Skip to content

Commit

Permalink
fix: adds hostname:v1 (keycloak#26003)
Browse files Browse the repository at this point in the history 
closes: keycloak#25336

Signed-off-by: Steve Hawkins <[email protected]>
  • Loading branch information
@shawkins
shawkins authored Jan 17, 2024
1 parent ba76682 commit 74b5620
Show file tree
Hide file tree
Showing 18 changed files with 127 additions and 95 deletions.
31 changes: 23 additions & 8 deletions common/src/main/java/org/keycloak/common/Profile.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
Expand Down Expand Up @@ -104,10 +105,14 @@ public enum Feature {
MULTI_SITE("Multi-site support", Type.PREVIEW),

OFFLINE_SESSION_PRELOADING("Offline session preloading", Type.DEPRECATED),
HOSTNAME_V1("Hostname Options V1", Type.DEFAULT),
//HOSTNAME_V2("Hostname Options V2", Type.DEFAULT, 2),
;

private final Type type;
private final String label;
private final String unversionedKey;
private final String key;

private Set<Feature> dependencies;
private int version;
Expand All @@ -123,8 +128,14 @@ public enum Feature {
this.label = label;
this.type = type;
this.version = version;
if (this.version > 1 && !this.name().endsWith("_V" + version)) {
throw new IllegalStateException("It is expected that the enum name ends with the version");
this.key = name().toLowerCase().replaceAll("_", "-");
if (this.name().endsWith("_V" + version)) {
unversionedKey = key.substring(0, key.length() - (String.valueOf(version).length() + 2));
} else {
this.unversionedKey = key;
if (this.version > 1) {
throw new IllegalStateException("It is expected that the enum name ends with the version");
}
}
this.dependencies = Arrays.stream(dependencies).collect(Collectors.toSet());
}
Expand All @@ -136,19 +147,15 @@ public enum Feature {
* {@link #getVersionedKey()} should instead be shown to users where possible.
*/
public String getKey() {
return name().toLowerCase().replaceAll("_", "-");
return key;
}

/**
* Return the key without any versioning. All features of the same type
* will share this key.
*/
public String getUnversionedKey() {
String key = getKey();
if (version == 1) {
return key;
}
return key.substring(0, key.length() - (String.valueOf(version).length() + 2));
return unversionedKey;
}

/**
Expand Down Expand Up @@ -195,6 +202,8 @@ public String getLabel() {
}
}

private static final Set<String> ESSENTIAL_FEATURES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(Feature.HOSTNAME_V1.getUnversionedKey())));

private static final Logger logger = Logger.getLogger(Profile.class);

private static Profile CURRENT;
Expand All @@ -220,6 +229,8 @@ public static Profile configure(ProfileConfigResolver... resolvers) {
Feature enabledFeature = null;
if (unversionedConfig == FeatureConfig.ENABLED) {
enabledFeature = entry.getValue().iterator().next();
} else if (unversionedConfig == FeatureConfig.DISABLED && ESSENTIAL_FEATURES.contains(unversionedFeature)) {
throw new ProfileException(String.format("Feature %s cannot be disabled.", unversionedFeature));
}

// now check each feature version to ensure consistency and select any features enabled by default
Expand Down Expand Up @@ -317,6 +328,10 @@ public static Set<String> getAllUnversionedFeatureNames() {
return Collections.unmodifiableSet(getOrderedFeatures().keySet());
}

public static Set<String> getDisableableUnversionedFeatureNames() {
return getOrderedFeatures().keySet().stream().filter(f -> !ESSENTIAL_FEATURES.contains(f)).collect(Collectors.toSet());
}

/**
* Get all of the feature versions for the given feature. They will be ordered by priority.
* <p>
Expand Down
6 changes: 3 additions & 3 deletions quarkus/config-api/src/main/java/org/keycloak/config/FeatureOptions.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,16 @@ public class FeatureOptions {
.buildTime(true)
.build();

public static List<String> getFeatureValues(boolean includeVersions) {
public static List<String> getFeatureValues(boolean toEnable) {
List<String> features = new ArrayList<>();

if (includeVersions) {
if (toEnable) {
Profile.getAllUnversionedFeatureNames().forEach(f -> {
features.add(f + "[:" + Profile.getFeatureVersions(f).stream().sorted().map(v -> "v" + v.getVersion())
.collect(Collectors.joining(",")) + "]");
});
} else {
features.addAll(Profile.getAllUnversionedFeatureNames());
features.addAll(Profile.getDisableableUnversionedFeatureNames());
}

features.add(Profile.Feature.Type.PREVIEW.name().toLowerCase());
Expand Down
10 changes: 9 additions & 1 deletion .../runtime/src/main/java/org/keycloak/quarkus/runtime/hostname/DefaultHostnameProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,18 +37,21 @@
import jakarta.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.common.Profile.Feature;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.common.util.Resteasy;
import org.keycloak.config.HostnameOptions;
import org.keycloak.config.ProxyOptions;
import org.keycloak.config.ProxyOptions.Mode;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.urls.HostnameProvider;
import org.keycloak.urls.HostnameProviderFactory;
import org.keycloak.urls.UrlType;

public final class DefaultHostnameProvider implements HostnameProvider, HostnameProviderFactory {
public final class DefaultHostnameProvider implements HostnameProvider, HostnameProviderFactory, EnvironmentDependentProviderFactory {

private static final Logger LOGGER = Logger.getLogger(DefaultHostnameProvider.class);
private static final String REALM_URI_SESSION_ATTRIBUTE = DefaultHostnameProvider.class.getName() + ".realmUrl";
Expand Down Expand Up @@ -354,4 +357,9 @@ private <T> T fromBaseUriOrDefault(Function<URI, T> resolver, URI baseUri, T def

return defaultValue;
}

@Override
public boolean isSupported() {
return Profile.isFeatureEnabled(Feature.HOSTNAME_V1);
}
}
10 changes: 5 additions & 5 deletions ...ycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,11 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
Expand Down
12 changes: 7 additions & 5 deletions ...oak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ Database:

--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.

Transaction:

Expand All @@ -49,11 +51,11 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
Expand Down
10 changes: 5 additions & 5 deletions ...cloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
Expand Down
10 changes: 5 additions & 5 deletions ...ak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
Expand Down
10 changes: 5 additions & 5 deletions ...cloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
Expand Down
10 changes: 5 additions & 5 deletions ...ak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
Expand Down
10 changes: 5 additions & 5 deletions ...oak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,11 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
Expand Down
19 changes: 10 additions & 9 deletions .../it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,18 +76,19 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], par[:v1], preview,
recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1],
token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, device-flow,
docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos,
linkedin-oauth, multi-site, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.
linkedin-oauth, multi-site, offline-session-preloading, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
transient-users, update-email, web-authn.

Hostname:

Expand Down Expand Up @@ -275,5 +276,5 @@ Security:

Do NOT start the server using this command when deploying to production.

Use 'kc.bat start-dev --help-all' to list all available options, including
build options.
Use 'kc.bat start-dev --help-all' to list all available options, including build
options.
10 changes: 5 additions & 5 deletions .../it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,11 @@ Feature:
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
[:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
Expand Down
Loading

0 comments on commit 74b5620

Please sign in to comment.