Revert "task: upgrading to quarkus 3.7.0.CR1 (keycloak#26203)"

This reverts commit 37acb2f.
vmuzikar · Feb 1, 2024 · 34440d6 · 34440d6
1 parent 64b5f42
commit 34440d6
Show file tree

Hide file tree

Showing 16 changed files with 122 additions and 182 deletions.
diff --git a/crypto/default/src/main/java/org/keycloak/crypto/def/BCOCSPProvider.java b/crypto/default/src/main/java/org/keycloak/crypto/def/BCOCSPProvider.java
@@ -18,7 +18,6 @@
 
 package org.keycloak.crypto.def;
 
-import org.bouncycastle.asn1.ASN1IA5String;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERIA5String;
@@ -339,8 +338,8 @@ private void verifyResponse(BasicOCSPResp basicOcspResponse, X509Certificate iss
                     // https://www.ietf.org/rfc/rfc2560.txt, if nextUpdate is not set,
                     // the responder is indicating that newer update is avilable all the time
                     long current = date == null ? System.currentTimeMillis() : date.getTime();
-                    Date stop = new Date(current + TIME_SKEW);
-                    Date start = new Date(current - TIME_SKEW);
+                    Date stop = new Date(current + (long) TIME_SKEW);
+                    Date start = new Date(current - (long) TIME_SKEW);
 
                     Iterator<SingleResp> iter = Arrays.asList(basicOcspResponse.getResponses()).iterator();
                     SingleResp singleRes = null;
@@ -437,7 +436,7 @@ protected List<String> getResponderURIs(X509Certificate cert) throws Certificate
                     if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                         // See https://www.ietf.org/rfc/rfc2560.txt, 3.1 Certificate Content
                         if (ad.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) {
-                            ASN1IA5String value = DERIA5String.getInstance(ad.getAccessLocation().getName());
+                            DERIA5String value = DERIA5String.getInstance(ad.getAccessLocation().getName());
                             responderURIs.add(value.getString());
                         }
                     }

diff --git a/crypto/default/src/main/java/org/keycloak/crypto/def/BCUserIdentityExtractorProvider.java b/crypto/default/src/main/java/org/keycloak/crypto/def/BCUserIdentityExtractorProvider.java
@@ -23,8 +23,6 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.ASN1UTF8String;
-import org.bouncycastle.asn1.BERTags;
 import org.bouncycastle.asn1.DERUTF8String;
 import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
 import org.bouncycastle.asn1.x500.RDN;
@@ -164,7 +162,7 @@ public Object extractUserIdentity(X509Certificate[] certs) {
                                     tempOid = oid.getId();
 
                                     ASN1Encodable principalNameEncoded = asn1Sequence.getObjectAt(1);
-                                    ASN1UTF8String principalName = DERUTF8String.getInstance(unwrap(principalNameEncoded));
+                                    DERUTF8String principalName = DERUTF8String.getInstance(unwrap(principalNameEncoded));
 
                                     tempOtherName = principalName.getString();
 
@@ -197,8 +195,8 @@ public Object extractUserIdentity(X509Certificate[] certs) {
 
         private ASN1Encodable unwrap(ASN1Encodable encodable) {
             while (encodable instanceof ASN1TaggedObject) {
-                ASN1TaggedObject taggedObj = ASN1TaggedObject.getInstance(encodable, BERTags.CONTEXT_SPECIFIC);
-                encodable = taggedObj.getBaseObject().toASN1Primitive();
+                ASN1TaggedObject taggedObj = (ASN1TaggedObject) encodable;
+                encodable = taggedObj.getObject();
             }
 
             return encodable;

diff --git a/operator/pom.xml b/operator/pom.xml
@@ -67,6 +67,18 @@
             <artifactId>quarkus-operator-sdk-bundle-generator</artifactId>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-resteasy-jackson</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-rest-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-rest-client-jackson</artifactId>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-kubernetes-client</artifactId>

diff --git a/operator/src/main/java/org/keycloak/operator/Config.java b/operator/src/main/java/org/keycloak/operator/Config.java
@@ -18,7 +18,6 @@
 package org.keycloak.operator;
 
 import io.smallrye.config.ConfigMapping;
-import io.smallrye.config.WithDefault;
 
 import java.util.Map;
 
@@ -37,17 +36,4 @@ interface Keycloak {
 
         Map<String, String> podLabels();
     }
-
-    // workarounds for OLM env values
-    // to be removed after https://github.com/keycloak/keycloak/issues/12352
-
-    @WithDefault("keycloak-operator")
-    String name();
-
-    interface Condition {
-        @WithDefault("keycloak-operator.v999-SNAPSHOT")
-        String name();
-    }
-
-    Condition condition();
 }
diff --git a/.../src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java b/.../src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java
@@ -23,15 +23,17 @@
 import io.fabric8.kubernetes.api.model.EnvVarSource;
 import io.fabric8.kubernetes.api.model.EnvVarSourceBuilder;
 import io.fabric8.kubernetes.api.model.PodSpec;
+import io.fabric8.kubernetes.api.model.PodSpecFluent.ContainersNested;
 import io.fabric8.kubernetes.api.model.PodTemplateSpec;
+import io.fabric8.kubernetes.api.model.PodTemplateSpecFluent.SpecNested;
 import io.fabric8.kubernetes.api.model.Secret;
 import io.fabric8.kubernetes.api.model.SecretKeySelector;
 import io.fabric8.kubernetes.api.model.VolumeBuilder;
 import io.fabric8.kubernetes.api.model.VolumeMountBuilder;
 import io.fabric8.kubernetes.api.model.apps.StatefulSet;
 import io.fabric8.kubernetes.api.model.apps.StatefulSetBuilder;
 import io.fabric8.kubernetes.api.model.apps.StatefulSetSpec;
-import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.api.model.apps.StatefulSetSpecFluent.TemplateNested;
 import io.javaoperatorsdk.operator.api.reconciler.Context;
 import io.javaoperatorsdk.operator.processing.dependent.kubernetes.CRUDKubernetesDependentResource;
 import io.javaoperatorsdk.operator.processing.dependent.kubernetes.KubernetesDependent;
@@ -101,10 +103,10 @@ public StatefulSet desired(Keycloak primary, Context<Keycloak> context) {
         addTruststores(primary, baseDeployment, kcContainer, allSecrets);
         addEnvVars(baseDeployment, primary, allSecrets);
         Optional.ofNullable(primary.getSpec().getCacheSpec())
-                .ifPresent(c -> configureCache(primary, baseDeployment, kcContainer, c, context.getClient()));
+                .ifPresent(c -> configureCache(primary, baseDeployment, kcContainer, c));
 
         if (!allSecrets.isEmpty()) {
-            watchedResources.annotateDeployment(new ArrayList<>(allSecrets), Secret.class, baseDeployment, context.getClient());
+            watchedResources.annotateDeployment(new ArrayList<>(allSecrets), Secret.class, baseDeployment, this.client);
         }
 
         StatefulSet existingDeployment = context.getSecondaryResource(StatefulSet.class).orElse(null);
@@ -126,7 +128,7 @@ public StatefulSet desired(Keycloak primary, Context<Keycloak> context) {
         return baseDeployment;
     }
 
-    private void configureCache(Keycloak keycloakCR, StatefulSet deployment, Container kcContainer, CacheSpec spec, KubernetesClient client) {
+    private void configureCache(Keycloak keycloakCR, StatefulSet deployment, Container kcContainer, CacheSpec spec) {
         Optional.ofNullable(spec.getConfigMapFile()).ifPresent(configFile -> {
             if (configFile.getName() == null || configFile.getKey() == null) {
                 throw new IllegalStateException("Cache file ConfigMap requires both a name and a key");
@@ -149,7 +151,7 @@ private void configureCache(Keycloak keycloakCR, StatefulSet deployment, Contain
             kcContainer.getVolumeMounts().add(0, volumeMount);
 
             // currently the only configmap we're watching
-            watchedResources.annotateDeployment(List.of(configFile.getName()), ConfigMap.class, deployment, client);
+            watchedResources.annotateDeployment(List.of(configFile.getName()), ConfigMap.class, deployment, this.client);
         });
     }
 
@@ -247,7 +249,12 @@ private StatefulSet createBaseDeployment(Keycloak keycloakCR, Context<Keycloak>
         }
 
         // there isn't currently an editOrNewFirstContainer, so we need to do this manually
-        var containerBuilder = specBuilder.buildContainers().isEmpty() ? specBuilder.addNewContainer() : specBuilder.editFirstContainer();
+        ContainersNested<SpecNested<TemplateNested<io.fabric8.kubernetes.api.model.apps.StatefulSetFluent.SpecNested<StatefulSetBuilder>>>> containerBuilder = null;
+        if (specBuilder.buildContainers().isEmpty()) {
+            containerBuilder = specBuilder.addNewContainer();
+        } else {
+            containerBuilder = specBuilder.editFirstContainer();
+        }
 
         containerBuilder.withName("keycloak");
 

diff --git a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportController.java b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportController.java
@@ -57,6 +57,7 @@ public class KeycloakRealmImportController implements Reconciler<KeycloakRealmIm
     @Override
     public Map<String, EventSource> prepareEventSources(EventSourceContext<KeycloakRealmImport> context) {
         this.jobDependentResource = new KeycloakRealmImportJobDependentResource();
+        this.jobDependentResource.setKubernetesClient(context.getClient());
         return EventSourceInitializer.nameEventSourcesFromDependentResource(context, jobDependentResource);
     }
 

diff --git a/operator/src/test/java/org/keycloak/operator/testsuite/integration/BaseOperatorTest.java b/operator/src/test/java/org/keycloak/operator/testsuite/integration/BaseOperatorTest.java
@@ -20,6 +20,8 @@
 import io.fabric8.kubernetes.api.model.HasMetadata;
 import io.fabric8.kubernetes.api.model.NamespaceBuilder;
 import io.fabric8.kubernetes.api.model.Pod;
+import io.fabric8.kubernetes.api.model.PodSpecFluent.ContainersNested;
+import io.fabric8.kubernetes.api.model.PodTemplateSpecFluent.SpecNested;
 import io.fabric8.kubernetes.api.model.Secret;
 import io.fabric8.kubernetes.api.model.apps.Deployment;
 import io.fabric8.kubernetes.api.model.apps.StatefulSet;
@@ -57,7 +59,9 @@
 import org.keycloak.operator.controllers.KeycloakDeploymentDependentResource;
 import org.keycloak.operator.crds.v2alpha1.deployment.Keycloak;
 import org.keycloak.operator.crds.v2alpha1.deployment.KeycloakSpecBuilder;
+import org.keycloak.operator.crds.v2alpha1.deployment.KeycloakSpecFluent.UnsupportedNested;
 import org.keycloak.operator.crds.v2alpha1.deployment.KeycloakStatus;
+import org.keycloak.operator.crds.v2alpha1.deployment.spec.UnsupportedSpecFluent.PodTemplateNested;
 import org.keycloak.operator.crds.v2alpha1.realmimport.KeycloakRealmImport;
 import org.keycloak.operator.testsuite.utils.K8sUtils;
 import org.opentest4j.TestAbortedException;
@@ -401,8 +405,12 @@ public static Keycloak getTestKeycloakDeployment(boolean disableProbes) {
   public static Keycloak disableProbes(Keycloak keycloak) {
       KeycloakSpecBuilder specBuilder = new KeycloakSpecBuilder(keycloak.getSpec());
       var podTemplateSpecBuilder = specBuilder.editOrNewUnsupported().editOrNewPodTemplate().editOrNewSpec();
-      var containerBuilder = podTemplateSpecBuilder.hasContainers() ? podTemplateSpecBuilder.editContainer(0)
-              : podTemplateSpecBuilder.addNewContainer();
+      ContainersNested<SpecNested<PodTemplateNested<UnsupportedNested<KeycloakSpecBuilder>>>> containerBuilder = null;
+      if (podTemplateSpecBuilder.hasContainers()) {
+          containerBuilder = podTemplateSpecBuilder.editContainer(0);
+      } else {
+          containerBuilder = podTemplateSpecBuilder.addNewContainer();
+      }
       keycloak.setSpec(containerBuilder.withNewLivenessProbe().withNewExec().addToCommand("true").endExec()
               .endLivenessProbe().withNewReadinessProbe().withNewExec().addToCommand("true").endExec()
               .endReadinessProbe().withNewStartupProbe().withNewExec().addToCommand("true").endExec()

diff --git a/pom.xml b/pom.xml
@@ -45,8 +45,8 @@
         <jboss.snapshots.repo.id>jboss-snapshots-repository</jboss.snapshots.repo.id>
         <jboss.snapshots.repo.url>https://s01.oss.sonatype.org/content/repositories/snapshots/</jboss.snapshots.repo.url>
 
-        <quarkus.version>3.7.0.CR1</quarkus.version>
-        <quarkus.build.version>3.7.0.CR1</quarkus.build.version>
+        <quarkus.version>3.2.9.Final</quarkus.version>
+        <quarkus.build.version>3.2.9.Final</quarkus.build.version>
 
         <project.build-time>${timestamp}</project.build-time>
 
@@ -86,8 +86,6 @@
 
         <!-- TODO Are these correct versions? -->
         <bouncycastle.pkixfips.version>1.0.7</bouncycastle.pkixfips.version>
-        <!-- 1.0.2.4 exhibits class loading issues -->
-        <bouncycastle.bcfips.version>1.0.2.3</bouncycastle.bcfips.version>
 
         <cxf.version>3.3.10</cxf.version>
         <cxf.jetty.version>3.3.10</cxf.jetty.version>
@@ -108,6 +106,8 @@
         <servlet.api.30.version>1.0.2.Final</servlet.api.30.version>
         <jboss-jaxrs-api_2.1_spec>2.0.2.Final</jboss-jaxrs-api_2.1_spec>
         <jboss-servlet-api_4.0_spec>2.0.0.Final</jboss-servlet-api_4.0_spec>
+        <jboss.logmanager>2.1.19.Final</jboss.logmanager>
+        <jboss.marshalling.version>2.0.11.Final</jboss.marshalling.version>
         <jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec.version>2.0.1.Final</jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec.version>
         <jboss.spec.javax.servlet.jsp.jboss-jsp-api_2.3_spec.version>2.0.0.Final</jboss.spec.javax.servlet.jsp.jboss-jsp-api_2.3_spec.version>
         <log4j.version>1.2.17</log4j.version>
@@ -427,13 +427,6 @@
                 <artifactId>bcpkix-fips</artifactId>
                 <version>${bouncycastle.pkixfips.version}</version>
             </dependency>
-
-          <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bc-fips</artifactId>
-            <version>${bouncycastle.bcfips.version}</version>
-          </dependency>
-
             <dependency>
                 <groupId>com.github.ua-parser</groupId>
                 <artifactId>uap-java</artifactId>
@@ -564,6 +557,11 @@
                 <artifactId>log4j</artifactId>
                 <version>${log4j.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.jboss.logmanager</groupId>
+                <artifactId>jboss-logmanager</artifactId>
+                <version>${jboss.logmanager}</version>
+            </dependency>
             <dependency>
                 <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
                 <artifactId>owasp-java-html-sanitizer</artifactId>
@@ -896,6 +894,16 @@
                 <artifactId>undertow-server</artifactId>
                 <version>${elytron.undertow-server.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.jboss.marshalling</groupId>
+                <artifactId>jboss-marshalling</artifactId>
+                <version>${jboss.marshalling.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.jboss.marshalling</groupId>
+                <artifactId>jboss-marshalling-river</artifactId>
+                <version>${jboss.marshalling.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.liquibase</groupId>
                 <artifactId>liquibase-core</artifactId>

diff --git a/quarkus/deployment/src/main/java/org/keycloak/quarkus/deployment/KeycloakProcessor.java b/quarkus/deployment/src/main/java/org/keycloak/quarkus/deployment/KeycloakProcessor.java
@@ -29,6 +29,7 @@
 import io.quarkus.deployment.annotations.ExecutionTime;
 import io.quarkus.deployment.annotations.Produce;
 import io.quarkus.deployment.annotations.Record;
+import io.quarkus.deployment.builditem.BootstrapConfigSetupCompleteBuildItem;
 import io.quarkus.deployment.builditem.CombinedIndexBuildItem;
 import io.quarkus.deployment.builditem.FeatureBuildItem;
 import io.quarkus.deployment.builditem.GeneratedResourceBuildItem;
@@ -43,7 +44,6 @@
 import io.quarkus.runtime.configuration.ConfigurationException;
 import io.quarkus.runtime.configuration.ProfileManager;
 import io.quarkus.vertx.http.deployment.RouteBuildItem;
-import io.quarkus.resteasy.reactive.spi.IgnoreStackMixingBuildItem;
 import io.smallrye.config.ConfigValue;
 import org.hibernate.cfg.AvailableSettings;
 import org.hibernate.jpa.boot.internal.ParsedPersistenceXmlDescriptor;
@@ -207,11 +207,6 @@ private static ProviderFactory registerSAMLScriptMapper(ScriptProviderMetadata m
         return new DeployedScriptSAMLProtocolMapper(metadata);
     }
 
-    @BuildStep
-    IgnoreStackMixingBuildItem getIgnoreStackMixing() {
-        return new IgnoreStackMixingBuildItem();
-    }
-
     @BuildStep
     FeatureBuildItem getFeature() {
         return new FeatureBuildItem("keycloak");
@@ -291,7 +286,7 @@ void setDefaultUserProfileConfig(KeycloakRecorder recorder, UserProfileBuildItem
      *
      * <p>The {@code hibernate-orm} extension expects that the dialect is statically
      * set to the persistence unit if there is any from the classpath and we use this method to obtain the dialect from the configuration
-     * file so that we can build the application with whatever dialect we want. In addition to the dialect, we should also be
+     * file so that we can build the application with whatever dialect we want. In addition to the dialect, we should also be 
      * allowed to set any additional defaults that we think that makes sense.
      *
      * @param config
@@ -464,9 +459,9 @@ private void configureUserDefinedPersistenceUnits(List<PersistenceXmlDescriptorB
                 .map(ParsedPersistenceXmlDescriptor::getName)
                 .filter(Predicate.not("keycloak-default"::equals)).forEach((String unitName) -> {
                     NamedJpaConnectionProviderFactory factory = new NamedJpaConnectionProviderFactory();
-
+                    
                     factory.setUnitName(unitName);
-
+                    
                     factories.get(spi).get(JpaConnectionProvider.class).put(unitName, NamedJpaConnectionProviderFactory.class);
                     preConfiguredProviders.put(unitName, factory);
                 });
@@ -667,6 +662,7 @@ public List<HandlerChainCustomizer> scan(MethodInfo method, ClassInfo actualEndp
         }));
     }
 
+    @Consume(BootstrapConfigSetupCompleteBuildItem.class)
     @Consume(ProfileBuildItem.class)
     @Produce(CryptoProviderInitBuildItem.class)
     @BuildStep

diff --git a/...time/src/main/java/org/keycloak/quarkus/runtime/configuration/ConfigArgsConfigSource.java b/...time/src/main/java/org/keycloak/quarkus/runtime/configuration/ConfigArgsConfigSource.java
@@ -58,7 +58,7 @@ protected ConfigArgsConfigSource() {
         super(parseArguments(), NAME, 600);
     }
 
-    public static void setCliArgs(String... args) {
+    public static void setCliArgs(String[] args) {
         System.setProperty(CLI_ARGS, String.join(ARG_SEPARATOR, args));
     }