chore: use keycloak 25

Author: vincentchalamon

Diff for: api/src/Security/Http/Protection/ResourceResourceHandler.php

@@ -114,14 +114,18 @@ private function getTokenEndpoint(): string
         $response = $this->securityAuthorizationClient->request('GET', '.well-known/openid-configuration');
         $content = $response->toArray();
 
-        return $content['token_endpoint'];
+        // horrible fix for local development, can't find another way to fix it
+        // since bitnami/keycloak:^25 returns the configured hostname instead of the requested one
+        return \preg_replace('#^https?://localhost/#', 'http://keycloak:8080/', $content['token_endpoint']);
     }
 
     private function getResourceRegistrationEndpoint(): string
     {
         $response = $this->securityAuthorizationClient->request('GET', '.well-known/uma2-configuration');
         $content = $response->toArray();
 
-        return $content['resource_registration_endpoint'];
+        // horrible fix for local development, can't find another way to fix it
+        // since bitnami/keycloak:^25 returns the configured hostname instead of the requested one
+        return \preg_replace('#^https?://localhost/#', 'http://keycloak:8080/', $content['resource_registration_endpoint']);
     }
 }

Diff for: compose.e2e.yaml

@@ -5,11 +5,8 @@ services:
       KEYCLOAK_HTTPS_USE_PEM: "true"
       KEYCLOAK_HTTPS_CERTIFICATE_FILE: /opt/bitnami/keycloak/certs/tls.crt
       KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE: /opt/bitnami/keycloak/certs/tls.key
+      KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\" --import-realm"
     volumes:
       - ./helm/api-platform/keycloak/certs/tls.crt:/opt/bitnami/keycloak/certs/tls.crt:ro
       - ./helm/api-platform/keycloak/certs/tls.pem:/opt/bitnami/keycloak/certs/tls.key:ro
-
-  keycloak-config-cli:
-    extends:
-      file: compose.override.yaml
-      service: keycloak-config-cli
+      - ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import

Diff for: compose.override.yaml

@@ -50,17 +50,8 @@ services:
     build:
       context: ./helm/api-platform/keycloak/
       target: keycloak
-    volumes:
-      - ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo
-
-  keycloak-config-cli:
-    image: bitnami/keycloak-config-cli:5-debian-12
     environment:
-      KEYCLOAK_URL: http://keycloak:8080/oidc/
-      KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin}
-      KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-!ChangeMe!}
-      KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true"
-      KEYCLOAK_AVAILABILITYCHECK_TIMEOUT: 120s
-      IMPORT_FILES_LOCATIONS: "/config/*"
+      KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\" --import-realm"
     volumes:
-      - ./helm/api-platform/keycloak/config:/config
+      - ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo
+      - ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import

Diff for: compose.yaml

@@ -83,11 +83,9 @@ services:
       KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-!ChangeMe!}
       # Must finish with a trailing slash (https://github.com/bitnami/charts/issues/10885#issuecomment-1414279144)
       KEYCLOAK_HTTP_RELATIVE_PATH: /oidc/
-      # https://www.keycloak.org/server/hostname
-      KC_HOSTNAME_URL: https://${SERVER_NAME:-localhost}/oidc/
-      KC_HOSTNAME_ADMIN_URL: https://${SERVER_NAME:-localhost}/oidc/
-      # https://www.keycloak.org/server/features
-      KC_FEATURES: "scripts"
+      KEYCLOAK_HOSTNAME: https://${SERVER_NAME:-localhost}/oidc/
+      KEYCLOAK_HOSTNAME_ADMIN: https://${SERVER_NAME:-localhost}/oidc/
+      KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\""
     depends_on:
       - keycloak-database
     ports:

Diff for: helm/api-platform/keycloak/Dockerfile

@@ -4,7 +4,7 @@
 
 
 # Versions
-FROM bitnami/keycloak:24-debian-12 AS keycloak_upstream
+FROM bitnami/keycloak:25-debian-12 AS keycloak_upstream
 
 
 # The different stages of this Dockerfile are meant to be built into separate images

Diff for: helm/api-platform/values.yaml

@@ -108,14 +108,16 @@ keycloak:
   service:
     type: ClusterIP
   extraEnvVars:
-    # Must set KC_HOSTNAME_URL to force https + relative path
-    - name: KC_HOSTNAME_URL
+    # Must set KEYCLOAK_HOSTNAME to force https + relative path
+    - name: KEYCLOAK_HOSTNAME
       value: "https://chart-example.local/oidc/"
-    # Must set KC_HOSTNAME_ADMIN because of relative path
-    - name: KC_HOSTNAME_ADMIN_URL
+    # Must set KEYCLOAK_HOSTNAME_ADMIN because of relative path
+    - name: KEYCLOAK_HOSTNAME_ADMIN
       value: "https://chart-example.local/oidc/"
     - name: KEYCLOAK_PRODUCTION
       value: "true"
+    - name: KEYCLOAK_EXTRA_ARGS
+      value: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\""
   # must finish with a trailing slash (https://github.com/bitnami/charts/issues/10885#issuecomment-1414279144)
   httpRelativePath: /oidc/
   proxy: edge
@@ -137,7 +139,7 @@ keycloak:
       - -jar
       - /opt/bitnami/keycloak-config-cli/keycloak-config-cli.jar
     image:
-      tag: 5-debian-12
+      tag: 6-debian-12
   postgresql:
     enabled: true
     nameOverride: postgresql-keycloak