[jenkinsci/keycloak-plugin] c0b5f7: Upgrades

[devlauer]

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/keycloak-plugin
  Commit: c0b5f721d881888d3e299ff91046173e10b14aee
      
https://github.com/jenkinsci/keycloak-plugin/commit/c0b5f721d881888d3e299ff91046173e10b14aee
  Author: Gavin Mogan <g...@gavinmogan.com>
  Date:   2020-03-26 (Thu, 26 Mar 2020)

  Changed paths:
    M pom.xml
    M src/main/java/org/jenkinsci/plugins/KeycloakSecurityRealm.java
    A 
src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/config.jelly
    R 
src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/global.jelly
    A src/test/java/org/jenkinsci/plugins/KeycloakSecurityRealmTest.java
    A src/test/resources/org/jenkinsci/plugins/KeycloakYamlExport.yaml
    A src/test/resources/org/jenkinsci/plugins/casc.yaml

  Log Message:
  -----------
  Upgrades

* Switch to newer parent pom, to get better test coverage and standards
* Upgrade java 8 (requirement for newer poms, and pretty standard)
* Migreate (with migration) away from storing data in descriptor, and move it 
to the security realm to be standard
* Support/test configuration as code

diff --git a/pom.xml b/pom.xml
index e717b5b..5fb2a6d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,8 +4,7 @@
        <parent>
                <groupId>org.jenkins-ci.plugins</groupId>
                <artifactId>plugin</artifactId>
-               <version>2.25</version><!-- which version of Jenkins is this 
plugin built
-                       against? -->
+               <version>3.56</version>
        </parent>

        <artifactId>keycloak</artifactId>
@@ -25,8 +24,11 @@
                
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
                
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
                <keycloak.version>4.8.0.Final</keycloak.version>
-               <jenkins.version>1.625.3</jenkins.version>
-               
<jenkins-test-harness.version>2.13</jenkins-test-harness.version>
+               <jenkins.version>2.60.3</jenkins.version>
+               <log4j.version>1.7.26</log4j.version>
+               <java.level>8</java.level>
+               
<configuration-as-code.version>1.36</configuration-as-code.version>
+               <jackson.version>2.10.2</jackson.version>
        </properties>

        <licenses>
@@ -59,20 +61,7 @@
                
<developerConnection>scm:git:ssh://g...@github.com/jenkinsci/jenkins-keycloak-plugin.git</developerConnection>
                <url>https://github.com/jenkinsci/jenkins-keycloak-plugin</url>
          <tag>HEAD</tag>
-  </scm>
-
-       <repositories>
-               <repository>
-                       <id>repo.jenkins-ci.org</id>
-                       <url>http://repo.jenkins-ci.org/public/</url>
-               </repository>
-       </repositories>
-       <pluginRepositories>
-               <pluginRepository>
-                       <id>repo.jenkins-ci.org</id>
-                       <url>http://repo.jenkins-ci.org/public/</url>
-               </pluginRepository>
-       </pluginRepositories>
+       </scm>

        <dependencies>
                <dependency>
@@ -103,245 +92,47 @@
                        <artifactId>mailer</artifactId>
                        <version>1.4</version>
                </dependency>
+               <dependency>
+                       <groupId>org.slf4j</groupId>
+                       <artifactId>slf4j-jdk14</artifactId>
+                       <version>${log4j.version}</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.slf4j</groupId>
+                       <artifactId>slf4j-api</artifactId>
+                       <version>${log4j.version}</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.slf4j</groupId>
+                       <artifactId>log4j-over-slf4j</artifactId>
+                       <version>${log4j.version}</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.slf4j</groupId>
+                       <artifactId>jcl-over-slf4j</artifactId>
+                       <version>${log4j.version}</version>
+               </dependency>
+               <dependency>
+                       <groupId>com.fasterxml.jackson.core</groupId>
+                       <artifactId>jackson-core</artifactId>
+                       <version>${jackson.version}</version>
+               </dependency>
+               <dependency>
+                       <groupId>com.fasterxml.jackson.core</groupId>
+                       <artifactId>jackson-databind</artifactId>
+                       <version>${jackson.version}</version>
+               </dependency>
+               <dependency>
+                       <groupId>io.jenkins</groupId>
+                       <artifactId>configuration-as-code</artifactId>
+                       <version>${configuration-as-code.version}</version>
+                       <scope>test</scope>
+               </dependency>
+               <dependency>
+                       <groupId>io.jenkins.configuration-as-code</groupId>
+                       <artifactId>test-harness</artifactId>
+                       <version>${configuration-as-code.version}</version>
+                       <scope>test</scope>
+               </dependency>
        </dependencies>
-
-
-       <build>
-               <plugins>
-                       <plugin>
-                               <groupId>org.apache.maven.plugins</groupId>
-                               <artifactId>maven-compiler-plugin</artifactId>
-                               <configuration>
-                                       <source>1.7</source>
-                                       <target>1.7</target>
-                                       <debug>true</debug>
-                               </configuration>
-                       </plugin>
-                       <plugin>
-                               <groupId>org.jenkins-ci.tools</groupId>
-                               <artifactId>maven-hpi-plugin</artifactId>
-                               <extensions>true</extensions>
-                               <configuration>
-                                       
<compatibleSinceVersion>1.93</compatibleSinceVersion>
-                               </configuration>
-                       </plugin>
-               </plugins>
-
-               <pluginManagement>
-                       <plugins>
-                               <!--This plugin's configuration is used to 
store Eclipse m2e settings
-                                       only. It has no influence on the Maven 
build itself. -->
-                               <plugin>
-                                       <groupId>org.eclipse.m2e</groupId>
-                                       
<artifactId>lifecycle-mapping</artifactId>
-                                       <version>1.0.0</version>
-                                       <configuration>
-                                               <lifecycleMappingMetadata>
-                                                       <pluginExecutions>
-                                                               
<pluginExecution>
-                                                                       
<pluginExecutionFilter>
-                                                                               
<groupId>org.kohsuke</groupId>
-                                                                               
<artifactId>
-                                                                               
        access-modifier-checker
-                                                                               
</artifactId>
-                                                                               
<versionRange>
-                                                                               
        [1.0,)
-                                                                               
</versionRange>
-                                                                               
<goals>
-                                                                               
        <goal>enforce</goal>
-                                                                               
</goals>
-                                                                       
</pluginExecutionFilter>
-                                                                       <action>
-                                                                               
<ignore />
-                                                                       
</action>
-                                                               
</pluginExecution>
-                                                               
<pluginExecution>
-                                                                       
<pluginExecutionFilter>
-                                                                               
<groupId>com.cloudbees</groupId>
-                                                                               
<artifactId>
-                                                                               
        maven-license-plugin
-                                                                               
</artifactId>
-                                                                               
<versionRange>
-                                                                               
        [1.4,)
-                                                                               
</versionRange>
-                                                                               
<goals>
-                                                                               
        <goal>process</goal>
-                                                                               
</goals>
-                                                                       
</pluginExecutionFilter>
-                                                                       <action>
-                                                                               
<ignore />
-                                                                       
</action>
-                                                               
</pluginExecution>
-                                                               
<pluginExecution>
-                                                                       
<pluginExecutionFilter>
-                                                                               
<groupId>
-                                                                               
        org.jvnet.hudson.tools
-                                                                               
</groupId>
-                                                                               
<artifactId>
-                                                                               
        maven-hpi-plugin
-                                                                               
</artifactId>
-                                                                               
<versionRange>
-                                                                               
        [2.1.1,)
-                                                                               
</versionRange>
-                                                                               
<goals>
-                                                                               
        <goal>insert-test</goal>
-                                                                               
        <goal>
-                                                                               
                resolve-test-dependencies
-                                                                               
        </goal>
-                                                                               
        <goal>test-hpl</goal>
-                                                                               
</goals>
-                                                                       
</pluginExecutionFilter>
-                                                                       <action>
-                                                                               
<ignore />
-                                                                       
</action>
-                                                               
</pluginExecution>
-                                                               
<pluginExecution>
-                                                                       
<pluginExecutionFilter>
-                                                                               
<groupId>
-                                                                               
        org.apache.maven.plugins
-                                                                               
</groupId>
-                                                                               
<artifactId>
-                                                                               
        maven-enforcer-plugin
-                                                                               
</artifactId>
-                                                                               
<versionRange>
-                                                                               
        [1.0,)
-                                                                               
</versionRange>
-                                                                               
<goals>
-                                                                               
        <goal>display-info</goal>
-                                                                               
        <goal>enforce</goal>
-                                                                               
</goals>
-                                                                       
</pluginExecutionFilter>
-                                                                       <action>
-                                                                               
<ignore />
-                                                                       
</action>
-                                                               
</pluginExecution>
-                                                               
<pluginExecution>
-                                                                       
<pluginExecutionFilter>
-                                                                               
<groupId>
-                                                                               
        org.codehaus.gmaven
-                                                                               
</groupId>
-                                                                               
<artifactId>
-                                                                               
        gmaven-plugin
-                                                                               
</artifactId>
-                                                                               
<versionRange>
-                                                                               
        [1.3,)
-                                                                               
</versionRange>
-                                                                               
<goals>
-                                                                               
        <goal>
-                                                                               
                generateTestStubs
-                                                                               
        </goal>
-                                                                               
        <goal>testCompile</goal>
-                                                                               
</goals>
-                                                                       
</pluginExecutionFilter>
-                                                                       <action>
-                                                                               
<ignore />
-                                                                       
</action>
-                                                               
</pluginExecution>
-                                                               
<pluginExecution>
-                                                                       
<pluginExecutionFilter>
-                                                                               
<groupId>
-                                                                               
        org.jvnet.localizer
-                                                                               
</groupId>
-                                                                               
<artifactId>
-                                                                               
        maven-localizer-plugin
-                                                                               
</artifactId>
-                                                                               
<versionRange>
-                                                                               
        [1.12,)
-                                                                               
</versionRange>
-                                                                               
<goals>
-                                                                               
        <goal>generate</goal>
-                                                                               
</goals>
-                                                                       
</pluginExecutionFilter>
-                                                                       <action>
-                                                                               
<ignore />
-                                                                       
</action>
-                                                               
</pluginExecution>
-                                                               
<pluginExecution>
-                                                                       
<pluginExecutionFilter>
-                                                                               
<groupId>
-                                                                               
        org.jenkins-ci.tools
-                                                                               
</groupId>
-                                                                               
<artifactId>
-                                                                               
        maven-hpi-plugin
-                                                                               
</artifactId>
-                                                                               
<versionRange>
-                                                                               
        [1.74,)
-                                                                               
</versionRange>
-                                                                               
<goals>
-                                                                               
        <goal>insert-test</goal>
-                                                                               
        <goal>
-                                                                               
                resolve-test-dependencies
-                                                                               
        </goal>
-                                                                               
        <goal>test-hpl</goal>
-                                                                               
        <goal>validate</goal>
-                                                                               
</goals>
-                                                                       
</pluginExecutionFilter>
-                                                                       <action>
-                                                                               
<ignore />
-                                                                       
</action>
-                                                               
</pluginExecution>
-                                                       </pluginExecutions>
-                                               </lifecycleMappingMetadata>
-                                       </configuration>
-                               </plugin>
-                       </plugins>
-               </pluginManagement>
-       </build>
-
-       <profiles>
-               <profile>
-                       <id>doclint-java8-disable</id>
-                       <activation>
-                               <jdk>[1.8,)</jdk>
-                       </activation>
-                       <build>
-                               <plugins>
-                                       <plugin>
-                                               
<groupId>org.apache.maven.plugins</groupId>
-                                               
<artifactId>maven-javadoc-plugin</artifactId>
-                                               <configuration>
-                                                       
<additionalparam>-Xdoclint:none</additionalparam>
-                                               </configuration>
-                                       </plugin>
-                               </plugins>
-                       </build>
-               </profile>
-               <profile>
-                       <id>travis</id>
-                       <activation>
-                               <property>
-                                       <name>env.TRAVIS</name>
-                                       <value>true</value>
-                               </property>
-                       </activation>
-                       <build>
-                               <plugins>
-                                       <plugin>
-                                               
<groupId>org.apache.maven.plugins</groupId>
-                                               
<artifactId>maven-javadoc-plugin</artifactId>
-                                               <executions>
-                                                       <execution>
-                                                               
<id>attach-javadocs</id>
-                                                               <goals>
-                                                                       
<goal>jar</goal>
-                                                               </goals>
-                                                       </execution>
-                                               </executions>
-                                       </plugin>
-                                       <plugin>
-                                               
<groupId>org.apache.maven.plugins</groupId>
-                                               
<artifactId>maven-source-plugin</artifactId>
-                                               <executions>
-                                                       <execution>
-                                                               
<id>attach-sources</id>
-                                                               <goals>
-                                                                       
<goal>jar</goal>
-                                                               </goals>
-                                                       </execution>
-                                               </executions>
-                                       </plugin>
-                               </plugins>
-                       </build>
-               </profile>
-       </profiles>
 </project>
diff --git a/src/main/java/org/jenkinsci/plugins/KeycloakSecurityRealm.java 
b/src/main/java/org/jenkinsci/plugins/KeycloakSecurityRealm.java
index c582aaa..3edf845 100644
--- a/src/main/java/org/jenkinsci/plugins/KeycloakSecurityRealm.java
+++ b/src/main/java/org/jenkinsci/plugins/KeycloakSecurityRealm.java
@@ -37,6 +37,7 @@ import javax.security.cert.X509Certificate;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;

+import com.google.common.base.Strings;
 import jenkins.security.SecurityListener;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
@@ -62,7 +63,10 @@ import org.keycloak.representations.IDToken;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.util.JsonSerialization;
 import org.keycloak.util.TokenUtil;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
 import org.kohsuke.stapler.DataBoundConstructor;
+import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.Header;
 import org.kohsuke.stapler.HttpRedirect;
 import org.kohsuke.stapler.HttpResponse;
@@ -112,6 +116,11 @@ public class KeycloakSecurityRealm extends SecurityRealm {

        private transient RefreshFilter filter;

+       private String keycloakJson = "";
+       private String keycloakIdp = "";
+       private boolean keycloakValidate = false;
+       private boolean keycloakRespectAccessTokenTimeout = true;
+
        /**
         * Constructor
         *
@@ -333,13 +342,7 @@ public class KeycloakSecurityRealm extends SecurityRealm {
         *
         */
        @Extension
-       public static class DescriptorImpl extends Descriptor<SecurityRealm> {
-
-               private String keycloakJson = "";
-        private String keycloakIdp = "";
-               private boolean keycloakValidate = false;
-               private boolean keycloakRespectAccessTokenTimeout = true;
-
+       public static final class DescriptorImpl extends 
Descriptor<SecurityRealm> {
                @Override
                public String getHelpFile() {
                        return "/plugin/keycloak/help/help-security-realm.html";
@@ -354,7 +357,11 @@ public class KeycloakSecurityRealm extends SecurityRealm {
                 * Constructor
                 */
                public DescriptorImpl() {
-                       load();
+                       super();
+               }
+
+               public DescriptorImpl(Class<? extends SecurityRealm> clazz) {
+                       super(clazz);
                }

                /**
@@ -378,153 +385,137 @@ public class KeycloakSecurityRealm extends 
SecurityRealm {
                @Override
                public boolean configure(StaplerRequest req, JSONObject json) 
throws hudson.model.Descriptor.FormException {
                        json = json.getJSONObject("keycloak");
-                       keycloakJson = json.getString("keycloakJson");
-            keycloakIdp = json.getString("keycloakIdp");
+                       String keycloakJson = json.getString("keycloakJson");
+            String keycloakIdp = json.getString("keycloakIdp");
                        // if json contains keycloakvalidate then 
keycloakvalidate is true
                        if (json.containsKey("keycloakValidate")) {
                                LOGGER.log(Level.FINE, "Keycloakvalidate set to 
true");
-                               keycloakValidate = true;
+                               json.put("keycloakValidate", true);
                                JSONObject validate = 
json.getJSONObject("keycloakValidate");
                                if 
(validate.containsKey("keycloakRespectAccessTokenTimeout")) {
-                                       keycloakRespectAccessTokenTimeout = 
validate.getBoolean("keycloakRespectAccessTokenTimeout");
-                                       LOGGER.log(Level.FINE,
-                                                       "Respect access token 
timeout is set to " + keycloakRespectAccessTokenTimeout);
+                                       
json.put("keycloakRespectAccessTokenTimeout", 
validate.getBoolean("keycloakRespectAccessTokenTimeout"));
+                                       LOGGER.log(Level.FINE, "Respect access 
token timeout is set to " + 
validate.getBoolean("keycloakRespectAccessTokenTimeout"));
                                }
                        } else {
-                               keycloakValidate = false;
-                               keycloakRespectAccessTokenTimeout = true;
+                               json.put("keycloakValidate", false);
+                               json.put("keycloakRespectAccessTokenTimeout", 
true);
                        }
-                       save();
-                       return true;
-               }
-
-               /**
-                * Returns the keycloak configuration
-                *
-                * @return {@link String} the configuration string
-                */
-               public String getKeycloakJson() {
-                       return keycloakJson;
-               }
-
-               /**
-                * Sets the keycloak json configuration string
-                *
-                * @param keycloakJson
-                *            the configuration
-                */
-               public void setKeycloakJson(String keycloakJson) {
-                       this.keycloakJson = keycloakJson;
-               }
-
-               @Override
-               public SecurityRealm newInstance(StaplerRequest req, JSONObject 
formData)
-                               throws hudson.model.Descriptor.FormException {
-                       return super.newInstance(req, formData);
-               }
-
-               /**
-                * Returns the configuration parameter for the authentication 
check on each
-                * request
-                *
-                * @return {@link Boolean} if true, authentication is checked 
on each request
-                */
-               public boolean isKeycloakValidate() {
-                       return keycloakValidate;
+                       return super.configure(req, json);
                }

-               /**
-                * Sets the configuration parameter for the authentication check
-                *
-                * @param keycloakValidate
-                *            {@link Boolean} if true authentication is checked 
on each request
-                */
-               public void setKeycloakValidate(boolean keycloakValidate) {
-                       this.keycloakValidate = keycloakValidate;
-               }
+               @Restricted(NoExternalUse.class) // Only for loading in from 
legacy disk
+               @Deprecated
+               public transient String keycloakJson = "";
+               @Restricted(NoExternalUse.class) // Only for loading in from 
legacy disk
+               @Deprecated
+               public transient String keycloakIdp = "";
+               @Restricted(NoExternalUse.class) // Only for loading in from 
legacy disk
+               @Deprecated
+               public transient boolean keycloakValidate = false;
+               @Restricted(NoExternalUse.class) // Only for loading in from 
legacy disk
+               @Deprecated
+               public transient boolean keycloakRespectAccessTokenTimeout = 
true;
+       }

-               /**
-                * Returns the configuration parameter for the access token 
check
-                *
-                * @return {@link Boolean} whether the expiration of the access 
token should be
-                *         checked or not before a token refresh
-                */
-               public boolean isKeycloakRespectAccessTokenTimeout() {
-                       return keycloakRespectAccessTokenTimeout;
-               }
+       /**
+        * Returns the keycloak configuration
+        *
+        * @return {@link String} the configuration string
+        */
+       public String getKeycloakJson() {
+               return keycloakJson;
+       }

-               /**
-                * Sets the configuration parameter for the access token check
-                *
-                * @param keycloakRespectAccessTokenTimeout
-                *            {@link Boolean} whether the expiration of the 
access token should
-                *            be checked or not before a token refresh
-                */
-               public void setKeycloakRespectAccessTokenTimeout(boolean 
keycloakRespectAccessTokenTimeout) {
-                       this.keycloakRespectAccessTokenTimeout = 
keycloakRespectAccessTokenTimeout;
-               }
-
-
-
+       /**
+        * Sets the keycloak json configuration string
+        *
+        * @param keycloakJson
+        *            the configuration
+        */
+       @DataBoundSetter
+       public void setKeycloakJson(String keycloakJson) {
+               this.keycloakJson = keycloakJson;
+       }

-               /**
-                * Returns the keycloak idp hint.
-                *
-                * @return {@link String} the keycloak idp hint
-                */
-               public String getKeycloakIdp() {
-                       return keycloakIdp;
-               }
+       /**
+        * Returns the configuration parameter for the authentication check on 
each
+        * request
+        *
+        * @return {@link Boolean} if true, authentication is checked on each 
request
+        */
+       public boolean isKeycloakValidate() {
+               return keycloakValidate;
+       }

-               /**
-                * Sets the keycloak idp hint.
-                *
-                * @param keycloakIdp {@link String} the keycloak idp hint
-                *
-                */
-               public void setKeycloakIdp(String keycloakIdp) {
-                       this.keycloakIdp = keycloakIdp;
-               }
+       /**
+        * Sets the configuration parameter for the authentication check
+        *
+        * @param keycloakValidate
+        *            {@link Boolean} if true authentication is checked on each 
request
+        */
+       @DataBoundSetter
+       public void setKeycloakValidate(boolean keycloakValidate) {
+               this.keycloakValidate = keycloakValidate;
        }

-       public DescriptorImpl getDescriptor() {
-               return (DescriptorImpl) super.getDescriptor();
+       /**
+        * Returns the configuration parameter for the access token check
+        *
+        * @return {@link Boolean} whether the expiration of the access token 
should be
+        *         checked or not before a token refresh
+        */
+       public boolean isKeycloakRespectAccessTokenTimeout() {
+               return keycloakRespectAccessTokenTimeout;
+       }

+       /**
+        * Sets the configuration parameter for the access token check
+        *
+        * @param keycloakRespectAccessTokenTimeout
+        *            {@link Boolean} whether the expiration of the access 
token should
+        *            be checked or not before a token refresh
+        */
+       @DataBoundSetter
+       public void setKeycloakRespectAccessTokenTimeout(boolean 
keycloakRespectAccessTokenTimeout) {
+               this.keycloakRespectAccessTokenTimeout = 
keycloakRespectAccessTokenTimeout;
        }

        /**
-        * Returns the keycloak json configuration
-        *
-        * @return {@link String} the json configuration
+        * Returns the keycloak idp hint.
+        *
+        * @return {@link String} the keycloak idp hint
         */
-       public String getKeycloakJson() {
-               return getDescriptor().getKeycloakJson();
+       public String getKeycloakIdp() {
+               return keycloakIdp;
        }
-
-    /**
-     * Returns the keycloak idp hint - used as parameter in the url
-     * @return {@link String} the keycloak idp hint
-     */
-    public String getKeycloakIdp() {
-               return getDescriptor().getKeycloakIdp();
+
+       /**
+        * Sets the keycloak idp hint.
+        *
+        * @param keycloakIdp {@link String} the keycloak idp hint
+        *
+        */
+       @DataBoundSetter
+       public void setKeycloakIdp(String keycloakIdp) {
+               this.keycloakIdp = keycloakIdp;
        }

        /**
         * Returns true if authentication should be checked on each response
-        *
+        *
         * @return {@link Boolean}
         */
        public boolean checkKeycloakOnEachRequest() {
-               return getDescriptor().isKeycloakValidate();
+               return isKeycloakValidate();
        }

        /**
         * Returns true if the access token should be only refreshed after its 
timeout
-        *
+        *
         * @return {@link Boolean}
         */
        public boolean respectAccessTokenTimeout() {
-               return getDescriptor().isKeycloakRespectAccessTokenTimeout();
+               return isKeycloakRespectAccessTokenTimeout();
        }

        /**
@@ -655,4 +646,19 @@ public class KeycloakSecurityRealm extends SecurityRealm {
                }
        }

+       private Object readResolve() {
+               if (Strings.isNullOrEmpty(this.keycloakJson)) {
+                       getDescriptor().load();
+                       DescriptorImpl descriptor = ((DescriptorImpl) 
getDescriptor());
+                       System.out.println("Moo -- " + descriptor.keycloakJson);
+                       if (!Strings.isNullOrEmpty(descriptor.keycloakJson)) {
+                               this.keycloakJson = descriptor.keycloakJson;
+                               this.keycloakIdp = descriptor.keycloakIdp;
+                               this.keycloakValidate = 
descriptor.keycloakValidate;
+                               this.keycloakRespectAccessTokenTimeout = 
descriptor.keycloakRespectAccessTokenTimeout;
+                       }
+               }
+               return this;
+       }
+
 }
diff --git 
a/src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/global.jelly 
b/src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/config.jelly
similarity index 100%
rename from 
src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/global.jelly
rename to 
src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/config.jelly
diff --git a/src/test/java/org/jenkinsci/plugins/KeycloakSecurityRealmTest.java 
b/src/test/java/org/jenkinsci/plugins/KeycloakSecurityRealmTest.java
new file mode 100644
index 0000000..0c16518
--- /dev/null
+++ b/src/test/java/org/jenkinsci/plugins/KeycloakSecurityRealmTest.java
@@ -0,0 +1,48 @@
+package org.jenkinsci.plugins;
+
+import io.jenkins.plugins.casc.ConfigurationContext;
+import io.jenkins.plugins.casc.ConfiguratorRegistry;
+import io.jenkins.plugins.casc.misc.ConfiguredWithCode;
+import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule;
+import io.jenkins.plugins.casc.model.CNode;
+import jenkins.model.IdStrategy;
+import jenkins.model.Jenkins;
+import org.junit.Rule;
+import org.junit.Test;
+
+import static io.jenkins.plugins.casc.misc.Util.getJenkinsRoot;
+import static io.jenkins.plugins.casc.misc.Util.toStringFromYamlFile;
+import static io.jenkins.plugins.casc.misc.Util.toYamlString;
+import static org.junit.Assert.*;
+
+public class KeycloakSecurityRealmTest {
+    @Rule
+    public JenkinsConfiguredWithCodeRule chain = new 
JenkinsConfiguredWithCodeRule();
+
+    @Test
+    @ConfiguredWithCode("casc.yaml")
+    public void configure_keycloak() {
+        final Jenkins jenkins = Jenkins.getInstance();
+        final KeycloakSecurityRealm securityRealm = (KeycloakSecurityRealm) 
jenkins.getSecurityRealm();
+        assertEquals(1, securityRealm.getKeycloakJson());
+        assertTrue(securityRealm.getUserIdStrategy() instanceof 
IdStrategy.CaseInsensitive);
+        assertTrue(securityRealm.getGroupIdStrategy() instanceof 
IdStrategy.CaseSensitive);
+    }
+
+    @Test
+    public void export_casc_keycloak() throws Exception {
+        KeycloakSecurityRealm ksr = new KeycloakSecurityRealm();
+        ksr.setKeycloakJson("{\"realm\": \"master\",\"auth-server-url\": 
\"https://keycloak.example.com/auth/\",\"ssl-required\": 
\"external\",\"resource\": \"ci-example-com\",\"credentials\": {\"secret\": 
\"secret-secret-secret\"},\"confidential-port\": 0}");
+        Jenkins.getInstance().setSecurityRealm(ksr);
+
+        ConfiguratorRegistry registry = ConfiguratorRegistry.get();
+        ConfigurationContext context = new ConfigurationContext(registry);
+        CNode yourAttribute = 
getJenkinsRoot(context).get("securityRealm").asMapping().get("keycloak");
+
+        String exported = toYamlString(yourAttribute);
+
+        String expected = toStringFromYamlFile(this, 
"KeycloakYamlExport.yaml");
+
+        assertEquals(expected, exported);
+    }
+}
\ No newline at end of file
diff --git a/src/test/resources/org/jenkinsci/plugins/KeycloakYamlExport.yaml 
b/src/test/resources/org/jenkinsci/plugins/KeycloakYamlExport.yaml
new file mode 100644
index 0000000..eb5cb5e
--- /dev/null
+++ b/src/test/resources/org/jenkinsci/plugins/KeycloakYamlExport.yaml
@@ -0,0 +1,4 @@
+keycloakJson: "{\"realm\": \"master\",\"auth-server-url\": 
\"https://keycloak.example.com/auth/\"\
+  ,\"ssl-required\": \"external\",\"resource\": 
\"ci-example-com\",\"credentials\"\
+  : {\"secret\": \"secret-secret-secret\"},\"confidential-port\":\
+  \ 0}"
diff --git a/src/test/resources/org/jenkinsci/plugins/casc.yaml 
b/src/test/resources/org/jenkinsci/plugins/casc.yaml
new file mode 100644
index 0000000..0ab9bca
--- /dev/null
+++ b/src/test/resources/org/jenkinsci/plugins/casc.yaml
@@ -0,0 +1,16 @@
+jenkins:
+  securityRealm:
+    keycloak:
+      keycloakJson: |-
+        {
+          "realm": "master",
+          "auth-server-url": "https://keycloak.example.com/auth/";,
+          "ssl-required": "external",
+          "resource": "ci-example-com",
+          "credentials": {
+            "secret": "secret-secret-secret"
+          },
+          "confidential-port": 0
+        }
+      keycloakRespectAccessTokenTimeout: true
+      keycloakValidate: false
\ No newline at end of file


  Commit: 51576be44ad5f3d1b2fdcecdaa05eeebf2f70c1f
      
https://github.com/jenkinsci/keycloak-plugin/commit/51576be44ad5f3d1b2fdcecdaa05eeebf2f70c1f
  Author: Gavin Mogan <g...@gavinmogan.com>
  Date:   2020-03-26 (Thu, 26 Mar 2020)

  Changed paths:
    A .editorconfig
    A Jenkinsfile

  Log Message:
  -----------
  CI all the things (also standardize with editorconfig)


  Commit: d318ceb9a2235a43641a1b9669762ae7cb153d08
      
https://github.com/jenkinsci/keycloak-plugin/commit/d318ceb9a2235a43641a1b9669762ae7cb153d08
  Author: Gavin Mogan <g...@gavinmogan.com>
  Date:   2020-04-16 (Thu, 16 Apr 2020)

  Changed paths:
    M src/test/java/org/jenkinsci/plugins/KeycloakSecurityRealmTest.java
    M src/test/resources/org/jenkinsci/plugins/KeycloakYamlExport.yaml

  Log Message:
  -----------
  fix tests


  Commit: f670289248b605f07ea4eaffe847924179117840
      
https://github.com/jenkinsci/keycloak-plugin/commit/f670289248b605f07ea4eaffe847924179117840
  Author: Gavin Mogan <g...@gavinmogan.com>
  Date:   2020-04-16 (Thu, 16 Apr 2020)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  Upgrade to newer jenkins base version that doesn't have all the implicit 
plugins


  Commit: 8d1c689d0ef7624a48bdd2740e5b09439c87daae
      
https://github.com/jenkinsci/keycloak-plugin/commit/8d1c689d0ef7624a48bdd2740e5b09439c87daae
  Author: Lauer <dev.la...@googlemail.com>
  Date:   2020-05-01 (Fri, 01 May 2020)

  Changed paths:
    A .editorconfig
    A Jenkinsfile
    M pom.xml
    M src/main/java/org/jenkinsci/plugins/KeycloakSecurityRealm.java
    A 
src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/config.jelly
    R 
src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/global.jelly
    A src/test/java/org/jenkinsci/plugins/KeycloakSecurityRealmTest.java
    A src/test/resources/org/jenkinsci/plugins/KeycloakYamlExport.yaml
    A src/test/resources/org/jenkinsci/plugins/casc.yaml

  Log Message:
  -----------
  Merge branch 'upgrades' of git://github.com/halkeye/keycloak-plugin into 
halkeye-upgrades


  Commit: 02cfab37b86cf2572add69e5c2792955072d1b45
      
https://github.com/jenkinsci/keycloak-plugin/commit/02cfab37b86cf2572add69e5c2792955072d1b45
  Author: Lauer <dev.la...@googlemail.com>
  Date:   2020-05-01 (Fri, 01 May 2020)

  Changed paths:
    M Changelog.md

  Log Message:
  -----------
  merged changelog


  Commit: 0d55cc4e038e680d34a40b602976ee1d3ea3157e
      
https://github.com/jenkinsci/keycloak-plugin/commit/0d55cc4e038e680d34a40b602976ee1d3ea3157e
  Author: Lauer <dev.la...@googlemail.com>
  Date:   2020-05-01 (Fri, 01 May 2020)

  Changed paths:
    M .gitignore

  Log Message:
  -----------
  added files to ignore


  Commit: 5a27513cf3955a634e93dec8544c71f0b98fca3e
      
https://github.com/jenkinsci/keycloak-plugin/commit/5a27513cf3955a634e93dec8544c71f0b98fca3e
  Author: Lauer <dev.la...@googlemail.com>
  Date:   2020-05-01 (Fri, 01 May 2020)

  Changed paths:
    M src/main/java/org/jenkinsci/plugins/KeycloakSecurityRealm.java

  Log Message:
  -----------
  removed unnecessary variables


  Commit: 68ad3e0847780f93d9e512ded94f96eadc69a9ba
      
https://github.com/jenkinsci/keycloak-plugin/commit/68ad3e0847780f93d9e512ded94f96eadc69a9ba
  Author: Lauer <dev.la...@googlemail.com>
  Date:   2020-05-01 (Fri, 01 May 2020)

  Changed paths:
    A .editorconfig
    M .gitignore
    M Changelog.md
    A Jenkinsfile
    M pom.xml
    M src/main/java/org/jenkinsci/plugins/KeycloakSecurityRealm.java
    A 
src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/config.jelly
    R 
src/main/resources/org/jenkinsci/plugins/KeycloakSecurityRealm/global.jelly
    A src/test/java/org/jenkinsci/plugins/KeycloakSecurityRealmTest.java
    A src/test/resources/org/jenkinsci/plugins/KeycloakYamlExport.yaml
    A src/test/resources/org/jenkinsci/plugins/casc.yaml

  Log Message:
  -----------
  Merge branch 'halkeye-upgrades'


  Commit: befe7a4dbbf7957ac3c294b136ac6281ddc7b2ec
      
https://github.com/jenkinsci/keycloak-plugin/commit/befe7a4dbbf7957ac3c294b136ac6281ddc7b2ec
  Author: Lauer <dev.la...@googlemail.com>
  Date:   2020-05-01 (Fri, 01 May 2020)

  Changed paths:
    M Changelog.md

  Log Message:
  -----------
  Added "pull request merged" notice to Changelog.md


Compare: 
https://github.com/jenkinsci/keycloak-plugin/compare/830e54f946f6...befe7a4dbbf7

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/keycloak-plugin/push/refs/heads/master/830e54-befe7a%40github.com.