Keycloak update, fix 404 issue

filippomc · filippomc · commit 426dcc09908c · 2025-06-25T12:22:03.000+02:00
diff --git a/applications/accounts/Dockerfile b/applications/accounts/Dockerfile
@@ -1,12 +1,18 @@
-FROM quay.io/keycloak/keycloak:16.1.0
+FROM quay.io/keycloak/keycloak:26.2.5
 
-# add kubectl
+EXPOSE 9000
+EXPOSE 8080
 USER root
-COPY --chmod=0755 scripts/create_api_user.sh /opt/jboss/startup-scripts/create_api_user.sh
-USER jboss
+COPY --chmod=0755 scripts/create_api_user.sh /opt/keycloak/startup-scripts/create_api_user.sh
+COPY --chmod=0755 scripts/kc-entrypoint.sh /opt/keycloak/bin/kc-entrypoint.sh
+
+USER keycloak
 
 # Customize keycloak look
-COPY themes/custom /opt/jboss/keycloak/themes/custom
+COPY themes/custom /opt/keycloak/themes/custom
+
+# # keycloak kafka listener plugin
+COPY plugins/* /opt/keycloak/providers/
 
-# plugins
-COPY plugins/* /opt/jboss/keycloak/standalone/deployments/
+ENTRYPOINT [ "/opt/keycloak/bin/kc-entrypoint.sh" ]
+CMD [ "start-dev", "--import-realm", "--health-enabled=true", "--metrics-enabled=true" ]
diff --git a/applications/accounts/deploy/resources/realm.json b/applications/accounts/deploy/resources/realm.json
@@ -1,40 +1,42 @@
-
 {{- define "deploy_accounts_utils.role" }}
-{
-  "id": {{ uuidv4 | quote }},
-  "name": {{ .role| quote }},
-  "composite": false,
-  "clientRole": true,
-  "containerId": {{ .app.harness.name | quote }},
-  "attributes": {}
-}
+    {
+      "id": {{ uuidv4 | quote }},
+      "name": {{ .role| quote }},
+      "composite": false,
+      "clientRole": true,
+      "containerId": {{ .app.harness.name | quote }},
+      "attributes": {}
+    }
 {{- end}}
 {{- define "deploy_accounts_utils.user" }}
     {
-        "username": {{ .user.username | quote }},
+        "username": {{ .user.username | default .user.email | quote }},
         "email": {{ .user.email | default .user.username | quote }},
         "enabled": true,
+        "firstName": {{ .user.firstName | default "Test" | quote }},
+        "lastName": {{ .user.lastName | default "User" | quote }},
         "credentials": [
             {
                 "type": "password",
-                "value": {{ .user.passwword | default "test" | quote }}
+                "value": {{ .user.password | default "test" | quote }}
             }
         ],
         "realmRoles": {{ .user.realmRoles | toJson }},
         "clientRoles": {
             {{ .app.harness.name | quote }}: {{ .user.clientRoles | toJson }}
         } 
     }
-    {{- end}}
+
+{{- end}}
 {
         "id": {{ .Values.namespace | quote }},
         "realm": {{ .Values.namespace | quote }},
         "enabled": true,
-        "sslRequired": "external",
-        "loginTheme": "custom",
-        "accountTheme": "custom",
-        "adminTheme": "custom",
-        "emailTheme": "custom",
+        "sslRequired": {{ ternary "none" "external" (not .Values.tls) | quote }},
+        "loginTheme": "keycloak",
+        "accountTheme": "keycloak",
+        "adminTheme": "keycloak",
+        "emailTheme": "keycloak",
         "registrationAllowed": true,
         "registrationEmailAsUsername": false,
         "rememberMe": true,
@@ -84,12 +86,18 @@
             }
           ],
         "users": [
+            {{- $j := 0}}
             {{- range $app := .Values.apps }}
               {{- if (hasKey $app.harness "accounts")  }}
+                {{- if $j}},{{end}}
+                {{- if len $app.harness.accounts.users}}
+                    {{- $j = add1 $j }}
+                {{- end }}
                 {{- range $i, $user := $app.harness.accounts.users }}{{if $i}},{{end}}
                 {{ include "deploy_accounts_utils.user" (dict "root" $ "app" $app "user" $user) }}
                 {{- end }}
               {{- end }}
+              
             {{- end }}
         ],
         "roles": {
@@ -122,14 +130,18 @@
                 }
             ],
             "client": {
+            {{- $k := 0}}
             {{- range $app := .Values.apps }}
+
               {{- if (hasKey $app.harness "accounts")  }}
+                {{- if $k}},{{end}}
                 {{ $app.harness.name | quote }}: [
                 {{- range $i, $role := $app.harness.accounts.roles }}
                 {{if $i}},{{end}}
-                {{ include "deploy_accounts_utils.role" (dict "root" $ "app" $app "role" $role) }}
+                {{- include "deploy_accounts_utils.role" (dict "root" $ "app" $app "role" $role) }}
                 {{- end }}
                 ]
+                {{- $k = add1 $k }}
               {{- end }}
             {{- end }}
             }
@@ -752,5 +764,5 @@
                 }
             }
         ],
-        "keycloakVersion": "9.0.2"
+        "keycloakVersion": "26.2.1"
     }
diff --git a/applications/accounts/plugins/keycloak-orcid.jar b/applications/accounts/plugins/keycloak-orcid.jar
diff --git a/applications/jupyterlab-minimal/deploy/values.yaml b/applications/jupyterlab-minimal/deploy/values.yaml
@@ -1,5 +1,6 @@
 harness:
-  subdomain: notebooks
+  subdomain: lab
+  aliases: [notebooks]
   service:
     auto: false
     port: 80
diff --git a/applications/nwb-explorer/dependencies/nwb-explorer b/applications/nwb-explorer/dependencies/nwb-explorer
@@ -1 +1 @@
-Subproject commit b0839b2e1d902a42955a32a3981823aab36017c7
+Subproject commit cf1d3c74f2a30612b37cec515713b8a57f9e13d8
diff --git a/applications/nwb-explorer/deploy/values-minimal.yaml b/applications/nwb-explorer/deploy/values-minimal.yaml
@@ -0,0 +1,3 @@
+harness:
+  deployment:
+    image: osb/nwb-explorer:latest
diff --git a/applications/osb-portal/deploy/resources/keycloak.json b/applications/osb-portal/deploy/resources/keycloak.json
@@ -1,6 +1,6 @@
 {
   "realm": {{ .Values.namespace | quote }},
-  "auth-server-url": {{ (printf  "https://%s.%s/auth" .Values.apps.accounts.harness.subdomain  .Values.domain) | quote }},
+  "auth-server-url": {{ (printf  "https://%s.%s" .Values.apps.accounts.harness.subdomain  .Values.domain) | quote }},
   "ssl-required": "external",
   "resource": "web-client",
   "public-client": true,
diff --git a/applications/osb-portal/deploy/values-minimal.yaml b/applications/osb-portal/deploy/values-minimal.yaml
@@ -5,7 +5,6 @@ harness:
       - accounts-api
       - workspaces
       - jupyterhub
-      - notifications
       - nwb-explorer
-      - netpyne
+      - jupyterlab-minimal
 
diff --git a/applications/osb-portal/entrypoint.sh b/applications/osb-portal/entrypoint.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-sed -i "s/__DOMAIN__/${CH_ACCOUNTS_AUTH_DOMAIN:-https://accounts.osb.local/auth/}/g" /usr/share/nginx/html/keycloak/keycloak.json
+sed -i "s/__DOMAIN__/${CH_ACCOUNTS_AUTH_DOMAIN:-https://accounts.osb.local/}/g" /usr/share/nginx/html/keycloak/keycloak.json
 sed -i "s/__NAMESPACE__/${CH_ACCOUNTS_REALM:-osb2}/g" /usr/share/nginx/html/keycloak/keycloak.json
 sed -i "s/__REALM__/${CH_ACCOUNTS_REALM:-osb2}/g" /etc/nginx/nginx.conf
 
diff --git a/applications/osb-portal/package.json b/applications/osb-portal/package.json
@@ -36,7 +36,7 @@
     "@sentry/react": "^6.3.5",
     "assert": "^2.0.0",
     "axios": "^1.6.5",
-    "keycloak-js": "^12.0.0",
+    "keycloak-js": "^26.0.0",
     "less-vars-to-js": "^1.3.0",
     "lodash": "^4.17.21",
     "markdown-it": "^12.0.0",
diff --git a/applications/osb-portal/src/assets-parametrized/keycloak.json b/applications/osb-portal/src/assets-parametrized/keycloak.json
@@ -1,6 +1,6 @@
 {
   "realm": "__NAMESPACE__",
-  "auth-server-url": "https://accounts.__DOMAIN__/auth/",
+  "auth-server-url": "https://accounts.__DOMAIN__/",
   "ssl-required": "external",
   "resource": "web-client",
   "public-client": true,
diff --git a/applications/osb-portal/src/service/UserService.tsx b/applications/osb-portal/src/service/UserService.tsx
@@ -10,7 +10,7 @@ import { OSBRepository } from "../apiclient/workspaces";
 import { Configuration, User } from "../apiclient/accounts";
 import * as accountsApi from "../apiclient/accounts/apis";
 
-const keycloak = Keycloak("/keycloak.json");
+const keycloak = new Keycloak("/keycloak.json");
 
 const accountsApiUri = "/proxy/accounts-api/api";
 
diff --git a/applications/osb-portal/src/types/workspace.ts b/applications/osb-portal/src/types/workspace.ts
@@ -37,7 +37,7 @@ export interface ResourceType {
 }
 
 export const OSBApplications: { [id: string]: OSBApplication } = {
-  jupyter: { name: "JupyterLab", subdomain: "notebooks", code: "jupyter" },
+  jupyter: { name: "JupyterLab", subdomain: "lab", code: "jupyter" },
   nwbexplorer: { name: "NWB Explorer", subdomain: "nwbexplorer", code: "nwbexplorer" },
   netpyne: { name: "NetPyNE", subdomain: "netpyne", code: "netpyne" },
 };
diff --git a/applications/osb-portal/yarn.lock b/applications/osb-portal/yarn.lock
@@ -2795,11 +2795,6 @@ balanced-match@^1.0.0:
   resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee"
   integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==
 
-base64-js@1.3.1:
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.1.tgz#58ece8cb75dd07e71ed08c736abc5fac4dbf8df1"
-  integrity sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==
-
 batch@0.6.1:
   version "0.6.1"
   resolved "https://registry.yarnpkg.com/batch/-/batch-0.6.1.tgz#dc34314f4e679318093fc760272525f94bf25c16"
@@ -5588,11 +5583,6 @@ jest@^29.1.1:
     import-local "^3.0.2"
     jest-cli "^29.7.0"
 
-js-sha256@0.9.0:
-  version "0.9.0"
-  resolved "https://registry.yarnpkg.com/js-sha256/-/js-sha256-0.9.0.tgz#0b89ac166583e91ef9123644bd3c5334ce9d0966"
-  integrity sha512-sga3MHh9sgQN2+pJ9VYZ+1LPwXOxuBJBA5nrR5/ofPfuiJBE2hnjsaN8se8JznOmGLN2p49Pe5U/ttafcs/apA==
-
 "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
@@ -5738,13 +5728,10 @@ keycloak-js@*:
   resolved "https://registry.yarnpkg.com/keycloak-js/-/keycloak-js-26.1.4.tgz#d279ec2b0e4d0805bfa6f08ae1499f2332f86802"
   integrity sha512-4h2RicCzIAtsjKIG8DIO+8NKlpWX2fiNkbS0jlbtjZFbIGGjbQBzjS/5NkyWlzxamXVow9prHTIgIiwfo3GAmQ==
 
-keycloak-js@^12.0.0:
-  version "12.0.4"
-  resolved "https://registry.yarnpkg.com/keycloak-js/-/keycloak-js-12.0.4.tgz#fc60ccd8c32788e48302a543e6133e852a48abaf"
-  integrity sha512-O/BHtyiDrZrUnKBrVF8POojqd3gmhuiDw4FiI+FbnB14nu7G5jKFrKYZa9Q0JYKIZXHJOBzSaKQcMp2WUI+zmA==
-  dependencies:
-    base64-js "1.3.1"
-    js-sha256 "0.9.0"
+keycloak-js@^26.0.0:
+  version "26.2.0"
+  resolved "https://registry.yarnpkg.com/keycloak-js/-/keycloak-js-26.2.0.tgz#0924feec13a014563b2e041e255657c24c145714"
+  integrity sha512-CrFcXTN+d6J0V/1v3Zpioys6qHNWE6yUzVVIsCUAmFn9H14GZ0vuYod+lt+SSpMgWGPuneDZBSGBAeLBFuqjsw==
 
 keyv@^4.5.3:
   version "4.5.4"
diff --git a/applications/workspaces/server/Dockerfile b/applications/workspaces/server/Dockerfile
@@ -2,13 +2,21 @@ ARG CLOUDHARNESS_FLASK
 
 FROM $CLOUDHARNESS_FLASK
 
-RUN apk update
-RUN apk upgrade
-RUN apk add gcc
-RUN apk add libc-dev
-RUN apk add libffi-dev
-RUN apk add openssl-dev
-RUN apk add postgresql-dev
+
+# RUN apk add gcc
+# RUN apk add libc-dev
+# RUN apk add libffi-dev
+# RUN apk add openssl-dev
+# RUN apk add postgresql-dev
+
+RUN apt-get update && apt-get install -y \
+    gcc \
+    libc-dev \
+    build-essential \
+    libffi-dev \
+    libssl-dev \
+    postgresql-client \
+    postgresql-server-dev-all
 
 RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app
diff --git a/applications/workspaces/server/test/values.yaml b/applications/workspaces/server/test/values.yaml
@@ -81,7 +81,7 @@ apps:
     resources: *id001
     task-images: {}
     webclient: {id: web-client, secret: 452952ae-922c-4766-b912-7b106271e34b}
-  accounts_api:
+  accounts-api:
     harness:
       aliases: []
       dependencies:
diff --git a/applications/workspaces/server/workspaces/service/auth.py b/applications/workspaces/server/workspaces/service/auth.py
@@ -26,6 +26,7 @@ def get_auth_client():
 
 def keycloak_user_id():
     authentication_token = get_authentication_token()
+    print(f"Authentication token: {authentication_token}")
     if not authentication_token:
         return None
     try:
diff --git a/applications/workspaces/server/workspaces/service/crud_service.py b/applications/workspaces/server/workspaces/service/crud_service.py
@@ -178,7 +178,9 @@ def get_pvc_name(workspace_id):
     def check_max_num_workspaces_per_user(self, user_id=None):
         if not user_id:
             user_id = keycloak_user_id()
-        if not get_auth_client().user_has_realm_role(user_id=user_id, role="administrator"):
+        auth_client = get_auth_client()
+        print("User ", user_id)
+        if not auth_client.user_has_realm_role(user_id=user_id, role="admin"):
             # for non admin users check if max number of ws per user limit is reached
             num_ws_current_user = self.repository.search(user_id=user_id).total
             max_num_ws_current_user = get_max_workspaces_for_user(user_id)
diff --git a/applications/workspaces/tasks/biomodels-copy/Dockerfile b/applications/workspaces/tasks/biomodels-copy/Dockerfile
@@ -3,7 +3,7 @@ FROM $CLOUDHARNESS_BASE
 
 # much faster than curl/wget
 # https://pkgs.alpinelinux.org/packages?name=aria2&branch=edge
-RUN apk add aria2 unzip
+RUN apt-get update && apt-get install -y aria2 unzip
 
 
 ADD . /
diff --git a/applications/workspaces/tasks/figshare-copy/Dockerfile b/applications/workspaces/tasks/figshare-copy/Dockerfile
@@ -3,7 +3,7 @@ FROM $CLOUDHARNESS_BASE
 
 # much faster than curl/wget
 # https://pkgs.alpinelinux.org/packages?name=aria2&branch=edge
-RUN apk add aria2 curl
+RUN apt-get update && apt-get install -y aria2 curl
 
 
 ADD . /
diff --git a/applications/workspaces/tasks/github-copy/Dockerfile b/applications/workspaces/tasks/github-copy/Dockerfile
@@ -1,7 +1,7 @@
 ARG CLOUDHARNESS_BASE
 FROM $CLOUDHARNESS_BASE
 
-RUN apk add git
+RUN apt-get update && apt-get install -y git
 
 ADD . /
 
diff --git a/applications/workspaces/tasks/scan-workspace/Dockerfile b/applications/workspaces/tasks/scan-workspace/Dockerfile
@@ -1,7 +1,7 @@
 ARG CLOUDHARNESS_BASE
 FROM $CLOUDHARNESS_BASE
 
-RUN apk add subversion
+RUN apt-get update && apt-get install -y subversion
 
 ADD . /
 
diff --git a/deployment/codefresh-dev.yaml b/deployment/codefresh-dev.yaml

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-Subproject commit b0839b2e1d902a42955a32a3981823aab36017c7`
	`1`	`+Subproject commit cf1d3c74f2a30612b37cec515713b8a57f9e13d8`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+harness:`
	`2`	`+ deployment:`
	`3`	`+ image: osb/nwb-explorer:latest`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"realm": {{ .Values.namespace \| quote }},`
`3`		`- "auth-server-url": {{ (printf "https://%s.%s/auth" .Values.apps.accounts.harness.subdomain .Values.domain) \| quote }},`
	`3`	`+ "auth-server-url": {{ (printf "https://%s.%s" .Values.apps.accounts.harness.subdomain .Values.domain) \| quote }},`
`4`	`4`	`"ssl-required": "external",`
`5`	`5`	`"resource": "web-client",`
`6`	`6`	`"public-client": true,`