From db31a20fc98a72c17bf06caf6b0a2f8e6b495229 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Mon, 3 Oct 2022 00:01:36 +0200
Subject: [PATCH 1/4] Fix keycloak example + improve CI build to catch a
 similar issue next time

Signed-off-by: Marko Strukelj <marko.strukelj@gmail.com>
---
 .travis/build.sh                                   | 5 ++++-
 examples/docker/keycloak-import/Dockerfile         | 2 +-
 examples/docker/keycloak/Dockerfile                | 4 ++--
 examples/docker/keycloak/compose-ssl.yml           | 2 +-
 examples/docker/keycloak/compose.yml               | 2 +-
 examples/docker/keycloak/keycloak-ssl.cli          | 7 ++++---
 examples/kubernetes/keycloak-postgres.yaml         | 2 +-
 examples/kubernetes/keycloak.yaml                  | 2 +-
 testsuite/keycloak-auth-tests/docker-compose.yml   | 2 +-
 testsuite/keycloak-authz-tests/docker-compose.yml  | 2 +-
 testsuite/keycloak-errors-tests/docker-compose.yml | 2 +-
 11 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/.travis/build.sh b/.travis/build.sh
index c5e9a278..3ff09ad8 100755
--- a/.travis/build.sh
+++ b/.travis/build.sh
@@ -46,6 +46,9 @@ arch=$(uname -m)
 # Also test examples build on different architectures (exclude ppc64le until fixed)
 if [ "$arch" != 'ppc64le' ]; then
   mvn clean install -f examples/docker
+  cd examples/docker
+  docker-compose -f compose.yml -f keycloak/compose-ssl.yml build
+  cd ../..
 fi
 
 # Run testsuite if this is a main build
@@ -57,7 +60,7 @@ if [ "${MAIN_BUILD}" == "TRUE" ] ; then
     docker build --target hydra-import -t strimzi-oauth-testsuite/hydra-import:latest -f ./testsuite/docker/hydra-import/Dockerfile.s390x .
     git clone -b 19.0.1 https://github.com/keycloak/keycloak-containers.git
     cd keycloak-containers/server/
-    docker build -t quay.io/keycloak/keycloak:19.0.1-legacy .
+    docker build -t quay.io/keycloak/keycloak:19.0.2-legacy .
     cd ../../ && rm -rf keycloak-containers
     docker build --target oryd-hydra -t oryd/hydra:v1.8.5 -f ./testsuite/docker/hydra-import/Dockerfile.s390x .
     mvn test-compile spotbugs:check -e -V -B -f testsuite
diff --git a/examples/docker/keycloak-import/Dockerfile b/examples/docker/keycloak-import/Dockerfile
index 7c11422d..d7a88e67 100644
--- a/examples/docker/keycloak-import/Dockerfile
+++ b/examples/docker/keycloak-import/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/keycloak/keycloak:19.0.1-legacy
+FROM quay.io/keycloak/keycloak:19.0.2-legacy
 
 RUN mkdir /opt/jboss/realms
 COPY realms/* /opt/jboss/realms/
diff --git a/examples/docker/keycloak/Dockerfile b/examples/docker/keycloak/Dockerfile
index c6a0b408..51293352 100644
--- a/examples/docker/keycloak/Dockerfile
+++ b/examples/docker/keycloak/Dockerfile
@@ -1,6 +1,6 @@
-FROM quay.io/keycloak/keycloak:19.0.1-legacy
+FROM quay.io/keycloak/keycloak:19.0.2-legacy
 
-COPY certificates/keycloak.server.keystore.p12 /opt/jboss/keycloak/standalone/configuration/
+COPY certificates/keycloak.server.keystore.p12 /opt/jboss/keycloak/standalone/configuration/keycloak.server.keystore
 COPY keycloak-ssl.cli /opt/jboss/keycloak/
 
 RUN cd /opt/jboss/keycloak && \
diff --git a/examples/docker/keycloak/compose-ssl.yml b/examples/docker/keycloak/compose-ssl.yml
index fd00dcea..1cbae706 100644
--- a/examples/docker/keycloak/compose-ssl.yml
+++ b/examples/docker/keycloak/compose-ssl.yml
@@ -14,4 +14,4 @@ services:
       KEYCLOAK_PASSWORD: "admin"
       KEYCLOAK_HTTPS_PORT: 8443
       PROXY_ADDRESS_FORWARDING: "true"
-    command: "-Dkeycloak.profile.feature.upload_scripts=enabled"
+    command: "-Dkeycloak.profile.feature.upload_scripts=enabled -b 0.0.0.0"
diff --git a/examples/docker/keycloak/compose.yml b/examples/docker/keycloak/compose.yml
index 7c5e482d..66bb1d71 100644
--- a/examples/docker/keycloak/compose.yml
+++ b/examples/docker/keycloak/compose.yml
@@ -3,7 +3,7 @@ version: '3.5'
 services:
 
   keycloak:
-    image: quay.io/keycloak/keycloak:19.0.1-legacy
+    image: quay.io/keycloak/keycloak:19.0.2-legacy
     container_name: keycloak
     ports:
       -  8080:8080
diff --git a/examples/docker/keycloak/keycloak-ssl.cli b/examples/docker/keycloak/keycloak-ssl.cli
index bf1e13a5..11615633 100644
--- a/examples/docker/keycloak/keycloak-ssl.cli
+++ b/examples/docker/keycloak/keycloak-ssl.cli
@@ -1,4 +1,5 @@
 embed-server --server-config=standalone-ha.xml
-/core-service=management/security-realm=UndertowRealm:add()
-/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-path=keycloak.server.keystore.p12, keystore-relative-to=jboss.server.config.dir, keystore-password=changeit)
-/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=security-realm, value=UndertowRealm)
+/subsystem=elytron/key-store=kcKeyStore:add(path=keycloak.server.keystore,relative-to=jboss.server.config.dir, credential-reference={clear-text=changeit},type=PKCS12)
+/subsystem=elytron/key-manager=kcKeyManager:add(key-store=kcKeyStore,credential-reference={clear-text=changeit})
+/subsystem=elytron/server-ssl-context=kcSSLContext:add(key-manager=kcKeyManager)
+/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=kcSSLContext)
diff --git a/examples/kubernetes/keycloak-postgres.yaml b/examples/kubernetes/keycloak-postgres.yaml
index 2f48475d..be0cb615 100644
--- a/examples/kubernetes/keycloak-postgres.yaml
+++ b/examples/kubernetes/keycloak-postgres.yaml
@@ -27,7 +27,7 @@ metadata:
 spec:
   containers:
   - name: keycloak
-    image: quay.io/keycloak/keycloak:19.0.1-legacy
+    image: quay.io/keycloak/keycloak:19.0.2-legacy
     args:
     - "-b 0.0.0.0"
     - "-Dkeycloak.profile.feature.upload_scripts=enabled"
diff --git a/examples/kubernetes/keycloak.yaml b/examples/kubernetes/keycloak.yaml
index 2c8f6123..d5db7a54 100644
--- a/examples/kubernetes/keycloak.yaml
+++ b/examples/kubernetes/keycloak.yaml
@@ -27,7 +27,7 @@ metadata:
 spec:
   containers:
   - name: keycloak
-    image: quay.io/keycloak/keycloak:19.0.1-legacy
+    image: quay.io/keycloak/keycloak:19.0.2-legacy
     args:
     - "-b 0.0.0.0"
     - "-Dkeycloak.profile.feature.upload_scripts=enabled"
diff --git a/testsuite/keycloak-auth-tests/docker-compose.yml b/testsuite/keycloak-auth-tests/docker-compose.yml
index 0a41d54d..aca7d97c 100644
--- a/testsuite/keycloak-auth-tests/docker-compose.yml
+++ b/testsuite/keycloak-auth-tests/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'
 
 services:
   keycloak:
-    image: quay.io/keycloak/keycloak:19.0.1-legacy
+    image: quay.io/keycloak/keycloak:19.0.2-legacy
     ports:
       - "8080:8080"
     volumes:
diff --git a/testsuite/keycloak-authz-tests/docker-compose.yml b/testsuite/keycloak-authz-tests/docker-compose.yml
index 239de464..ce6c80b2 100644
--- a/testsuite/keycloak-authz-tests/docker-compose.yml
+++ b/testsuite/keycloak-authz-tests/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'
 
 services:
   keycloak:
-    image: quay.io/keycloak/keycloak:19.0.1-legacy
+    image: quay.io/keycloak/keycloak:19.0.2-legacy
     ports:
       - "8080:8080"
       - "8443:8443"
diff --git a/testsuite/keycloak-errors-tests/docker-compose.yml b/testsuite/keycloak-errors-tests/docker-compose.yml
index 1be0f116..6d4b9a7c 100644
--- a/testsuite/keycloak-errors-tests/docker-compose.yml
+++ b/testsuite/keycloak-errors-tests/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'
 
 services:
   keycloak:
-    image: quay.io/keycloak/keycloak:19.0.1-legacy
+    image: quay.io/keycloak/keycloak:19.0.2-legacy
     ports:
       - "8080:8080"
       - "8443:8443"

From f38ab7411c96f85ef9078786820cb9668c9dea92 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Mon, 3 Oct 2022 12:15:25 +0200
Subject: [PATCH 2/4] Try fix CI failure on s390x

Signed-off-by: Marko Strukelj <marko.strukelj@gmail.com>
---
 .travis/build.sh | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/.travis/build.sh b/.travis/build.sh
index 3ff09ad8..5dc66699 100755
--- a/.travis/build.sh
+++ b/.travis/build.sh
@@ -43,14 +43,6 @@ mvn spotbugs:check
 
 arch=$(uname -m)
 
-# Also test examples build on different architectures (exclude ppc64le until fixed)
-if [ "$arch" != 'ppc64le' ]; then
-  mvn clean install -f examples/docker
-  cd examples/docker
-  docker-compose -f compose.yml -f keycloak/compose-ssl.yml build
-  cd ../..
-fi
-
 # Run testsuite if this is a main build
 if [ "${MAIN_BUILD}" == "TRUE" ] ; then
 
@@ -58,7 +50,7 @@ if [ "${MAIN_BUILD}" == "TRUE" ] ; then
     # Build s390x compatible hydra image
     export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/s390x-linux-gnu/jni
     docker build --target hydra-import -t strimzi-oauth-testsuite/hydra-import:latest -f ./testsuite/docker/hydra-import/Dockerfile.s390x .
-    git clone -b 19.0.1 https://github.com/keycloak/keycloak-containers.git
+    git clone -b 19.0.2 https://github.com/keycloak/keycloak-containers.git
     cd keycloak-containers/server/
     docker build -t quay.io/keycloak/keycloak:19.0.2-legacy .
     cd ../../ && rm -rf keycloak-containers
@@ -97,6 +89,17 @@ if [ "${MAIN_BUILD}" == "TRUE" ] ; then
 
     set -e
   fi
+
+  # Also test examples build on different architectures (exclude ppc64le until fixed)
+  if [ "$arch" != 'ppc64le']; then
+    mvn clean install -f examples/docker
+  fi
+
+  # Test example image for keycloak-ssl example
+  cd examples/docker
+  docker-compose -f compose.yml -f keycloak/compose-ssl.yml build
+  cd ../..
+
 fi
 
 # Push only releases

From d6ee5da7135eb14581c68a803f389dc7a06c6701 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Mon, 3 Oct 2022 14:59:08 +0200
Subject: [PATCH 3/4] Try fix CI failure on s390x

Signed-off-by: Marko Strukelj <marko.strukelj@gmail.com>
---
 .travis/build.sh | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/.travis/build.sh b/.travis/build.sh
index 5dc66699..9c0f10bc 100755
--- a/.travis/build.sh
+++ b/.travis/build.sh
@@ -43,6 +43,11 @@ mvn spotbugs:check
 
 arch=$(uname -m)
 
+# Also test examples build on different architectures (exclude ppc64le until fixed)
+if [ "$arch" != 'ppc64le']; then
+  mvn clean install -f examples/docker
+fi
+
 # Run testsuite if this is a main build
 if [ "${MAIN_BUILD}" == "TRUE" ] ; then
 
@@ -90,16 +95,10 @@ if [ "${MAIN_BUILD}" == "TRUE" ] ; then
     set -e
   fi
 
-  # Also test examples build on different architectures (exclude ppc64le until fixed)
-  if [ "$arch" != 'ppc64le']; then
-    mvn clean install -f examples/docker
-  fi
-
-  # Test example image for keycloak-ssl example
+  # Test example image build for keycloak-ssl example
   cd examples/docker
   docker-compose -f compose.yml -f keycloak/compose-ssl.yml build
   cd ../..
-
 fi
 
 # Push only releases

From 169ad4b5f0f24296a506069fb884cdb78f2480e3 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Mon, 3 Oct 2022 15:29:59 +0200
Subject: [PATCH 4/4] Try fix CI failure on s390x

Signed-off-by: Marko Strukelj <marko.strukelj@gmail.com>
---
 .travis/build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis/build.sh b/.travis/build.sh
index 9c0f10bc..6df28359 100755
--- a/.travis/build.sh
+++ b/.travis/build.sh
@@ -44,7 +44,7 @@ mvn spotbugs:check
 arch=$(uname -m)
 
 # Also test examples build on different architectures (exclude ppc64le until fixed)
-if [ "$arch" != 'ppc64le']; then
+if [ "$arch" != 'ppc64le' ]; then
   mvn clean install -f examples/docker
 fi