diff --git a/app/pom.xml b/app/pom.xml
index 381c98af9e..43b137b899 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -293,6 +293,11 @@
strimzi-test-container
test
+
+ com.github.dasniko
+ testcontainers-keycloak
+ test
+
io.zonky.test
embedded-postgres
diff --git a/app/src/main/java/io/apicurio/registry/ccompat/rest/v7/impl/AbstractResource.java b/app/src/main/java/io/apicurio/registry/ccompat/rest/v7/impl/AbstractResource.java
index a83f313d1c..56f7fa21c3 100644
--- a/app/src/main/java/io/apicurio/registry/ccompat/rest/v7/impl/AbstractResource.java
+++ b/app/src/main/java/io/apicurio/registry/ccompat/rest/v7/impl/AbstractResource.java
@@ -32,6 +32,7 @@
import io.apicurio.registry.types.VersionState;
import io.apicurio.registry.types.provider.ArtifactTypeUtilProvider;
import io.apicurio.registry.types.provider.ArtifactTypeUtilProviderFactory;
+import io.quarkus.security.identity.SecurityIdentity;
import jakarta.inject.Inject;
import jakarta.ws.rs.BadRequestException;
import org.apache.avro.AvroTypeException;
@@ -67,6 +68,9 @@ public abstract class AbstractResource {
@Inject
ArtifactTypeUtilProviderFactory factory;
+ @Inject
+ SecurityIdentity securityIdentity;
+
protected String toSubjectWithGroupConcat(String groupId, String artifactId) {
return (groupId == null ? "" : groupId) + cconfig.groupConcatSeparator + artifactId;
}
@@ -107,6 +111,9 @@ protected ArtifactVersionMetaDataDto createOrUpdateArtifact(String artifactId, S
.collect(Collectors.toList());
final Map resolvedReferences = RegistryContentUtils
.recursivelyResolveReferences(parsedReferences, storage::getContentByReference);
+
+ String owner = securityIdentity.getPrincipal().getName();
+
try {
ContentHandle schemaContent;
schemaContent = ContentHandle.create(schema);
@@ -126,8 +133,10 @@ protected ArtifactVersionMetaDataDto createOrUpdateArtifact(String artifactId, S
ContentWrapperDto firstVersionContent = ContentWrapperDto.builder().content(schemaContent)
.contentType(contentType).references(parsedReferences).build();
- res = storage.createArtifact(groupId, artifactId, artifactType, artifactMetaData, null,
- firstVersionContent, firstVersionMetaData, null, false, false).getValue();
+ res = storage
+ .createArtifact(groupId, artifactId, artifactType, artifactMetaData, null,
+ firstVersionContent, firstVersionMetaData, null, false, false, owner)
+ .getValue();
} else {
TypedContent typedSchemaContent = TypedContent.create(schemaContent, contentType);
rulesService.applyRules(groupId, artifactId, artifactType, typedSchemaContent,
@@ -135,7 +144,7 @@ protected ArtifactVersionMetaDataDto createOrUpdateArtifact(String artifactId, S
ContentWrapperDto versionContent = ContentWrapperDto.builder().content(schemaContent)
.contentType(contentType).references(parsedReferences).build();
res = storage.createArtifactVersion(groupId, artifactId, null, artifactType, versionContent,
- EditableVersionMetaDataDto.builder().build(), List.of(), false, false);
+ EditableVersionMetaDataDto.builder().build(), List.of(), false, false, owner);
}
} catch (RuleViolationException ex) {
if (ex.getRuleType() == RuleType.VALIDITY) {
diff --git a/app/src/main/java/io/apicurio/registry/limits/RegistryStorageLimitsEnforcer.java b/app/src/main/java/io/apicurio/registry/limits/RegistryStorageLimitsEnforcer.java
index 033eb1ec4b..92ffe22fd9 100644
--- a/app/src/main/java/io/apicurio/registry/limits/RegistryStorageLimitsEnforcer.java
+++ b/app/src/main/java/io/apicurio/registry/limits/RegistryStorageLimitsEnforcer.java
@@ -60,12 +60,13 @@ public int order() {
public Pair createArtifact(String groupId,
String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
- List versionBranches, boolean versionIsDraft, boolean dryRun)
+ List versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
throws RegistryStorageException {
Pair rval = withLimitsCheck(
() -> limitsService.canCreateArtifact(artifactMetaData, versionContent, versionMetaData))
.execute(() -> super.createArtifact(groupId, artifactId, artifactType, artifactMetaData,
- version, versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun));
+ version, versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun,
+ owner));
limitsService.artifactCreated();
return rval;
}
@@ -73,11 +74,12 @@ public Pair createArtifact(Stri
@Override
public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
- List branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+ List branches, boolean isDraft, boolean dryRun, String owner)
+ throws RegistryStorageException {
ArtifactVersionMetaDataDto dto = withLimitsCheck(
() -> limitsService.canCreateArtifactVersion(groupId, artifactId, null, content.getContent()))
.execute(() -> super.createArtifactVersion(groupId, artifactId, version, artifactType,
- content, metaData, branches, isDraft, dryRun));
+ content, metaData, branches, isDraft, dryRun, owner));
limitsService.artifactVersionCreated(groupId, artifactId);
return dto;
}
diff --git a/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java b/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java
index 70c1879440..634230f276 100644
--- a/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java
+++ b/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java
@@ -1098,6 +1098,8 @@ private ArtifactMetaData createArtifactWithRefs(String groupId, String xRegistry
String ct = getContentType();
try {
+
+ String owner = securityIdentity.getPrincipal().getName();
String artifactId = xRegistryArtifactId;
if (artifactId == null || artifactId.trim().isEmpty()) {
@@ -1140,7 +1142,7 @@ private ArtifactMetaData createArtifactWithRefs(String groupId, String xRegistry
Pair createResult = storage.createArtifact(
defaultGroupIdToNull(groupId), artifactId, artifactType, metaData, xRegistryVersion,
- contentDto, versionMetaData, List.of(), false, false);
+ contentDto, versionMetaData, List.of(), false, false, owner);
return V2ApiUtil.dtoToMetaData(groupId, artifactId, artifactType, createResult.getRight());
} catch (ArtifactAlreadyExistsException ex) {
@@ -1258,6 +1260,8 @@ private VersionMetaData createArtifactVersionWithRefs(String groupId, String art
final Map resolvedReferences = RegistryContentUtils
.recursivelyResolveReferences(referencesAsDtos, storage::getContentByReference);
+ final String owner = securityIdentity.getPrincipal().getName();
+
String artifactType = lookupArtifactType(groupId, artifactId);
TypedContent typedContent = TypedContent.create(content, ct);
rulesService.applyRules(defaultGroupIdToNull(groupId), artifactId, artifactType, typedContent,
@@ -1266,7 +1270,8 @@ private VersionMetaData createArtifactVersionWithRefs(String groupId, String art
ContentWrapperDto contentDto = ContentWrapperDto.builder().content(content).contentType(ct)
.references(referencesAsDtos).build();
ArtifactVersionMetaDataDto vmdDto = storage.createArtifactVersion(defaultGroupIdToNull(groupId),
- artifactId, xRegistryVersion, artifactType, contentDto, metaData, List.of(), false, false);
+ artifactId, xRegistryVersion, artifactType, contentDto, metaData, List.of(), false, false,
+ owner);
return V2ApiUtil.dtoToVersionMetaData(defaultGroupIdToNull(groupId), artifactId, artifactType,
vmdDto);
}
@@ -1366,7 +1371,8 @@ private ArtifactMetaData handleIfExistsReturnOrUpdate(String groupId, String art
content, contentType, references);
}
- private ArtifactMetaData updateArtifactInternal(String groupId, String artifactId, String version,
+ @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
+ protected ArtifactMetaData updateArtifactInternal(String groupId, String artifactId, String version,
String name, String description, ContentHandle content, String contentType,
List references) {
@@ -1396,13 +1402,16 @@ private ArtifactMetaData updateArtifactInternal(String groupId, String artifactI
if (description != null && description.trim().isEmpty()) {
artifactMD.setDescription(description);
}
+
+ final String owner = securityIdentity.getPrincipal().getName();
+
EditableVersionMetaDataDto metaData = EditableVersionMetaDataDto.builder().name(artifactMD.getName())
.description(artifactMD.getDescription()).labels(artifactMD.getLabels()).build();
ContentWrapperDto contentDto = ContentWrapperDto.builder().content(content).contentType(contentType)
.references(referencesAsDtos).build();
ArtifactVersionMetaDataDto dto = storage.createArtifactVersion(defaultGroupIdToNull(groupId),
- artifactId, version, artifactType, contentDto, metaData, List.of(), false, false);
+ artifactId, version, artifactType, contentDto, metaData, List.of(), false, false, owner);
// Note: if the version was created, we need to update the artifact metadata as well, because
// those are the semantics of the v2 API. :(
diff --git a/app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java b/app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java
index 40e9f3cbb4..efa20cb51f 100644
--- a/app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java
+++ b/app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java
@@ -913,6 +913,8 @@ public CreateArtifactResponse createArtifact(String groupId, IfArtifactExists if
String artifactType = ArtifactTypeUtil.determineArtifactType(typedContent, data.getArtifactType(),
factory);
+ final String owner = securityIdentity.getPrincipal().getName();
+
// Create the artifact (with optional first version)
EditableArtifactMetaDataDto artifactMetaData = EditableArtifactMetaDataDto.builder()
.description(data.getDescription()).name(data.getName()).labels(data.getLabels()).build();
@@ -951,7 +953,7 @@ public CreateArtifactResponse createArtifact(String groupId, IfArtifactExists if
Pair storageResult = storage.createArtifact(
new GroupId(groupId).getRawGroupIdWithNull(), artifactId, artifactType, artifactMetaData,
firstVersion, firstVersionContent, firstVersionMetaData, firstVersionBranches,
- firstVersionIsDraft, dryRun != null && dryRun);
+ firstVersionIsDraft, dryRun != null && dryRun, owner);
// Now return both the artifact metadata and (if available) the version metadata
CreateArtifactResponse rval = CreateArtifactResponse.builder()
@@ -1035,6 +1037,9 @@ public VersionMetaData createArtifactVersion(String groupId, String artifactId,
typedContent, RuleApplicationType.UPDATE, data.getContent().getReferences(),
resolvedReferences);
}
+
+ final String owner = securityIdentity.getPrincipal().getName();
+
EditableVersionMetaDataDto metaDataDto = EditableVersionMetaDataDto.builder()
.description(data.getDescription()).name(data.getName()).labels(data.getLabels()).build();
ContentWrapperDto contentDto = ContentWrapperDto.builder().contentType(ct).content(content)
@@ -1042,7 +1047,7 @@ public VersionMetaData createArtifactVersion(String groupId, String artifactId,
ArtifactVersionMetaDataDto vmd = storage.createArtifactVersion(
new GroupId(groupId).getRawGroupIdWithNull(), artifactId, data.getVersion(), artifactType,
- contentDto, metaDataDto, data.getBranches(), isDraft, dryRun != null && dryRun);
+ contentDto, metaDataDto, data.getBranches(), isDraft, dryRun != null && dryRun, owner);
return V3ApiUtil.dtoToVersionMetaData(vmd);
}
@@ -1275,7 +1280,8 @@ private CreateArtifactResponse handleIfExistsReturnOrUpdate(String groupId, Stri
return updateArtifactInternal(groupId, artifactId, theVersion);
}
- private CreateArtifactResponse updateArtifactInternal(String groupId, String artifactId,
+ @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
+ protected CreateArtifactResponse updateArtifactInternal(String groupId, String artifactId,
CreateVersion theVersion) {
String version = theVersion.getVersion();
String name = theVersion.getName();
@@ -1289,6 +1295,8 @@ private CreateArtifactResponse updateArtifactInternal(String groupId, String art
String artifactType = lookupArtifactType(groupId, artifactId);
+ final String owner = securityIdentity.getPrincipal().getName();
+
// Transform the given references into dtos and set the contentId, this will also detect if any of the
// passed references does not exist.
final List referencesAsDtos = toReferenceDtos(references);
@@ -1307,7 +1315,7 @@ private CreateArtifactResponse updateArtifactInternal(String groupId, String art
ContentWrapperDto contentDto = ContentWrapperDto.builder().contentType(contentType).content(content)
.references(referencesAsDtos).build();
ArtifactVersionMetaDataDto vmdDto = storage.createArtifactVersion(groupId, artifactId, version,
- artifactType, contentDto, metaData, branches, isDraftVersion, false);
+ artifactType, contentDto, metaData, branches, isDraftVersion, false, owner);
VersionMetaData vmd = V3ApiUtil.dtoToVersionMetaData(vmdDto);
// Need to also return the artifact metadata
diff --git a/app/src/main/java/io/apicurio/registry/storage/RegistryStorage.java b/app/src/main/java/io/apicurio/registry/storage/RegistryStorage.java
index 713ed7e25c..a1c95eade7 100644
--- a/app/src/main/java/io/apicurio/registry/storage/RegistryStorage.java
+++ b/app/src/main/java/io/apicurio/registry/storage/RegistryStorage.java
@@ -112,7 +112,7 @@ public interface RegistryStorage extends DynamicConfigStorage {
Pair createArtifact(String groupId, String artifactId,
String artifactType, EditableArtifactMetaDataDto artifactMetaData, String version,
ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
- List versionBranches, boolean versionIsDraft, boolean dryRun)
+ List versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
throws ArtifactAlreadyExistsException, RegistryStorageException;
/**
@@ -190,7 +190,7 @@ ContentWrapperDto getContentByHash(String contentHash)
*/
ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
- List branches, boolean isDraft, boolean dryRun)
+ List branches, boolean isDraft, boolean dryRun, String owner)
throws ArtifactNotFoundException, VersionAlreadyExistsException, RegistryStorageException;
/**
diff --git a/app/src/main/java/io/apicurio/registry/storage/decorator/ReadOnlyRegistryStorageDecorator.java b/app/src/main/java/io/apicurio/registry/storage/decorator/ReadOnlyRegistryStorageDecorator.java
index 63f7a3146f..e60c600be5 100644
--- a/app/src/main/java/io/apicurio/registry/storage/decorator/ReadOnlyRegistryStorageDecorator.java
+++ b/app/src/main/java/io/apicurio/registry/storage/decorator/ReadOnlyRegistryStorageDecorator.java
@@ -76,11 +76,11 @@ public boolean isReadOnly() {
public Pair createArtifact(String groupId,
String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
- List versionBranches, boolean isVersionDraft, boolean dryRun)
+ List versionBranches, boolean isVersionDraft, boolean dryRun, String owner)
throws RegistryStorageException {
checkReadOnly();
return delegate.createArtifact(groupId, artifactId, artifactType, artifactMetaData, version,
- versionContent, versionMetaData, versionBranches, isVersionDraft, dryRun);
+ versionContent, versionMetaData, versionBranches, isVersionDraft, dryRun, owner);
}
@Override
@@ -99,10 +99,11 @@ public void deleteArtifacts(String groupId) throws RegistryStorageException {
@Override
public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
- List branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+ List branches, boolean isDraft, boolean dryRun, String owner)
+ throws RegistryStorageException {
checkReadOnly();
return delegate.createArtifactVersion(groupId, artifactId, version, artifactType, content, metaData,
- branches, isDraft, dryRun);
+ branches, isDraft, dryRun, owner);
}
@Override
diff --git a/app/src/main/java/io/apicurio/registry/storage/decorator/RegistryStorageDecoratorBase.java b/app/src/main/java/io/apicurio/registry/storage/decorator/RegistryStorageDecoratorBase.java
index c7acfca589..1bcb9a2d55 100644
--- a/app/src/main/java/io/apicurio/registry/storage/decorator/RegistryStorageDecoratorBase.java
+++ b/app/src/main/java/io/apicurio/registry/storage/decorator/RegistryStorageDecoratorBase.java
@@ -42,10 +42,10 @@ protected RegistryStorageDecoratorBase() {
public Pair createArtifact(String groupId,
String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
- List versionBranches, boolean versionIsDraft, boolean dryRun)
+ List versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
throws RegistryStorageException {
return delegate.createArtifact(groupId, artifactId, artifactType, artifactMetaData, version,
- versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun);
+ versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun, owner);
}
@Override
@@ -62,9 +62,10 @@ public void deleteArtifacts(String groupId) throws RegistryStorageException {
@Override
public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
- List branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+ List branches, boolean isDraft, boolean dryRun, String owner)
+ throws RegistryStorageException {
return delegate.createArtifactVersion(groupId, artifactId, version, artifactType, content, metaData,
- branches, isDraft, dryRun);
+ branches, isDraft, dryRun, owner);
}
@Override
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/gitops/AbstractReadOnlyRegistryStorage.java b/app/src/main/java/io/apicurio/registry/storage/impl/gitops/AbstractReadOnlyRegistryStorage.java
index 7247b144ac..a1e22b57eb 100644
--- a/app/src/main/java/io/apicurio/registry/storage/impl/gitops/AbstractReadOnlyRegistryStorage.java
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/gitops/AbstractReadOnlyRegistryStorage.java
@@ -52,7 +52,7 @@ public boolean isReadOnly() {
public Pair createArtifact(String groupId,
String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
- List versionBranches, boolean versionIsDraft, boolean dryRun)
+ List versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
throws RegistryStorageException {
readOnlyViolation();
return null;
@@ -61,7 +61,8 @@ public Pair createArtifact(Stri
@Override
public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
- List branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+ List branches, boolean isDraft, boolean dryRun, String owner)
+ throws RegistryStorageException {
readOnlyViolation();
return null;
}
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlRegistryStorage.java b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlRegistryStorage.java
index b9c751bd02..09dabd0bc0 100644
--- a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlRegistryStorage.java
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlRegistryStorage.java
@@ -386,15 +386,15 @@ public void deleteConfigProperty(String propertyName) {
public Pair createArtifact(String groupId,
String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
- List versionBranches, boolean versionIsDraft, boolean dryRun)
+ List versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
throws RegistryStorageException {
String content = versionContent != null ? versionContent.getContent().content() : null;
String contentType = versionContent != null ? versionContent.getContentType() : null;
List references = versionContent != null ? versionContent.getReferences()
: null;
- var message = new CreateArtifact10Message(groupId, artifactId, artifactType, artifactMetaData,
+ var message = new CreateArtifact11Message(groupId, artifactId, artifactType, artifactMetaData,
version, contentType, content, references, versionMetaData, versionBranches, versionIsDraft,
- dryRun);
+ dryRun, owner);
var uuid = ConcurrentUtil.get(submitter.submitMessage(message));
Pair createdArtifact = (Pair) coordinator
@@ -436,12 +436,13 @@ public void deleteArtifacts(String groupId) throws RegistryStorageException {
@Override
public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
String artifactType, ContentWrapperDto contentDto, EditableVersionMetaDataDto metaData,
- List branches, boolean isDraft, boolean dryRun) throws RegistryStorageException {
+ List branches, boolean isDraft, boolean dryRun, String owner)
+ throws RegistryStorageException {
String content = contentDto != null ? contentDto.getContent().content() : null;
String contentType = contentDto != null ? contentDto.getContentType() : null;
List references = contentDto != null ? contentDto.getReferences() : null;
- var message = new CreateArtifactVersion9Message(groupId, artifactId, version, artifactType,
- contentType, content, references, metaData, branches, isDraft, dryRun);
+ var message = new CreateArtifactVersion10Message(groupId, artifactId, version, artifactType,
+ contentType, content, references, metaData, branches, isDraft, dryRun, owner);
var uuid = ConcurrentUtil.get(submitter.submitMessage(message));
ArtifactVersionMetaDataDto versionMetaDataDto = (ArtifactVersionMetaDataDto) coordinator
.waitForResponse(uuid);
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact10Message.java b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact10Message.java
index be63137be8..e462930140 100644
--- a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact10Message.java
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact10Message.java
@@ -24,6 +24,7 @@
@Setter
@EqualsAndHashCode(callSuper = false)
@ToString
+@Deprecated
public class CreateArtifact10Message extends AbstractMessage {
private String groupId;
@@ -49,7 +50,7 @@ public Object dispatchTo(RegistryStorage storage) {
.contentType(contentType).content(handle).references(references).build()
: null;
return storage.createArtifact(groupId, artifactId, artifactType, artifactMetaDataDto, version,
- versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun);
+ versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun, null);
}
}
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact11Message.java b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact11Message.java
new file mode 100644
index 0000000000..634d346f8b
--- /dev/null
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact11Message.java
@@ -0,0 +1,56 @@
+package io.apicurio.registry.storage.impl.kafkasql.messages;
+
+import io.apicurio.registry.content.ContentHandle;
+import io.apicurio.registry.storage.RegistryStorage;
+import io.apicurio.registry.storage.dto.ArtifactReferenceDto;
+import io.apicurio.registry.storage.dto.ContentWrapperDto;
+import io.apicurio.registry.storage.dto.EditableArtifactMetaDataDto;
+import io.apicurio.registry.storage.dto.EditableVersionMetaDataDto;
+import io.apicurio.registry.storage.impl.kafkasql.AbstractMessage;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import lombok.ToString;
+
+import java.util.List;
+
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+@Getter
+@Setter
+@EqualsAndHashCode(callSuper = false)
+@ToString
+public class CreateArtifact11Message extends AbstractMessage {
+
+ private String groupId;
+ private String artifactId;
+ private String artifactType;
+ private EditableArtifactMetaDataDto artifactMetaDataDto;
+ private String version;
+ private String contentType;
+ private String content;
+ private List references;
+ private EditableVersionMetaDataDto versionMetaData;
+ private List versionBranches;
+ private boolean versionIsDraft;
+ private boolean dryRun;
+ private String owner;
+
+ /**
+ * @see io.apicurio.registry.storage.impl.kafkasql.KafkaSqlMessage#dispatchTo(RegistryStorage)
+ */
+ @Override
+ public Object dispatchTo(RegistryStorage storage) {
+ ContentHandle handle = content != null ? ContentHandle.create(content) : null;
+ ContentWrapperDto versionContent = content != null ? ContentWrapperDto.builder()
+ .contentType(contentType).content(handle).references(references).build()
+ : null;
+ return storage.createArtifact(groupId, artifactId, artifactType, artifactMetaDataDto, version,
+ versionContent, versionMetaData, versionBranches, versionIsDraft, dryRun, owner);
+ }
+
+}
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact9Message.java b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact9Message.java
index e385bf2e61..a25ae7866c 100644
--- a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact9Message.java
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifact9Message.java
@@ -49,7 +49,7 @@ public Object dispatchTo(RegistryStorage storage) {
.contentType(contentType).content(handle).references(references).build()
: null;
return storage.createArtifact(groupId, artifactId, artifactType, artifactMetaDataDto, version,
- versionContent, versionMetaData, versionBranches, false, dryRun);
+ versionContent, versionMetaData, versionBranches, false, dryRun, null);
}
}
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion10Message.java b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion10Message.java
new file mode 100644
index 0000000000..72e0c6d19b
--- /dev/null
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion10Message.java
@@ -0,0 +1,54 @@
+package io.apicurio.registry.storage.impl.kafkasql.messages;
+
+import io.apicurio.registry.content.ContentHandle;
+import io.apicurio.registry.storage.RegistryStorage;
+import io.apicurio.registry.storage.dto.ArtifactReferenceDto;
+import io.apicurio.registry.storage.dto.ContentWrapperDto;
+import io.apicurio.registry.storage.dto.EditableVersionMetaDataDto;
+import io.apicurio.registry.storage.impl.kafkasql.AbstractMessage;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import lombok.ToString;
+
+import java.util.List;
+
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+@Getter
+@Setter
+@EqualsAndHashCode(callSuper = false)
+@ToString
+public class CreateArtifactVersion10Message extends AbstractMessage {
+
+ private String groupId;
+ private String artifactId;
+ private String version;
+ private String artifactType;
+ private String contentType;
+ private String content;
+ private List references;
+ private EditableVersionMetaDataDto metaData;
+ private List branches;
+ private boolean isDraft;
+ private boolean dryRun;
+ private String owner;
+
+ /**
+ * @see io.apicurio.registry.storage.impl.kafkasql.KafkaSqlMessage#dispatchTo(RegistryStorage)
+ */
+ @Override
+ public Object dispatchTo(RegistryStorage storage) {
+ ContentHandle handle = content != null ? ContentHandle.create(content) : null;
+ ContentWrapperDto contentDto = content != null ? ContentWrapperDto.builder().contentType(contentType)
+ .content(handle).references(references).build()
+ : null;
+ return storage.createArtifactVersion(groupId, artifactId, version, artifactType, contentDto, metaData,
+ branches, isDraft, dryRun, owner);
+ }
+
+}
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion8Message.java b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion8Message.java
index 6b3e9ca73f..fcfbba4d7d 100644
--- a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion8Message.java
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion8Message.java
@@ -47,7 +47,7 @@ public Object dispatchTo(RegistryStorage storage) {
.content(handle).references(references).build()
: null;
return storage.createArtifactVersion(groupId, artifactId, version, artifactType, contentDto, metaData,
- branches, false, dryRun);
+ branches, false, dryRun, null);
}
}
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion9Message.java b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion9Message.java
index 46bc5b48e1..697af5b63f 100644
--- a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion9Message.java
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/messages/CreateArtifactVersion9Message.java
@@ -23,6 +23,7 @@
@Setter
@EqualsAndHashCode(callSuper = false)
@ToString
+@Deprecated
public class CreateArtifactVersion9Message extends AbstractMessage {
private String groupId;
@@ -47,7 +48,7 @@ public Object dispatchTo(RegistryStorage storage) {
.content(handle).references(references).build()
: null;
return storage.createArtifactVersion(groupId, artifactId, version, artifactType, contentDto, metaData,
- branches, isDraft, dryRun);
+ branches, isDraft, dryRun, null);
}
}
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/serde/KafkaSqlMessageIndex.java b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/serde/KafkaSqlMessageIndex.java
index 33d917c7c6..c03e210189 100644
--- a/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/serde/KafkaSqlMessageIndex.java
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/serde/KafkaSqlMessageIndex.java
@@ -1,67 +1,7 @@
package io.apicurio.registry.storage.impl.kafkasql.serde;
import io.apicurio.registry.storage.impl.kafkasql.KafkaSqlMessage;
-import io.apicurio.registry.storage.impl.kafkasql.messages.AppendVersionToBranch3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ConsumeDownload1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateArtifact10Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateArtifact9Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateArtifactRule4Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateArtifactVersion8Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateArtifactVersion9Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateArtifactVersionComment4Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateBranch4Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateDownload1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateGlobalRule2Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateGroup1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateGroupRule3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateRoleMapping3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.CreateSnapshot1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteAllExpiredDownloads0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteAllUserData0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteArtifact2Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteArtifactRule3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteArtifactRules2Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteArtifactVersion3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteArtifactVersionComment4Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteArtifacts1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteBranch2Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteConfigProperty1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteGlobalRule1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteGlobalRules0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteGroup1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteGroupRule2Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteGroupRules1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.DeleteRoleMapping1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ExecuteSqlStatement1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportArtifact1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportArtifactRule1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportArtifactVersion1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportBranch1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportComment1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportContent1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportGlobalRule1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportGroup1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ImportGroupRule1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.NextCommentId0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.NextContentId0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.NextGlobalId0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ReplaceBranchVersions3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ResetCommentId0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ResetContentId0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.ResetGlobalId0Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.SetConfigProperty1Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateArtifactMetaData3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateArtifactRule4Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateArtifactVersionComment5Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateArtifactVersionContent5Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateArtifactVersionMetaData4Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateArtifactVersionState5Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateBranchMetaData3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateContentCanonicalHash3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateGlobalRule2Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateGroupMetaData2Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateGroupRule3Message;
-import io.apicurio.registry.storage.impl.kafkasql.messages.UpdateRoleMapping2Message;
+import io.apicurio.registry.storage.impl.kafkasql.messages.*;
import jakarta.enterprise.context.ApplicationScoped;
import java.util.HashMap;
@@ -85,12 +25,12 @@ private static void indexMessageClasses(Class... mcla
static {
indexMessageClasses(AppendVersionToBranch3Message.class, ConsumeDownload1Message.class,
- CreateArtifact9Message.class, CreateArtifact10Message.class,
+ CreateArtifact9Message.class, CreateArtifact10Message.class, CreateArtifact11Message.class,
CreateArtifactVersion8Message.class, CreateArtifactVersion9Message.class,
- CreateArtifactRule4Message.class, CreateGroupRule3Message.class,
- CreateArtifactVersionComment4Message.class, CreateBranch4Message.class,
- CreateDownload1Message.class, CreateGlobalRule2Message.class, CreateGroup1Message.class,
- CreateRoleMapping3Message.class, CreateSnapshot1Message.class,
+ CreateArtifactVersion10Message.class, CreateArtifactRule4Message.class,
+ CreateGroupRule3Message.class, CreateArtifactVersionComment4Message.class,
+ CreateBranch4Message.class, CreateDownload1Message.class, CreateGlobalRule2Message.class,
+ CreateGroup1Message.class, CreateRoleMapping3Message.class, CreateSnapshot1Message.class,
DeleteAllExpiredDownloads0Message.class, DeleteAllUserData0Message.class,
DeleteArtifact2Message.class, DeleteArtifactRule3Message.class,
DeleteArtifactRules2Message.class, DeleteArtifacts1Message.class,
diff --git a/app/src/main/java/io/apicurio/registry/storage/impl/sql/AbstractSqlRegistryStorage.java b/app/src/main/java/io/apicurio/registry/storage/impl/sql/AbstractSqlRegistryStorage.java
index 06aba595c7..dd9193014d 100644
--- a/app/src/main/java/io/apicurio/registry/storage/impl/sql/AbstractSqlRegistryStorage.java
+++ b/app/src/main/java/io/apicurio/registry/storage/impl/sql/AbstractSqlRegistryStorage.java
@@ -523,11 +523,10 @@ public List getEnabledArtifactContentIds(String groupId, String artifactId
public Pair createArtifact(String groupId,
String artifactId, String artifactType, EditableArtifactMetaDataDto artifactMetaData,
String version, ContentWrapperDto versionContent, EditableVersionMetaDataDto versionMetaData,
- List versionBranches, boolean versionIsDraft, boolean dryRun)
+ List versionBranches, boolean versionIsDraft, boolean dryRun, String owner)
throws RegistryStorageException {
log.debug("Inserting an artifact row for: {} {}", groupId, artifactId);
- String owner = securityIdentity.getPrincipal().getName();
Date createdOn = new Date();
EditableArtifactMetaDataDto amd = artifactMetaData == null
@@ -888,11 +887,10 @@ public void deleteArtifacts(String groupId) throws RegistryStorageException {
@Override
public ArtifactVersionMetaDataDto createArtifactVersion(String groupId, String artifactId, String version,
String artifactType, ContentWrapperDto content, EditableVersionMetaDataDto metaData,
- List branches, boolean isDraft, boolean dryRun)
+ List branches, boolean isDraft, boolean dryRun, String owner)
throws VersionAlreadyExistsException, RegistryStorageException {
log.debug("Creating new artifact version for {} {} (version {}).", groupId, artifactId, version);
- String owner = securityIdentity.getPrincipal().getName();
Date createdOn = new Date();
// Put the content in the DB and get the unique content ID back.
diff --git a/app/src/test/java/io/apicurio/registry/auth/AuthTestAnonymousCredentials.java b/app/src/test/java/io/apicurio/registry/auth/AuthTestAnonymousCredentials.java
index 7a4db92952..75301f982f 100644
--- a/app/src/test/java/io/apicurio/registry/auth/AuthTestAnonymousCredentials.java
+++ b/app/src/test/java/io/apicurio/registry/auth/AuthTestAnonymousCredentials.java
@@ -9,13 +9,14 @@
import io.apicurio.registry.types.ContentTypes;
import io.apicurio.registry.utils.tests.ApicurioTestTags;
import io.apicurio.registry.utils.tests.AuthTestProfileAnonymousCredentials;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.kiota.http.vertx.VertXRequestAdapter;
import io.quarkus.test.junit.QuarkusTest;
import io.quarkus.test.junit.TestProfile;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
@@ -33,10 +34,15 @@ public class AuthTestAnonymousCredentials extends AbstractResourceTestBase {
final String groupId = getClass().getSimpleName() + "Group";
+ @BeforeEach
+ protected void beforeEach() throws Exception {
+ setupRestAssured();
+ }
+
@Test
public void testWrongCreds() throws Exception {
- var adapter = new VertXRequestAdapter(
- buildOIDCWebClient(vertx, authServerUrl, JWKSMockServer.WRONG_CREDS_CLIENT_ID, "test55"));
+ var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrl,
+ KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test55"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
@@ -44,7 +50,7 @@ public void testWrongCreds() throws Exception {
client.groups().byGroupId(groupId).artifacts().get();
});
- assertTrue(exception.getMessage().contains("Unauthorized"));
+ assertTrue(exception.getMessage().contains("unauthorized"));
}
@Test
diff --git a/app/src/test/java/io/apicurio/registry/auth/AuthTestAuthenticatedReadAccess.java b/app/src/test/java/io/apicurio/registry/auth/AuthTestAuthenticatedReadAccess.java
index ca6d52e50e..18943957ce 100644
--- a/app/src/test/java/io/apicurio/registry/auth/AuthTestAuthenticatedReadAccess.java
+++ b/app/src/test/java/io/apicurio/registry/auth/AuthTestAuthenticatedReadAccess.java
@@ -9,7 +9,7 @@
import io.apicurio.registry.types.ContentTypes;
import io.apicurio.registry.utils.tests.ApicurioTestTags;
import io.apicurio.registry.utils.tests.AuthTestProfileAuthenticatedReadAccess;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.kiota.http.vertx.VertXRequestAdapter;
import io.quarkus.test.junit.QuarkusTest;
@@ -34,7 +34,7 @@ public class AuthTestAuthenticatedReadAccess extends AbstractResourceTestBase {
@Override
protected RegistryClient createRestClientV3(Vertx vertx) {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx, authServerUrl,
- JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
return new RegistryClient(adapter);
}
@@ -43,7 +43,7 @@ protected RegistryClient createRestClientV3(Vertx vertx) {
public void testReadOperationWithNoRole() throws Exception {
// Read-only operation should work with credentials but no role.
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx, authServerUrl,
- JWKSMockServer.NO_ROLE_CLIENT_ID, "test1"));
+ KeycloakTestContainerManager.NO_ROLE_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
var results = client.search().artifacts().get(config -> config.queryParameters.groupId = groupId);
diff --git a/app/src/test/java/io/apicurio/registry/auth/AuthTestLocalRoles.java b/app/src/test/java/io/apicurio/registry/auth/AuthTestLocalRoles.java
index 1bc323dace..78d4d9897a 100644
--- a/app/src/test/java/io/apicurio/registry/auth/AuthTestLocalRoles.java
+++ b/app/src/test/java/io/apicurio/registry/auth/AuthTestLocalRoles.java
@@ -16,7 +16,7 @@
import io.apicurio.registry.types.ContentTypes;
import io.apicurio.registry.utils.tests.ApicurioTestTags;
import io.apicurio.registry.utils.tests.AuthTestProfileWithLocalRoles;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.kiota.http.vertx.VertXRequestAdapter;
import io.quarkus.test.junit.QuarkusTest;
@@ -49,8 +49,8 @@ public class AuthTestLocalRoles extends AbstractResourceTestBase {
@Override
protected RegistryClient createRestClientV3(Vertx vertx) {
- var adapter = new VertXRequestAdapter(
- buildOIDCWebClient(vertx, authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrlConfigured,
+ KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
return new RegistryClient(adapter);
}
@@ -68,12 +68,12 @@ protected RegistryClient createRestClientV3(Vertx vertx) {
@Test
public void testLocalRoles() throws Exception {
var adapterAdmin = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapterAdmin.setBaseUrl(registryV3ApiUrl);
RegistryClient clientAdmin = new RegistryClient(adapterAdmin);
var adapterAuth = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.NO_ROLE_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.NO_ROLE_CLIENT_ID, "test1"));
adapterAuth.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapterAuth);
@@ -95,7 +95,7 @@ public void testLocalRoles() throws Exception {
// Now let's grant read-only access to the user.
var roMapping = new RoleMapping();
- roMapping.setPrincipalId(JWKSMockServer.NO_ROLE_CLIENT_ID);
+ roMapping.setPrincipalId(KeycloakTestContainerManager.NO_ROLE_CLIENT_ID);
roMapping.setRole(RoleType.READ_ONLY);
clientAdmin.admin().roleMappings().post(roMapping);
@@ -116,7 +116,8 @@ public void testLocalRoles() throws Exception {
var devMapping = new UpdateRole();
devMapping.setRole(RoleType.DEVELOPER);
- clientAdmin.admin().roleMappings().byPrincipalId(JWKSMockServer.NO_ROLE_CLIENT_ID).put(devMapping);
+ clientAdmin.admin().roleMappings().byPrincipalId(KeycloakTestContainerManager.NO_ROLE_CLIENT_ID)
+ .put(devMapping);
// Now the user can read and write but not admin
client.groups().byGroupId(GroupId.DEFAULT.getRawGroupIdWithDefaultString()).artifacts().get();
@@ -132,7 +133,8 @@ public void testLocalRoles() throws Exception {
var adminMapping = new UpdateRole();
adminMapping.setRole(RoleType.ADMIN);
- clientAdmin.admin().roleMappings().byPrincipalId(JWKSMockServer.NO_ROLE_CLIENT_ID).put(adminMapping);
+ clientAdmin.admin().roleMappings().byPrincipalId(KeycloakTestContainerManager.NO_ROLE_CLIENT_ID)
+ .put(adminMapping);
// Now the user can do everything
client.groups().byGroupId(GroupId.DEFAULT.getRawGroupIdWithDefaultString()).artifacts().get();
@@ -140,7 +142,8 @@ public void testLocalRoles() throws Exception {
client.admin().rules().post(createRule);
// Now delete the role mapping
- clientAdmin.admin().roleMappings().byPrincipalId(JWKSMockServer.NO_ROLE_CLIENT_ID).delete();
+ clientAdmin.admin().roleMappings().byPrincipalId(KeycloakTestContainerManager.NO_ROLE_CLIENT_ID)
+ .delete();
}
}
diff --git a/app/src/test/java/io/apicurio/registry/auth/AuthTestNoRoles.java b/app/src/test/java/io/apicurio/registry/auth/AuthTestNoRoles.java
index c37702ba02..16ab2f4575 100644
--- a/app/src/test/java/io/apicurio/registry/auth/AuthTestNoRoles.java
+++ b/app/src/test/java/io/apicurio/registry/auth/AuthTestNoRoles.java
@@ -15,7 +15,7 @@
import io.apicurio.registry.types.ContentTypes;
import io.apicurio.registry.utils.tests.ApicurioTestTags;
import io.apicurio.registry.utils.tests.AuthTestProfile;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.kiota.http.vertx.VertXRequestAdapter;
import io.quarkus.test.junit.QuarkusTest;
@@ -43,7 +43,7 @@ public class AuthTestNoRoles extends AbstractResourceTestBase {
@Override
protected RegistryClient createRestClientV3(Vertx vertx) {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
return new RegistryClient(adapter);
}
@@ -51,19 +51,19 @@ protected RegistryClient createRestClientV3(Vertx vertx) {
@Test
public void testWrongCreds() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.WRONG_CREDS_CLIENT_ID, "test55"));
+ authServerUrlConfigured, KeycloakTestContainerManager.WRONG_CREDS_CLIENT_ID, "test55"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
var exception = Assertions.assertThrows(Exception.class, () -> {
client.groups().byGroupId(groupId).artifacts().get();
});
- assertTrue(exception.getMessage().contains("Unauthorized"));
+ assertTrue(exception.getMessage().contains("unauthorized"));
}
@Test
public void testAdminRole() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
diff --git a/app/src/test/java/io/apicurio/registry/auth/AuthTestProfileBasicClientCredentials.java b/app/src/test/java/io/apicurio/registry/auth/AuthTestProfileBasicClientCredentials.java
index f035caf0cf..3c2b9689c3 100644
--- a/app/src/test/java/io/apicurio/registry/auth/AuthTestProfileBasicClientCredentials.java
+++ b/app/src/test/java/io/apicurio/registry/auth/AuthTestProfileBasicClientCredentials.java
@@ -14,7 +14,7 @@
import io.apicurio.registry.types.ContentTypes;
import io.apicurio.registry.utils.tests.ApicurioTestTags;
import io.apicurio.registry.utils.tests.AuthTestProfile;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.kiota.http.vertx.VertXRequestAdapter;
import io.quarkus.test.junit.QuarkusTest;
@@ -42,16 +42,16 @@ public class AuthTestProfileBasicClientCredentials extends AbstractResourceTestB
@Override
protected RegistryClient createRestClientV3(Vertx vertx) {
- var adapter = new VertXRequestAdapter(
- buildOIDCWebClient(vertx, authServerUrl, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrl,
+ KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
return new RegistryClient(adapter);
}
@Test
public void testWrongCreds() throws Exception {
- var adapter = new VertXRequestAdapter(
- buildSimpleAuthWebClient(vertx, JWKSMockServer.WRONG_CREDS_CLIENT_ID, "test55"));
+ var adapter = new VertXRequestAdapter(buildSimpleAuthWebClient(vertx,
+ KeycloakTestContainerManager.WRONG_CREDS_CLIENT_ID, "test55"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
var exception = Assertions.assertThrows(Exception.class, () -> {
@@ -63,7 +63,7 @@ public void testWrongCreds() throws Exception {
@Test
public void testBasicAuthClientCredentials() throws Exception {
var adapter = new VertXRequestAdapter(
- buildSimpleAuthWebClient(vertx, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ buildSimpleAuthWebClient(vertx, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
diff --git a/app/src/test/java/io/apicurio/registry/auth/HeaderRoleSourceTest.java b/app/src/test/java/io/apicurio/registry/auth/HeaderRoleSourceTest.java
index 37b35dc2d3..5cfcf747a8 100644
--- a/app/src/test/java/io/apicurio/registry/auth/HeaderRoleSourceTest.java
+++ b/app/src/test/java/io/apicurio/registry/auth/HeaderRoleSourceTest.java
@@ -11,7 +11,7 @@
import io.apicurio.registry.types.ContentTypes;
import io.apicurio.registry.utils.tests.ApicurioTestTags;
import io.apicurio.registry.utils.tests.AuthTestProfileWithHeaderRoles;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.kiota.http.vertx.VertXRequestAdapter;
import io.quarkus.test.junit.QuarkusTest;
@@ -41,8 +41,8 @@ public class HeaderRoleSourceTest extends AbstractResourceTestBase {
@Override
protected RegistryClient createRestClientV3(Vertx vertx) {
- var adapter = new VertXRequestAdapter(
- buildOIDCWebClient(vertx, authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrlConfigured,
+ KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
return new RegistryClient(adapter);
}
@@ -57,22 +57,22 @@ public void testLocalRoles() throws Exception {
rule.setRuleType(io.apicurio.registry.rest.client.models.RuleType.VALIDITY);
var noRoleAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.NO_ROLE_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.NO_ROLE_CLIENT_ID, "test1"));
noRoleAdapter.setBaseUrl(registryV3ApiUrl);
var noRoleClient = new RegistryClient(noRoleAdapter);
var readAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.READONLY_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.READONLY_CLIENT_ID, "test1"));
readAdapter.setBaseUrl(registryV3ApiUrl);
var readClient = new RegistryClient(readAdapter);
var devAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
devAdapter.setBaseUrl(registryV3ApiUrl);
var devClient = new RegistryClient(devAdapter);
var adminAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adminAdapter.setBaseUrl(registryV3ApiUrl);
var adminClient = new RegistryClient(adminAdapter);
diff --git a/app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java b/app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java
index 5a9c837156..5fc2da5911 100644
--- a/app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java
+++ b/app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java
@@ -7,7 +7,7 @@
import io.apicurio.registry.rest.client.RegistryClient;
import io.apicurio.registry.utils.tests.ApicurioTestTags;
import io.apicurio.registry.utils.tests.AuthTestProfile;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.kiota.http.vertx.VertXRequestAdapter;
import io.quarkus.test.junit.QuarkusTest;
@@ -36,15 +36,15 @@ public class MojoAuthTest extends RegistryMojoTestBase {
String clientSecret = "test1";
- String clientScope = "testScope";
+ String clientScope = "openid";
- String testUsername = "sr-test-user";
- String testPassword = "sr-test-password";
+ String testUsername = "developer-client";
+ String testPassword = clientSecret;
@Override
protected RegistryClient createRestClientV3(Vertx vertx) {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
return new RegistryClient(adapter);
}
@@ -56,7 +56,7 @@ public void testRegister() throws IOException, MojoFailureException, MojoExecuti
RegisterRegistryMojo registerRegistryMojo = new RegisterRegistryMojo();
registerRegistryMojo.setRegistryUrl(TestUtils.getRegistryV3ApiUrl(testPort));
registerRegistryMojo.setAuthServerUrl(authServerUrlConfigured);
- registerRegistryMojo.setClientId(JWKSMockServer.ADMIN_CLIENT_ID);
+ registerRegistryMojo.setClientId(KeycloakTestContainerManager.ADMIN_CLIENT_ID);
registerRegistryMojo.setClientSecret(clientSecret);
registerRegistryMojo.setClientScope(clientScope);
diff --git a/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java b/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java
index 471ad430e6..cdc80bf281 100644
--- a/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java
+++ b/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java
@@ -4,22 +4,14 @@
import io.apicurio.registry.AbstractResourceTestBase;
import io.apicurio.registry.client.auth.VertXAuthFactory;
import io.apicurio.registry.rest.client.RegistryClient;
-import io.apicurio.registry.rest.client.models.ArtifactMetaData;
-import io.apicurio.registry.rest.client.models.CreateArtifact;
-import io.apicurio.registry.rest.client.models.CreateRule;
-import io.apicurio.registry.rest.client.models.CreateVersion;
-import io.apicurio.registry.rest.client.models.EditableArtifactMetaData;
-import io.apicurio.registry.rest.client.models.RuleType;
-import io.apicurio.registry.rest.client.models.UserInfo;
-import io.apicurio.registry.rest.client.models.VersionContent;
-import io.apicurio.registry.rest.client.models.VersionMetaData;
+import io.apicurio.registry.rest.client.models.*;
import io.apicurio.registry.rules.compatibility.CompatibilityLevel;
import io.apicurio.registry.rules.validity.ValidityLevel;
import io.apicurio.registry.types.ArtifactType;
import io.apicurio.registry.types.ContentTypes;
import io.apicurio.registry.utils.tests.ApicurioTestTags;
import io.apicurio.registry.utils.tests.AuthTestProfile;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.kiota.http.vertx.VertXRequestAdapter;
import io.quarkus.test.junit.QuarkusTest;
@@ -32,6 +24,7 @@
import java.util.UUID;
+import static io.apicurio.registry.client.auth.VertXAuthFactory.buildOIDCWebClient;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
@@ -52,8 +45,10 @@ public class SimpleAuthTest extends AbstractResourceTestBase {
@Override
protected RegistryClient createRestClientV3(Vertx vertx) {
- var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ var auth = buildOIDCWebClient(vertx, authServerUrlConfigured,
+ KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1");
+
+ var adapter = new VertXRequestAdapter(auth);
adapter.setBaseUrl(registryV3ApiUrl);
return new RegistryClient(adapter);
}
@@ -81,13 +76,13 @@ protected void assertArtifactNotFound(Exception exception) {
@Test
public void testWrongCreds() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.WRONG_CREDS_CLIENT_ID, "test55"));
+ authServerUrlConfigured, KeycloakTestContainerManager.WRONG_CREDS_CLIENT_ID, "test55"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
var exception = Assertions.assertThrows(Exception.class, () -> {
client.groups().byGroupId(groupId).artifacts().get();
});
- assertTrue(exception.getMessage().contains("Unauthorized"));
+ assertTrue(exception.getMessage().contains("unauthorized"));
}
@Test
@@ -103,7 +98,7 @@ public void testNoCreds() throws Exception {
@Test
public void testReadOnly() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.READONLY_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.READONLY_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
@@ -127,7 +122,7 @@ public void testReadOnly() throws Exception {
});
var devAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
devAdapter.setBaseUrl(registryV3ApiUrl);
RegistryClient devClient = new RegistryClient(devAdapter);
@@ -151,7 +146,7 @@ public void testReadOnly() throws Exception {
@Test
public void testDevRole() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
@@ -190,7 +185,7 @@ public void testDevRole() throws Exception {
@Test
public void testAdminRole() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
@@ -210,8 +205,6 @@ public void testAdminRole() throws Exception {
createRule.setConfig(ValidityLevel.NONE.name());
client.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).rules().post(createRule);
- client.admin().rules().post(createRule);
-
UserInfo userInfo = client.users().me().get();
assertNotNull(userInfo);
Assertions.assertEquals("admin-client", userInfo.getUsername());
@@ -226,7 +219,7 @@ public void testAdminRole() throws Exception {
@Test
public void testAdminRoleBasicAuth() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildSimpleAuthWebClient(vertx,
- JWKSMockServer.BASIC_USER, JWKSMockServer.BASIC_PASSWORD));
+ KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
@@ -255,7 +248,7 @@ public void testAdminRoleBasicAuth() throws Exception {
@Test
public void testAdminRoleBasicAuthWrongCreds() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildSimpleAuthWebClient(vertx,
- JWKSMockServer.WRONG_CREDS_CLIENT_ID, UUID.randomUUID().toString()));
+ KeycloakTestContainerManager.WRONG_CREDS_CLIENT_ID, UUID.randomUUID().toString()));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
@@ -274,12 +267,12 @@ public void testAdminRoleBasicAuthWrongCreds() throws Exception {
@Test
public void testOwnerOnlyAuthorization() throws Exception {
var devAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
devAdapter.setBaseUrl(registryV3ApiUrl);
RegistryClient clientDev = new RegistryClient(devAdapter);
var adminAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adminAdapter.setBaseUrl(registryV3ApiUrl);
RegistryClient clientAdmin = new RegistryClient(adminAdapter);
@@ -310,12 +303,24 @@ public void testOwnerOnlyAuthorization() throws Exception {
createRule.setConfig(CompatibilityLevel.BACKWARD.name());
clientAdmin.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId2).rules()
.post(createRule);
+
+ // Admin user will create an artifact
+ String artifactId1 = TestUtils.generateArtifactId();
+ createArtifact.setArtifactId(artifactId1);
+ clientAdmin.groups().byGroupId(groupId).artifacts().post(createArtifact);
+
+ // Dev user cannot update with ifExists the same artifact because Dev user is not the owner
+ Assertions.assertThrows(Exception.class, () -> {
+ clientDev.groups().byGroupId(groupId).artifacts().post(createArtifact, config -> {
+ config.queryParameters.ifExists = IfArtifactExists.CREATE_VERSION;
+ });
+ });
}
@Test
public void testGetArtifactOwner() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
@@ -344,7 +349,7 @@ public void testGetArtifactOwner() throws Exception {
@Test
public void testUpdateArtifactOwner() throws Exception {
var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
adapter.setBaseUrl(registryV3ApiUrl);
RegistryClient client = new RegistryClient(adapter);
@@ -388,11 +393,11 @@ public void testUpdateArtifactOwner() throws Exception {
@Test
public void testUpdateArtifactOwnerOnlyByOwner() throws Exception {
var adapter_dev1 = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
adapter_dev1.setBaseUrl(registryV3ApiUrl);
RegistryClient client_dev1 = new RegistryClient(adapter_dev1);
var adapter_dev2 = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
- authServerUrlConfigured, JWKSMockServer.DEVELOPER_2_CLIENT_ID, "test1"));
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_2_CLIENT_ID, "test2"));
adapter_dev2.setBaseUrl(registryV3ApiUrl);
RegistryClient client_dev2 = new RegistryClient(adapter_dev2);
diff --git a/app/src/test/java/io/apicurio/registry/noprofile/storage/AbstractRegistryStorageTest.java b/app/src/test/java/io/apicurio/registry/noprofile/storage/AbstractRegistryStorageTest.java
index b08a9ae0ab..1461f629e8 100644
--- a/app/src/test/java/io/apicurio/registry/noprofile/storage/AbstractRegistryStorageTest.java
+++ b/app/src/test/java/io/apicurio/registry/noprofile/storage/AbstractRegistryStorageTest.java
@@ -63,12 +63,10 @@ public void testGetArtifactIds() throws Exception {
for (int idx = 1; idx <= 10; idx++) {
String artifactId = artifactIdPrefix + idx;
ContentHandle content = ContentHandle.create(OPENAPI_CONTENT);
- ArtifactVersionMetaDataDto dto = storage()
- .createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
- ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
- .content(content).build(),
- null, Collections.emptyList(), false, false)
- .getValue();
+ ArtifactVersionMetaDataDto dto = storage().createArtifact(GROUP_ID, artifactId,
+ ArtifactType.OPENAPI, null, null, ContentWrapperDto.builder()
+ .contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
+ null, Collections.emptyList(), false, false, null).getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
Assertions.assertEquals(artifactId, dto.getArtifactId());
@@ -96,7 +94,7 @@ public void testCreateArtifact() throws Exception {
ArtifactVersionMetaDataDto dto = storage().createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI,
artifactMetaDataDto, null, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
- versionMetaDataDto, Collections.emptyList(), false, false).getValue();
+ versionMetaDataDto, Collections.emptyList(), false, false, null).getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
Assertions.assertEquals(artifactId, dto.getArtifactId());
@@ -154,12 +152,10 @@ public void testCreateArtifactWithMetaData() throws Exception {
EditableArtifactMetaDataDto artifactMetaDataDto = new EditableArtifactMetaDataDto("NAME",
"DESCRIPTION", null, Collections.singletonMap("KEY", "VALUE"));
- ArtifactVersionMetaDataDto dto = storage()
- .createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, artifactMetaDataDto, null,
- ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
- .content(content).build(),
- metaData, Collections.emptyList(), false, false)
- .getValue();
+ ArtifactVersionMetaDataDto dto = storage().createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI,
+ artifactMetaDataDto, null, ContentWrapperDto.builder()
+ .contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
+ metaData, Collections.emptyList(), false, false, null).getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
Assertions.assertEquals(artifactId, dto.getArtifactId());
@@ -194,12 +190,10 @@ public void testCreateArtifactWithLargeMetaData() throws Exception {
metaData.setDescription(generateString(2000));
metaData.setLabels(new HashMap<>());
metaData.getLabels().put("key-" + generateString(300), "value-" + generateString(2000));
- ArtifactVersionMetaDataDto dto = storage()
- .createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
- ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
- .content(content).build(),
- metaData, Collections.emptyList(), false, false)
- .getValue();
+ ArtifactVersionMetaDataDto dto = storage().createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI,
+ null, null, ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
+ .content(content).build(),
+ metaData, Collections.emptyList(), false, false, null).getValue();
dto = storage().getArtifactVersionMetaData(dto.getGlobalId());
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -219,18 +213,16 @@ public void testCreateDuplicateArtifact() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
// Should throw error for duplicate artifact.
Assertions.assertThrows(ArtifactAlreadyExistsException.class, () -> {
- storage()
- .createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
- ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
- .content(content).build(),
- null, Collections.emptyList(), false, false)
- .getValue();
+ storage().createArtifact(
+ GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null, ContentWrapperDto.builder()
+ .contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
+ null, Collections.emptyList(), false, false, null).getValue();
});
}
@@ -264,7 +256,7 @@ public void testCreateArtifactVersion() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -279,7 +271,7 @@ public void testCreateArtifactVersion() throws Exception {
ArtifactVersionMetaDataDto dtov2 = storage().createArtifactVersion(
GROUP_ID, artifactId, null, ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(contentv2).build(),
- null, Collections.emptyList(), false, false);
+ null, Collections.emptyList(), false, false, null);
Assertions.assertNotNull(dtov2);
Assertions.assertEquals(GROUP_ID, dtov2.getGroupId());
Assertions.assertEquals(artifactId, dtov2.getArtifactId());
@@ -299,7 +291,7 @@ public void testGetArtifactVersions() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -327,7 +319,7 @@ public void testGetArtifactVersions() throws Exception {
ArtifactVersionMetaDataDto dtov2 = storage().createArtifactVersion(
GROUP_ID, artifactId, null, ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(contentv2).build(),
- null, Collections.emptyList(), false, false);
+ null, Collections.emptyList(), false, false, null);
Assertions.assertNotNull(dtov2);
Assertions.assertEquals(GROUP_ID, dtov2.getGroupId());
Assertions.assertEquals(artifactId, dtov2.getArtifactId());
@@ -386,7 +378,7 @@ public void testCreateArtifactVersionWithMetaData() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -403,7 +395,7 @@ public void testCreateArtifactVersionWithMetaData() throws Exception {
ArtifactVersionMetaDataDto dtov2 = storage().createArtifactVersion(
GROUP_ID, artifactId, "2", ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(contentv2).build(),
- metaData, Collections.emptyList(), false, false);
+ metaData, Collections.emptyList(), false, false, null);
Assertions.assertNotNull(dtov2);
Assertions.assertEquals(GROUP_ID, dtov2.getGroupId());
Assertions.assertEquals(artifactId, dtov2.getArtifactId());
@@ -432,7 +424,7 @@ public void testGetArtifactMetaDataByGlobalId() throws Exception {
ArtifactVersionMetaDataDto dto = storage().createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI,
null, null, ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- versionMetaDataDto, Collections.emptyList(), false, false).getValue();
+ versionMetaDataDto, Collections.emptyList(), false, false, null).getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
Assertions.assertEquals(artifactId, dto.getArtifactId());
@@ -462,7 +454,7 @@ public void testUpdateArtifactMetaData() throws Exception {
ArtifactVersionMetaDataDto dto = storage().createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI,
null, null, ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- versionMetaDataDto, Collections.emptyList(), false, false).getValue();
+ versionMetaDataDto, Collections.emptyList(), false, false, null).getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
Assertions.assertEquals(artifactId, dto.getArtifactId());
@@ -494,7 +486,7 @@ public void testUpdateArtifactVersionState() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
@@ -502,7 +494,7 @@ public void testUpdateArtifactVersionState() throws Exception {
ArtifactVersionMetaDataDto dtov2 = storage().createArtifactVersion(
GROUP_ID, artifactId, null, ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(contentv2).build(),
- null, Collections.emptyList(), false, false);
+ null, Collections.emptyList(), false, false, null);
;
Assertions.assertNotNull(dtov2);
Assertions.assertEquals(GROUP_ID, dtov2.getGroupId());
@@ -529,7 +521,7 @@ public void testUpdateArtifactVersionMetaData() throws Exception {
ArtifactVersionMetaDataDto dto = storage().createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI,
null, null, ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- versionMetaDataDto, Collections.emptyList(), false, false).getValue();
+ versionMetaDataDto, Collections.emptyList(), false, false, null).getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
Assertions.assertEquals(artifactId, dto.getArtifactId());
@@ -561,7 +553,7 @@ public void testDeleteArtifact() throws Exception {
ArtifactVersionMetaDataDto dto = storage().createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI,
null, null, ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- versionMetaDataDto, Collections.emptyList(), false, false).getValue();
+ versionMetaDataDto, Collections.emptyList(), false, false, null).getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
Assertions.assertEquals(artifactId, dto.getArtifactId());
@@ -598,7 +590,7 @@ public void testDeleteArtifactVersion() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals("1", dto.getVersion());
@@ -624,7 +616,7 @@ public void testDeleteArtifactVersion() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals("1", dto.getVersion());
@@ -633,7 +625,7 @@ public void testDeleteArtifactVersion() throws Exception {
ArtifactVersionMetaDataDto dtov2 = storage().createArtifactVersion(
GROUP_ID, artifactId, null, ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(contentv2).build(),
- null, Collections.emptyList(), false, false);
+ null, Collections.emptyList(), false, false, null);
Assertions.assertNotNull(dtov2);
Assertions.assertEquals("2", dtov2.getVersion());
@@ -654,7 +646,7 @@ public void testDeleteArtifactVersion() throws Exception {
ArtifactVersionMetaDataDto dtov3 = storage().createArtifactVersion(
GROUP_ID, artifactId, null, ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
- null, Collections.emptyList(), false, false);
+ null, Collections.emptyList(), false, false, null);
Assertions.assertNotNull(dtov3);
Assertions.assertEquals("3", dtov3.getVersion());
@@ -673,12 +665,10 @@ public void testDeleteArtifactVersion() throws Exception {
// Delete the latest version
artifactId = "testDeleteArtifactVersion-3";
content = ContentHandle.create(OPENAPI_CONTENT);
- dto = storage()
- .createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
- ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
- .content(contentv2).build(),
- null, Collections.emptyList(), false, false)
- .getValue();
+ dto = storage().createArtifact(
+ GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null, ContentWrapperDto.builder()
+ .contentType(ContentTypes.APPLICATION_JSON).content(contentv2).build(),
+ null, Collections.emptyList(), false, false, null).getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals("1", dto.getVersion());
@@ -687,7 +677,7 @@ public void testDeleteArtifactVersion() throws Exception {
dtov2 = storage().createArtifactVersion(
GROUP_ID, artifactId, null, ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(contentv2).build(),
- null, Collections.emptyList(), false, false);
+ null, Collections.emptyList(), false, false, null);
Assertions.assertNotNull(dtov2);
final String aid3 = artifactId;
@@ -730,7 +720,7 @@ public void testCreateArtifactRule() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -758,7 +748,7 @@ public void testUpdateArtifactRule() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -787,7 +777,7 @@ public void testDeleteArtifactRule() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -815,7 +805,7 @@ public void testDeleteAllArtifactRules() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -941,12 +931,10 @@ public void testSearchArtifacts() throws Exception {
Map labels = Collections.singletonMap("key", "value-" + idx);
EditableArtifactMetaDataDto metaData = new EditableArtifactMetaDataDto(artifactId + "-name",
artifactId + "-description", null, labels);
- storage()
- .createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, metaData, null,
- ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
- .content(content).build(),
- null, Collections.emptyList(), false, false)
- .getValue();
+ storage().createArtifact(
+ GROUP_ID, artifactId, ArtifactType.OPENAPI, metaData, null, ContentWrapperDto.builder()
+ .contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
+ null, Collections.emptyList(), false, false, null).getValue();
}
@@ -1002,7 +990,7 @@ public void testSearchVersions() throws Exception {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -1016,7 +1004,7 @@ public void testSearchVersions() throws Exception {
storage().createArtifactVersion(
GROUP_ID, artifactId, null, ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
- metaData, Collections.emptyList(), false, false);
+ metaData, Collections.emptyList(), false, false, null);
}
@@ -1051,7 +1039,7 @@ private void createSomeUserData() {
.createArtifact(group1, artifactId1, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
storage().createArtifactRule(group1, artifactId1, RuleType.VALIDITY,
RuleConfigurationDto.builder().configuration("FULL").build());
@@ -1060,7 +1048,7 @@ private void createSomeUserData() {
EditableArtifactMetaDataDto.builder().name("test").build(), null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
storage().createGlobalRule(RuleType.VALIDITY,
@@ -1151,7 +1139,7 @@ public void testComments() {
.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dto);
Assertions.assertEquals(GROUP_ID, dto.getGroupId());
@@ -1194,7 +1182,7 @@ public void testBranches() {
.createArtifact(GROUP_ID, ga.getRawArtifactId(), ArtifactType.OPENAPI, null, null,
ContentWrapperDto.builder().contentType(ContentTypes.APPLICATION_JSON)
.content(content).build(),
- null, Collections.emptyList(), false, false)
+ null, Collections.emptyList(), false, false, null)
.getValue();
Assertions.assertNotNull(dtoV1);
@@ -1223,7 +1211,7 @@ public void testBranches() {
var dtoV2 = storage().createArtifactVersion(ga.getRawGroupIdWithDefaultString(),
ga.getRawArtifactId(), null, ArtifactType.OPENAPI, ContentWrapperDto.builder()
.contentType(ContentTypes.APPLICATION_JSON).content(content).build(),
- null, Collections.emptyList(), false, false);
+ null, Collections.emptyList(), false, false, null);
Assertions.assertNotNull(dtoV2);
Assertions.assertEquals(ga.getRawGroupIdWithDefaultString(), dtoV2.getGroupId());
Assertions.assertEquals(ga.getRawArtifactId(), dtoV2.getArtifactId());
diff --git a/app/src/test/java/io/apicurio/registry/noprofile/storage/RegistryStoragePerformanceTest.java b/app/src/test/java/io/apicurio/registry/noprofile/storage/RegistryStoragePerformanceTest.java
index f95fef6f85..75a3c8fb51 100644
--- a/app/src/test/java/io/apicurio/registry/noprofile/storage/RegistryStoragePerformanceTest.java
+++ b/app/src/test/java/io/apicurio/registry/noprofile/storage/RegistryStoragePerformanceTest.java
@@ -74,7 +74,7 @@ public void testStoragePerformance() throws Exception {
EditableVersionMetaDataDto versionMetaData = EditableVersionMetaDataDto.builder().name(title)
.description(description).build();
storage.createArtifact(GROUP_ID, artifactId, ArtifactType.OPENAPI, metaData, null, versionContent,
- versionMetaData, List.of(), false, false);
+ versionMetaData, List.of(), false, false, null);
System.out.print(".");
if (idx % 100 == 0) {
diff --git a/app/src/test/java/io/apicurio/registry/noprofile/storage/RegistryStorageSmokeTest.java b/app/src/test/java/io/apicurio/registry/noprofile/storage/RegistryStorageSmokeTest.java
index ce378fb540..cd037543cc 100644
--- a/app/src/test/java/io/apicurio/registry/noprofile/storage/RegistryStorageSmokeTest.java
+++ b/app/src/test/java/io/apicurio/registry/noprofile/storage/RegistryStorageSmokeTest.java
@@ -92,11 +92,11 @@ public void testArtifactsAndMeta() throws Exception {
EditableVersionMetaDataDto versionMetaData1 = EditableVersionMetaDataDto.builder().build();
ArtifactVersionMetaDataDto vmdDto1_1 = getStorage()
.createArtifact(GROUP_ID, artifactId1, ArtifactType.JSON, artifactMetaData1, null,
- versionContent1, versionMetaData1, List.of(), false, false)
+ versionContent1, versionMetaData1, List.of(), false, false, null)
.getRight();
// Create version 2 (for artifact 1)
ArtifactVersionMetaDataDto vmdDto1_2 = getStorage().createArtifactVersion(GROUP_ID, artifactId1, null,
- ArtifactType.JSON, versionContent1, versionMetaData1, List.of(), false, false);
+ ArtifactType.JSON, versionContent1, versionMetaData1, List.of(), false, false, null);
// Create artifact 2
EditableArtifactMetaDataDto artifactMetaData2 = EditableArtifactMetaDataDto.builder().build();
@@ -104,7 +104,7 @@ public void testArtifactsAndMeta() throws Exception {
.content(ContentHandle.create("content2")).contentType(ContentTypes.APPLICATION_JSON).build();
EditableVersionMetaDataDto versionMetaData2 = EditableVersionMetaDataDto.builder().build();
getStorage().createArtifact(GROUP_ID, artifactId2, ArtifactType.AVRO, artifactMetaData2, null,
- versionContent2, versionMetaData2, List.of(), false, false).getRight();
+ versionContent2, versionMetaData2, List.of(), false, false, null).getRight();
assertEquals(size + 2, getStorage().getArtifactIds(null).size());
assertTrue(getStorage().getArtifactIds(null).contains(artifactId1));
@@ -166,7 +166,7 @@ public void testRules() throws Exception {
.content(ContentHandle.create("content1")).contentType(ContentTypes.APPLICATION_JSON).build();
EditableVersionMetaDataDto versionMetaData = EditableVersionMetaDataDto.builder().build();
getStorage().createArtifact(GROUP_ID, artifactId, ArtifactType.JSON, artifactMetaData, null,
- versionContent1, versionMetaData, List.of(), false, false).getRight();
+ versionContent1, versionMetaData, List.of(), false, false, null).getRight();
assertEquals(0, getStorage().getArtifactRules(GROUP_ID, artifactId).size());
assertEquals(0, getStorage().getGlobalRules().size());
@@ -200,15 +200,15 @@ public void testLimitGetArtifactIds() throws Exception {
.contentType(ContentTypes.APPLICATION_JSON).build();
getStorage().createArtifact(GROUP_ID, testId0, ArtifactType.JSON, null, null, content, null,
- List.of(), false, false);
+ List.of(), false, false, null);
int size = getStorage().getArtifactIds(null).size();
// Create 2 artifacts
getStorage().createArtifact(GROUP_ID, testId1, ArtifactType.JSON, null, null, content, null,
- List.of(), false, false);
+ List.of(), false, false, null);
getStorage().createArtifact(GROUP_ID, testId2, ArtifactType.JSON, null, null, content, null,
- List.of(), false, false);
+ List.of(), false, false, null);
int newSize = getStorage().getArtifactIds(null).size();
int limitedSize = getStorage().getArtifactIds(1).size();
diff --git a/app/src/test/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlAuthTest.java b/app/src/test/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlAuthTest.java
new file mode 100644
index 0000000000..a42e7f7f18
--- /dev/null
+++ b/app/src/test/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlAuthTest.java
@@ -0,0 +1,17 @@
+package io.apicurio.registry.storage.impl.kafkasql;
+
+import io.apicurio.registry.auth.SimpleAuthTest;
+import io.apicurio.registry.utils.tests.ApicurioTestTags;
+import io.apicurio.registry.utils.tests.KafkasqlAuthTestProfile;
+import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.junit.TestProfile;
+import jakarta.enterprise.inject.Typed;
+import org.junit.jupiter.api.Tag;
+
+@QuarkusTest
+@TestProfile(KafkasqlAuthTestProfile.class)
+@Tag(ApicurioTestTags.SLOW)
+@Typed(KafkaSqlAuthTest.class)
+public class KafkaSqlAuthTest extends SimpleAuthTest {
+
+}
diff --git a/app/src/test/java/io/apicurio/registry/storage/impl/readonly/ReadOnlyRegistryStorageTest.java b/app/src/test/java/io/apicurio/registry/storage/impl/readonly/ReadOnlyRegistryStorageTest.java
index 31839057a7..4153cdcabe 100644
--- a/app/src/test/java/io/apicurio/registry/storage/impl/readonly/ReadOnlyRegistryStorageTest.java
+++ b/app/src/test/java/io/apicurio/registry/storage/impl/readonly/ReadOnlyRegistryStorageTest.java
@@ -45,16 +45,18 @@ public class ReadOnlyRegistryStorageTest {
new State(false, s -> s.countActiveArtifactVersions(null, null))),
entry("countTotalArtifactVersions0",
new State(false, RegistryStorage::countTotalArtifactVersions)),
- entry("createArtifact10", new State(true,
- s -> s.createArtifact(null, null, null, null, null, null, null, null, false, false))),
+ entry("createArtifact11",
+ new State(true,
+ s -> s.createArtifact(null, null, null, null, null, null, null, null, false,
+ false, null))),
entry("createArtifactRule4",
new State(true, s -> s.createArtifactRule(null, null, null, null))),
entry("createArtifactVersionComment4",
new State(true, s -> s.createArtifactVersionComment(null, null, null, null))),
- entry("createArtifactVersion9",
+ entry("createArtifactVersion10",
new State(true,
s -> s.createArtifactVersion(null, null, null, null, null, null, null, false,
- false))),
+ false, null))),
entry("createBranch4", new State(true, s -> s.createBranch(null, null, null, null))),
entry("createDownload1", new State(true, s -> s.createDownload(null))),
entry("createGlobalRule2", new State(true, s -> s.createGlobalRule(null, null))),
diff --git a/examples/tools/kafka-compose/kafka-ingress.yaml b/examples/tools/kafka-compose/kafka-ingress.yaml
new file mode 100644
index 0000000000..1d153a08da
--- /dev/null
+++ b/examples/tools/kafka-compose/kafka-ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: kafka-ingress
+ annotations:
+ nginx.ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+ rules:
+ - host: kafka.local
+ http:
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: kafka
+ port:
+ number: 9092
diff --git a/examples/tools/kafka-compose/kafka.yaml b/examples/tools/kafka-compose/kafka.yaml
new file mode 100644
index 0000000000..aff9eb4b18
--- /dev/null
+++ b/examples/tools/kafka-compose/kafka.yaml
@@ -0,0 +1,86 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: kafka-config
+ namespace: default
+data:
+ server.properties: |
+ process.roles=broker,controller
+ node.id=1
+ controller.quorum.voters=1@localhost:9093
+ listeners=PLAINTEXT://0.0.0.0:9092,DOCKER://0.0.0.0:9094,CONTROLLER://0.0.0.0:9093
+ advertised.listeners=PLAINTEXT://127.0.0.1:9092,DOCKER://kafka.local:9094
+ controller.listener.names=CONTROLLER
+ listener.security.protocol.map=PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT,DOCKER:PLAINTEXT
+ inter.broker.listener.name=PLAINTEXT
+ log.dirs=/tmp/kafka-logs
+ num.network.threads=3
+ num.io.threads=8
+ log.retention.hours=168
+ log.segment.bytes=1073741824
+ log.retention.check.interval.ms=300000
+ offsets.topic.replication.factor=1
+ transaction.state.log.replication.factor=1
+ transaction.state.log.min.isr=1
+ group.initial.rebalance.delay.ms=0
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kafka
+ namespace: default
+ labels:
+ app: kafka
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: kafka
+ template:
+ metadata:
+ labels:
+ app: kafka
+ spec:
+ containers:
+ - name: kafka
+ image: quay.io/strimzi/kafka:latest-kafka-3.5.0
+ command:
+ - /bin/sh
+ - -c
+ - |
+ export CLUSTER_ID=$(bin/kafka-storage.sh random-uuid) && \
+ bin/kafka-storage.sh format -t $CLUSTER_ID -c /config/server.properties && \
+ bin/kafka-server-start.sh /config/server.properties
+ env:
+ - name: LOG_DIR
+ value: /tmp/logs
+ volumeMounts:
+ - name: kafka-config
+ mountPath: /config
+ - name: kafka-data
+ mountPath: /tmp/kafka-logs
+ ports:
+ - containerPort: 9092
+ - containerPort: 9093
+ volumes:
+ - name: kafka-config
+ configMap:
+ name: kafka-config
+ - name: kafka-data
+ emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kafka
+ namespace: default
+spec:
+ type: LoadBalancer
+ selector:
+ app: kafka
+ ports:
+ - name: kafka
+ protocol: TCP
+ port: 9092
+ targetPort: 9092
+
diff --git a/integration-tests/src/test/java/io/apicurio/tests/ApicurioRegistryBaseIT.java b/integration-tests/src/test/java/io/apicurio/tests/ApicurioRegistryBaseIT.java
index a176ca890e..9a9ea28479 100644
--- a/integration-tests/src/test/java/io/apicurio/tests/ApicurioRegistryBaseIT.java
+++ b/integration-tests/src/test/java/io/apicurio/tests/ApicurioRegistryBaseIT.java
@@ -605,11 +605,11 @@ public Response artifactPostRequest(String artifactId, String contentType, Strin
protected void assertNotAuthorized(Exception exception) {
assertNotNull(exception);
Assertions.assertEquals(RuntimeException.class, exception.getClass());
- Assertions.assertTrue(exception.getMessage().contains("unauthorized_client: Invalid client secret"));
+ Assertions.assertTrue(exception.getMessage()
+ .contains("unauthorized_client: Invalid client or Invalid client credentials"));
}
protected void assertForbidden(Exception exception) {
- assertNotNull(exception);
Assertions.assertEquals(ApiException.class, exception.getClass());
Assertions.assertEquals(403, ((ApiException) exception).getResponseStatusCode());
}
diff --git a/integration-tests/src/test/java/io/apicurio/tests/auth/SimpleAuthIT.java b/integration-tests/src/test/java/io/apicurio/tests/auth/SimpleAuthIT.java
index 8602405986..fc3b7b434c 100644
--- a/integration-tests/src/test/java/io/apicurio/tests/auth/SimpleAuthIT.java
+++ b/integration-tests/src/test/java/io/apicurio/tests/auth/SimpleAuthIT.java
@@ -1,18 +1,14 @@
package io.apicurio.tests.auth;
+import io.apicurio.registry.client.auth.VertXAuthFactory;
import io.apicurio.registry.rest.client.RegistryClient;
-import io.apicurio.registry.rest.client.models.CreateArtifact;
-import io.apicurio.registry.rest.client.models.CreateRule;
-import io.apicurio.registry.rest.client.models.CreateVersion;
-import io.apicurio.registry.rest.client.models.RuleType;
-import io.apicurio.registry.rest.client.models.UserInfo;
-import io.apicurio.registry.rest.client.models.VersionContent;
-import io.apicurio.registry.rest.client.models.VersionMetaData;
+import io.apicurio.registry.rest.client.models.*;
+import io.apicurio.registry.rules.compatibility.CompatibilityLevel;
import io.apicurio.registry.rules.validity.ValidityLevel;
import io.apicurio.registry.types.ArtifactType;
import io.apicurio.registry.types.ContentTypes;
import io.apicurio.registry.utils.tests.AuthTestProfile;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
import io.apicurio.registry.utils.tests.TestUtils;
import io.apicurio.tests.ApicurioRegistryBaseIT;
import io.apicurio.tests.utils.Constants;
@@ -26,7 +22,10 @@
import org.junit.jupiter.api.Test;
import static io.apicurio.registry.client.auth.VertXAuthFactory.buildOIDCWebClient;
+import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
@Tag(Constants.AUTH)
@TestProfile(AuthTestProfile.class)
@@ -47,8 +46,8 @@ public class SimpleAuthIT extends ApicurioRegistryBaseIT {
@Override
protected RegistryClient createRegistryClient(Vertx vertx) {
- var auth = buildOIDCWebClient(vertx, authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID,
- "test1");
+ var auth = buildOIDCWebClient(vertx, authServerUrlConfigured,
+ KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1");
return createClient(auth);
}
@@ -60,19 +59,19 @@ private RegistryClient createClient(WebClient auth) {
@Test
public void testWrongCreds() throws Exception {
- var auth = buildOIDCWebClient(vertx, authServerUrlConfigured, JWKSMockServer.WRONG_CREDS_CLIENT_ID,
- "test55");
+ var auth = buildOIDCWebClient(vertx, authServerUrlConfigured,
+ KeycloakTestContainerManager.WRONG_CREDS_CLIENT_ID, "test55");
RegistryClient client = createClient(auth);
var exception = Assertions.assertThrows(Exception.class, () -> {
client.groups().byGroupId("foo").artifacts().get();
});
- assertNotAuthorized(exception);
+ assertTrue(exception.getMessage().contains("unauthorized"));
}
@Test
public void testReadOnly() throws Exception {
var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrlConfigured,
- JWKSMockServer.READONLY_CLIENT_ID, "test1"));
+ KeycloakTestContainerManager.READONLY_CLIENT_ID, "test1"));
adapter.setBaseUrl(getRegistryV3ApiUrl());
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
@@ -92,7 +91,7 @@ public void testReadOnly() throws Exception {
assertForbidden(exception3);
var devAdapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrlConfigured,
- JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
devAdapter.setBaseUrl(getRegistryV3ApiUrl());
RegistryClient devClient = new RegistryClient(devAdapter);
@@ -115,7 +114,7 @@ public void testReadOnly() throws Exception {
@Test
public void testDevRole() throws Exception {
var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrlConfigured,
- JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+ KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
adapter.setBaseUrl(getRegistryV3ApiUrl());
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
@@ -154,8 +153,8 @@ public void testDevRole() throws Exception {
@Test
public void testAdminRole() throws Exception {
- var adapter = new VertXRequestAdapter(
- buildOIDCWebClient(vertx, authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+ var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrlConfigured,
+ KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
adapter.setBaseUrl(getRegistryV3ApiUrl());
RegistryClient client = new RegistryClient(adapter);
String artifactId = TestUtils.generateArtifactId();
@@ -189,6 +188,184 @@ public void testAdminRole() throws Exception {
}
}
+ @Test
+ public void testOwnerOnlyAuthorization() throws Exception {
+ var devAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
+ devAdapter.setBaseUrl(getRegistryV3ApiUrl());
+ RegistryClient clientDev = new RegistryClient(devAdapter);
+
+ var adminAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
+ authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
+ adminAdapter.setBaseUrl(getRegistryV3ApiUrl());
+ RegistryClient clientAdmin = new RegistryClient(adminAdapter);
+
+ // Admin user will create an artifact
+ String artifactId = TestUtils.generateArtifactId();
+ createArtifact.setArtifactId(artifactId);
+ clientAdmin.groups().byGroupId(groupId).artifacts().post(createArtifact);
+
+ EditableArtifactMetaData updatedMetaData = new EditableArtifactMetaData();
+ updatedMetaData.setName("Updated Name");
+ // Dev user cannot edit the same artifact because Dev user is not the owner
+ var exception1 = Assertions.assertThrows(Exception.class, () -> {
+ clientDev.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).put(updatedMetaData);
+ });
+ assertForbidden(exception1);
+
+ // But the admin user CAN make the change.
+ clientAdmin.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).put(updatedMetaData);
+
+ // Now the Dev user will create an artifact
+ String artifactId2 = TestUtils.generateArtifactId();
+ createArtifact.setArtifactId(artifactId2);
+ clientDev.groups().byGroupId(groupId).artifacts().post(createArtifact);
+
+ // And the Admin user will modify it (allowed because it's the Admin user)
+ CreateRule createRule = new CreateRule();
+ createRule.setRuleType(RuleType.COMPATIBILITY);
+ createRule.setConfig(CompatibilityLevel.BACKWARD.name());
+ clientAdmin.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId2).rules()
+ .post(createRule);
+
+ // Admin user will create an artifact
+ String artifactId1 = TestUtils.generateArtifactId();
+ createArtifact.setArtifactId(artifactId1);
+ clientAdmin.groups().byGroupId(groupId).artifacts().post(createArtifact);
+
+ // Dev user cannot update with ifExists the same artifact because Dev user is not the owner
+ Assertions.assertThrows(Exception.class, () -> {
+ clientDev.groups().byGroupId(groupId).artifacts().post(createArtifact, config -> {
+ config.queryParameters.ifExists = IfArtifactExists.CREATE_VERSION;
+ });
+ });
+ }
+
+ @Test
+ public void testGetArtifactOwner() throws Exception {
+ var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
+ adapter.setBaseUrl(getRegistryV3ApiUrl());
+ RegistryClient client = new RegistryClient(adapter);
+
+ // Preparation
+ final String groupId = "testGetArtifactOwner";
+ final String artifactId = generateArtifactId();
+ final String version = "1";
+
+ // Execution
+ createArtifact.setArtifactId(artifactId);
+ final VersionMetaData created = client.groups().byGroupId(groupId).artifacts().post(createArtifact)
+ .getVersion();
+
+ // Assertions
+ assertNotNull(created);
+ assertEquals(groupId, created.getGroupId());
+ assertEquals(artifactId, created.getArtifactId());
+ assertEquals(version, created.getVersion());
+ assertEquals("developer-client", created.getOwner());
+
+ // Get the artifact owner via the REST API and verify it
+ ArtifactMetaData amd = client.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).get();
+ assertEquals("developer-client", amd.getOwner());
+ }
+
+ @Test
+ public void testUpdateArtifactOwner() throws Exception {
+ var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
+ adapter.setBaseUrl(getRegistryV3ApiUrl());
+ RegistryClient client = new RegistryClient(adapter);
+
+ // Preparation
+ final String groupId = "testUpdateArtifactOwner";
+ final String artifactId = generateArtifactId();
+
+ final String version = "1.0";
+ final String name = "testUpdateArtifactOwnerName";
+ final String description = "testUpdateArtifactOwnerDescription";
+
+ // Execution
+ createArtifact.setArtifactId(artifactId);
+ createArtifact.getFirstVersion().setVersion(version);
+ createArtifact.getFirstVersion().setName(name);
+ createArtifact.getFirstVersion().setDescription(description);
+ final VersionMetaData created = client.groups().byGroupId(groupId).artifacts().post(createArtifact)
+ .getVersion();
+
+ // Assertions
+ assertNotNull(created);
+ assertEquals(groupId, created.getGroupId());
+ assertEquals(artifactId, created.getArtifactId());
+ assertEquals(version, created.getVersion());
+ assertEquals("developer-client", created.getOwner());
+
+ // Get the artifact owner via the REST API and verify it
+ ArtifactMetaData amd = client.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).get();
+ assertEquals("developer-client", amd.getOwner());
+
+ // Update the owner
+ EditableArtifactMetaData eamd = new EditableArtifactMetaData();
+ eamd.setOwner("developer-2-client");
+ client.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).put(eamd);
+
+ // Check that the update worked
+ amd = client.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).get();
+ assertEquals("developer-2-client", amd.getOwner());
+ }
+
+ @Test
+ public void testUpdateArtifactOwnerOnlyByOwner() throws Exception {
+ var adapter_dev1 = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
+ adapter_dev1.setBaseUrl(getRegistryV3ApiUrl());
+ RegistryClient client_dev1 = new RegistryClient(adapter_dev1);
+ var adapter_dev2 = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
+ authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_2_CLIENT_ID, "test2"));
+ adapter_dev2.setBaseUrl(getRegistryV3ApiUrl());
+ RegistryClient client_dev2 = new RegistryClient(adapter_dev2);
+
+ // Preparation
+ final String groupId = "testUpdateArtifactOwnerOnlyByOwner";
+ final String artifactId = generateArtifactId();
+
+ final String version = "1.0";
+ final String name = "testUpdateArtifactOwnerOnlyByOwnerName";
+ final String description = "testUpdateArtifactOwnerOnlyByOwnerDescription";
+
+ // Execution
+ createArtifact.setArtifactId(artifactId);
+ createArtifact.getFirstVersion().setVersion(version);
+ createArtifact.getFirstVersion().setName(name);
+ createArtifact.getFirstVersion().setDescription(description);
+ final VersionMetaData created = client_dev1.groups().byGroupId(groupId).artifacts()
+ .post(createArtifact).getVersion();
+
+ // Assertions
+ assertNotNull(created);
+ assertEquals(groupId, created.getGroupId());
+ assertEquals(artifactId, created.getArtifactId());
+ assertEquals(version, created.getVersion());
+ assertEquals("developer-client", created.getOwner());
+
+ // Get the artifact owner via the REST API and verify it
+ ArtifactMetaData amd = client_dev1.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId)
+ .get();
+ assertEquals("developer-client", amd.getOwner());
+
+ // Try to update the owner by dev2 (should fail)
+ var exception1 = assertThrows(Exception.class, () -> {
+ EditableArtifactMetaData eamd = new EditableArtifactMetaData();
+ eamd.setOwner("developer-2-client");
+ client_dev2.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).put(eamd);
+ });
+ assertForbidden(exception1);
+
+ // Should still be the original owner
+ amd = client_dev1.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId).get();
+ assertEquals("developer-client", amd.getOwner());
+ }
+
protected void assertArtifactNotFound(Exception exception) {
Assertions.assertEquals(io.apicurio.registry.rest.client.models.ProblemDetails.class,
exception.getClass());
diff --git a/integration-tests/src/test/resources/infra/auth/keycloak.yml b/integration-tests/src/test/resources/infra/auth/keycloak.yml
index d793a192b1..0f3c95fbbe 100644
--- a/integration-tests/src/test/resources/infra/auth/keycloak.yml
+++ b/integration-tests/src/test/resources/infra/auth/keycloak.yml
@@ -527,31 +527,31 @@ data:
"groups": []
},
{
- "id": "0f1d31e8-a358-4f05-90cc-3374453b7088",
- "createdTimestamp": 1608543288931,
- "username": "service-account-wrong-client",
- "enabled": true,
- "totp": false,
- "emailVerified": false,
- "serviceAccountClientId": "wrong-client",
- "disableableCredentialTypes": [],
- "requiredActions": [],
- "realmRoles": [
- "offline_access",
- "uma_authorization",
- "sr-developer",
- "User"
- ],
- "clientRoles": {
- "account": [
- "view-applications",
- "view-profile",
- "manage-account"
- ]
- },
- "notBefore": 0,
- "groups": []
- },
+ "id": "0f1d31e8-a358-4f05-90cc-3374453b7088",
+ "createdTimestamp": 1608543288931,
+ "username": "service-account-wrong-client",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "serviceAccountClientId": "wrong-client",
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "offline_access",
+ "uma_authorization",
+ "sr-developer",
+ "User"
+ ],
+ "clientRoles": {
+ "account": [
+ "view-applications",
+ "view-profile",
+ "manage-account"
+ ]
+ },
+ "notBefore": 0,
+ "groups": []
+ },
{
"id": "06fec980-2e11-4c7f-a8fb-3d285f30b0b0",
"createdTimestamp": 1608543552621,
@@ -1084,124 +1084,358 @@ data:
]
},
{
- "id": "af889034-77c2-41le-a368-67d5789f4b87",
- "clientId": "wrong-client",
- "rootUrl": "",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "secret": "test1",
- "redirectUris": [
- "*"
- ],
- "webOrigins": [
- "*"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": true,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": true,
- "publicClient": false,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "saml.force.post.binding": "false",
- "saml.multivalued.roles": "false",
- "frontchannel.logout.session.required": "false",
- "oauth2.device.authorization.grant.enabled": "false",
- "backchannel.logout.revoke.offline.tokens": "false",
- "saml.server.signature.keyinfo.ext": "false",
- "use.refresh.tokens": "true",
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "false",
- "client_credentials.use_refresh_token": "false",
- "require.pushed.authorization.requests": "false",
- "saml.client.signature": "false",
- "saml.allow.ecp.flow": "false",
- "id.token.as.detached.signature": "false",
- "saml.assertion.signature": "false",
- "saml.encrypt": "false",
- "login_theme": "keycloak",
- "saml.server.signature": "false",
- "exclude.session.state.from.auth.response": "false",
- "saml.artifact.binding": "false",
- "saml_force_name_id_format": "false",
- "acr.loa.map": "{}",
- "tls.client.certificate.bound.access.tokens": "false",
- "saml.authnstatement": "false",
- "display.on.consent.screen": "false",
- "token.response.type.bearer.lower-case": "false",
- "saml.onetimeuse.condition": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "id": "ytb67b03-0yyd-432c-a329-0a04363e974a",
- "name": "Client ID",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientId",
- "userinfo.token.claim": "true",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientId",
- "jsonType.label": "String"
- }
- },
- {
- "id": "4c29a235-d731-4b5b-84fe-d9cf9f6b7ba1",
- "name": "Client IP Address",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientAddress",
- "userinfo.token.claim": "true",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientAddress",
- "jsonType.label": "String"
- }
- },
- {
- "id": "d2bda3a3-e2cc-498e-838e-60a7840hhod5",
- "name": "Client Host",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientHost",
- "userinfo.token.claim": "true",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientHost",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
+ "id": "af779833-76c2-41ae-a368-67d5789f4b87",
+ "clientId": "developer-2-client",
+ "rootUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test2",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "aeb67a03-0bbd-432c-a329-0a04363e974a",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7c28a433-d724-4b5b-86fe-d9cf9f6b7ba1",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d2bda474-e2cc-498e-838e-60a7840ccad9",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "af669833-76c2-41ae-a368-67d5789f4b87",
+ "clientId": "no-role-client",
+ "rootUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "aeb67c03-0bbd-432c-a329-0a04363e974a",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7c27a433-d724-4b5b-86fe-d9cf9f6b7ba1",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d2bda374-e2cc-498e-838e-60a7840ccad9",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "af774034-77c2-41le-a368-67d5789f4b87",
+ "clientId": "wrong-client",
+ "rootUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "ytb67b03-0yyi-432c-a329-0a04363e974a",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4c29a234-d731-4b5b-84fe-d9cf9f6b7ba1",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d2bda9a3-e2cc-498e-838e-60a7840hhod5",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
{
- "id": "57e89899-9c1a-498d-96fd-c9bcbd3f3121",
+ "id": "57e9899-9c1a-498d-96fd-c9bcbd3f3121",
"clientId": "readonly-client",
"surrogateAuthRequired": false,
"enabled": true,
@@ -2949,8 +3183,6 @@ spec:
value: "8090"
- name: KC_HOSTNAME_STRICT_BACKCHANNEL
value: "false"
- - name: KC_HTTP_RELATIVE_PATH
- value: "/auth"
- name: KC_HTTP_PORT
value: "8090"
ports:
@@ -2977,7 +3209,16 @@ metadata:
spec:
selector:
app: keycloak-deployment
+ type: LoadBalancer
+ sessionAffinity: None
+ externalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv4
+ ipFamilyPolicy: SingleStack
+ allocateLoadBalancerNodePorts: true
+ internalTrafficPolicy: Cluster
ports:
- protocol: TCP
port: 8090
targetPort: 8090
+ nodePort: 32587
diff --git a/integration-tests/src/test/resources/infra/in-memory/registry-in-memory-secured.yml b/integration-tests/src/test/resources/infra/in-memory/registry-in-memory-secured.yml
index f5163e5338..5386abbb8d 100644
--- a/integration-tests/src/test/resources/infra/in-memory/registry-in-memory-secured.yml
+++ b/integration-tests/src/test/resources/infra/in-memory/registry-in-memory-secured.yml
@@ -39,6 +39,10 @@ spec:
value: "true"
- name: APICURIO_AUTH_ROLE_SOURCE
value: "token"
+ - name: APICURIO_AUTH_OWNER_ONLY_AUTHORIZATION
+ value: "true"
+ - name: APICURIO_AUTH_ADMIN_OVERRIDE_ENABLED
+ value: "true"
- name: APICURIO_REST_DELETION_ARTIFACT_ENABLED
value: "true"
- name: APICURIO_REST_DELETION_ARTIFACTVERSION_ENABLED
diff --git a/integration-tests/src/test/resources/infra/kafka/registry-kafka-secured.yml b/integration-tests/src/test/resources/infra/kafka/registry-kafka-secured.yml
index 28bb2eab62..b737d25cd8 100644
--- a/integration-tests/src/test/resources/infra/kafka/registry-kafka-secured.yml
+++ b/integration-tests/src/test/resources/infra/kafka/registry-kafka-secured.yml
@@ -43,6 +43,10 @@ spec:
value: "true"
- name: APICURIO_AUTH_ROLE_SOURCE
value: "token"
+ - name: APICURIO_AUTH_OWNER_ONLY_AUTHORIZATION
+ value: "true"
+ - name: APICURIO_AUTH_ADMIN_OVERRIDE_ENABLED
+ value: "true"
- name: APICURIO_REST_DELETION_ARTIFACT_ENABLED
value: "true"
- name: APICURIO_REST_DELETION_ARTIFACTVERSION_ENABLED
diff --git a/integration-tests/src/test/resources/infra/sql/registry-sql-secured.yml b/integration-tests/src/test/resources/infra/sql/registry-sql-secured.yml
index b281514fc9..8be7cd4ce0 100644
--- a/integration-tests/src/test/resources/infra/sql/registry-sql-secured.yml
+++ b/integration-tests/src/test/resources/infra/sql/registry-sql-secured.yml
@@ -47,6 +47,10 @@ spec:
value: "true"
- name: APICURIO_AUTH_ROLE_SOURCE
value: "token"
+ - name: APICURIO_AUTH_OWNER_ONLY_AUTHORIZATION
+ value: "true"
+ - name: APICURIO_AUTH_ADMIN_OVERRIDE_ENABLED
+ value: "true"
- name: APICURIO_REST_DELETION_ARTIFACT_ENABLED
value: "true"
- name: APICURIO_REST_DELETION_ARTIFACTVERSION_ENABLED
diff --git a/java-sdk/src/main/java/io/apicurio/registry/client/auth/VertXAuthFactory.java b/java-sdk/src/main/java/io/apicurio/registry/client/auth/VertXAuthFactory.java
index e91bbbd251..e25432bd1e 100644
--- a/java-sdk/src/main/java/io/apicurio/registry/client/auth/VertXAuthFactory.java
+++ b/java-sdk/src/main/java/io/apicurio/registry/client/auth/VertXAuthFactory.java
@@ -31,7 +31,9 @@ public static WebClient buildOIDCWebClient(Vertx vertx, String tokenUrl, String
.setClientId(clientId).setClientSecret(clientSecret).setTokenPath(tokenUrl));
Oauth2Credentials oauth2Credentials = new Oauth2Credentials();
-
+ if (scope != null) {
+ oauth2Credentials.addScope(scope);
+ }
OAuth2WebClient oauth2WebClient = OAuth2WebClient.create(webClient, oAuth2Options);
oauth2WebClient.withCredentials(oauth2Credentials);
diff --git a/pom.xml b/pom.xml
index 616595788f..3d034a576e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -275,8 +275,7 @@
1.20.2
- 1.9.0
- 21.1.2
+ 3.4.0
2.0.7
0.105.0
2.35.2
@@ -824,11 +823,6 @@
testcontainers-keycloak
${keycloak.testcontainers.version}
-
- org.keycloak
- keycloak-admin-client-jakarta
- ${keycloak-admin-client.version}
-
com.github.tomakehurst
wiremock-jre8
diff --git a/utils/tests/pom.xml b/utils/tests/pom.xml
index f9c74f5089..110451a325 100644
--- a/utils/tests/pom.xml
+++ b/utils/tests/pom.xml
@@ -63,22 +63,14 @@
- com.github.dasniko
- testcontainers-keycloak
- provided
-
-
-
-
- org.keycloak
- keycloak-admin-client-jakarta
+ io.zonky.test
+ embedded-postgres
provided
- io.zonky.test
- embedded-postgres
- provided
+ com.github.dasniko
+ testcontainers-keycloak
diff --git a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfile.java b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfile.java
index c5969c7cee..dea7a4752e 100644
--- a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfile.java
+++ b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfile.java
@@ -15,14 +15,13 @@ public Map getConfigOverrides() {
props.put("apicurio.rest.deletion.group.enabled", "true");
props.put("apicurio.rest.deletion.artifact.enabled", "true");
props.put("apicurio.rest.deletion.artifact-version.enabled", "true");
- props.put("smallrye.jwt.sign.key.location", "privateKey.jwk");
return props;
}
@Override
public List testResources() {
if (!Boolean.parseBoolean(System.getProperty("cluster.tests"))) {
- return List.of(new TestResourceEntry(JWKSMockServer.class));
+ return List.of(new TestResourceEntry(KeycloakTestContainerManager.class));
} else {
return Collections.emptyList();
}
diff --git a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileAnonymousCredentials.java b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileAnonymousCredentials.java
index f56cc98543..9148a91619 100644
--- a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileAnonymousCredentials.java
+++ b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileAnonymousCredentials.java
@@ -10,12 +10,11 @@ public class AuthTestProfileAnonymousCredentials implements QuarkusTestProfile {
@Override
public Map getConfigOverrides() {
- return Map.of("apicurio.auth.anonymous-read-access.enabled", "true", "smallrye.jwt.sign.key.location",
- "privateKey.jwk");
+ return Map.of("apicurio.auth.anonymous-read-access.enabled", "true");
}
@Override
public List testResources() {
- return Collections.singletonList(new TestResourceEntry(JWKSMockServer.class));
+ return Collections.singletonList(new TestResourceEntry(KeycloakTestContainerManager.class));
}
}
diff --git a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileAuthenticatedReadAccess.java b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileAuthenticatedReadAccess.java
index 7922d7306e..cc9f21b74f 100644
--- a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileAuthenticatedReadAccess.java
+++ b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileAuthenticatedReadAccess.java
@@ -10,12 +10,11 @@ public class AuthTestProfileAuthenticatedReadAccess implements QuarkusTestProfil
@Override
public Map getConfigOverrides() {
- return Map.of("apicurio.auth.authenticated-read-access.enabled", "true",
- "smallrye.jwt.sign.key.location", "privateKey.jwk");
+ return Map.of("apicurio.auth.authenticated-read-access.enabled", "true");
}
@Override
public List testResources() {
- return Collections.singletonList(new TestResourceEntry(JWKSMockServer.class));
+ return Collections.singletonList(new TestResourceEntry(KeycloakTestContainerManager.class));
}
}
diff --git a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileWithHeaderRoles.java b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileWithHeaderRoles.java
index 86c30f6d9b..9e948b605e 100644
--- a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileWithHeaderRoles.java
+++ b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileWithHeaderRoles.java
@@ -10,12 +10,12 @@ public class AuthTestProfileWithHeaderRoles implements QuarkusTestProfile {
@Override
public Map getConfigOverrides() {
- return Map.of("smallrye.jwt.sign.key.location", "privateKey.jwk", "apicurio.auth.role-source",
- "header");
+ return Map.of("apicurio.auth.role-source", "header");
}
@Override
public List testResources() {
- return Collections.singletonList(new QuarkusTestProfile.TestResourceEntry(JWKSMockServer.class));
+ return Collections
+ .singletonList(new QuarkusTestProfile.TestResourceEntry(KeycloakTestContainerManager.class));
}
}
diff --git a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileWithLocalRoles.java b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileWithLocalRoles.java
index 7f0b95b597..d3985ed4df 100644
--- a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileWithLocalRoles.java
+++ b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/AuthTestProfileWithLocalRoles.java
@@ -10,12 +10,11 @@ public class AuthTestProfileWithLocalRoles implements QuarkusTestProfile {
@Override
public Map getConfigOverrides() {
- return Map.of("smallrye.jwt.sign.key.location", "privateKey.jwk", "apicurio.auth.role-source",
- "application");
+ return Map.of("apicurio.auth.role-source", "application");
}
@Override
public List testResources() {
- return Collections.singletonList(new TestResourceEntry(JWKSMockServer.class));
+ return Collections.singletonList(new TestResourceEntry(KeycloakTestContainerManager.class));
}
}
\ No newline at end of file
diff --git a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/JWKSMockServer.java b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/JWKSMockServer.java
deleted file mode 100644
index f3aa435ab8..0000000000
--- a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/JWKSMockServer.java
+++ /dev/null
@@ -1,230 +0,0 @@
-package io.apicurio.registry.utils.tests;
-
-import com.github.tomakehurst.wiremock.WireMockServer;
-import com.github.tomakehurst.wiremock.client.ResponseDefinitionBuilder;
-import com.github.tomakehurst.wiremock.client.WireMock;
-import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
-import io.smallrye.jwt.build.Jwt;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.nio.charset.StandardCharsets;
-import java.util.HashMap;
-import java.util.Map;
-
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.get;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlMatching;
-import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
-import static io.vertx.ext.auth.impl.Codec.base64Encode;
-
-public class JWKSMockServer implements QuarkusTestResourceLifecycleManager {
-
- static final Logger LOGGER = LoggerFactory.getLogger(JWKSMockServer.class);
-
- private WireMockServer server;
-
- public String authServerUrl;
- public String realm = "registry";
- public String tokenEndpoint;
-
- public static String ADMIN_CLIENT_ID = "admin-client";
- public static String DEVELOPER_CLIENT_ID = "developer-client";
- public static String DEVELOPER_2_CLIENT_ID = "developer-2-client";
- public static String READONLY_CLIENT_ID = "readonly-client";
-
- public static String NO_ROLE_CLIENT_ID = "no-role-client";
- public static String WRONG_CREDS_CLIENT_ID = "wrong-client";
-
- public static String BASIC_USER = "sr-test-user";
- public static String BASIC_PASSWORD = "sr-test-password";
-
- public static String BASIC_USER_A = "sr-test-user-a";
- public static String BASIC_USER_B = "sr-test-user-b";
-
- @Override
- public Map start() {
-
- server = new WireMockServer(wireMockConfig().dynamicPort());
- server.start();
-
- server.stubFor(get(urlMatching("/auth/realms/" + realm + "/.well-known/uma2-configuration"))
- .willReturn(wellKnownResponse()));
- server.stubFor(get(urlMatching("/auth/realms/" + realm + "/.well-known/openid-configuration"))
- .willReturn(wellKnownResponse()));
-
- server.stubFor(get(urlEqualTo("/auth/realms/" + realm + "/protocol/openid-connect/certs")).willReturn(
- aResponse().withHeader("Content-Type", "application/json").withBody("{\n" + " \"keys\" : [\n"
- + " {\n" + " \"kid\": \"1\",\n" + " \"kty\":\"RSA\",\n"
- + " \"n\":\"iJw33l1eVAsGoRlSyo-FCimeOc-AaZbzQ2iESA3Nkuo3TFb1zIkmt0kzlnWVGt48dkaIl13Vdefh9hqw_r9yNF8xZqX1fp0PnCWc5M_TX_ht5fm9y0TpbiVmsjeRMWZn4jr3DsFouxQ9aBXUJiu26V0vd2vrECeeAreFT4mtoHY13D2WVeJvboc5mEJcp50JNhxRCJ5UkY8jR_wfUk2Tzz4-fAj5xQaBccXnqJMu_1C6MjoCEiB7G1d13bVPReIeAGRKVJIF6ogoCN8JbrOhc_48lT4uyjbgnd24beatuKWodmWYhactFobRGYo5551cgMe8BoxpVQ4to30cGA0qjQ\",\n"
- + " \"e\":\"AQAB\"\n" + " }\n" + " ]\n" + "}")));
-
- // Admin user stub
- stubForClient(ADMIN_CLIENT_ID);
- // Stub for clients with credentials as header
- stubForClient(ADMIN_CLIENT_ID, "test1");
- // Developer user stub
- stubForClient(DEVELOPER_CLIENT_ID, "test1");
- stubForClient(DEVELOPER_2_CLIENT_ID, "test1");
- stubForClient(DEVELOPER_CLIENT_ID, "test1");
- stubForClient(DEVELOPER_2_CLIENT_ID, "test1");
- // Read only user stub
- stubForClient(READONLY_CLIENT_ID, "test1");
- stubForClient(READONLY_CLIENT_ID, "test1");
-
- // Token without roles stub
- stubForClient(NO_ROLE_CLIENT_ID, "test1");
- stubForClient(NO_ROLE_CLIENT_ID, "test1");
-
- stubForClient(BASIC_USER, BASIC_PASSWORD);
- stubForBasicUser(BASIC_USER, BASIC_PASSWORD);
- stubForBasicUser(BASIC_USER_A, BASIC_PASSWORD);
- stubForBasicUser(BASIC_USER_B, BASIC_PASSWORD);
- stubForClientWithWrongCreds(WRONG_CREDS_CLIENT_ID, "test55");
-
- this.authServerUrl = server.baseUrl() + "/auth" + "/realms/" + realm;
- LOGGER.info("Keycloak started in mock mode: {}", authServerUrl);
- this.tokenEndpoint = server.baseUrl() + "/auth" + "/realms/" + realm
- + "/protocol/openid-connect/token/";
-
- Map props = new HashMap<>();
-
- // Set registry properties
- props.put("quarkus.oidc.auth-server-url", authServerUrl);
- props.put("quarkus.oidc.token-path", tokenEndpoint);
- props.put("quarkus.oidc.tenant-enabled", "true");
- props.put("apicurio.auth.role-based-authorization", "true");
- props.put("apicurio.auth.owner-only-authorization", "true");
- props.put("apicurio.auth.admin-override.enabled", "true");
- props.put("apicurio.authn.basic-client-credentials.enabled", "true");
-
- return props;
- }
-
- private ResponseDefinitionBuilder wellKnownResponse() {
- return aResponse().withHeader("Content-Type", "application/json")
- .withBody("{\n" + " \"jwks_uri\": \"" + server.baseUrl() + "/auth/realms/" + realm
- + "/protocol/openid-connect/certs\",\n" + " \"token_endpoint\": \"" + server.baseUrl()
- + "/auth/realms/" + realm + "/protocol/openid-connect/token/\" " + "}");
- }
-
- private String generateJwtToken(String userName, String orgId) {
- var b = Jwt.preferredUserName(userName);
-
- if (userName.equals(ADMIN_CLIENT_ID)) {
- b.claim("groups", "sr-admin");
- } else if (userName.equals(DEVELOPER_CLIENT_ID)) {
- b.claim("groups", "sr-developer");
- } else if (userName.equals(DEVELOPER_2_CLIENT_ID)) {
- b.claim("groups", "sr-developer");
- } else if (userName.equals(READONLY_CLIENT_ID)) {
- b.claim("groups", "sr-readonly");
- }
-
- if (orgId != null) {
- b.claim("rh-org-id", orgId);
- }
-
- return b.jws().keyId("1").sign();
- }
-
- private void stubForBasicUser(String username, String password) {
- // TODO:carnalca this will be revisited with the auth refactor
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token")
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .withRequestBody(WireMock.containing("client_id=" + username))
- .withRequestBody(WireMock.containing("client_secret=" + password))
- .willReturn(WireMock.aResponse().withHeader("Content-Type", "application/json")
- .withBody("{\n" + " \"access_token\": \"" + generateJwtToken(ADMIN_CLIENT_ID, null)
- + "\",\n" + " \"refresh_token\": \"07e08903-1263-4dd1-9fd1-4a59b0db5283\",\n"
- + " \"token_type\": \"bearer\"\n" + "}")));
-
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token/")
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .withRequestBody(WireMock.containing("client_id=" + BASIC_USER))
- .withRequestBody(WireMock.containing("client_secret=" + BASIC_PASSWORD))
- .willReturn(WireMock.aResponse().withHeader("Content-Type", "application/json")
- .withBody("{\n" + " \"access_token\": \"" + generateJwtToken(ADMIN_CLIENT_ID, null)
- + "\",\n" + " \"refresh_token\": \"07e08903-1263-4dd1-9fd1-4a59b0db5283\",\n"
- + " \"token_type\": \"bearer\"\n" + "}")));
- }
-
- private void stubForClient(String client) {
- // TODO:carnalca this will be revisited with the auth refactor
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token")
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .withRequestBody(WireMock.containing("client_id=" + client))
- .willReturn(WireMock.aResponse().withHeader("Content-Type", "application/json")
- .withBody("{\n" + " \"access_token\": \"" + generateJwtToken(client, null) + "\",\n"
- + " \"refresh_token\": \"07e08903-1263-4dd1-9fd1-4a59b0db5283\",\n"
- + " \"token_type\": \"bearer\"\n" + "}")));
-
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token/")
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .withRequestBody(WireMock.containing("client_id=" + client))
- .willReturn(WireMock.aResponse().withHeader("Content-Type", "application/json")
- .withBody("{\n" + " \"access_token\": \"" + generateJwtToken(client, null) + "\",\n"
- + " \"refresh_token\": \"07e08903-1263-4dd1-9fd1-4a59b0db5283\",\n"
- + " \"token_type\": \"bearer\"\n" + "}")));
- }
-
- private void stubForClient(String client, String clientSecret) {
- // TODO:carnalca this will be revisited with the auth refactor
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token")
- .withHeader("Authorization", WireMock.containing(buildBasicAuthHeader(client, clientSecret)))
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .willReturn(WireMock.aResponse().withHeader("Content-Type", "application/json")
- .withBody("{\n" + " \"access_token\": \"" + generateJwtToken(client, null) + "\",\n"
- + " \"refresh_token\": \"07e08903-1263-4dd1-9fd1-4a59b0db5283\",\n"
- + " \"token_type\": \"bearer\"\n" + "}")));
-
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token/")
- .withHeader("Authorization", WireMock.containing(buildBasicAuthHeader(client, clientSecret)))
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .willReturn(WireMock.aResponse().withHeader("Content-Type", "application/json")
- .withBody("{\n" + " \"access_token\": \"" + generateJwtToken(client, null) + "\",\n"
- + " \"refresh_token\": \"07e08903-1263-4dd1-9fd1-4a59b0db5283\",\n"
- + " \"token_type\": \"bearer\"\n" + "}")));
- }
-
- private void stubForClientWithWrongCreds(String client, String clientSecret) {
- // TODO:carnalca this will be revisited with the auth refactor
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token")
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .withHeader("Authorization", WireMock.containing(buildBasicAuthHeader(client, clientSecret)))
- .willReturn(
- WireMock.aResponse().withHeader("Content-Type", "application/json").withStatus(401)));
-
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token/")
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .withHeader("Authorization", WireMock.containing(buildBasicAuthHeader(client, clientSecret)))
- .willReturn(
- WireMock.aResponse().withHeader("Content-Type", "application/json").withStatus(401)));
-
- // Wrong credentials stub
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token")
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .withRequestBody(WireMock.containing("client_id=" + WRONG_CREDS_CLIENT_ID)).willReturn(
- WireMock.aResponse().withHeader("Content-Type", "application/json").withStatus(401)));
-
- // Wrong credentials stub
- server.stubFor(WireMock.post("/auth/realms/" + realm + "/protocol/openid-connect/token/")
- .withRequestBody(WireMock.containing("grant_type=client_credentials"))
- .withRequestBody(WireMock.containing("client_id=" + WRONG_CREDS_CLIENT_ID)).willReturn(
- WireMock.aResponse().withHeader("Content-Type", "application/json").withStatus(401)));
- }
-
- private String buildBasicAuthHeader(String username, String password) {
- String basic = username + ":" + password;
- return "Basic " + base64Encode(basic.getBytes(StandardCharsets.UTF_8));
- }
-
- public synchronized void stop() {
- if (server != null) {
- server.stop();
- LOGGER.info("Keycloak was shut down");
- server = null;
- }
- }
-}
diff --git a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/KafkasqlAuthTestProfile.java b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/KafkasqlAuthTestProfile.java
new file mode 100644
index 0000000000..03178014b1
--- /dev/null
+++ b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/KafkasqlAuthTestProfile.java
@@ -0,0 +1,28 @@
+package io.apicurio.registry.utils.tests;
+
+import io.quarkus.test.junit.QuarkusTestProfile;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+public class KafkasqlAuthTestProfile implements QuarkusTestProfile {
+
+ @Override
+ public Map getConfigOverrides() {
+ return Map.of("apicurio.storage.kind", "kafkasql", "apicurio.rest.deletion.group.enabled", "true",
+ "apicurio.rest.deletion.artifact.enabled", "true",
+ "apicurio.rest.deletion.artifact-version.enabled", "true");
+ }
+
+ @Override
+ public List testResources() {
+ if (!Boolean.parseBoolean(System.getProperty("cluster.tests"))) {
+ return List.of(new TestResourceEntry(KafkaTestContainerManager.class),
+ new TestResourceEntry(KeycloakTestContainerManager.class));
+ } else {
+ return Collections.emptyList();
+ }
+ }
+
+}
diff --git a/utils/tests/src/main/java/io/apicurio/registry/utils/tests/KeycloakTestContainerManager.java b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/KeycloakTestContainerManager.java
new file mode 100644
index 0000000000..c710008798
--- /dev/null
+++ b/utils/tests/src/main/java/io/apicurio/registry/utils/tests/KeycloakTestContainerManager.java
@@ -0,0 +1,60 @@
+package io.apicurio.registry.utils.tests;
+
+import dasniko.testcontainers.keycloak.KeycloakContainer;
+import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.Network;
+import org.testcontainers.containers.wait.strategy.Wait;
+import org.testcontainers.utility.DockerImageName;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class KeycloakTestContainerManager implements QuarkusTestResourceLifecycleManager {
+
+ static final Logger LOGGER = LoggerFactory.getLogger(KeycloakTestContainerManager.class);
+ private KeycloakContainer server;
+ public static String ADMIN_CLIENT_ID = "admin-client";
+ public static String DEVELOPER_CLIENT_ID = "developer-client";
+ public static String DEVELOPER_2_CLIENT_ID = "developer-2-client";
+ public static String READONLY_CLIENT_ID = "readonly-client";
+
+ public static String NO_ROLE_CLIENT_ID = "no-role-client";
+ public static String WRONG_CREDS_CLIENT_ID = "wrong-client";
+
+ @Override
+ public Map start() {
+
+ server = new KeycloakContainer(
+ DockerImageName.parse("quay.io/keycloak/keycloak").withTag("26.1.0").toString())
+ .withNetwork(Network.SHARED).withRealmImportFile("/realm.json");
+ server.start();
+
+ server.waitingFor(Wait.forLogMessage(".*[io.quarkus] (main) Installed features.*", 1));
+
+ Map props = new HashMap<>();
+
+ String authUrl = server.getAuthServerUrl() + "/realms/registry";
+ String tokenUrl = authUrl + "/protocol/openid-connect/token/";
+
+ props.put("quarkus.oidc.auth-server-url", authUrl);
+ props.put("quarkus.oidc.token-path", tokenUrl);
+ props.put("quarkus.oidc.tenant-enabled", "true");
+ props.put("apicurio.auth.role-based-authorization", "true");
+ props.put("apicurio.auth.owner-only-authorization", "true");
+ props.put("apicurio.auth.admin-override.enabled", "true");
+ props.put("apicurio.authn.basic-client-credentials.enabled", "true");
+
+ return props;
+ }
+
+ @Override
+ public synchronized void stop() {
+ if (server != null) {
+ server.stop();
+ LOGGER.info("Keycloak was shut down");
+ server = null;
+ }
+ }
+}
diff --git a/utils/tests/src/main/resources/privateKey.jwk b/utils/tests/src/main/resources/privateKey.jwk
deleted file mode 100644
index fd33492b39..0000000000
--- a/utils/tests/src/main/resources/privateKey.jwk
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "kty":"RSA",
- "n":"iJw33l1eVAsGoRlSyo-FCimeOc-AaZbzQ2iESA3Nkuo3TFb1zIkmt0kzlnWVGt48dkaIl13Vdefh9hqw_r9yNF8xZqX1fp0PnCWc5M_TX_ht5fm9y0TpbiVmsjeRMWZn4jr3DsFouxQ9aBXUJiu26V0vd2vrECeeAreFT4mtoHY13D2WVeJvboc5mEJcp50JNhxRCJ5UkY8jR_wfUk2Tzz4-fAj5xQaBccXnqJMu_1C6MjoCEiB7G1d13bVPReIeAGRKVJIF6ogoCN8JbrOhc_48lT4uyjbgnd24beatuKWodmWYhactFobRGYo5551cgMe8BoxpVQ4to30cGA0qjQ",
- "e":"AQAB",
- "d":"AvIDTlsK_priQLTwEQf5IVf2Xl638Q7dHdXyDC-oAAPmv1GcqRVH7Wm5oAPW_CZQfWhV55WRVaJzP8AhksyD5NcslH79hQZT4NT6xgApGYecrvmseuZ4dfR-e1cxXTRNBxaoXvwSiv4LuOPHmC8XGX712AhOoCGKiZp1WFqqkKwTpkgJEApJFVb-XRIKQa0YaRKpJsJ534pLMwTh7LoPLM4BCaBVbRfHzH2H5L3TSJP718kyCuxg3z2p9Y7zIOLTmgFdeR0_kd_xKUFZ2ByN3SKlC0IWlLUSiMPsGYExRpZTMZHKyD939gv-2_Z-bOYfKlYNIvAmQH_8CcX2I039LQ",
- "p":"104AjPaxZoi_BiMBODlChnZOvRJT071PdkeZ283uyrdW8qqKD9q8FTMgUXzKoboHtUiHbJbLOobPmPDh93839rq7dTdCNzNVOuLmE-V3_bmaShdzvxEIazwPf6AvjbEZAc-zu2RS4SNkp1LbzgSl9nINSlF7t6Lkl6T28PYULys",
- "q":"om5ooyzxa4ZJ-dU0ODsEb-Bmz6xwb27xF9aEhBYJprHeoNs2QM1D64_A39weD9MYwBux4-ivshCJ0dVKEbDujJRLnzf-ssrasA6CFyaaCT4DKtq1oWb9rcG-2LQd5Bm9PttrUrSUNqitr085IYikaLEz7UU6gtXPoC8UOcJ4cSc",
- "dp":"DeWE95Q8oweUfMrpmz1m49LjBiUWsAX6CQJaFevWy9LFk-gZ_Sf7F8sy_M93LLUbJkJGK2YYO_DTmWWC0Dyv2gb3bntglLuFdsWKYCJhekjugnW9DMoGpxU7Utt99kFGAe3sBd5V0x47sukQMt3t8FgwL2nO-G1VH8yP-8GGT_0",
- "dq":"TGBeE1wuqMCcSD1YMJiPnYuGzF_o_nzMIMldxj4Wi6tXY4uwFwhtx3Xw21JFUGuSV8KuAtyGwNPF-kSwb2Eiyjdw140c1jVMXzxzLy-XfoEKPDxa62niHrHba0pGQ9tWgRfrfxgqGQl3odc-peX6aL_qCsdim-KtnkSE3iPzPkE",
- "qi":"Jzp5KnT24y0wOoPUn_11S3ZcYl0i03dkaH4c5zR02G1MJG9K017juurx2aXVTctOzrj7O226EUiL1Qbq3QtnWFDDGY6vNZuqzJM7AMXsvp1djq_6fEVhxCIOgfJbmhb3mkG82rxn4et9o_TNr6mvEmHzG15sHbvZbAnn4GeqToY"
-}
\ No newline at end of file
diff --git a/utils/tests/src/main/resources/realm.json b/utils/tests/src/main/resources/realm.json
new file mode 100644
index 0000000000..2f411bf557
--- /dev/null
+++ b/utils/tests/src/main/resources/realm.json
@@ -0,0 +1,3139 @@
+{
+ "id": "registry",
+ "realm": "registry",
+ "notBefore": 1600933598,
+ "defaultSignatureAlgorithm": "RS256",
+ "revokeRefreshToken": false,
+ "refreshTokenMaxReuse": 0,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "ssoSessionIdleTimeoutRememberMe": 0,
+ "ssoSessionMaxLifespanRememberMe": 0,
+ "offlineSessionIdleTimeout": 2592000,
+ "offlineSessionMaxLifespanEnabled": false,
+ "offlineSessionMaxLifespan": 5184000,
+ "clientSessionIdleTimeout": 0,
+ "clientSessionMaxLifespan": 0,
+ "clientOfflineSessionIdleTimeout": 0,
+ "clientOfflineSessionMaxLifespan": 0,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "actionTokenGeneratedByAdminLifespan": 43200,
+ "actionTokenGeneratedByUserLifespan": 300,
+ "oauth2DeviceCodeLifespan": 600,
+ "oauth2DevicePollingInterval": 5,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": true,
+ "registrationEmailAsUsername": false,
+ "rememberMe": true,
+ "verifyEmail": false,
+ "loginWithEmailAllowed": true,
+ "duplicateEmailsAllowed": false,
+ "resetPasswordAllowed": true,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "permanentLockout": false,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "roles": {
+ "realm": [
+ {
+ "id": "91363f21-2a57-4d65-954b-b3cd45d9f69c",
+ "name": "sr-admin",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "registry",
+ "attributes": {}
+ },
+ {
+ "id": "b2a0eee7-c761-49a1-9426-441d467f3f98",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "registry",
+ "attributes": {}
+ },
+ {
+ "id": "2c0937ba-7b1f-424c-927c-33cd2ccfdc62",
+ "name": "sr-developer",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "registry",
+ "attributes": {}
+ },
+ {
+ "id": "1ffdda65-2476-4ad5-b1e8-9f8af44a897b",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "registry",
+ "attributes": {}
+ },
+ {
+ "id": "a06b0184-e5bc-44c2-ae5b-4315754405f1",
+ "name": "sr-readonly",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "registry",
+ "attributes": {}
+ },
+ {
+ "id": "33a21208-808d-444f-9aa7-fdf3dc9536ce",
+ "name": "default-roles-registry",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "composites": {
+ "realm": [
+ "User",
+ "offline_access",
+ "uma_authorization"
+ ],
+ "client": {
+ "account": [
+ "view-applications",
+ "view-profile",
+ "manage-account"
+ ]
+ }
+ },
+ "clientRole": false,
+ "containerId": "registry",
+ "attributes": {}
+ },
+ {
+ "id": "43dd3a54-4447-4703-ad0e-cd558f78c803",
+ "name": "User",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "registry",
+ "attributes": {}
+ }
+ ],
+ "client": {
+ "admin-client": [],
+ "realm-management": [
+ {
+ "id": "dcd9e6f5-3158-4e90-ba06-e5e80e0fa05c",
+ "name": "query-users",
+ "description": "${role_query-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "0b4d5891-c2d9-409d-b4bd-b5daa11e059e",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "2fee03d5-f4da-418f-843e-0a70cba351c7",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-clients"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "82e5542a-8ec4-4e76-aa2f-75c0eb707aad",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "4d0d41a7-ac3f-47c6-a227-de0dc1c861de",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "4d69772c-08d4-4735-954c-4115788cecbc",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "8a79c5f9-2d14-44e4-b2bc-7e4cb955b721",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "0b54c521-9672-49b5-89ab-603fe4da9693",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "3fa4a674-d449-4576-b207-f89e556ba617",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "7a9c60b9-f2e6-4fec-ac85-7b3633a0f116",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-users",
+ "view-identity-providers",
+ "view-clients",
+ "manage-realm",
+ "query-groups",
+ "view-events",
+ "query-realms",
+ "manage-events",
+ "manage-authorization",
+ "view-users",
+ "view-authorization",
+ "manage-identity-providers",
+ "impersonation",
+ "query-clients",
+ "manage-clients",
+ "view-realm",
+ "create-client",
+ "manage-users"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "f7c5550f-8233-4347-967d-4905cbd36cec",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-users",
+ "query-groups"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "05c8c44f-8554-4a91-b9cb-be6995144040",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "e91f859e-d5c3-48d6-b0b0-5ff2710db3c9",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "a0c6b281-3915-45c2-9af7-d7d4f669419a",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "e6e6d63d-d161-444f-a58d-30875b076d16",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "4c592e93-ba00-4661-af7d-bc50b800c060",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "e50b557e-c79e-4e5a-92ee-a56b9c3925e1",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "34b1cafe-ee16-42d0-9ec1-c6829e01f78c",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ },
+ {
+ "id": "7d1d9c1e-6c1c-41eb-b8d9-6460e4d243f0",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "attributes": {}
+ }
+ ],
+ "apicurio-registry": [],
+ "readonly-client": [],
+ "security-admin-console": [],
+ "admin-cli": [],
+ "account-console": [],
+ "developer-client": [],
+ "wrong-client": [],
+ "broker": [
+ {
+ "id": "1ec1b34a-682d-44e7-b1fb-1d235b27b9d0",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "717c272b-ed48-4d5a-a3cb-da5d3d3ba528",
+ "attributes": {}
+ }
+ ],
+ "account": [
+ {
+ "id": "e81eb004-b1ac-49a7-84ab-d2b86228c89d",
+ "name": "delete-account",
+ "description": "${role_delete-account}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "d7c9d8ec-d826-4979-970e-4d5c4d9e358b",
+ "attributes": {}
+ },
+ {
+ "id": "a49e7c09-b2df-4468-96f0-65b8591774ad",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "d7c9d8ec-d826-4979-970e-4d5c4d9e358b",
+ "attributes": {}
+ },
+ {
+ "id": "b6e07306-8781-4538-800b-32b2ffc5d57c",
+ "name": "view-applications",
+ "description": "${role_view-applications}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "d7c9d8ec-d826-4979-970e-4d5c4d9e358b",
+ "attributes": {}
+ },
+ {
+ "id": "aa763dea-9699-4899-95bc-f2cef6692b1d",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "view-consent"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "d7c9d8ec-d826-4979-970e-4d5c4d9e358b",
+ "attributes": {}
+ },
+ {
+ "id": "6b67af9e-5c96-4944-8189-7d6c7ecc1f80",
+ "name": "view-consent",
+ "description": "${role_view-consent}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "d7c9d8ec-d826-4979-970e-4d5c4d9e358b",
+ "attributes": {}
+ },
+ {
+ "id": "aad246c6-eb26-4cfd-b840-e113021f5b9b",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "d7c9d8ec-d826-4979-970e-4d5c4d9e358b",
+ "attributes": {}
+ },
+ {
+ "id": "de065b56-c31c-41df-b110-186a798d7f17",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "manage-account-links"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "d7c9d8ec-d826-4979-970e-4d5c4d9e358b",
+ "attributes": {}
+ }
+ ],
+ "registry-api": []
+ }
+ },
+ "groups": [],
+ "defaultRole": {
+ "id": "33a21208-808d-444f-9aa7-fdf3dc9536ce",
+ "name": "default-roles-registry",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "clientRole": false,
+ "containerId": "registry"
+ },
+ "requiredCredentials": [
+ "password"
+ ],
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "otpSupportedApplications": [
+ "FreeOTP",
+ "Google Authenticator"
+ ],
+ "webAuthnPolicyRpEntityName": "keycloak",
+ "webAuthnPolicySignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyRpId": "",
+ "webAuthnPolicyAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyRequireResidentKey": "not specified",
+ "webAuthnPolicyUserVerificationRequirement": "not specified",
+ "webAuthnPolicyCreateTimeout": 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyAcceptableAaguids": [],
+ "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyPasswordlessRpId": "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout": 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+ "users": [
+ {
+ "id": "5d3833aa-2aba-4fc4-a546-00dfe1d56bb5",
+ "createdTimestamp": 1687335757025,
+ "username": "admin-client",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "serviceAccountClientId": "admin-client",
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "sr-admin",
+ "default-roles-registry"
+ ],
+ "notBefore": 0,
+ "groups": []
+ },
+ {
+ "id": "0f1c31e8-a357-4f05-90cc-3374973b6088",
+ "createdTimestamp": 1608543288931,
+ "username": "developer-client",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "serviceAccountClientId": "developer-client",
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "offline_access",
+ "uma_authorization",
+ "sr-developer",
+ "User"
+ ],
+ "clientRoles": {
+ "account": [
+ "view-applications",
+ "view-profile",
+ "manage-account"
+ ]
+ },
+ "notBefore": 0,
+ "groups": []
+ },
+ {
+ "id": "0f1d31e8-a358-4f05-90cc-3374453b7088",
+ "createdTimestamp": 1608543288931,
+ "username": "service-account-wrong-client",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "serviceAccountClientId": "wrong-client",
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "offline_access",
+ "uma_authorization",
+ "sr-developer",
+ "User"
+ ],
+ "clientRoles": {
+ "account": [
+ "view-applications",
+ "view-profile",
+ "manage-account"
+ ]
+ },
+ "notBefore": 0,
+ "groups": []
+ },
+ {
+ "id": "06fec980-2e11-4c7f-a8fb-3d285f30b0b0",
+ "createdTimestamp": 1608543552621,
+ "username": "readonly-client",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "serviceAccountClientId": "readonly-client",
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "offline_access",
+ "uma_authorization",
+ "sr-readonly",
+ "User"
+ ],
+ "clientRoles": {
+ "account": [
+ "view-applications",
+ "view-profile",
+ "manage-account"
+ ]
+ },
+ "notBefore": 0,
+ "groups": []
+ },
+ {
+ "id": "70dbaf4a-fcef-449c-9184-121b6cedb115",
+ "createdTimestamp": 1607594319706,
+ "username": "service-account-registry-api",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "serviceAccountClientId": "registry-api",
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "sr-admin",
+ "offline_access",
+ "uma_authorization",
+ "User"
+ ],
+ "clientRoles": {
+ "account": [
+ "view-applications",
+ "view-profile",
+ "manage-account"
+ ]
+ },
+ "notBefore": 0,
+ "groups": []
+ }
+ ],
+ "scopeMappings": [
+ {
+ "clientScope": "offline_access",
+ "roles": [
+ "offline_access"
+ ]
+ }
+ ],
+ "clientScopeMappings": {
+ "account": [
+ {
+ "client": "account-console",
+ "roles": [
+ "manage-account"
+ ]
+ }
+ ]
+ },
+ "clients": [
+ {
+ "id": "d7c9d8ec-d826-4979-970e-4d5c4d9e358b",
+ "clientId": "account",
+ "name": "${client_account}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/registry/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "/realms/registry/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "ae8d8aa5-5991-42a1-8ca8-eec12b6717f7",
+ "clientId": "account-console",
+ "name": "${client_account-console}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/registry/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "/realms/registry/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "b852b0a0-768e-4f42-badd-14cf7d2d227a",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "80b79538-8665-4188-921d-f4d0ad1f3113",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "21c5668a-4fba-46e9-8ac3-831e5d907eb6",
+ "clientId": "admin-client",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "true",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "client.secret.creation.time": "1687335786",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "ef8fe948-b172-4d59-bffe-4ba46d0c0b09",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7e443600-bf35-49df-b0ea-5b5c51f9c590",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "605d578d-5532-4f83-bd97-fe6bf72c5fee",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "1fa15256-6427-47fa-a144-b0b784e834c6",
+ "clientId": "apicurio-registry",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.assertion.signature": "false",
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "saml.encrypt": "false",
+ "saml.server.signature": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml_force_name_id_format": "false",
+ "saml.client.signature": "false",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "717c272b-ed48-4d5a-a3cb-da5d3d3ba528",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "af889033-76c2-41ae-a368-67d5789f4b87",
+ "clientId": "developer-client",
+ "rootUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "aeb67b03-0bbd-432c-a329-0a04363e974a",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7c29a433-d724-4b5b-86fe-d9cf9f6b7ba1",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d2bda4a4-e2cc-498e-838e-60a7840ccad9",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "af779833-76c2-41ae-a368-67d5789f4b87",
+ "clientId": "developer-2-client",
+ "rootUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test2",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "aeb67a03-0bbd-432c-a329-0a04363e974a",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7c28a433-d724-4b5b-86fe-d9cf9f6b7ba1",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d2bda474-e2cc-498e-838e-60a7840ccad9",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "af669833-76c2-41ae-a368-67d5789f4b87",
+ "clientId": "no-role-client",
+ "rootUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "aeb67c03-0bbd-432c-a329-0a04363e974a",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7c27a433-d724-4b5b-86fe-d9cf9f6b7ba1",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d2bda374-e2cc-498e-838e-60a7840ccad9",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "af774034-77c2-41le-a368-67d5789f4b87",
+ "clientId": "wrong-client",
+ "rootUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "ytb67b03-0yyi-432c-a329-0a04363e974a",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4c29a234-d731-4b5b-84fe-d9cf9f6b7ba1",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d2bda9a3-e2cc-498e-838e-60a7840hhod5",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "57e9899-9c1a-498d-96fd-c9bcbd3f3121",
+ "clientId": "readonly-client",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.assertion.signature": "false",
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml_force_name_id_format": "false",
+ "saml.client.signature": "false",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "574cef06-3ccf-4ed0-9001-edd83606ff57",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "eae693c7-5b00-4c10-bf8c-c8959925659a",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c1861851-a5ae-4da0-9110-469abc9bd64d",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "ff7205a6-6580-4cc3-9e97-7c4a39c7562e",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "69afe60b-7329-440a-9b4c-0ebec33d8902",
+ "clientId": "registry-api",
+ "rootUrl": "",
+ "adminUrl": "http://localhost:8080",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "frontchannel.logout.session.required": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "use.refresh.tokens": "true",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "false",
+ "client_credentials.use_refresh_token": "false",
+ "require.pushed.authorization.requests": "false",
+ "saml.client.signature": "false",
+ "saml.allow.ecp.flow": "false",
+ "id.token.as.detached.signature": "false",
+ "saml.assertion.signature": "false",
+ "saml.encrypt": "false",
+ "login_theme": "keycloak",
+ "saml.server.signature": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml.artifact.binding": "false",
+ "saml_force_name_id_format": "false",
+ "acr.loa.map": "{}",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "83a4a269-207b-4818-bbbb-a04abebb2997",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "20241caf-ebb6-467f-acae-7543b143c289",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientId",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientId",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "eb3a14a2-5c4c-4dd7-99dc-e2734c8c5d98",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "f1beca1a-0756-4dc6-9719-9234cd9b779f",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "rootUrl": "${authAdminUrl}",
+ "baseUrl": "/admin/registry/console/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "test1",
+ "redirectUris": [
+ "/admin/registry/console/*"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "cb9b9e1a-63a0-460e-a42f-14d1ace49da3",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ }
+ ],
+ "clientScopes": [
+ {
+ "id": "db64f4f6-e562-4e43-9f17-255b8a21c5ca",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${rolesScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "bfdfc98c-59eb-4a05-9a74-dd1bb4dea691",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "e285b5a4-2854-46d8-bd06-6ca2911dde8a",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "c6da4bb5-fc32-4e34-88ac-72ca671afd3f",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ]
+ },
+ {
+ "id": "5539a2b5-6e75-4533-aaaa-800101d0df4d",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${addressScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "f7c31e38-1dda-4dcc-82b6-c7d958416962",
+ "name": "address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-address-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
+ "user.attribute.postal_code": "postal_code",
+ "userinfo.token.claim": "true",
+ "user.attribute.street": "street",
+ "id.token.claim": "true",
+ "user.attribute.region": "region",
+ "access.token.claim": "true",
+ "user.attribute.locality": "locality"
+ }
+ }
+ ]
+ },
+ {
+ "id": "ab66a766-4d9d-40ac-bcc9-264cd5471b92",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
+ {
+ "id": "1b1867ba-1a17-412d-ab97-0ae88963d5b5",
+ "name": "allowed web origins",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-allowed-origins-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ]
+ },
+ {
+ "id": "a2766301-ac7f-42f4-bfbe-87d2fdcef382",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${emailScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "35bbe3f0-d5a3-4785-b3dc-d187330b699d",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d439a3d1-c6da-4138-87df-c1b851e7b9c8",
+ "name": "email verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "emailVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
+ }
+ }
+ ]
+ },
+ {
+ "id": "90c61a9b-39ac-4dbd-af49-9123739f98f9",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${phoneScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "9170cc7f-5624-4a15-b50d-cd1b9a0ffb6f",
+ "name": "phone number verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumberVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
+ }
+ },
+ {
+ "id": "f2d44f21-de2f-47d8-b0d5-4e46f9de581b",
+ "name": "phone number",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumber",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "9f0f742e-6202-4543-80e3-80fb2fbfc042",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${profileScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "033dab17-488c-400d-b603-f75ebe1949b7",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c87aca2f-23dd-4fc7-b79f-a9b061c165e4",
+ "name": "nickname",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "nickname",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "nickname",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4361eae6-7021-49e1-a387-3d8bc4f50247",
+ "name": "birthdate",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "birthdate",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "birthdate",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "35c03d95-ce9d-4fd2-823b-23e896dbb105",
+ "name": "gender",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "gender",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "gender",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "0ff4cd3c-6567-4935-bbe8-0191a9bcdd72",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8e087dfd-2978-4ea5-9ed2-32efca9a98c5",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "31a3c477-3aab-46cd-81e3-2b76b2c8c21c",
+ "name": "profile",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "profile",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "profile",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "a3606512-379b-4bcb-999d-29cf17812012",
+ "name": "website",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "website",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "website",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2f535da7-ea99-4f8d-acbe-988a3691034b",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2fbfe26c-b175-4b16-97ea-edea4072181a",
+ "name": "picture",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "17e5a7d4-2e77-4ff4-8c71-b93e41e4e1bb",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "userinfo.token.claim": "true"
+ }
+ },
+ {
+ "id": "ca64060a-1d26-43ca-aae7-23c62ed805d4",
+ "name": "zoneinfo",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "zoneinfo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "beaddf45-8040-42cd-9236-55fe2134f5df",
+ "name": "middle name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "middleName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "middle_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "043c162e-e0ba-418b-b965-157f6a52db46",
+ "name": "updated at",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "updatedAt",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "updated_at",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "5074f873-23f3-4d03-9b75-6c6af91fb7ed",
+ "name": "role_list",
+ "description": "SAML role list",
+ "protocol": "saml",
+ "attributes": {
+ "consent.screen.text": "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "ab3d0106-d086-4813-930b-5a27ddfe038b",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ]
+ },
+ {
+ "id": "65eabc09-c5a1-4a0e-830c-44a430c129f0",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "f25b9036-55b3-4cc3-bc37-bc0be5405432",
+ "name": "acr",
+ "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "e5051472-d2aa-4658-9d95-01064efcca13",
+ "name": "acr loa level",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-acr-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "d6f896d6-b31b-487e-b4a8-af921d3d04eb",
+ "name": "microprofile-jwt",
+ "description": "Microprofile - JWT built-in scope",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "c7831e59-070e-4d77-8382-d5ef4f60ddd4",
+ "name": "upn",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "upn",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "3456b5e1-4852-48ac-8420-79568ffd9a89",
+ "name": "groups",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "multivalued": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "foo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "groups",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ }
+ ],
+ "defaultDefaultClientScopes": [
+ "role_list",
+ "profile",
+ "email",
+ "web-origins",
+ "roles",
+ "acr"
+ ],
+ "defaultOptionalClientScopes": [
+ "address",
+ "offline_access",
+ "phone",
+ "microprofile-jwt"
+ ],
+ "browserSecurityHeaders": {
+ "contentSecurityPolicyReportOnly": "",
+ "xContentTypeOptions": "nosniff",
+ "xRobotsTag": "none",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection": "1; mode=block",
+ "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer": {},
+ "loginTheme": "keycloak",
+ "accountTheme": "keycloak",
+ "adminTheme": "keycloak",
+ "emailTheme": "keycloak",
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "identityProviders": [],
+ "identityProviderMappers": [],
+ "components": {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+ {
+ "id": "6b7d0997-665b-4567-b955-f41029b1f7c6",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "b2062994-7819-4b5b-bcaf-bd565e0261f7",
+ "name": "Trusted Hosts",
+ "providerId": "trusted-hosts",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "host-sending-registration-request-must-match": [
+ "true"
+ ],
+ "client-uris-must-match": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "e28102af-287e-40d3-a64d-636f9d0af6c0",
+ "name": "Consent Required",
+ "providerId": "consent-required",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "7ea991c6-db4b-4989-87c1-2cf0b2e2b371",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "c2aa0c17-6405-441a-96d8-7174001b1f6e",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-usermodel-property-mapper",
+ "oidc-address-mapper",
+ "oidc-full-name-mapper",
+ "saml-user-property-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "saml-user-attribute-mapper",
+ "saml-role-list-mapper"
+ ]
+ }
+ },
+ {
+ "id": "f1d9cee9-fa10-451a-a96f-486c1abc9184",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "398d86a9-4247-4923-b3bf-a94ef18974f2",
+ "name": "Max Clients Limit",
+ "providerId": "max-clients",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "max-clients": [
+ "200"
+ ]
+ }
+ },
+ {
+ "id": "fd8139d0-82ee-453e-a9aa-0bbd10538eff",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-sha256-pairwise-sub-mapper",
+ "saml-user-attribute-mapper",
+ "saml-user-property-mapper",
+ "oidc-usermodel-property-mapper",
+ "oidc-full-name-mapper",
+ "oidc-address-mapper",
+ "saml-role-list-mapper",
+ "oidc-usermodel-attribute-mapper"
+ ]
+ }
+ }
+ ],
+ "org.keycloak.keys.KeyProvider": [
+ {
+ "id": "9ec415cf-5494-4823-a83d-cc38441b088c",
+ "name": "aes-generated",
+ "providerId": "aes-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "cd2dc9b1-a252-4f70-93c0-5bdb51532236",
+ "name": "hmac-generated",
+ "providerId": "hmac-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "HS256"
+ ]
+ }
+ },
+ {
+ "id": "2dc91aa5-3084-4ceb-973e-24d78e78777a",
+ "name": "rsa-generated",
+ "providerId": "rsa-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ }
+ ]
+ },
+ "internationalizationEnabled": false,
+ "supportedLocales": [
+ ""
+ ],
+ "authenticationFlows": [
+ {
+ "id": "e5691b91-7a97-482c-9ba4-fef8933be469",
+ "alias": "Account verification options",
+ "description": "Method with which to verity the existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-email-verification",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "c6f47ebc-143a-471b-9f93-0b7faf267717",
+ "alias": "Authentication Options",
+ "description": "Authentication options.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "basic-auth",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "basic-auth-otp",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "09cbd3e3-0784-4af0-a279-4fd95216a37f",
+ "alias": "Browser - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "016d5ed7-b797-4d0c-8a2a-da422a1c0b07",
+ "alias": "Direct Grant - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "2122d0ae-d429-43ca-82aa-b2a8ebf265f4",
+ "alias": "First broker login - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "7dcbbd10-cfcb-4146-a080-d829ed4bbda8",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Account verification options",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "f575338f-7ff4-4f6c-9230-2d5a93c01d8e",
+ "alias": "Reset - Conditional OTP",
+ "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "8b96e8ee-9bd6-44a5-9ce6-e12bcb1fca11",
+ "alias": "User creation or linking",
+ "description": "Flow for the existing/non-existing user alternatives",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "20339a98-7cbd-4a95-8d8f-f5b60f512524",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "First broker login - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "43e87d99-f6c4-495b-a175-35fec32291c4",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "forms",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "09f61a35-e173-40a8-9bbf-4554586112f0",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-secret-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-x509",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 40,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "30361549-be4b-4a06-ae79-b60cb3d6ac68",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "Direct Grant - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "ba07e315-0671-4691-af1e-beed84da42ab",
+ "alias": "docker auth",
+ "description": "Used by Docker clients to authenticate against the IDP",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "docker-http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "3ff3f29e-260a-43df-b71b-75a945b220b1",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "User creation or linking",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "11efa214-3d69-470c-92e1-2ea6cd2f1133",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Browser - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "b1ee124e-1648-42c2-a268-2db3251b3e44",
+ "alias": "http challenge",
+ "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "no-cookie-redirect",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Authentication Options",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "e5c21eef-7736-42bf-83f7-219f11579be9",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": true,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "51b02897-de8e-47d9-872b-ee06ff1ffd8f",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-profile-action",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 40,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 60,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "f3d3919d-e759-49c4-8eb9-e85c16f314a5",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 40,
+ "autheticatorFlow": true,
+ "flowAlias": "Reset - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "84316c99-bba7-42d5-aeeb-2f56b4ce657d",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ }
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "43cf7bce-acd0-4c1f-a08e-cac4a1f32a6c",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "6c176502-376d-46fc-835f-0e0352158326",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
+ }
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 10,
+ "config": {}
+ },
+ {
+ "alias": "terms_and_conditions",
+ "name": "Terms and Conditions",
+ "providerId": "terms_and_conditions",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 20,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 30,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 40,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 50,
+ "config": {}
+ },
+ {
+ "alias": "delete_account",
+ "name": "Delete Account",
+ "providerId": "delete_account",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 60,
+ "config": {}
+ },
+ {
+ "alias": "update_user_locale",
+ "name": "Update User Locale",
+ "providerId": "update_user_locale",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 1000,
+ "config": {}
+ }
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "dockerAuthenticationFlow": "docker auth",
+ "attributes": {
+ "cibaBackchannelTokenDeliveryMode": "poll",
+ "cibaExpiresIn": "120",
+ "cibaAuthRequestedUserHint": "login_hint",
+ "oauth2DeviceCodeLifespan": "600",
+ "oauth2DevicePollingInterval": "5",
+ "clientSessionIdleTimeout": "0",
+ "parRequestUriLifespan": "60",
+ "clientSessionMaxLifespan": "0",
+ "cibaInterval": "5"
+ },
+ "keycloakVersion": "26.1.0",
+ "userManagedAccessAllowed": true,
+ "clientProfiles": {
+ "profiles": []
+ },
+ "clientPolicies": {
+ "policies": []
+ }
+}
\ No newline at end of file