Migration steps for enabling user profile by default

pedroigor · pedroigor · commit 810ebf4efd45 · 2023-12-19T10:19:45.000-03:00
Closes keycloak#25528 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
diff --git a/model/legacy-private/src/main/java/org/keycloak/migration/migrators/MigrateTo24_0_0.java b/model/legacy-private/src/main/java/org/keycloak/migration/migrators/MigrateTo24_0_0.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2023 Red Hat, Inc. and/or its affiliates
+ *  and other contributors as indicated by the @author tags.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.keycloak.migration.migrators;
+
+import org.jboss.logging.Logger;
+import org.keycloak.migration.ModelVersion;
+import org.keycloak.models.KeycloakContext;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.userprofile.config.UPConfig;
+import org.keycloak.representations.userprofile.config.UPConfig.UnmanagedAttributePolicy;
+import org.keycloak.userprofile.UserProfileProvider;
+
+public class MigrateTo24_0_0 implements Migration {
+
+    private static final Logger LOG = Logger.getLogger(MigrateTo24_0_0.class);
+    public static final ModelVersion VERSION = new ModelVersion("24.0.0");
+    private static final String REALM_USER_PROFILE_ENABLED = "userProfileEnabled";
+
+    @Override
+    public void migrate(KeycloakSession session) {
+        session.realms().getRealmsStream().forEach(realm -> migrateRealm(session, realm));
+    }
+
+    @Override
+    public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
+        migrateRealm(session, realm);
+    }
+
+    @Override
+    public ModelVersion getVersion() {
+        return VERSION;
+    }
+
+    private void migrateRealm(KeycloakSession session, RealmModel realm) {
+        KeycloakContext context = session.getContext();
+        try {
+            context.setRealm(realm);
+            updateUserProfileSettings(session);
+        } finally {
+            context.setRealm(null);
+        }
+    }
+
+    private void updateUserProfileSettings(KeycloakSession session) {
+        RealmModel realm = session.getContext().getRealm();
+        boolean isUserProfileEnabled = Boolean.parseBoolean(realm.getAttribute(REALM_USER_PROFILE_ENABLED));
+
+        if (isUserProfileEnabled) {
+            // existing realms with user profile enabled does not need any addition migration step
+            LOG.debugf("Skipping migration for realm %s. The declarative user profile is already enabled.", realm.getName());
+            return;
+        }
+
+        // user profile is enabled by default since this version
+        realm.setAttribute(REALM_USER_PROFILE_ENABLED, Boolean.TRUE.toString());
+
+        // for backward compatibility in terms of behavior, we enable unmanaged attributes for existing realms
+        // that don't have the declarative user profile enabled
+        UserProfileProvider provider = session.getProvider(UserProfileProvider.class);
+        UPConfig upConfig = provider.getConfiguration();
+        upConfig.setUnmanagedAttributePolicy(UnmanagedAttributePolicy.ENABLED);
+        provider.setConfiguration(upConfig);
+
+        LOG.debugf("Enabled the declarative user profile to realm %s with support for unmanaged attributes", realm.getName());
+    }
+}
diff --git a/model/legacy-private/src/main/java/org/keycloak/storage/datastore/LegacyMigrationManager.java b/model/legacy-private/src/main/java/org/keycloak/storage/datastore/LegacyMigrationManager.java
@@ -37,6 +37,7 @@
 import org.keycloak.migration.migrators.MigrateTo21_0_0;
 import org.keycloak.migration.migrators.MigrateTo22_0_0;
 import org.keycloak.migration.migrators.MigrateTo23_0_0;
+import org.keycloak.migration.migrators.MigrateTo24_0_0;
 import org.keycloak.migration.migrators.MigrateTo2_0_0;
 import org.keycloak.migration.migrators.MigrateTo2_1_0;
 import org.keycloak.migration.migrators.MigrateTo2_2_0;
@@ -112,7 +113,8 @@ public class LegacyMigrationManager implements MigrationManager {
             new MigrateTo20_0_0(),
             new MigrateTo21_0_0(),
             new MigrateTo22_0_0(),
-            new MigrateTo23_0_0()
+            new MigrateTo23_0_0(),
+            new MigrateTo24_0_0()
     };
 
     private final KeycloakSession session;
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
@@ -63,6 +63,8 @@
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
+import org.keycloak.representations.userprofile.config.UPConfig;
+import org.keycloak.representations.userprofile.config.UPConfig.UnmanagedAttributePolicy;
 import org.keycloak.storage.UserStorageProvider;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.Assert;
@@ -110,6 +112,7 @@
 import static org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
 import static org.keycloak.testsuite.Assert.assertNames;
 import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
+import static org.keycloak.userprofile.DeclarativeUserProfileProvider.REALM_USER_PROFILE_ENABLED;
 import static org.keycloak.userprofile.DeclarativeUserProfileProvider.UP_COMPONENT_CONFIG_KEY;
 
 /**
@@ -395,6 +398,15 @@ protected void testMigrationTo23_0_0(boolean testUserProfileMigration) {
         testRegistrationProfileFormActionRemoved(migrationRealm2);
     }
 
+    protected void testMigrationTo24_0_0(boolean testUserProfileMigration) {
+        if (testUserProfileMigration) {
+            testUserProfileEnabledByDefault(migrationRealm);
+            testUnmanagedAttributePolicySet(migrationRealm, UnmanagedAttributePolicy.ENABLED);
+            testUserProfileEnabledByDefault(migrationRealm2);
+            testUnmanagedAttributePolicySet(migrationRealm2, null);
+        }
+    }
+
     protected void testDeleteAccount(RealmResource realm) {
         ClientRepresentation accountClient = realm.clients().findByClientId(ACCOUNT_MANAGEMENT_CLIENT_ID).get(0);
         ClientResource accountResource = realm.clients().get(accountClient.getId());
@@ -1079,6 +1091,10 @@ protected void testMigrationTo23_x(boolean testUserProfileMigration) {
         testMigrationTo23_0_0(testUserProfileMigration);
     }
 
+    protected void testMigrationTo24_x(boolean testUserProfileMigration) {
+        testMigrationTo24_0_0(testUserProfileMigration);
+    }
+
     protected void testMigrationTo7_x(boolean supportedAuthzServices) {
         if (supportedAuthzServices) {
             testDecisionStrategySetOnResourceServer();
@@ -1183,4 +1199,16 @@ protected void testRealmAttributesMigration() {
         Map<String, String> realmAttributes = migrationRealm.toRepresentation().getAttributes();
         assertEquals("custom_value", realmAttributes.get("custom_attribute"));
     }
+
+    private void testUserProfileEnabledByDefault(RealmResource realm) {
+        RealmRepresentation rep = realm.toRepresentation();
+        Map<String, String> attributes = rep.getAttributes();
+        String userProfileEnabled = attributes.get(REALM_USER_PROFILE_ENABLED);
+        assertTrue(Boolean.parseBoolean(userProfileEnabled));
+    }
+
+    private void testUnmanagedAttributePolicySet(RealmResource realm, UnmanagedAttributePolicy policy) {
+        UPConfig upConfig = realm.users().userProfile().getConfiguration();
+        assertEquals(policy, upConfig.getUnmanagedAttributePolicy());
+    }
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport1903MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport1903MigrationTest.java
@@ -17,8 +17,10 @@
 package org.keycloak.testsuite.migration;
 
 import org.junit.Test;
+import org.keycloak.common.Profile.Feature;
 import org.keycloak.exportimport.util.ImportUtils;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.utils.io.IOUtil;
 import org.keycloak.util.JsonSerialization;
 
@@ -29,6 +31,7 @@
 /**
  * Tests that we can import json file from previous version. MigrationTest only tests DB.
  */
+@EnableFeature(Feature.DECLARATIVE_USER_PROFILE)
 public class JsonFileImport1903MigrationTest extends AbstractJsonFileImportMigrationTest {
 
     @Override
@@ -52,6 +55,7 @@ public void migration19_0_3Test() throws Exception {
         testMigrationTo21_x();
         testMigrationTo22_x();
         testMigrationTo23_x(true);
+        testMigrationTo24_x(true);
     }
 
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport198MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport198MigrationTest.java
@@ -78,6 +78,7 @@ public void migration1_9_8Test() {
         testMigrationTo21_x();
         testMigrationTo22_x();
         testMigrationTo23_x(false);
+        testMigrationTo24_x(false);
     }
 
     @Override
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport255MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport255MigrationTest.java
@@ -72,6 +72,7 @@ public void migration2_5_5Test() throws Exception {
         testMigrationTo21_x();
         testMigrationTo22_x();
         testMigrationTo23_x(false);
+        testMigrationTo24_x(false);
     }
 
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport343MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport343MigrationTest.java
@@ -67,6 +67,7 @@ public void migration3_4_3Test() throws Exception {
         testMigrationTo21_x();
         testMigrationTo22_x();
         testMigrationTo23_x(false);
+        testMigrationTo24_x(false);
     }
 
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport483MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport483MigrationTest.java
@@ -61,6 +61,7 @@ public void migration4_8_3Test() throws Exception {
         testMigrationTo21_x();
         testMigrationTo22_x();
         testMigrationTo23_x(false);
+        testMigrationTo24_x(false);
     }
 
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport903MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport903MigrationTest.java
@@ -54,6 +54,7 @@ public void migration9_0_3Test() throws Exception {
         testMigrationTo21_x();
         testMigrationTo22_x();
         testMigrationTo23_x(false);
+        testMigrationTo24_x(false);
     }
 
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
@@ -19,7 +19,9 @@
 import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.common.Profile.Feature;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.arquillian.migration.Migration;
 
 import jakarta.ws.rs.NotFoundException;
@@ -32,6 +34,7 @@
  *
  * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
  */
+@EnableFeature(Feature.DECLARATIVE_USER_PROFILE)
 public class MigrationTest extends AbstractMigrationTest {
 
     @Override
@@ -69,5 +72,6 @@ public void migration19_xTest() throws Exception{
         testMigrationTo21_x();
         testMigrationTo22_x();
         testMigrationTo23_x(true);
+        testMigrationTo24_x(true);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,7 @@ public void migration1_9_8Test() {`
`78`	`78`	`testMigrationTo21_x();`
`79`	`79`	`testMigrationTo22_x();`
`80`	`80`	`testMigrationTo23_x(false);`
	`81`	`+ testMigrationTo24_x(false);`
`81`	`82`	`}`
`82`	`83`
`83`	`84`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,7 @@ public void migration2_5_5Test() throws Exception {`
`72`	`72`	`testMigrationTo21_x();`
`73`	`73`	`testMigrationTo22_x();`
`74`	`74`	`testMigrationTo23_x(false);`
	`75`	`+ testMigrationTo24_x(false);`
`75`	`76`	`}`
`76`	`77`
`77`	`78`	`}`
Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,7 @@ public void migration3_4_3Test() throws Exception {`
`67`	`67`	`testMigrationTo21_x();`
`68`	`68`	`testMigrationTo22_x();`
`69`	`69`	`testMigrationTo23_x(false);`
	`70`	`+ testMigrationTo24_x(false);`
`70`	`71`	`}`
`71`	`72`
`72`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,7 @@ public void migration4_8_3Test() throws Exception {`
`61`	`61`	`testMigrationTo21_x();`
`62`	`62`	`testMigrationTo22_x();`
`63`	`63`	`testMigrationTo23_x(false);`
	`64`	`+ testMigrationTo24_x(false);`
`64`	`65`	`}`
`65`	`66`
`66`	`67`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,7 @@ public void migration9_0_3Test() throws Exception {`
`54`	`54`	`testMigrationTo21_x();`
`55`	`55`	`testMigrationTo22_x();`
`56`	`56`	`testMigrationTo23_x(false);`
	`57`	`+ testMigrationTo24_x(false);`
`57`	`58`	`}`
`58`	`59`
`59`	`60`	`}`