diff --git a/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java b/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java index 8e0a1946e7c0b..d3f46a1d3e5a9 100644 --- a/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java +++ b/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java @@ -7,12 +7,10 @@ import org.testcontainers.containers.wait.strategy.Wait; import org.testcontainers.utility.MountableFile; -import com.github.dockerjava.api.command.InspectContainerResponse; - public class KeycloakContainer extends FixedHostPortGenericContainer { public KeycloakContainer() { - super("quay.io/keycloak/keycloak:15.0.2"); + super("quay.io/keycloak/keycloak:16.1.1"); withExposedPorts(8443); withFixedExposedPort(8080, 8080); withEnv("KEYCLOAK_USER", "admin"); @@ -23,27 +21,9 @@ public KeycloakContainer() { waitingFor(Wait.forLogMessage(".*WFLYSRV0025.*", 1)); withNetwork(Network.SHARED); withNetworkAliases("keycloak"); - withCreateContainerCmdModifier(cmd -> { - cmd.withEntrypoint(""); - cmd.withCmd("/bin/bash", "-c", "cd /opt/jboss/keycloak " + - "&& bin/jboss-cli.sh --file=ssl/keycloak-ssl.cli " + - "&& rm -rf standalone/configuration/standalone_xml_history/current " + - "&& cd .. " + - "&& /opt/jboss/tools/docker-entrypoint.sh -Dkeycloak.profile.feature.upload_scripts=enabled -b 0.0.0.0"); - }); - } - - @Override - protected void containerIsStarting(InspectContainerResponse containerInfo, boolean reused) { - super.containerIsStarting(containerInfo); - copyFileToContainer(MountableFile.forClasspathResource("certificates/ca-truststore.p12"), - "/opt/jboss/keycloak/standalone/configuration/certs/ca-truststore.p12"); - copyFileToContainer(MountableFile.forClasspathResource("certificates/keycloak.server.keystore.p12"), - "/opt/jboss/keycloak/standalone/configuration/certs/keycloak.server.keystore.p12"); - copyFileToContainer(MountableFile.forClasspathResource("keycloak/scripts/keycloak-ssl.cli"), - "/opt/jboss/keycloak/ssl/keycloak-ssl.cli"); - copyFileToContainer(MountableFile.forClasspathResource("keycloak/realms/kafka-authz-realm.json"), + withCopyFileToContainer(MountableFile.forClasspathResource("keycloak/realms/kafka-authz-realm.json"), "/opt/jboss/keycloak/realms/kafka-authz-realm.json"); + withCommand("-Dkeycloak.profile.feature.upload_scripts=enabled", "-b", "0.0.0.0"); } public void createHostsFile() { diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/README.md b/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/README.md deleted file mode 100644 index 16559820e3821..0000000000000 --- a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# Generating the certificates and keystore - -## Creating a self-signed CA certificate and truststore - -```bash -./gen-ca.sh -``` - -This creates `crt.ca` and adds the certificate to the keystore `ca-truststore.p12`. - -## Creating a server certificate and add it to keystore - -```bash -./gen-keycloak-certs.sh -``` - -This creates server certificate for Keycloak, signs it and adds it to keystore `keycloak.server.keystore.p12`. - -## Cleanup - -```bash -rm ca.srl -rm ca.crt -rm ca.key -rm cert-file -rm cert-signed -``` \ No newline at end of file diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/ca-truststore.p12 b/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/ca-truststore.p12 deleted file mode 100644 index ef8c8002761df..0000000000000 Binary files a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/ca-truststore.p12 and /dev/null differ diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/gen-ca.sh b/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/gen-ca.sh deleted file mode 100755 index 30e82d0889751..0000000000000 --- a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/gen-ca.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -set -e - -# create CA key -openssl genrsa -out ca.key 4096 - -# create CA certificate -openssl req -x509 -new -nodes -sha256 -days 3650 -subj "/CN=quarkus.io" -key ca.key -out ca.crt - - -PASSWORD=changeit - -# create p12 truststore -keytool -keystore ca-truststore.p12 -storetype pkcs12 -alias ca -storepass $PASSWORD -keypass $PASSWORD -import -file ca.crt -noprompt diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/gen-keycloak-certs.sh b/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/gen-keycloak-certs.sh deleted file mode 100755 index b531245fadc35..0000000000000 --- a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/gen-keycloak-certs.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -set -e - -PASSWORD=changeit - -echo "#### Create server certificate for Keycloak" -keytool -keystore keycloak.server.keystore.p12 -storetype pkcs12 -keyalg RSA -alias keycloak -validity 3650 -genkey -storepass $PASSWORD -keypass $PASSWORD -dname CN=keycloak -ext SAN=DNS:keycloak - -echo "#### Sign server certificate (export, sign, add signed to keystore)" -keytool -keystore keycloak.server.keystore.p12 -storetype pkcs12 -alias keycloak -storepass $PASSWORD -keypass $PASSWORD -certreq -file cert-file -openssl x509 -req -CA ca.crt -CAkey ca.key -in cert-file -out cert-signed -days 3650 -CAcreateserial -passin pass:$PASSWORD -keytool -keystore keycloak.server.keystore.p12 -alias CARoot -storepass $PASSWORD -keypass $PASSWORD -import -file ca.crt -noprompt -keytool -keystore keycloak.server.keystore.p12 -alias keycloak -storepass $PASSWORD -keypass $PASSWORD -import -file cert-signed -noprompt diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/keycloak.server.keystore.p12 b/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/keycloak.server.keystore.p12 deleted file mode 100644 index e63596dc56138..0000000000000 Binary files a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/keycloak.server.keystore.p12 and /dev/null differ diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/keycloak/scripts/keycloak-ssl.cli b/integration-tests/kafka-oauth-keycloak/src/test/resources/keycloak/scripts/keycloak-ssl.cli deleted file mode 100644 index ee01c530da18b..0000000000000 --- a/integration-tests/kafka-oauth-keycloak/src/test/resources/keycloak/scripts/keycloak-ssl.cli +++ /dev/null @@ -1,4 +0,0 @@ -embed-server --server-config=standalone-ha.xml -/core-service=management/security-realm=UndertowRealm:add() -/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-path=certs/keycloak.server.keystore.p12, keystore-relative-to=jboss.server.config.dir, keystore-password=changeit) -/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=security-realm, value=UndertowRealm)