Forgerock OAuth provider by bddvlpr · Pull Request #13499 · apache/cloudstack · GitHub
Skip to content

Forgerock OAuth provider#13499

Draft
bddvlpr wants to merge 1 commit into
apache:mainfrom
bddvlpr:feature_forgerock-oauth
Draft

Forgerock OAuth provider#13499
bddvlpr wants to merge 1 commit into
apache:mainfrom
bddvlpr:feature_forgerock-oauth

Conversation

@bddvlpr

@bddvlpr bddvlpr commented Jun 26, 2026

Copy link
Copy Markdown

Description

This PR adds ForgeRock as a supported OAuth2 identity provider. While writing it up I noticed that the new Keycloak provider (committed 4 days ago) would have been a line-for-line copy of this OIDC pipeline. Rather than duplicating it I've abstracted the process into a shared OIDC provider and reduced both the new Keycloak and ForgeRock providers to thin subclasses. \

Perhaps in the future this should be handled as an unbound provider (just a generic OIDC provider, pluggable with any OIDC-compliant server), but for now, this'll do.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

image image

How Has This Been Tested?

Currently only tested against a mock setup, hence why this is a draft. Moved (and merged) the keycloak test into the abstraction layer test.

How did you try to break this feature and the system with this change?

@boring-cyborg

boring-cyborg Bot commented Jun 26, 2026

Copy link
Copy Markdown

@bddvlpr
feat: forgerock oauth provider
3284edd 
Abstracted the shared OIDC token exchange into a new AbstractOIDCAuth2PRovider base class.
@bddvlpr bddvlpr force-pushed the feature_forgerock-oauth branch from 6cc6acd to 3284edd Compare June 26, 2026 07:03
@weizhouapache

weizhouapache commented Jun 26, 2026

Copy link
Copy Markdown
Member

@bddvlpr
good job !

@weizhouapache weizhouapache added this to the 4.24.0 milestone Jun 26, 2026
@codecov

codecov Bot commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 65.11628% with 30 lines in your changes missing coverage. Please review.
✅ Project coverage is 18.94%. Comparing base (82986f6) to head (3284edd).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...dstack/oauth2/oidc/AbstractOIDCOAuth2Provider.java 74.66% 13 Missing and 6 partials ⚠️
...tack/oauth2/forgerock/ForgeRockOAuth2Provider.java 0.00% 7 Missing ⚠️
...k/oauth2/api/command/RegisterOAuthProviderCmd.java 0.00% 2 Missing and 1 partial ⚠️
...dstack/oauth2/keycloak/KeycloakOAuth2Provider.java 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff            @@
##               main   #13499   +/-   ##
=========================================
  Coverage     18.94%   18.94%           
- Complexity    18363    18365    +2     
=========================================
  Files          6192     6194    +2     
  Lines        556361   556380   +19     
  Branches      67908    67909    +1     
=========================================
+ Hits         105397   105413   +16     
- Misses       439393   439394    +1     
- Partials      11571    11573    +2
Flag Coverage Δ
uitests 3.51% <ø> (-0.01%) ⬇️
unittests 20.15% <65.11%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@DaanHoogland

DaanHoogland commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

@blueorangutan package

@blueorangutan

blueorangutan commented Jun 26, 2026

Copy link
Copy Markdown

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan

blueorangutan commented Jun 26, 2026

Copy link
Copy Markdown

DaanHoogland
DaanHoogland approved these changes Jun 26, 2026
View reviewed changes

@DaanHoogland DaanHoogland left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm. I don’t think the current smoke test suite makes sense for this PR. manual testing needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DaanHoogland DaanHoogland DaanHoogland approved these changes

Assignees

No one assigned

Labels

component:authentication component:UI status:needs-testing

Projects

None yet

Milestone

4.24.0

Development

Successfully merging this pull request may close these issues.

4 participants

@bddvlpr @weizhouapache @DaanHoogland @blueorangutan