Deprecate Fine-Grained Admin Permissions v1

Closes #44121 Signed-off-by: vramik <vramik@redhat.com>
2025-12-17 04:24:48 -06:00 · 2025-11-27 09:31:08 +01:00
parent fe3507b251
commit 5dbc91e028
5 changed files with 14 additions and 9 deletions
--- a/common/src/main/java/org/keycloak/common/Profile.java
+++ b/common/src/main/java/org/keycloak/common/Profile.java
@@ -54,7 +54,7 @@ public class Profile {

        ACCOUNT_V3("Account Console version 3", Type.DEFAULT, 3, Feature.ACCOUNT_API),

-        ADMIN_FINE_GRAINED_AUTHZ("Fine-Grained Admin Permissions", Type.PREVIEW, 1),
+        ADMIN_FINE_GRAINED_AUTHZ("Fine-Grained Admin Permissions", Type.DEPRECATED, 1),

        ADMIN_FINE_GRAINED_AUTHZ_V2("Fine-Grained Admin Permissions version 2", Type.DEFAULT, 2, Feature.AUTHORIZATION),

--- a/common/src/test/java/org/keycloak/common/ProfileTest.java
+++ b/common/src/test/java/org/keycloak/common/ProfileTest.java
@@ -214,7 +214,7 @@ public class ProfileTest {
        properties.setProperty(PropertiesProfileConfigResolver.getPropertyKey(PREVIEW_FEATURE), "enabled");
        properties.setProperty(PropertiesProfileConfigResolver.getPropertyKey(EXPERIMENTAL_FEATURE), "enabled");
        if (DEPRECATED_FEATURE != null) {
-            properties.setProperty(PropertiesProfileConfigResolver.getPropertyKey(DEPRECATED_FEATURE), "enabled");
+            properties.setProperty(PropertiesProfileConfigResolver.getPropertyKey(DEPRECATED_FEATURE.getVersionedKey()), "enabled");
        }

        Profile.configure(new PropertiesProfileConfigResolver(properties));
--- a/docs/documentation/server_admin/topics/admin-console-permissions/fine-grain.adoc
+++ b/docs/documentation/server_admin/topics/admin-console-permissions/fine-grain.adoc
@@ -2,9 +2,9 @@
 [#fine-grained-admin-permissions-v1]
 === Fine grained admin permissions V1

-IMPORTANT: fine-grained admin permissions V1 have been replaced by a <<_fine_grained_permissions, new version>>.
-Version 1 of the feature is still marked as preview and is available, but it may be deprecated and removed
-in future. To enable it, start the server with `--features=admin-fine-grained-authz:v1`.
+IMPORTANT: Preview feature fine-grained admin permissions V1 has been replaced by a new
+<<_fine_grained_permissions, supported version>>. Version 1 of the feature is still available, but it has been deprecated
+and will be removed in future release. To enable it, start the server with `--features=admin-fine-grained-authz:v1`.

 Sometimes roles like `manage-realm` or `manage-users` are too coarse grain and you want to create
 restricted admin accounts that have more fine grain permissions.  {project_name} allows you to define
--- a/docs/documentation/upgrading/topics/changes/changes-26_5_0.adoc
+++ b/docs/documentation/upgrading/topics/changes/changes-26_5_0.adoc
@@ -170,6 +170,11 @@ As `AuthenticationSessionProvider` and `UserSessionProvider` now have an interna
 It is still triggered in this {project_name} version, but will be removed in a future release.


+=== Fine-Grained Admin Permissions (FGAP) v1
+
+Fine-Grained Admin Permissions (FGAP) v1 is now deprecated. This version no longer receives enhancements and improvements  and will be removed in future
+release. Please migrate to FGAP v2 to ensure continued support.
+
 // ------------------------ Removed features ------------------------ //
 == Removed features

--- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java
+++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java
@@ -91,19 +91,19 @@ public class FeaturesDistTest {

    @Test
    @EnabledOnOs(value = { OS.LINUX, OS.MAC }, disabledReason = "different shell escaping behaviour on Windows.")
-    @Launch({StartDev.NAME, "--features=token-exchange,admin-fine-grained-authz:v1"})
+    @Launch({StartDev.NAME, "--features=token-exchange,client-secret-rotation:v1"})
    public void testEnableMultipleFeatures(CLIResult cliResult) {
        cliResult.assertStartedDevMode();
-        cliResult.assertMessage("Preview features enabled: admin-fine-grained-authz:v1, token-exchange:v1");
+        cliResult.assertMessage("Preview features enabled: client-secret-rotation:v1, token-exchange:v1");
        cliResult.assertNoMessage("recovery-codes");
    }

    @Test
    @EnabledOnOs(value = { OS.WINDOWS }, disabledReason = "different shell escaping behaviour on Windows.")
-    @Launch({StartDev.NAME, "--features=\"token-exchange,admin-fine-grained-authz:v1\""})
+    @Launch({StartDev.NAME, "--features=\"token-exchange,client-secret-rotation:v1\""})
    public void testWinEnableMultipleFeatures(CLIResult cliResult) {
        cliResult.assertStartedDevMode();
-        cliResult.assertMessage("Preview features enabled: admin-fine-grained-authz:v1, token-exchange:v1");
+        cliResult.assertMessage("Preview features enabled: client-secret-rotation:v1, token-exchange:v1");
        cliResult.assertNoMessage("recovery-codes");
    }