Merge pull request #8596 from sberyozkin/oidc_tenant_config_api

Move OidcTenantConfig out of the runtime package

extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java

@@ -17,8 +17,8 @@
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
 
+import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.oidc.runtime.OidcConfig;
-import io.quarkus.oidc.runtime.OidcTenantConfig;
 import io.quarkus.security.identity.SecurityIdentity;
 import io.quarkus.security.runtime.QuarkusSecurityIdentity;
 import io.quarkus.vertx.http.runtime.HttpConfiguration;

extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java

@@ -2,8 +2,8 @@
 
 import io.quarkus.arc.runtime.BeanContainer;
 import io.quarkus.oidc.OIDCException;
+import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.oidc.runtime.OidcConfig;
-import io.quarkus.oidc.runtime.OidcTenantConfig;
 import io.quarkus.runtime.annotations.Recorder;
 import io.quarkus.vertx.http.runtime.HttpConfiguration;
 

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcTenantConfig.java → extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java

@@ -1,4 +1,4 @@
-package io.quarkus.oidc.runtime;
+package io.quarkus.oidc;
 
 import java.time.Duration;
 import java.util.Arrays;
@@ -17,7 +17,7 @@ public class OidcTenantConfig {
      * resolve the tenant configuration dynamically and is optional in all other cases.
      */
     @ConfigItem
-    Optional<String> tenantId = Optional.empty();
+    public Optional<String> tenantId = Optional.empty();
 
     /**
      * If this tenant configuration is enabled.
@@ -45,57 +45,67 @@ public class OidcTenantConfig {
      * 'https://host:port/auth/realms/{realm}' where '{realm}' has to be replaced by the name of the Keycloak realm.
      */
     @ConfigItem
-    Optional<String> authServerUrl = Optional.empty();
+    public Optional<String> authServerUrl = Optional.empty();
+
     /**
      * Relative path of the RFC7662 introspection service.
      */
+
     @ConfigItem
-    Optional<String> introspectionPath = Optional.empty();
+    public Optional<String> introspectionPath = Optional.empty();
+
     /**
      * Relative path of the OIDC service returning a JWK set.
      */
     @ConfigItem
-    Optional<String> jwksPath = Optional.empty();
+    public Optional<String> jwksPath = Optional.empty();
+
     /**
      * Public key for the local JWT token verification.
      */
     @ConfigItem
-    Optional<String> publicKey = Optional.empty();
+    public Optional<String> publicKey = Optional.empty();
+
     /**
      * The client-id of the application. Each application has a client-id that is used to identify the application
      */
     @ConfigItem
-    Optional<String> clientId = Optional.empty();
+    public Optional<String> clientId = Optional.empty();
+
     /**
      * Configuration to find and parse a custom claim containing the roles information.
      */
     @ConfigItem
-    Roles roles = new Roles();
+    public Roles roles = new Roles();
+
     /**
      * Configuration how to validate the token claims.
      */
     @ConfigItem
-    Token token = new Token();
+    public Token token = new Token();
+
     /**
      * Credentials which the OIDC adapter will use to authenticate to the OIDC server.
      */
     @ConfigItem
-    Credentials credentials = new Credentials();
+    public Credentials credentials = new Credentials();
+
     /**
      * Options to configure a proxy that OIDC adapter will use for talking with OIDC server.
      */
     @ConfigItem
-    Proxy proxy = new Proxy();
+    public Proxy proxy = new Proxy();
+
     /**
      * Different options to configure authorization requests
      */
-    Authentication authentication = new Authentication();
+    public Authentication authentication = new Authentication();
 
     /**
      * TLS configurations
      */
     @ConfigItem
-    Tls tls = new Tls();
+    public Tls tls = new Tls();
 
     @ConfigGroup
     public static class Tls {
@@ -115,7 +125,7 @@ public enum Verification {
          * {@link Verification}. Default is required.
          */
         @ConfigItem(defaultValue = "REQUIRED")
-        Verification verification;
+        public Verification verification;
 
         public Verification getVerification() {
             return verification;
@@ -231,7 +241,7 @@ public static class Credentials {
          * Note that a 'client-secret.value' can be used instead but both properties are mutually exclusive.
          */
         @ConfigItem
-        Optional<String> secret = Optional.empty();
+        public Optional<String> secret = Optional.empty();
 
         /**
          * Client secret which can be used for the 'client_secret_basic' (default) and 'client_secret_post'
@@ -240,13 +250,13 @@ public static class Credentials {
          * but both properties are mutually exclusive.
          */
         @ConfigItem
-        Secret clientSecret = new Secret();
+        public Secret clientSecret = new Secret();
 
         /**
          * Client JWT authentication methods
          */
         @ConfigItem
-        Jwt jwt = new Jwt();
+        public Jwt jwt = new Jwt();
 
         public Optional<String> getSecret() {
             return secret;
@@ -290,13 +300,13 @@ public static enum Method {
              * The client secret
              */
             @ConfigItem
-            Optional<String> value = Optional.empty();
+            public Optional<String> value = Optional.empty();
 
             /**
              * Authentication method.
              */
             @ConfigItem
-            Optional<Method> method = Optional.empty();
+            public Optional<Method> method = Optional.empty();
 
             public Optional<String> getValue() {
                 return value;
@@ -330,13 +340,13 @@ public static class Jwt {
              * "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".
              */
             @ConfigItem
-            Optional<String> secret = Optional.empty();
+            public Optional<String> secret = Optional.empty();
 
             /**
              * JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time.
              */
             @ConfigItem(defaultValue = "10")
-            int lifespan = 10;
+            public int lifespan = 10;
 
             public Optional<String> getSecret() {
                 return secret;
@@ -377,14 +387,14 @@ public static Roles fromClaimPathAndSeparator(String path, String sep) {
          * This property can be used if a token has no 'groups' claim but has the groups set in a different claim.
          */
         @ConfigItem
-        Optional<String> roleClaimPath = Optional.empty();
+        public Optional<String> roleClaimPath = Optional.empty();
         /**
          * Separator for splitting a string which may contain multiple group values.
          * It will only be used if the "role-claim-path" property points to a custom claim whose value is a string.
          * A single space will be used by default because the standard 'scope' claim may contain a space separated sequence.
          */
         @ConfigItem
-        Optional<String> roleClaimSeparator = Optional.empty();
+        public Optional<String> roleClaimSeparator = Optional.empty();
 
         public Optional<String> getRoleClaimPath() {
             return roleClaimPath;

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/TenantConfigResolver.java

@@ -1,6 +1,5 @@
 package io.quarkus.oidc;
 
-import io.quarkus.oidc.runtime.OidcTenantConfig;
 import io.vertx.ext.web.RoutingContext;
 
 /**

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java

@@ -19,10 +19,11 @@
 import io.netty.handler.codec.http.HttpResponseStatus;
 import io.quarkus.oidc.AccessTokenCredential;
 import io.quarkus.oidc.IdTokenCredential;
+import io.quarkus.oidc.OidcTenantConfig;
+import io.quarkus.oidc.OidcTenantConfig.Authentication;
+import io.quarkus.oidc.OidcTenantConfig.Credentials;
+import io.quarkus.oidc.OidcTenantConfig.Credentials.Secret;
 import io.quarkus.oidc.RefreshToken;
-import io.quarkus.oidc.runtime.OidcTenantConfig.Authentication;
-import io.quarkus.oidc.runtime.OidcTenantConfig.Credentials;
-import io.quarkus.oidc.runtime.OidcTenantConfig.Credentials.Secret;
 import io.quarkus.security.identity.IdentityProviderManager;
 import io.quarkus.security.identity.SecurityIdentity;
 import io.quarkus.security.runtime.QuarkusSecurityIdentity;

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/DefaultTenantConfigResolver.java

@@ -10,6 +10,7 @@
 
 import org.jboss.logging.Logger;
 
+import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.oidc.TenantConfigResolver;
 import io.quarkus.oidc.TenantResolver;
 import io.vertx.ext.web.RoutingContext;

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java

@@ -7,6 +7,7 @@
 import javax.inject.Inject;
 
 import io.quarkus.oidc.OIDCException;
+import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.security.identity.IdentityProviderManager;
 import io.quarkus.security.identity.SecurityIdentity;
 import io.quarkus.security.identity.request.AuthenticationRequest;

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfig.java

@@ -2,6 +2,7 @@
 
 import java.util.Map;
 
+import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.runtime.annotations.ConfigDocMapKey;
 import io.quarkus.runtime.annotations.ConfigDocSection;
 import io.quarkus.runtime.annotations.ConfigItem;

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java

@@ -12,6 +12,7 @@
 import org.jose4j.jwt.consumer.InvalidJwtException;
 
 import io.quarkus.oidc.OIDCException;
+import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.security.AuthenticationFailedException;
 import io.quarkus.security.ForbiddenException;
 import io.quarkus.security.identity.AuthenticationRequestContext;

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java

@@ -11,10 +11,11 @@
 import org.jboss.logging.Logger;
 
 import io.quarkus.oidc.OIDCException;
-import io.quarkus.oidc.runtime.OidcTenantConfig.ApplicationType;
-import io.quarkus.oidc.runtime.OidcTenantConfig.Credentials;
-import io.quarkus.oidc.runtime.OidcTenantConfig.Credentials.Secret;
-import io.quarkus.oidc.runtime.OidcTenantConfig.Tls.Verification;
+import io.quarkus.oidc.OidcTenantConfig;
+import io.quarkus.oidc.OidcTenantConfig.ApplicationType;
+import io.quarkus.oidc.OidcTenantConfig.Credentials;
+import io.quarkus.oidc.OidcTenantConfig.Credentials.Secret;
+import io.quarkus.oidc.OidcTenantConfig.Tls.Verification;
 import io.quarkus.runtime.annotations.Recorder;
 import io.quarkus.runtime.configuration.ConfigurationException;
 import io.vertx.core.AsyncResult;

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java

@@ -10,6 +10,7 @@
 import org.eclipse.microprofile.jwt.Claims;
 
 import io.quarkus.oidc.OIDCException;
+import io.quarkus.oidc.OidcTenantConfig;
 import io.vertx.core.json.JsonArray;
 import io.vertx.core.json.JsonObject;
 

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigBean.java

@@ -3,6 +3,8 @@
 import java.util.Map;
 import java.util.function.Function;
 
+import io.quarkus.oidc.OidcTenantConfig;
+
 public class TenantConfigBean {
 
     private final Map<String, TenantConfigContext> staticTenantsConfig;

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigContext.java

@@ -1,5 +1,6 @@
 package io.quarkus.oidc.runtime;
 
+import io.quarkus.oidc.OidcTenantConfig;
 import io.vertx.ext.auth.oauth2.OAuth2Auth;
 
 class TenantConfigContext {

extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcRecorderTest.java

@@ -6,6 +6,8 @@
 
 import org.junit.jupiter.api.Test;
 
+import io.quarkus.oidc.OidcTenantConfig;
+
 public class OidcRecorderTest {
 
     @Test

extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java

@@ -15,6 +15,7 @@
 import org.junit.jupiter.api.Test;
 
 import io.quarkus.oidc.OIDCException;
+import io.quarkus.oidc.OidcTenantConfig;
 import io.vertx.core.json.JsonObject;
 
 public class OidcUtilsTest {

integration-tests/oidc-tenancy/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java

@@ -2,8 +2,8 @@
 
 import javax.enterprise.context.ApplicationScoped;
 
+import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.oidc.TenantConfigResolver;
-import io.quarkus.oidc.runtime.OidcTenantConfig;
 import io.vertx.ext.web.RoutingContext;
 
 @ApplicationScoped