Migrate OIDC, OIDC client and registration to @ConfigMapping

quarkusio · Oct 31, 2024 · e9a0833 · e9a0833
1 parent 8bd6921
commit e9a0833
Show file tree

Hide file tree

Showing 51 changed files with 4,505 additions and 401 deletions.
diff --git a/...ent/src/main/java/io/quarkus/keycloak/pep/deployment/KeycloakPolicyEnforcerBuildStep.java b/...ent/src/main/java/io/quarkus/keycloak/pep/deployment/KeycloakPolicyEnforcerBuildStep.java
@@ -25,15 +25,15 @@ public class KeycloakPolicyEnforcerBuildStep {
     RequireBodyHandlerBuildItem requireBody(OidcBuildTimeConfig oidcBuildTimeConfig,
             KeycloakPolicyEnforcerRecorder recorder,
             KeycloakPolicyEnforcerConfig runtimeConfig) {
-        if (oidcBuildTimeConfig.enabled) {
+        if (oidcBuildTimeConfig.enabled()) {
             return new RequireBodyHandlerBuildItem(recorder.createBodyHandlerRequiredEvaluator(runtimeConfig));
         }
         return null;
     }
 
     @BuildStep
     public AdditionalBeanBuildItem beans(OidcBuildTimeConfig oidcBuildTimeConfig) {
-        if (oidcBuildTimeConfig.enabled) {
+        if (oidcBuildTimeConfig.enabled()) {
             return AdditionalBeanBuildItem.builder().setUnremovable()
                     .addBeanClass(KeycloakPolicyEnforcerAuthorizer.class)
                     .addBeanClass(DefaultPolicyEnforcerResolver.class)

diff --git a/.../runtime/src/main/java/io/quarkus/keycloak/pep/runtime/DefaultPolicyEnforcerResolver.java b/.../runtime/src/main/java/io/quarkus/keycloak/pep/runtime/DefaultPolicyEnforcerResolver.java
@@ -20,6 +20,7 @@
 import io.quarkus.oidc.common.runtime.OidcTlsSupport;
 import io.quarkus.oidc.runtime.BlockingTaskRunner;
 import io.quarkus.oidc.runtime.OidcConfig;
+import io.quarkus.oidc.runtime.OidcUtils;
 import io.quarkus.security.spi.runtime.BlockingSecurityExecutor;
 import io.quarkus.tls.TlsConfigurationRegistry;
 import io.quarkus.vertx.http.runtime.HttpConfiguration;
@@ -48,8 +49,9 @@ public class DefaultPolicyEnforcerResolver implements PolicyEnforcerResolver {
             this.tlsSupport = OidcTlsSupport.empty();
         }
 
-        var defaultTenantTlsSupport = tlsSupport.forConfig(oidcConfig.defaultTenant.tls);
-        this.defaultPolicyEnforcer = createPolicyEnforcer(oidcConfig.defaultTenant, config.defaultTenant(),
+        var defaultTenantConfig = new OidcTenantConfig(oidcConfig.defaultTenant(), OidcUtils.DEFAULT_TENANT_ID);
+        var defaultTenantTlsSupport = tlsSupport.forConfig(defaultTenantConfig.tls);
+        this.defaultPolicyEnforcer = createPolicyEnforcer(defaultTenantConfig, config.defaultTenant(),
                 defaultTenantTlsSupport);
         this.namedPolicyEnforcers = createNamedPolicyEnforcers(oidcConfig, config, tlsSupport);
         if (configResolver.isResolvable()) {

diff --git a/...ion/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerUtil.java b/...ion/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerUtil.java
@@ -226,13 +226,13 @@ private static boolean isNotComplexConfigKey(String key) {
 
     static OidcTenantConfig getOidcTenantConfig(OidcConfig oidcConfig, String tenant) {
         if (tenant == null || DEFAULT_TENANT_ID.equals(tenant)) {
-            return oidcConfig.defaultTenant;
+            return new OidcTenantConfig(oidcConfig.defaultTenant(), DEFAULT_TENANT_ID);
         }
 
-        OidcTenantConfig oidcTenantConfig = oidcConfig.namedTenants.get(tenant);
+        var oidcTenantConfig = oidcConfig.namedTenants().get(tenant);
         if (oidcTenantConfig == null) {
             throw new ConfigurationException("Failed to find a matching OidcTenantConfig for tenant: " + tenant);
         }
-        return oidcTenantConfig;
+        return new OidcTenantConfig(oidcTenantConfig, tenant);
     }
 }
diff --git a/extensions/oidc-client-registration/deployment/pom.xml b/extensions/oidc-client-registration/deployment/pom.xml
@@ -54,9 +54,6 @@
                                     <version>${project.version}</version>
                                 </path>
                             </annotationProcessorPaths>
-                            <compilerArgs>
-                                <arg>-AlegacyConfigRoot=true</arg>
-                            </compilerArgs>
                         </configuration>
                     </execution>
                 </executions>

diff --git a/.../java/io/quarkus/oidc/client/registration/deployment/OidcClientRegistrationBuildStep.java b/.../java/io/quarkus/oidc/client/registration/deployment/OidcClientRegistrationBuildStep.java
@@ -61,7 +61,7 @@ public static class IsEnabled implements BooleanSupplier {
         OidcClientRegistrationBuildTimeConfig config;
 
         public boolean getAsBoolean() {
-            return config.enabled;
+            return config.enabled();
         }
     }
 }
diff --git a/...io/quarkus/oidc/client/registration/deployment/OidcClientRegistrationBuildTimeConfig.java b/...io/quarkus/oidc/client/registration/deployment/OidcClientRegistrationBuildTimeConfig.java
@@ -1,16 +1,18 @@
 package io.quarkus.oidc.client.registration.deployment;
 
-import io.quarkus.runtime.annotations.ConfigItem;
 import io.quarkus.runtime.annotations.ConfigRoot;
+import io.smallrye.config.ConfigMapping;
+import io.smallrye.config.WithDefault;
 
 /**
  * Build time configuration for OIDC client registration.
  */
+@ConfigMapping(prefix = "quarkus.oidc-client-registration")
 @ConfigRoot
-public class OidcClientRegistrationBuildTimeConfig {
+public interface OidcClientRegistrationBuildTimeConfig {
     /**
      * If the OIDC client registration extension is enabled.
      */
-    @ConfigItem(defaultValue = "true")
-    public boolean enabled;
+    @WithDefault("true")
+    boolean enabled();
 }
diff --git a/extensions/oidc-client-registration/runtime/pom.xml b/extensions/oidc-client-registration/runtime/pom.xml
@@ -57,9 +57,6 @@
                                     <version>${project.version}</version>
                                 </path>
                             </annotationProcessorPaths>
-                            <compilerArgs>
-                                <arg>-AlegacyConfigRoot=true</arg>
-                            </compilerArgs>
                         </configuration>
                     </execution>
                 </executions>

diff --git a/...ntime/src/main/java/io/quarkus/oidc/client/registration/OidcClientRegistrationConfig.java b/...ntime/src/main/java/io/quarkus/oidc/client/registration/OidcClientRegistrationConfig.java
@@ -5,72 +5,80 @@
 import java.util.Optional;
 
 import io.quarkus.oidc.common.runtime.OidcCommonConfig;
-import io.quarkus.runtime.annotations.ConfigGroup;
-import io.quarkus.runtime.annotations.ConfigItem;
 
 //https://datatracker.ietf.org/doc/html/rfc7592
 //https://openid.net/specs/openid-connect-registration-1_0.html
 
-@ConfigGroup
 public class OidcClientRegistrationConfig extends OidcCommonConfig {
 
+    public OidcClientRegistrationConfig() {
+
+    }
+
+    public OidcClientRegistrationConfig(io.quarkus.oidc.client.registration.runtime.OidcClientRegistrationConfig mapping) {
+        super(mapping);
+        id = mapping.id();
+        registrationEnabled = mapping.registrationEnabled();
+        registerEarly = mapping.registerEarly();
+        initialToken = mapping.initialToken();
+        metadata.addConfigMappingValues(mapping.metadata());
+    }
+
     /**
      * OIDC Client Registration id
      */
-    @ConfigItem
     public Optional<String> id = Optional.empty();
 
     /**
      * If this client registration configuration is enabled.
      */
-    @ConfigItem(defaultValue = "true")
     public boolean registrationEnabled = true;
 
     /**
      * If the client configured with {@link #metadata} must be registered at startup.
      */
-    @ConfigItem(defaultValue = "true")
     public boolean registerEarly = true;
 
     /**
      * Initial access token
      */
-    @ConfigItem
     public Optional<String> initialToken = Optional.empty();
 
     /**
      * Client metadata
      */
-    @ConfigItem
     public Metadata metadata = new Metadata();
 
     /**
      * Client metadata
      */
-    @ConfigGroup
     public static class Metadata {
         /**
          * Client name
          */
-        @ConfigItem
         public Optional<String> clientName = Optional.empty();
 
         /**
          * Redirect URI
          */
-        @ConfigItem
         public Optional<String> redirectUri = Optional.empty();
 
         /**
          * Post Logout URI
          */
-        @ConfigItem
         public Optional<String> postLogoutUri = Optional.empty();
 
         /**
          * Additional metadata properties
          */
-        @ConfigItem
         public Map<String, String> extraProps = new HashMap<>();
+
+        private void addConfigMappingValues(
+                io.quarkus.oidc.client.registration.runtime.OidcClientRegistrationConfig.Metadata mapping) {
+            this.clientName = mapping.clientName();
+            this.redirectUri = mapping.redirectUri();
+            this.postLogoutUri = mapping.postLogoutUri();
+            this.extraProps.putAll(mapping.extraProps());
+        }
     }
 }
diff --git a/...c/main/java/io/quarkus/oidc/client/registration/runtime/OidcClientRegistrationConfig.java b/...c/main/java/io/quarkus/oidc/client/registration/runtime/OidcClientRegistrationConfig.java
@@ -0,0 +1,65 @@
+package io.quarkus.oidc.client.registration.runtime;
+
+import java.util.Map;
+import java.util.Optional;
+
+import io.quarkus.oidc.common.runtime.config.OidcCommonConfig;
+import io.smallrye.config.WithDefault;
+
+//https://datatracker.ietf.org/doc/html/rfc7592
+//https://openid.net/specs/openid-connect-registration-1_0.html
+
+public interface OidcClientRegistrationConfig extends OidcCommonConfig {
+
+    /**
+     * OIDC Client Registration id
+     */
+    Optional<String> id();
+
+    /**
+     * If this client registration configuration is enabled.
+     */
+    @WithDefault("true")
+    boolean registrationEnabled();
+
+    /**
+     * If the client configured with {@link #metadata} must be registered at startup.
+     */
+    @WithDefault("true")
+    boolean registerEarly();
+
+    /**
+     * Initial access token
+     */
+    Optional<String> initialToken();
+
+    /**
+     * Client metadata
+     */
+    Metadata metadata();
+
+    /**
+     * Client metadata
+     */
+    interface Metadata {
+        /**
+         * Client name
+         */
+        Optional<String> clientName();
+
+        /**
+         * Redirect URI
+         */
+        Optional<String> redirectUri();
+
+        /**
+         * Post Logout URI
+         */
+        Optional<String> postLogoutUri();
+
+        /**
+         * Additional metadata properties
+         */
+        Map<String, String> extraProps();
+    }
+}
diff --git a/...main/java/io/quarkus/oidc/client/registration/runtime/OidcClientRegistrationRecorder.java b/...main/java/io/quarkus/oidc/client/registration/runtime/OidcClientRegistrationRecorder.java
@@ -41,15 +41,16 @@ public OidcClientRegistrations setup(OidcClientRegistrationsConfig oidcClientReg
             Supplier<Vertx> vertx, Supplier<TlsConfigurationRegistry> registrySupplier) {
 
         var tlsSupport = OidcTlsSupport.of(registrySupplier);
-        OidcClientRegistration defaultClientReg = createOidcClientRegistration(oidcClientRegsConfig.defaultClientRegistration,
+        var defaultClientRegistration = new OidcClientRegistrationConfig(oidcClientRegsConfig.defaultClientRegistration());
+        OidcClientRegistration defaultClientReg = createOidcClientRegistration(defaultClientRegistration,
                 tlsSupport, vertx);
 
         Map<String, OidcClientRegistration> staticOidcClientRegs = new HashMap<>();
 
-        for (Map.Entry<String, OidcClientRegistrationConfig> config : oidcClientRegsConfig.namedClientRegistrations
-                .entrySet()) {
+        for (var config : oidcClientRegsConfig.namedClientRegistrations().entrySet()) {
+            var namedClientRegistration = new OidcClientRegistrationConfig(config.getValue());
             staticOidcClientRegs.put(config.getKey(),
-                    createOidcClientRegistration(config.getValue(), tlsSupport, vertx));
+                    createOidcClientRegistration(namedClientRegistration, tlsSupport, vertx));
         }
 
         return new OidcClientRegistrationsImpl(defaultClientReg, staticOidcClientRegs,

diff --git a/.../main/java/io/quarkus/oidc/client/registration/runtime/OidcClientRegistrationsConfig.java b/.../main/java/io/quarkus/oidc/client/registration/runtime/OidcClientRegistrationsConfig.java
@@ -2,27 +2,28 @@
 
 import java.util.Map;
 
-import io.quarkus.oidc.client.registration.OidcClientRegistrationConfig;
 import io.quarkus.runtime.annotations.ConfigDocMapKey;
 import io.quarkus.runtime.annotations.ConfigDocSection;
-import io.quarkus.runtime.annotations.ConfigItem;
 import io.quarkus.runtime.annotations.ConfigPhase;
 import io.quarkus.runtime.annotations.ConfigRoot;
+import io.smallrye.config.ConfigMapping;
+import io.smallrye.config.WithParentName;
 
-@ConfigRoot(name = "oidc-client-registration", phase = ConfigPhase.RUN_TIME)
-public class OidcClientRegistrationsConfig {
+@ConfigMapping(prefix = "quarkus.oidc-client-registration")
+@ConfigRoot(phase = ConfigPhase.RUN_TIME)
+public interface OidcClientRegistrationsConfig {
 
     /**
      * The default client registration.
      */
-    @ConfigItem(name = ConfigItem.PARENT)
-    public OidcClientRegistrationConfig defaultClientRegistration;
+    @WithParentName
+    OidcClientRegistrationConfig defaultClientRegistration();
 
     /**
      * Additional named client registrations.
      */
     @ConfigDocSection
     @ConfigDocMapKey("id")
-    @ConfigItem(name = ConfigItem.PARENT)
-    public Map<String, OidcClientRegistrationConfig> namedClientRegistrations;
+    @WithParentName
+    Map<String, OidcClientRegistrationConfig> namedClientRegistrations();
 }