf("Feature '%s' doesn't exist!!\n", featureKey); throw new BadRequestException(); } @@ -911,16 +910,18 @@ public class TestingResourceProvider implements RealmResourceProvider { private Set updateFeature(String featureKey, boolean shouldEnable) { Collection features = null; - try { - features = Arrays.asList(Profile.Feature.valueOf(featureKey)); - } catch (IllegalArgumentException e) { - Set featureVersions = Profile.getFeatureVersions(featureKey); - if (!shouldEnable) { - features = featureVersions; - } else if (!featureVersions.isEmpty()) { - // the set is ordered by preferred feature - features = Arrays.asList(featureVersions.iterator().next()); + if (featureKey.contains(":")) { + String unversionedKey = featureKey.split(":")[0]; + int version = Integer.parseInt(featureKey.split(":")[1].replace("v", "")); + + for (Feature versionedFeature : Profile.getFeatureVersions(unversionedKey)) { + if (versionedFeature.getVersion() == version) { + features = Set.of(versionedFeature); + break; + } } + } else { + features = Profile.getFeatureVersions(featureKey); } if (features == null || features.isEmpty()) { diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java index ba174bf70cb..074b00c8e78 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java @@ -85,13 +85,25 @@ public class KeycloakTestingClient implements AutoCloseable { } public void enableFeature(Profile.Feature feature) { - Set disabledFeatures = testing().enableFeature(feature.toString()); + String featureString; + if (Profile.getFeatureVersions(feature.getUnversionedKey()).size() > 1) { + featureString = feature.getVersionedKey(); + } else { + featureString = feature.getKey(); + } + Set disabledFeatures = testing().enableFeature(featureString); Assert.assertFalse(disabledFeatures.contains(feature)); ProfileAssume.updateDisabledFeatures(disabledFeatures); } public void disableFeature(Profile.Feature feature) { - Set disabledFeatures = testing().disableFeature(feature.toString()); + String featureString; + if (Profile.getFeatureVersions(feature.getUnversionedKey()).size() > 1) { + featureString = feature.getVersionedKey(); + } else { + featureString = feature.getKey(); + } + Set disabledFeatures = testing().disableFeature(featureString); Assert.assertTrue(disabledFeatures.contains(feature)); ProfileAssume.updateDisabledFeatures(disabledFeatures); } @@ -102,7 +114,17 @@ public class KeycloakTestingClient implements AutoCloseable { * @param feature */ public void resetFeature(Profile.Feature feature) { - testing().resetFeature(feature.toString()); + String featureString; + if (Profile.getFeatureVersions(feature.getUnversionedKey()).size() > 1) { + featureString = feature.getVersionedKey(); + Profile.Feature featureVersionHighestPriority = Profile.getFeatureVersions(feature.getKey()).iterator().next(); + if (featureVersionHighestPriority.getType().equals(Profile.Feature.Type.DEFAULT)) { + enableFeature(featureVersionHighestPriority); + } + } else { + featureString = feature.getKey(); + } + testing().resetFeature(featureString); } public TestApplicationResource testApp() { return target.proxy(TestApplicationResource.class); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/ExportImportTestWithFGAPV2Enabled.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/ExportImportTestFGAPV2.java similarity index 95% rename from testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/ExportImportTestWithFGAPV2Enabled.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/ExportImportTestFGAPV2.java index ac6c82aa8ad..32cfadecf12 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/ExportImportTestWithFGAPV2Enabled.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/ExportImportTestFGAPV2.java @@ -26,15 +26,12 @@ import static org.junit.Assert.assertTrue; import java.util.List; import org.junit.After; import org.junit.Test; -import org.keycloak.common.Profile; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; -import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.exportimport.ExportImportTest; -@EnableFeature(Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ_V2) -public class ExportImportTestWithFGAPV2Enabled extends ExportImportTest { +public class ExportImportTestFGAPV2 extends ExportImportTest { private final String REALM_NAME = "fgap"; private final String CUSTOM_CLIENT_ID = "imported-permission-client"; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java index 27d53bfd3ea..8acd44011c7 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java @@ -106,6 +106,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app"); @@ -1093,6 +1094,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); ctx.getLdapModel().getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))"); appRealm.updateComponent(ctx.getLdapModel()); @@ -1101,6 +1103,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username5", "John5", "Doel5", "user5@email.org", null, "125"); LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username6", "John6", "Doel6", "user6@email.org", null, "126"); @@ -1141,6 +1144,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); UserStorageUtil.userCache(session).clear(); // Add custom filter again ctx.getLdapModel().getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))"); @@ -1151,6 +1155,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); UserStorageUtil.userCache(session).clear(); // search by id using custom filter. Must return the user @@ -1172,6 +1177,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); UserStorageProviderModel model = new UserStorageProviderModel(ctx.getLdapModel()); model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString()); @@ -1181,6 +1187,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak"); Assert.assertNotNull(user); @@ -1234,6 +1241,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak"); // change username locally @@ -1252,6 +1260,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); @@ -1270,6 +1279,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username8", "John8", "Doel8", "user8@email.org", null, ATTRIBUTE_VALUE); LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username9", "John9", "Doel9", "user9@email.org", null, ATTRIBUTE_VALUE); @@ -1338,6 +1348,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { LDAPTestContext ctx = LDAPTestContext.init(session); RealmModel appRealm = ctx.getRealm(); + session.getContext().setRealm(appRealm); LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johndirect", "John", "Direct", "johndirect@email.org", null, "1234"); @@ -1354,6 +1365,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { RealmModel appRealm = new RealmManager(session).getRealmByName("test"); + session.getContext().setRealm(appRealm); CachedUserModel user = (CachedUserModel) session.users().getUserByUsername(appRealm, "johndirect"); String postalCode = user.getFirstAttribute("postal_code"); String email = user.getEmail(); @@ -1365,6 +1377,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { testingClient.server().run(session -> { RealmModel appRealm = new RealmManager(session).getRealmByName("test"); + session.getContext().setRealm(appRealm); UserModel user = session.users().getUserByUsername(appRealm, "johndirect"); Assert.assertNull(user); }); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java index 2a122848822..93fa94b4fde 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java @@ -301,6 +301,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> { KeycloakSession currentSession = sesRealmRemoved1; RealmModel realm = currentSession.realms().getRealm(realmId); + currentSession.getContext().setRealm(realm); authSessionID.set(currentSession.authenticationSessions().createRootAuthenticationSession(realm).getId()); @@ -316,6 +317,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> { KeycloakSession currentSession = sesRealmRemoved1; RealmModel realm = currentSession.realms().getRealm(realmId); + currentSession.getContext().setRealm(realm); RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get()); @@ -329,6 +331,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> { KeycloakSession currentSession = sesRealmRemoved1; RealmModel realm = currentSession.realms().getRealm(realmId); + currentSession.getContext().setRealm(realm); RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get()); assertThat(rootAuthSession.getAuthenticationSession(realm.getClientByClientId("test-app"), tab1ID.get()).getAuthNote("foo"), is("bar")); diff --git a/testsuite/model/src/test/java/org/keycloak/testsuite/model/client/ClientModelTest.java b/testsuite/model/src/test/java/org/keycloak/testsuite/model/client/ClientModelTest.java index e9c0b8df031..6c9b492256f 100644 --- a/testsuite/model/src/test/java/org/keycloak/testsuite/model/client/ClientModelTest.java +++ b/testsuite/model/src/test/java/org/keycloak/testsuite/model/client/ClientModelTest.java @@ -153,6 +153,7 @@ public class ClientModelTest extends KeycloakModelTest { // create two clients, one realm role and one client role and assign both to one of the clients inComittedTransaction(1, (session , i) -> { final RealmModel realm = session.realms().getRealm(realmId); + session.getContext().setRealm(realm); ClientModel client1 = session.clients().addClient(realm, "client1"); ClientModel client2 = session.clients().addClient(realm, "client2"); RoleModel realmRole = session.roles().addRealmRole(realm, "realm-role"); @@ -165,6 +166,7 @@ public class ClientModelTest extends KeycloakModelTest { // check everything is OK inComittedTransaction(1, (session, i) -> { final RealmModel realm = session.realms().getRealm(realmId); + session.getContext().setRealm(realm); final ClientModel client1 = session.clients().getClientByClientId(realm, "client1"); assertThat(client1.getScopeMappingsStream().count(), is(2L)); assertThat(client1.getScopeMappingsStream().filter(r -> r.getName().equals("realm-role")).count(), is(1L)); @@ -175,6 +177,7 @@ public class ClientModelTest extends KeycloakModelTest { // remove the realm role inComittedTransaction(1, (session, i) -> { final RealmModel realm = session.realms().getRealm(realmId); + session.getContext().setRealm(realm); final RoleModel role = session.roles().getRealmRole(realm, "realm-role"); session.roles().removeRole(role); return null; @@ -183,6 +186,7 @@ public class ClientModelTest extends KeycloakModelTest { // check it is removed inComittedTransaction(1, (session, i) -> { final RealmModel realm = session.realms().getRealm(realmId); + session.getContext().setRealm(realm); final ClientModel client1 = session.clients().getClientByClientId(realm, "client1"); assertThat(client1.getScopeMappingsStream().count(), is(1L)); assertThat(client1.getScopeMappingsStream().filter(r -> r.getName().equals("client2-role")).count(), is(1L)); @@ -192,6 +196,7 @@ public class ClientModelTest extends KeycloakModelTest { // remove client role inComittedTransaction(1, (session, i) -> { final RealmModel realm = session.realms().getRealm(realmId); + session.getContext().setRealm(realm); final ClientModel client2 = session.clients().getClientByClientId(realm, "client2"); final RoleModel role = session.roles().getClientRole(client2, "client2-role"); session.roles().removeRole(role); @@ -201,6 +206,7 @@ public class ClientModelTest extends KeycloakModelTest { // check both clients are removed inComittedTransaction(1, (session, i) -> { final RealmModel realm = session.realms().getRealm(realmId); + session.getContext().setRealm(realm); final ClientModel client1 = session.clients().getClientByClientId(realm, "client1"); assertThat(client1.getScopeMappingsStream().count(), is(0L)); return null; @@ -209,6 +215,7 @@ public class ClientModelTest extends KeycloakModelTest { // remove clients inComittedTransaction(1, (session , i) -> { final RealmModel realm = session.realms().getRealm(realmId); + session.getContext().setRealm(realm); final ClientModel client1 = session.clients().getClientByClientId(realm, "client1"); final ClientModel client2 = session.clients().getClientByClientId(realm, "client2"); session.clients().removeClient(realm, client1.getId()); diff --git a/testsuite/model/src/test/java/org/keycloak/testsuite/model/session/UserSessionInitializerTest.java b/testsuite/model/src/test/java/org/keycloak/testsuite/model/session/UserSessionInitializerTest.java index 269162f580e..b2bde741162 100644 --- a/testsuite/model/src/test/java/org/keycloak/testsuite/model/session/UserSessionInitializerTest.java +++ b/testsuite/model/src/test/java/org/keycloak/testsuite/model/session/UserSessionInitializerTest.java @@ -133,6 +133,7 @@ public class UserSessionInitializerTest extends KeycloakModelTest { inComittedTransaction(session -> { RealmModel realm = session.realms().getRealm(realmId); + session.getContext().setRealm(realm); // Delete one of the clients now ClientModel testApp = realm.getClientByClientId("test-app");