From 9c852a2036feca77f86fa9b199d3bd2a9adf8296 Mon Sep 17 00:00:00 2001 From: Kamesh Akella Date: Fri, 29 Mar 2024 04:48:58 -0400 Subject: [PATCH] removing references for and defaulting to what Keycloak provides to remove ambbiguity (#751) Closes #744 Signed-off-by: Kamesh Akella --- dataset/dataset-import.sh | 16 ++++------------ .../dataset/DatasetResourceProvider.java | 1 - .../benchmark/dataset/config/DatasetConfig.java | 9 --------- .../org/keycloak/benchmark/it/DeploymentIT.java | 2 +- .../modules/ROOT/pages/using-provider.adoc | 6 +++--- 5 files changed, 8 insertions(+), 26 deletions(-) diff --git a/dataset/dataset-import.sh b/dataset/dataset-import.sh index 71f4b6b2..61295d7a 100755 --- a/dataset/dataset-import.sh +++ b/dataset/dataset-import.sh @@ -17,7 +17,6 @@ set_environment_variables () { USERS_COUNT="100" EVENTS_COUNT="100" SESSIONS_COUNT="100" - HASH_ITERATIONS="" if ( minikube version &>/dev/null ); then KEYCLOAK_URI="https://keycloak-keycloak.$(minikube ip || echo 'unknown').nip.io/realms/master/dataset" fi @@ -50,9 +49,6 @@ set_environment_variables () { o) SESSIONS_COUNT=$OPTARG ;; - i) - HASH_ITERATIONS=$OPTARG - ;; p) REALM_PREFIX=$OPTARG ;; @@ -77,12 +73,8 @@ set_environment_variables () { } create_realms () { - echo "Creating $1 realm/s with $2 client/s and $3 user/s with $4 password hash iterations." - HASH="" - if [[ "$4" != "" ]]; then - HASH="password-hash-iterations=${4}" - fi - execute_command "create-realms?count=$1&clients-per-realm=$2&users-per-realm=$3&${HASH}&task-timeout=$5&threads-count=$6" + echo "Creating $1 realm/s with $2 client/s and $3 user/s." + execute_command "create-realms?count=$1&clients-per-realm=$2&users-per-realm=$3&task-timeout=$5&threads-count=$6" } create_clients () { @@ -179,7 +171,7 @@ check_dataset_status () { help () { echo "Dataset import to the local minikube Keycloak application - usage:" - echo "1) create realm/s with clients, users and password hash iterations - run -a (action) with or without other arguments: -a create-realms -r 10 -c 100 -u 100 -i 20000 -l 'https://keycloak.url.com'" + echo "1) create realm/s with clients, users - run -a (action) with or without other arguments: -a create-realms -r 10 -c 100 -u 100 -l 'https://keycloak.url.com'" echo "2) create clients in specific realm: -a create-clients -c 100 -n realm-0 -l 'https://keycloak.url.com'" echo "3) create users in specific realm: -a create-users -u 100 -n realm-0 -l 'https://keycloak.url.com'" echo "4) create events in specific realm: -a create-events -e 100 -n realm-0 -l 'https://keycloak.url.com'" @@ -197,7 +189,7 @@ main () { echo "Action: [$ACTION] " case "$ACTION" in create-realms) - create_realms $REALM_COUNT $CLIENTS_COUNT $USERS_COUNT "$HASH_ITERATIONS" $CREATE_TIMEOUT $THREADS + create_realms $REALM_COUNT $CLIENTS_COUNT $USERS_COUNT $CREATE_TIMEOUT $THREADS exit 0 ;; create-clients) diff --git a/dataset/src/main/java/org/keycloak/benchmark/dataset/DatasetResourceProvider.java b/dataset/src/main/java/org/keycloak/benchmark/dataset/DatasetResourceProvider.java index 34fcf1f8..ad1b9ddd 100644 --- a/dataset/src/main/java/org/keycloak/benchmark/dataset/DatasetResourceProvider.java +++ b/dataset/src/main/java/org/keycloak/benchmark/dataset/DatasetResourceProvider.java @@ -913,7 +913,6 @@ private void createAndSetRealm(RealmContext context, int index, KeycloakSession realm.setEnabled(true); realm.setRegistrationAllowed(true); realm.setAccessCodeLifespan(60); - realm.setPasswordPolicy(PasswordPolicy.parse(session, "hashIterations(" + config.getPasswordHashIterations() + ")")); if (config.getEventsEnabled()) { realm.setEventsEnabled(true); diff --git a/dataset/src/main/java/org/keycloak/benchmark/dataset/config/DatasetConfig.java b/dataset/src/main/java/org/keycloak/benchmark/dataset/config/DatasetConfig.java index c4f1458b..32349624 100644 --- a/dataset/src/main/java/org/keycloak/benchmark/dataset/config/DatasetConfig.java +++ b/dataset/src/main/java/org/keycloak/benchmark/dataset/config/DatasetConfig.java @@ -18,7 +18,6 @@ package org.keycloak.benchmark.dataset.config; -import org.keycloak.credential.hash.Pbkdf2Sha512PasswordHashProviderFactory; import static org.keycloak.benchmark.dataset.config.DatasetOperation.CREATE_AUTHZ_CLIENT; import static org.keycloak.benchmark.dataset.config.DatasetOperation.CREATE_CLIENTS; import static org.keycloak.benchmark.dataset.config.DatasetOperation.CREATE_EVENTS; @@ -151,10 +150,6 @@ public class DatasetConfig { @QueryParamIntFill(paramName = "client-roles-per-user", defaultValue = 4, operations = { CREATE_REALMS, CREATE_USERS }) private Integer clientRolesPerUser; - // Password policy with the number of password hash iterations. It is 210000 by default - @QueryParamIntFill(paramName = "password-hash-iterations", defaultValue = Pbkdf2Sha512PasswordHashProviderFactory.DEFAULT_ITERATIONS, operations = { CREATE_REALMS }) - private Integer passwordHashIterations; - // Check if eventStorage will be enabled for newly created realms @QueryParamFill(paramName = "events-enabled", defaultValue = "false", operations = { CREATE_REALMS }) private String eventsEnabled; @@ -302,10 +297,6 @@ public Integer getClientRolesPerUser() { return clientRolesPerUser; } - public Integer getPasswordHashIterations() { - return passwordHashIterations; - } - public Boolean getEventsEnabled() { return Boolean.valueOf(eventsEnabled); } diff --git a/dataset/src/test/java/org/keycloak/benchmark/it/DeploymentIT.java b/dataset/src/test/java/org/keycloak/benchmark/it/DeploymentIT.java index b643082f..5817601c 100644 --- a/dataset/src/test/java/org/keycloak/benchmark/it/DeploymentIT.java +++ b/dataset/src/test/java/org/keycloak/benchmark/it/DeploymentIT.java @@ -99,7 +99,7 @@ private void runTestWithParameter(String... args) throws IOException, URISyntaxE Process process = startKeycloak(keycloakProvidersFolder, args); try { waitForKeycloakStart(); - executeDatasetCommand("create-realms?count=1&clients-per-realm=2&users-per-realm=2&password-hash-iterations=100"); + executeDatasetCommand("create-realms?count=1&clients-per-realm=2&users-per-realm=2"); waitForDatasetCompleted(); } finally { stopKeycloak(process); diff --git a/doc/dataset/modules/ROOT/pages/using-provider.adoc b/doc/dataset/modules/ROOT/pages/using-provider.adoc index a21c788a..a75eaf72 100644 --- a/doc/dataset/modules/ROOT/pages/using-provider.adoc +++ b/doc/dataset/modules/ROOT/pages/using-provider.adoc @@ -31,7 +31,7 @@ You will see these options: ---- Dataset import to the local minikube Keycloak application - usage: -1) create realm/s with clients, users and password hash iterations - run -a (action) with or without other arguments: -a create-realms -r 10 -c 100 -u 100 -h 20000 -l 'https://keycloak.url.com' +1) create realm/s with clients, users - run -a (action) with or without other arguments: -a create-realms -r 10 -c 100 -u 100 -l 'https://keycloak.url.com' 2) create clients in specific realm: -a create-clients -c 100 -n realm-0 -l 'https://keycloak.url.com' 3) create users in specific realm: -a create-users -u 100 -n realm-0 -l 'https://keycloak.url.com' 4) create events in specific realm: -a create-events -e 100 -n realm-0 -l 'https://keycloak.url.com' @@ -168,10 +168,10 @@ You can use parameters to remove all realms for example just from `foorealm5` to For change the parameters, take a look at link:{github-files}/dataset/src/main/java/org/keycloak/benchmark/dataset/config/DatasetConfig.java[DataSetConfig class] to see available parameters and default values and which endpoint the particular parameter is applicable. -For example to create realms with prefix `foo` and with just 1000 hash iterations used for the password policy, you can use these parameters: +For example to create realms with prefix `foo`, you can use these parameters: ---- -.../realms/master/dataset/create-realms?count=10&realm-prefix=foo&password-hash-iterations=1000 +.../realms/master/dataset/create-realms?count=10&realm-prefix=foo ---- The configuration is written to the server log when HTTP endpoint is triggered, so you can monitor the progress and what parameters were effectively applied.