Skip to content

Commit

Permalink
Finalize Dev Services for OIDC
Browse files Browse the repository at this point in the history
  • Loading branch information
michalvavrik committed Dec 21, 2024
1 parent 6a1561f commit ec985de
Show file tree
Hide file tree
Showing 19 changed files with 1,310 additions and 663 deletions.
5 changes: 5 additions & 0 deletions bom/application/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -1099,6 +1099,11 @@
<artifactId>quarkus-devservices-keycloak</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-devservices-oidc</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-flyway</artifactId>
Expand Down
13 changes: 13 additions & 0 deletions docs/src/main/asciidoc/security-openid-connect-dev-services.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,19 @@ This document refers to the `http://localhost:8080/q/dev-ui` Dev UI URL in sever
If you customize `quarkus.http.root-path` or `quarkus.http.non-application-root-path` properties, then replace `q` accordingly.
For more information, see the https://quarkus.io/blog/path-resolution-in-quarkus/[Path resolution in Quarkus] blog post.

== Dev Services for OIDC

The Dev Services for Keycloak discussed so far can be configured to match your Keycloak instance in a production environment.
For other OpenID Connect providers, it can be more useful to enable the Dev Services for OIDC like in the example below:

[source,properties]
----
quarkus.oidc.devservices.enabled=true
----

Once enabled, Quarkus starts a new server that supports most common OpenID Connect operations.
Additionally, the Dev Services for OIDC doesn't require container functionality and its startup time outclass any container-based OpenID Connect provider.

== References

* xref:dev-ui.adoc[Dev UI]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,6 @@ public interface KeycloakDevServicesConfig {
@WithDefault("true")
boolean enabled();

/**
* Use lightweight dev services instead of Keycloak
*/
@ConfigItem(defaultValue = "false")
public boolean lightweight;

/**
* The container image name for Dev Services providers.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,8 @@ DevServicesResultBuildItem startKeycloakContainer(
DevServicesConfig devServicesConfig, DockerStatusBuildItem dockerStatusBuildItem) {

if (devSvcRequiredMarkerItems.isEmpty()
|| linuxContainersNotAvailable(dockerStatusBuildItem, devSvcRequiredMarkerItems)) {
|| linuxContainersNotAvailable(dockerStatusBuildItem, devSvcRequiredMarkerItems)
|| oidcDevServicesEnabled()) {
if (devService != null) {
closeDevService();
}
Expand Down Expand Up @@ -248,6 +249,10 @@ public void run() {
return devService.toBuildItem();
}

private static boolean oidcDevServicesEnabled() {
return ConfigProvider.getConfig().getValue("quarkus.oidc.devservices.enabled", boolean.class);
}

private static boolean linuxContainersNotAvailable(DockerStatusBuildItem dockerStatusBuildItem,
List<KeycloakDevServicesRequiredBuildItem> devSvcRequiredMarkerItems) {
if (dockerStatusBuildItem.isContainerRuntimeAvailable()) {
Expand Down
53 changes: 53 additions & 0 deletions extensions/devservices/oidc/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>quarkus-devservices-parent</artifactId>
<groupId>io.quarkus</groupId>
<version>999-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>

<artifactId>quarkus-devservices-oidc</artifactId>
<name>Quarkus - DevServices - OIDC</name>
<dependencies>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-core-deployment</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-devservices-common</artifactId>
</dependency>
<dependency>
<groupId>io.smallrye.reactive</groupId>
<artifactId>smallrye-mutiny-vertx-web</artifactId>
</dependency>
<dependency>
<groupId>io.smallrye</groupId>
<artifactId>smallrye-jwt-build</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<executions>
<execution>
<id>default-compile</id>
<configuration>
<annotationProcessorPaths>
<path>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-extension-processor</artifactId>
<version>${project.version}</version>
</path>
</annotationProcessorPaths>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
package io.quarkus.devservices.oidc;

import java.util.List;
import java.util.Map;

import io.quarkus.runtime.annotations.ConfigDocMapKey;
import io.quarkus.runtime.annotations.ConfigRoot;
import io.smallrye.config.ConfigMapping;
import io.smallrye.config.WithDefault;

/**
* OpenID Connect Dev Services configuration.
*/
@ConfigRoot
@ConfigMapping(prefix = "quarkus.oidc.devservices")
public interface OidcDevServicesConfig {

/**
* Use OIDC Dev Services instead of Keycloak.
*/
@WithDefault("false")
boolean enabled();

/**
* A map of roles for OIDC identity provider users.
* <p>
* If empty, default roles are assigned: `alice` receives `admin` and `user` roles, while other users receive
* `user` role.
* This map is used for role creation when no realm file is found at the `realm-path`.
*/
@ConfigDocMapKey("role-name")
Map<String, List<String>> roles();

}
Original file line number Diff line number Diff line change
@@ -1,18 +1,22 @@
package io.quarkus.oidc.deployment.devservices.keycloak;
package io.quarkus.devservices.oidc;

import java.util.Map;

import io.quarkus.builder.item.SimpleBuildItem;

public final class LightweightDevServicesConfigBuildItem extends SimpleBuildItem {
/**
* OIDC Dev Services configuration properties.
*/
public final class OidcDevServicesConfigBuildItem extends SimpleBuildItem {

private final Map<String, String> config;

public LightweightDevServicesConfigBuildItem(Map<String, String> config) {
OidcDevServicesConfigBuildItem(Map<String, String> config) {
this.config = config;
}

public Map<String, String> getConfig() {
return config;
}

}
Loading

0 comments on commit ec985de

Please sign in to comment.