Revise build (#999)

* chore(deps): bump golang.org/x/net

Bumps the go_modules group with 1 update in the / directory: [golang.org/x/net](https://github.com/golang/net).


Updates `golang.org/x/net` from 0.17.0 to 0.23.0
- [Commits](golang/net@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated CodeQL and GoReleaser versions

* chore(deps): bump github.com/hashicorp/go-retryablehttp

Bumps the go_modules group with 1 update in the / directory: [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp).


Updates `github.com/hashicorp/go-retryablehttp` from 0.7.1 to 0.7.7
- [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md)
- [Commits](hashicorp/go-retryablehttp@v0.7.1...v0.7.7)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump google.golang.org/protobuf

Bumps the go_modules group with 1 update in the / directory: google.golang.org/protobuf.

Updates `google.golang.org/protobuf` from 1.30.0 to 1.33.0

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump tj-actions/changed-files

Bumps the github_actions group with 1 update in the /.github/workflows directory: [tj-actions/changed-files](https://github.com/tj-actions/changed-files).

Updates `tj-actions/changed-files` from 1.1.3 to 41.0.0
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@v1.1.3...v41.0.0)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  dependency-group: github_actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fixed gradle build to work again

- Shortened build.gradle
- Run docker container manually
- Fix gradle build for example-extension
- Fixed failing java keystore tests, version updates, removed custom image build

* Set Terraform version to 1.9.5 for tests

* Fix KC19 build

* Skip using custom-user-federation-example in CI

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/codeql-analysis.yml

@@ -48,7 +48,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/test.yml

@@ -31,7 +31,7 @@ jobs:
       # we only want to run tests if any code changes (not for README or docs changes)
       - name: Check Changed Files
         id: files
-        uses: tj-actions/changed-files@v1.1.3
+        uses: tj-actions/changed-files@v41.0.0
         with:
           files: |
             .github
@@ -67,18 +67,6 @@ jobs:
     concurrency:
       group: ${{ github.head_ref || github.run_id }}-${{ matrix.keycloak-version }}
       cancel-in-progress: true
-    services:
-      keycloak:
-        # we have to use a custom docker image for these tests, since it's not possible to provide command-line args
-        # to a service container.  see https://github.com/actions/runner/issues/2139
-        image: mrparkers/keycloak-dev:${{ matrix.keycloak-version }}
-        ports:
-          - 8080:8080
-        env:
-          KC_DB: dev-mem
-          KC_LOG_LEVEL: INFO
-          KEYCLOAK_ADMIN: keycloak
-          KEYCLOAK_ADMIN_PASSWORD: password
     steps:
       - name: Checkout Code
         uses: actions/checkout@v3
@@ -93,7 +81,19 @@ jobs:
         uses: hashicorp/setup-terraform@v1
         with:
           terraform_wrapper: false
-          terraform_version: 1.4.1
+          terraform_version: 1.9.5
+
+      - name: Start Keycloak Container
+        run: |
+          docker run -d --name keycloak \
+          -p 8080:8080 \
+          -e KC_DB=dev-mem \
+          -e KC_LOG_LEVEL=INFO \
+          -e KEYCLOAK_ADMIN=keycloak \
+          -e KEYCLOAK_ADMIN_PASSWORD=password \
+          -e KC_FEATURES=preview \
+          -v $PWD/provider/misc:/opt/keycloak/misc:z \
+          quay.io/keycloak/keycloak:${{ matrix.keycloak-version }} start-dev
 
       - name: Initialize Keycloak
         run: ./scripts/wait-for-local-keycloak.sh && ./scripts/create-terraform-client.sh
@@ -119,3 +119,7 @@ jobs:
           KEYCLOAK_TEST_PASSWORD_GRANT: "true"
           KEYCLOAK_VERSION: ${{ steps.keycloak-version.outputs.result }}
         timeout-minutes: 60
+      - name: Clean up
+        run: |
+          docker stop keycloak
+          docker rm keycloak

.goreleaser.yml

@@ -1,5 +1,7 @@
 # Visit https://goreleaser.com for documentation on how to customize this
 # behavior.
+version: 2
+
 before:
   hooks:
     # this is just an example and not a requirement for provider building/publishing
@@ -57,4 +59,4 @@ release:
 # If you want to manually examine the release before its live, uncomment this line:
 # draft: true
 changelog:
-  skip: true
+  disable: true

custom-user-federation-example/build.gradle

@@ -1,50 +1,22 @@
-buildscript {
-	ext.kotlinVersion = '1.3.31'
-	ext.keycloakVersion = '19.0.2'
-	ext.shadowJarVersion = '4.0.2'
-
-    repositories {
-        mavenCentral()
-        jcenter()
-    }
-
-    dependencies {
-        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:${kotlinVersion}"
-        classpath "com.github.jengelman.gradle.plugins:shadow:${shadowJarVersion}"
-    }
-}
-
-apply {
-    plugin 'java'
-    plugin 'kotlin'
-    plugin 'com.github.johnrengelman.shadow'
+plugins {
+	id 'org.jetbrains.kotlin.jvm' version '2.0.20'
+	id 'com.gradleup.shadow' version '8.3.0'
+	id 'java-library'
 }
 
-shadowJar {
-    classifier = null
+ext {
+	keycloakVersion = '21.0.1'
 }
 
 dependencies {
-    compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}"
-    compile "org.keycloak:keycloak-core:${keycloakVersion}"
-    compile "org.keycloak:keycloak-services:${keycloakVersion}"
-    compile "org.keycloak:keycloak-server-spi:${keycloakVersion}"
-    compile "org.keycloak:keycloak-server-spi-private:${keycloakVersion}"
-    compile "org.keycloak:keycloak-model-legacy:${keycloakVersion}"
+	compileOnly "org.keycloak:keycloak-services:${keycloakVersion}"
+	compileOnly "org.keycloak:keycloak-model-legacy:${keycloakVersion}"
 }
 
 repositories {
     mavenCentral()
 }
 
-compileKotlin {
-    kotlinOptions {
-        jvmTarget = "1.8"
-    }
-}
-
-compileTestKotlin {
-    kotlinOptions {
-        jvmTarget = "1.8"
-    }
+kotlin {
+	jvmToolchain(11)
 }

custom-user-federation-example/gradle/wrapper/gradle-wrapper.properties

@@ -2,4 +2,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.8-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-all.zip

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomEventListenerProvider.kt

@@ -0,0 +1,22 @@
+package com.github.mrparkers.keycloak
+
+import org.keycloak.events.Event
+import org.keycloak.events.EventListenerProvider
+import org.keycloak.events.admin.AdminEvent
+import org.keycloak.models.KeycloakSession
+
+class CustomEventListenerProvider(session: KeycloakSession) : EventListenerProvider {
+
+	override fun onEvent(event: Event) {
+		//
+	}
+
+	override fun onEvent(adminEvent: AdminEvent, includeRep: Boolean) {
+		//
+	}
+
+	override fun close() {
+		// NOOP
+	}
+
+}

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomEventListenerProviderFactory.kt

@@ -0,0 +1,30 @@
+package com.github.mrparkers.keycloak
+
+import org.keycloak.Config
+import org.keycloak.events.EventListenerProvider
+import org.keycloak.events.EventListenerProviderFactory
+import org.keycloak.models.KeycloakSession
+import org.keycloak.models.KeycloakSessionFactory
+
+class CustomEventListenerProviderFactory : EventListenerProviderFactory {
+
+	override fun create(session: KeycloakSession): EventListenerProvider {
+		return CustomEventListenerProvider(session);
+	}
+
+	override fun init(config: Config.Scope) {
+		// NOOP
+	}
+
+	override fun postInit(sessionFactory: KeycloakSessionFactory) {
+		// NOOP
+	}
+
+	override fun close() {
+		// NOOP
+	}
+
+	override fun getId(): String {
+		return "example-listener";
+	}
+}

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomUserStorageProvider.kt

@@ -4,15 +4,17 @@ import org.keycloak.component.ComponentModel
 import org.keycloak.credential.CredentialInput
 import org.keycloak.credential.CredentialInputUpdater
 import org.keycloak.credential.CredentialInputValidator
-import org.keycloak.credential.CredentialModel
+import org.keycloak.models.credential.PasswordCredentialModel
 import org.keycloak.credential.LegacyUserCredentialManager
 import org.keycloak.models.*
+import org.keycloak.models.credential.*
 import org.keycloak.storage.ReadOnlyException
 import org.keycloak.storage.StorageId
 import org.keycloak.storage.UserStorageProvider
 import org.keycloak.storage.adapter.AbstractUserAdapter
 import org.keycloak.storage.user.UserLookupProvider
 import java.util.*
+import java.util.stream.Stream
 
 class CustomUserStorageProvider(private val session: KeycloakSession, private val model: ComponentModel) :
         UserStorageProvider, UserLookupProvider, CredentialInputValidator, CredentialInputUpdater {
@@ -30,11 +32,11 @@ class CustomUserStorageProvider(private val session: KeycloakSession, private va
 
     // UserLookupProvider
 
-    override fun getUserByEmail(email: String, realm: RealmModel): UserModel? {
+    override fun getUserByEmail(realm: RealmModel, email: String): UserModel? {
         return null
     }
 
-    override fun getUserByUsername(username: String, realm: RealmModel): UserModel? {
+    override fun getUserByUsername(realm: RealmModel, username: String): UserModel? {
         val user = loadedUsers[username]
 
         if (user != null) {
@@ -60,11 +62,11 @@ class CustomUserStorageProvider(private val session: KeycloakSession, private va
         return null
     }
 
-    override fun getUserById(id: String, realm: RealmModel): UserModel? {
+    override fun getUserById(realm: RealmModel, id: String): UserModel? {
         val storageId = StorageId(id)
         val username = storageId.externalId
 
-        return getUserByUsername(username, realm)
+        return getUserByUsername(realm, username)
     }
 
     // CredentialInputValidator
@@ -74,7 +76,7 @@ class CustomUserStorageProvider(private val session: KeycloakSession, private va
     }
 
     override fun supportsCredentialType(credentialType: String?): Boolean {
-        return credentialType.equals(CredentialModel.PASSWORD)
+        return credentialType.equals(PasswordCredentialModel.TYPE)
     }
 
     override fun isValid(realm: RealmModel, user: UserModel, input: CredentialInput): Boolean {
@@ -87,14 +89,12 @@ class CustomUserStorageProvider(private val session: KeycloakSession, private va
         return password == input.value
     }
 
-    // CredentialInputUpdater
-
-    override fun getDisableableCredentialTypes(realm: RealmModel, user: UserModel): MutableSet<String> {
-        return Collections.EMPTY_SET as MutableSet<String>
-    }
+	override fun getDisableableCredentialTypesStream(realm: RealmModel, user: UserModel): Stream<String> {
+		return Stream.empty()
+	}
 
     override fun updateCredential(realm: RealmModel, user: UserModel, input: CredentialInput): Boolean {
-        if (input.type == CredentialModel.PASSWORD) {
+        if (input.type == PasswordCredentialModel.TYPE) {
             throw ReadOnlyException("Custom provider does not support password updating")
         }
 

custom-user-federation-example/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory

@@ -0,0 +1 @@
+com.github.mrparkers.keycloak.CustomEventListenerProviderFactory

docker-compose.yml

@@ -1,4 +1,3 @@
-version: "3"
 volumes:
   postgres:
 services:
@@ -7,18 +6,18 @@ services:
     - POSTGRES_DB=keycloak
     - POSTGRES_USER=keycloak
     - POSTGRES_PASSWORD=password
-    image: postgres:12
+    image: postgres:16
     ports:
     - 5432:5432
     volumes:
     - postgres:/var/lib/postgresql
   openldap:
-    image: osixia/openldap:1.3.0
+    image: bitnami/openldap:2.6
     ports:
     - 8389:389
   keycloak:
     image: quay.io/keycloak/keycloak:21.0.1
-    command: start-dev --features=preview
+    command: --verbose start-dev --features=preview
     depends_on:
     - postgres
     - openldap
@@ -40,4 +39,5 @@ services:
 #    - 8787:8787
     volumes:
 # Make the custom-user-federation-example extension available to Keycloak. The :z option is required and tells Docker that the volume content will be shared between containers.
-    - ./custom-user-federation-example/build/libs/custom-user-federation-example.jar:/opt/jboss/keycloak/standalone/deployments/custom-user-federation-example.jar:z
+    - ./custom-user-federation-example/build/libs/custom-user-federation-example-all.jar:/opt/keycloak/providers/custom-user-federation-example-all.jar:z
+    - ./provider/misc:/opt/keycloak/misc:z