fix(authorization)!: remove unused keycloak based authorization

slisson · slisson · commit 71dc99410894 · 2024-12-11T11:32:26.000+01:00
diff --git a/authorization/src/main/kotlin/org/modelix/authorization/AuthorizationConfig.kt b/authorization/src/main/kotlin/org/modelix/authorization/AuthorizationConfig.kt
@@ -114,12 +114,7 @@ class ModelixAuthorizationConfig : IModelixAuthorizationConfig {
     override var hmac256Key: String? = null
     override var ownPublicKey: JWK? = null
     private val foreignPublicKeys = ArrayList<JWK>()
-    override var jwkUri: URI? = System.getenv("MODELIX_JWK_URI")?.let { URI(it) }
-        ?: System.getenv("KEYCLOAK_BASE_URL")?.let { keycloakBaseUrl ->
-            System.getenv("KEYCLOAK_REALM")?.let { keycloakRealm ->
-                URI("${keycloakBaseUrl}realms/$keycloakRealm/protocol/openid-connect/certs")
-            }
-        }
+    override var jwkUri: URI? = null
     override var jwkKeyId: String? = System.getenv("MODELIX_JWK_KEY_ID")
     override var permissionSchema: Schema = buildPermissionSchema { }
     override var accessControlPersistence: IAccessControlPersistence = System.getenv("MODELIX_ACCESS_CONTROL_FILE")
@@ -156,10 +151,6 @@ class ModelixAuthorizationConfig : IModelixAuthorizationConfig {
 
         jwkUri?.let { util.addJwksUrl(it.toURL()) }
 
-        // allows multiple URLs (MODELIX_JWK_URI1, MODELIX_JWK_URI2, MODELIX_JWK_URI_MODEL_SERVER, ...)
-        System.getenv().filter { it.key.startsWith("MODELIX_JWK_URI") }.values
-            .forEach { util.addJwksUrl(URI(it).toURL()) }
-
         foreignPublicKeys.forEach { util.addPublicKey(it) }
 
         jwkKeyId?.let { util.requireKeyId(it) }
diff --git a/authorization/src/main/kotlin/org/modelix/authorization/ModelixJWTUtil.kt b/authorization/src/main/kotlin/org/modelix/authorization/ModelixJWTUtil.kt
@@ -120,6 +120,10 @@ class ModelixJWTUtil {
                 }
             }
         }
+
+        // allows multiple URLs (MODELIX_JWK_URI1, MODELIX_JWK_URI2, MODELIX_JWK_URI_MODEL_SERVER, ...)
+        System.getenv().filter { it.key.startsWith("MODELIX_JWK_URI") }.values
+            .forEach { addJwksUrl(URI(it).toURL()) }
     }
 
     fun createAccessToken(user: String, grantedPermissions: List<String>, additionalTokenContent: (TokenBuilder) -> Unit = {}): String {
diff --git a/docs/global/modules/core/pages/reference/component-model-server.adoc b/docs/global/modules/core/pages/reference/component-model-server.adoc
@@ -85,10 +85,6 @@ To enable it you can specify the following environment variables.
 |MODELIX_JWK_KEY_ID
 |Optional key ID that can be used together with `MODELIX_JWK_URI`. If specified, it ensures that only tokens that use the specified key are valid. If not specified, a token can use any RSA (256, 384 and 512) key provided by `MODELIX_JWK_URI`.
 
-|KEYCLOAK_BASE_URL
- KEYCLOAK_REALM
-|Legacy variables for the keycloak based authorization used by the Modelix Helm charts for workspaces.
-
 |===
 
 The `permissions` claim of the token is expected to list directly granted permission.

Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,10 @@ class ModelixJWTUtil {`
`120`	`120`	`}`
`121`	`121`	`}`
`122`	`122`	`}`
	`123`	`+`
	`124`	`+ // allows multiple URLs (MODELIX_JWK_URI1, MODELIX_JWK_URI2, MODELIX_JWK_URI_MODEL_SERVER, ...)`
	`125`	`+ System.getenv().filter { it.key.startsWith("MODELIX_JWK_URI") }.values`
	`126`	`+ .forEach { addJwksUrl(URI(it).toURL()) }`
`123`	`127`	`}`
`124`	`128`
`125`	`129`	`fun createAccessToken(user: String, grantedPermissions: List<String>, additionalTokenContent: (TokenBuilder) -> Unit = {}): String {`