From 4e43dd7cd30042588a2264fca98b6e6b9d4d25bb Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 17 Jan 2025 12:33:54 +0200 Subject: [PATCH] Migrate Keycloak tests to JDK 21 and Keycloak 26 Signed-off-by: Alexander Bokovoy Reviewed-By: Florence Blanc-Renaud Reviewed-By: Rob Crittenden --- .../pytest_ipa/integration/create_bridge.py | 2 +- .../pytest_ipa/integration/create_keycloak.py | 28 +++++++++---------- ipatests/test_integration/test_idp.py | 4 +-- ipatests/test_integration/test_sso.py | 4 +-- 4 files changed, 18 insertions(+), 20 deletions(-) diff --git a/ipatests/pytest_ipa/integration/create_bridge.py b/ipatests/pytest_ipa/integration/create_bridge.py index 618c645feef86f846a60e5727e7777defc67624c..5dd2f305c2ba6f707ee40be12581ff62c951805b 100644 --- a/ipatests/pytest_ipa/integration/create_bridge.py +++ b/ipatests/pytest_ipa/integration/create_bridge.py @@ -147,7 +147,7 @@ def setup_keycloak_scim_plugin(host, bridge_server): # Login to keycloak as admin kcadmin_sh = "/opt/keycloak/bin/kcadm.sh" kcadmin = [kcadmin_sh, "config", "credentials", "--server", - f"https://{host.hostname}:8443/auth/", + f"https://{host.hostname}:8443", "--realm", "master", "--user", "admin", "--password", password] tasks.run_repeatedly(host, kcadmin, timeout=60) diff --git a/ipatests/pytest_ipa/integration/create_keycloak.py b/ipatests/pytest_ipa/integration/create_keycloak.py index 1340b95715c25f1bf1cbbf2e3c6e60731f3af08e..addade7594d7a1b8edefdb8c67ec4bc7abe70ef4 100644 --- a/ipatests/pytest_ipa/integration/create_keycloak.py +++ b/ipatests/pytest_ipa/integration/create_keycloak.py @@ -6,10 +6,10 @@ from ipaplatform.paths import paths from ipatests.pytest_ipa.integration import tasks -def setup_keycloakserver(host, version='17.0.0'): +def setup_keycloakserver(host, version='26.1.0'): dir = "/opt/keycloak" password = host.config.admin_password - tasks.install_packages(host, ["unzip", "java-11-openjdk-headless", + tasks.install_packages(host, ["unzip", "java-21-openjdk-headless", "openssl", "maven", "wget", "firefox", "xorg-x11-server-Xvfb"]) # add keycloak system user/group and folder @@ -33,7 +33,7 @@ def setup_keycloakserver(host, version='17.0.0'): key = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.key") crt = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.crt") - keystore = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.store") + keystore = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.jks") host.run_command(["ipa-getcert", "request", "-K", "HTTP/{0}".format(host.hostname), @@ -49,14 +49,13 @@ def setup_keycloakserver(host, version='17.0.0'): # Setup keycloak service and config files contents = textwrap.dedent(""" - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD={admin_pswd} - KC_HOSTNAME={host}:8443 + KC_BOOTSTRAP_ADMIN_USERNAME=admin + KC_BOOTSTRAP_ADMIN_PASSWORD={admin_pswd} + KC_HOSTNAME=https://{host}:8443/ KC_HTTPS_CERTIFICATE_FILE={crt} KC_HTTPS_CERTIFICATE_KEY_FILE={key} KC_HTTPS_TRUST_STORE_FILE={store} KC_HTTPS_TRUST_STORE_PASSWORD={store_pswd} - KC_HTTP_RELATIVE_PATH=/auth """).format(admin_pswd=password, host=host.hostname, crt=crt, key=key, store=keystore, store_pswd=password) host.put_file_contents("/etc/sysconfig/keycloak", contents) @@ -84,14 +83,13 @@ def setup_keycloakserver(host, version='17.0.0'): # Run build stage first env_vars = textwrap.dedent(""" - export KEYCLOAK_ADMIN=admin - export KC_HOSTNAME={hostname}:8443 + export KC_BOOTSTRAP_ADMIN_USERNAME=admin + export KC_HOSTNAME=https://{hostname}:8443/ export KC_HTTPS_CERTIFICATE_FILE=/etc/pki/tls/certs/keycloak.crt export KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/pki/tls/private/keycloak.key - export KC_HTTPS_TRUST_STORE_FILE=/etc/pki/tls/private/keycloak.store + export KC_HTTPS_TRUST_STORE_FILE=/etc/pki/tls/private/keycloak.jks export KC_HTTPS_TRUST_STORE_PASSWORD={STORE_PASS} - export KEYCLOAK_ADMIN_PASSWORD={ADMIN_PASS} - export KC_HTTP_RELATIVE_PATH=/auth + export KC_BOOTSTRAP_ADMIN_PASSWORD={ADMIN_PASS} """).format(hostname=host.hostname, STORE_PASS=password, ADMIN_PASS=password) @@ -112,7 +110,7 @@ def setup_keycloakserver(host, version='17.0.0'): host.run_command([kcadmin_sh, "config", "truststore", "--trustpass", password, keystore]) kcadmin = [kcadmin_sh, "config", "credentials", "--server", - "https://{0}:8443/auth/".format(host.hostname), + "https://{0}:8443/".format(host.hostname), "--realm", "master", "--user", "admin", "--password", password ] @@ -133,7 +131,7 @@ def setup_keycloak_client(host): password = host.config.admin_password host.run_command(["/opt/keycloak/bin/kcreg.sh", "config", "credentials", "--server", - "https://{0}:8443/auth/".format(host.hostname), + "https://{0}:8443/".format(host.hostname), "--realm", "master", "--user", "admin", "--password", password] ) @@ -163,7 +161,7 @@ def setup_keycloak_client(host): def uninstall_keycloak(host): key = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.key") crt = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.crt") - keystore = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.store") + keystore = os.path.join(paths.OPENSSL_PRIVATE_DIR, "keycloak.jks") host.run_command(["systemctl", "stop", "keycloak"], raiseonerr=False) host.run_command(["getcert", "stop-tracking", "-k", key, "-f", crt], diff --git a/ipatests/test_integration/test_idp.py b/ipatests/test_integration/test_idp.py index ca2fcecb22459685450f2ed6c3ac1b9b215170f6..76edc9458e4448e05362ff040b8dab7a53cd3054 100644 --- a/ipatests/test_integration/test_idp.py +++ b/ipatests/test_integration/test_idp.py @@ -122,7 +122,7 @@ class TestIDPKeycloak(IntegrationTest): tasks.kinit_admin(self.master) cmd = ["ipa", "idp-add", "keycloakidp", "--provider=keycloak", "--client-id=ipa_oidc_client", "--org=master", - "--base-url={0}:8443/auth".format(self.client.hostname)] + "--base-url={0}:8443".format(self.client.hostname)] self.master.run_command(cmd, stdin_text="{0}\n{0}".format( self.client.config.admin_password)) tasks.user_add(self.master, 'keycloakuser', @@ -282,7 +282,7 @@ class TestIDPKeycloak(IntegrationTest): user = "backupuser" cmd = ["ipa", "idp-add", "testidp", "--provider=keycloak", "--client-id=ipa_oidc_client", "--org=master", - "--base-url={0}:8443/auth".format(self.client.hostname)] + "--base-url={0}:8443".format(self.client.hostname)] self.master.run_command(cmd, stdin_text="{0}\n{0}".format( self.client.config.admin_password)) diff --git a/ipatests/test_integration/test_sso.py b/ipatests/test_integration/test_sso.py index 9708e9fa05a75cb2657c657b39b015249f3fd208..57c5a96bae986ee9721fc540d2be2cdc443e78fb 100644 --- a/ipatests/test_integration/test_sso.py +++ b/ipatests/test_integration/test_sso.py @@ -18,7 +18,7 @@ from selenium.webdriver.support import expected_conditions as EC options = Options() options.headless = True driver = webdriver.Firefox(executable_path="/opt/geckodriver", options=options) -verification_uri = "https://{hostname}:8443/auth/realms/master/account/#/" +verification_uri = "https://{hostname}:8443/realms/master/account/#/" driver.get(verification_uri) try: @@ -60,7 +60,7 @@ def keycloak_add_user(host, kcadm_pass, username, password=None): domain = host.domain.name kcadmin_sh = "/opt/keycloak/bin/kcadm.sh" kcadmin = [kcadmin_sh, "config", "credentials", "--server", - f"https://{host.hostname}:8443/auth/", + f"https://{host.hostname}:8443", "--realm", "master", "--user", "admin", "--password", kcadm_pass] -- 2.47.1