From 300342d3405373c9219d4854acc694f7e719aa77 Mon Sep 17 00:00:00 2001 From: Ozan Gunalp Date: Thu, 17 Feb 2022 15:32:34 +0000 Subject: [PATCH] Keycloak Oauth test bump Keycloak container version to 16.1.1 Removed keystore and certificate generation as it wasn't used --- .../kafka/containers/KeycloakContainer.java | 26 ++--------------- .../src/test/resources/certificates/README.md | 27 ------------------ .../resources/certificates/ca-truststore.p12 | Bin 1578 -> 0 bytes .../src/test/resources/certificates/gen-ca.sh | 14 --------- .../certificates/gen-keycloak-certs.sh | 14 --------- .../certificates/keycloak.server.keystore.p12 | Bin 5427 -> 0 bytes .../keycloak/scripts/keycloak-ssl.cli | 4 --- 7 files changed, 3 insertions(+), 82 deletions(-) delete mode 100644 integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/README.md delete mode 100644 integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/ca-truststore.p12 delete mode 100755 integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/gen-ca.sh delete mode 100755 integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/gen-keycloak-certs.sh delete mode 100644 integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/keycloak.server.keystore.p12 delete mode 100644 integration-tests/kafka-oauth-keycloak/src/test/resources/keycloak/scripts/keycloak-ssl.cli diff --git a/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java b/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java index 8e0a1946e7c0b..d3f46a1d3e5a9 100644 --- a/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java +++ b/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java @@ -7,12 +7,10 @@ import org.testcontainers.containers.wait.strategy.Wait; import org.testcontainers.utility.MountableFile; -import com.github.dockerjava.api.command.InspectContainerResponse; - public class KeycloakContainer extends FixedHostPortGenericContainer { public KeycloakContainer() { - super("quay.io/keycloak/keycloak:15.0.2"); + super("quay.io/keycloak/keycloak:16.1.1"); withExposedPorts(8443); withFixedExposedPort(8080, 8080); withEnv("KEYCLOAK_USER", "admin"); @@ -23,27 +21,9 @@ public KeycloakContainer() { waitingFor(Wait.forLogMessage(".*WFLYSRV0025.*", 1)); withNetwork(Network.SHARED); withNetworkAliases("keycloak"); - withCreateContainerCmdModifier(cmd -> { - cmd.withEntrypoint(""); - cmd.withCmd("/bin/bash", "-c", "cd /opt/jboss/keycloak " + - "&& bin/jboss-cli.sh --file=ssl/keycloak-ssl.cli " + - "&& rm -rf standalone/configuration/standalone_xml_history/current " + - "&& cd .. " + - "&& /opt/jboss/tools/docker-entrypoint.sh -Dkeycloak.profile.feature.upload_scripts=enabled -b 0.0.0.0"); - }); - } - - @Override - protected void containerIsStarting(InspectContainerResponse containerInfo, boolean reused) { - super.containerIsStarting(containerInfo); - copyFileToContainer(MountableFile.forClasspathResource("certificates/ca-truststore.p12"), - "/opt/jboss/keycloak/standalone/configuration/certs/ca-truststore.p12"); - copyFileToContainer(MountableFile.forClasspathResource("certificates/keycloak.server.keystore.p12"), - "/opt/jboss/keycloak/standalone/configuration/certs/keycloak.server.keystore.p12"); - copyFileToContainer(MountableFile.forClasspathResource("keycloak/scripts/keycloak-ssl.cli"), - "/opt/jboss/keycloak/ssl/keycloak-ssl.cli"); - copyFileToContainer(MountableFile.forClasspathResource("keycloak/realms/kafka-authz-realm.json"), + withCopyFileToContainer(MountableFile.forClasspathResource("keycloak/realms/kafka-authz-realm.json"), "/opt/jboss/keycloak/realms/kafka-authz-realm.json"); + withCommand("-Dkeycloak.profile.feature.upload_scripts=enabled", "-b", "0.0.0.0"); } public void createHostsFile() { diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/README.md b/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/README.md deleted file mode 100644 index 16559820e3821..0000000000000 --- a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# Generating the certificates and keystore - -## Creating a self-signed CA certificate and truststore - -```bash -./gen-ca.sh -``` - -This creates `crt.ca` and adds the certificate to the keystore `ca-truststore.p12`. - -## Creating a server certificate and add it to keystore - -```bash -./gen-keycloak-certs.sh -``` - -This creates server certificate for Keycloak, signs it and adds it to keystore `keycloak.server.keystore.p12`. - -## Cleanup - -```bash -rm ca.srl -rm ca.crt -rm ca.key -rm cert-file -rm cert-signed -``` \ No newline at end of file diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/ca-truststore.p12 b/integration-tests/kafka-oauth-keycloak/src/test/resources/certificates/ca-truststore.p12 deleted file mode 100644 index ef8c8002761df807d86ecd34a420e26f8c99ef03..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1578 zcmV+_2G#j6f(9l60Ru3C1>XhFkRX z2;>zB9z|oqx$iV_o*Il00s{cUP=JC3aF#3(&aJ=Ot6?c%8PX;Pn-%?OQ+|(W26d=y zVxe_~f?%Uj^6R#@E>elKZv(Tv?G)gTqL8-9A8@*7>c>P#*G6;%khlvT!~^>p_q_Mr zQKD}Ry6||h_~x2}O!ZhutW`|E`+HzgK3Hd?9jA8~pbVpOl(_oCpecT=jg#Azvs9j) za6=mI72KkAo(rKg>^8Lc83wwEnnfd2T?fmQN&=>muf`LVJ;69ZtV#3qKF+|nm8MS> zJ}p+~{H@VcuIfK4ZO63ZRAnfT62uQ@BWq#kD_h(J0ZFl4RKW&qP*ao5&(1Qt zW^u_`O&{1uPZ*qfEu|^jz@K5c&o6~0tn7KWYKw6N^L){3A%5IOW}ry*l62!uqU|x%vVAnyM1oxue({_ua^8QdxQ|Ps_9=6;89v(ix!{I#>tZ*9 zj#5^duTx9Rp}td8d9zWbG0XDHTsk!3X~Js8=vgC^D52Ab>V}pj_OO1vNT`*Q%clzJ zqx(fgdpTHim(ixC&(eUuRl)3Wa}j3~-8nsUF0{%2Wu`fifw!@z0kl*jv^U2JPr$w& zc(2iX!qpCd94K-Zn|?5**YQhX!>XJAA?m)6osUe&iqvEkG)prCHOd`HA`zRp6Mjiw zX58c1V^wPF8`o~sK#4_dt~iK(*tEEGX?n$qM*Nlj%WDljkL25arU6%0voJyS%kDfv zDX3AE#S9GzSG_@>YD+-5W$(FUVSUI|rYz`d6naOGd5SFzV`|lqc zLKIqTp*sjf1Jq$3#*61GJb{@wA=YaEvpp0~?uiQ9s-!D)4U4@E+EQPPvob4akJ`S` z8;V0ozsa$>?!P2nH0e)0Q*Xk}3C1H?4B-m1Gk<;5**eX0>TC9D*2`=9%dE$hg!otf z6;KsonN7kuk^Vm#en8Hdweso>b5OiN(N(vq@~sVVu#3c%^OnD3OyoF)!UGg3CQ@+M zulYOVa-HOrx{fn7C;(D85p}b6PNRs!?XwWx8lE&-QF?cM)v@sHITRIo?Xq(e;0Ot| zn|K=OUkU0sD#0r-iJBF{i`c3WRyNAGo*7d&x~9%_;u6X1(S?Jq75(yq-|DGYRpuv) z4{HUcs=6a{y^@{bxoO^cp0fks;m9rOUSZsnIpS&WhVIwW3DX(sHmPOnv0k;uFbiJW z;qo&&X_sdT=u6r%@92((iN$zDvhf9iW8q+|(N9?szAO)m)&#Dy`#(INE71PlGZGme z#XlSfWF9FeI%l^G-Ccl!%it#;toYgbn?3jk@ACX;z`o-r)V9!iOqo4L^tkh%6L0a9 zav6W6D`rqBCDK!Z=`cPpAutIB1uG5%0vZJX1Qd5+z7HayPPZ1^xxT)tTB;3KakvB& cg&6}Pyg>T4gOuf|lT^Oi+zZq-OnP$JPl^Bp!me-F;2RRtPQc&af7_oPm5}_zQ8uW zy=AF{SH-NDsvBnaRw)*_pB_?bMETflG=9=g zC;VX80k{YrZ3BF!lQ=Ij4cgvlU?F?8(^ieFCdXjs3b0ALMs;s~dOWNPkNb^x^K!Ym z2u~K@?(Nkz&5>T8lrZb`x90b$Ni_#nW@bEzKI)wxl7|5W1M}58vL@Z$7VotR`!=5i zqJ)bylM>J{*T8kk46~EHNrElsrtO}EOHg869xQF<`s(z9-ouR$`3{|EM1Xp4eMOwX z&h-j0FHoSP#>^2{nNFo9R5e}H%%qQgCvx5;KJ93P$mg4sk|prcW1EXClzzm)89!S< zEqF0-=33SVKzi2oYSTul?xQhFveAMS!Zn&XE&$OHm9=O~6Sc^qcRTD2qzO0@@-Xw2 zLB3hfpWBks(0p6o%a(8Wf*jpk?=MJ8EcNqf$Y<#B1<`JSbtvS}nHo2SS4K}7)-{+{ zYzqIdI%l~9X-(;d>LWUofzpzv3PvL|mQ$X|oZ$K;tF$iW6ko&DL%Fj+p*v(8pPAVs z3B}hYN*HcLXKS$L#!>4wEx07LKmcz&ct#3tfTAZH8wc*W%hf9%vTCb1c!@-hOz7RS zLf#4^v3b&ERPiQ;r5HSo3i`;)Bl$0I)E!xOub?_|{=deK*t7~Zfh=9WrP%}rW-!U< zG2kZ*`Hgbm`6~*mr+!!INNTNK*QYN5a)(3hTT4V4BO1xS_rS+8HD9VKLRG1Nel5S# zF=otKgKA&MFtE^v8PAMXRo>n3)T#a6g8m2*?6L2H@DE^}7hp!;aiae0cE!0g#73UU z&B9G5R2@_4PKxg!4Y2*VQ|CXKPc;`@w{6RYj*YKrBOo2wUsG|b5{sSWpKD}oQsvow zI3!m@!;4_;PZ*K$PC-vYrjbzfhR;_egU`fFkG_xkLNaR`n zqy7m3u3W$&4O5FR8@5DtvkO<_q5v#-LK=#5vhHUq!Q>X3^CbMAY!s=gD$|~&zv3TV z6>r}D{Jt!pobIdF=rOlHX)>$a5ew-_)qq1~SiGYH&@H7!sbeksh4-9ZZZCFM3ZNU;dz(lJd-c>}#BJoKp-jN+YpW}5t z#>x4@3S$?$KYlTPuwS6%kRR{t`HG2Yg6wG#XVWO}fb(PX{z@fS7(;Eo?S`BiUmIyD zfzm)7WKTbHGljDI(zsK;pk&(j8)o5l6JeLe;~}aod&>W&`HOXJG}UdJZa7=?&t0j_ zo2&;izuJ?EJ@%^mnrEH+CXP!QFX}=8BrkKTZ+piGH12VY;W`0T2>YWrG78g0(GyY) zJW#?hcb#QrQ>LBV!0;yrJq5)ppOlXaL)0_8=M0mgJ#oxp7uD>KcIluwL{GS4aAP|#G$KJ`BNl;W+@TDLaEc_Az5dy)8jsIPG zhMf;1R{aMlp`!u*S+D<-p#7I+vH!=i=^dX~2en-W^kNttjAQ8XEB$Ip{@1dhFk+k` zy2$EQ8acdFtZ4MOhnsr-ZZ4akSW}1;Kfn!t=1SRsih7xJ3xySg1~dT8>2nZqe$qMt zKcU(OBsE-F#pTONod8Yx?A0T54~C7ADcb>Y%YI_eKDYizd5Hl=byc1Dh49v6Jg@K` zFHt}ap)KfPTWQjH2kcy66A#{mdpZQ{sI41+4!}>m*_MC(5wopm2piFLbD~+ zN=7w}7>bmZUVA?(_j~4|YXS~pWU|VMH^Y}bQsCTed9&gI{0G1!laC}~j;34L1z32z zLmKHZ>GuReTzRKZqq{tV-5NTS^AwxqZ!g)`hdTqs5x>oPc0fm+S0`Z<)2_HyMFX~; zgSaaCH$xBo5K_>0;Lw7sC{OzXwIvH_V}U9CQDxQ8S_jIj;9fGfb1%Z5kelgqR9i9U z?`Lp@jMunqIld&AdnWBAp1w1fa6nlt=U;rLFh6>4oC@v>1h*qY*1;dtR zl@pR=C{wy@Coku(9DN;vG_+b^NTCC*do56YyG=%nX|ttq(OhW%9v0Oh4?@rnqS~U- zxDZXPI9a!V*`!3A4<0qdS^z;?nWL%MC$?54r_>5@dhQN>tG9=DFY_;*2VXdmNZ(f* zmu`oTJrN$pXxhr3*7xr4X}NFtYy3lCm|xF(@dc}g zzvLPbnlsjIpg*iL42aPSsH|1pU?m2>=Gu1)^-(#M+l5VgL4kK-EK}eiT(UuSN;-1? zVQH6%>$fe+!kTy7k0H6*){NqR)xN%P70ZL_q=eNV4O}u+<#pZF5fC$v>Rb9sefsqt zh?~5dRkw{vvI^^gTrADjyZB#fbR<41nwIg&c7`|eD&`DrEQ991Xto}Vmcm~eY*rsq z)>``1@GFH;c@w13Ls?oRXT0%_AFs>zi8C?SF{~!qh1jlt8P!YKs-dB}Ri+jDj5V}1 zki*j3@-o*SOdDl#9z&*}M+KkOhmK33m78p_>0%@$@f52(TO6j%V(dixOHC;-xw+A{_hlPy?_JiwE!$a>0P zxxD8GSL&)vzn%8)szzj@RXNZ{w`ERYYOz|Q2vwBa4Zg@r&3lR+NvtwGm4voS>71tj zkxdaBBtUT`A`NF9PnmSTC3}a&>Qc9aPubTr3xfugwPM4_^GfCoe*}Ctqs0cEr{kPN zNVI*iL%(vC3~i92r=JS1R*-3n3HFj{p$d>!ZwpPx=jODfty$dE%z0A>-ua_Q9<_|s zjlA95S&v97!hVG-kunu8<-><5U@YAtG~XP&X@%|_uG}Hh158voCv)Y$wMG}U2Go{BlfIweyb_sEQP%uA<(Ah z-lhtV((Q_z{LC!-01QA`xcER#(5kF1+V}MqaVs|$i0A0tv+50_w>XEi%Y}IM5Lh3R zO$qU;E=P+e=C_L}vC6y$OE$I)^~J7u2P$s>I}?5LgTysB>UV{*b#Wb9{=$zrOclMs#uPcq+QPLCWfIYPJ>N)m(Xo4&tEZlfwzRxeh<0iX5KV6@ zWq2-hC^!_~s_DRWk<a7yu;Tx=Gjo9Eh;p+Xt4nf@nuD2vU;-N_o5j@oE82Rt@lD&_CzWf#*gEy!I78> z?0gc>%R4iOGR)u)28)-5Y{2LiS}nF+hHn!S<md(>WWW714g>jHy;|0&Cfp22EfuD-nTt#VK-6UqR{3$PLL!&@k2A; zwluojSsa7;`RSZ}{bhzKGm8!LNTVjRYupVu-A)*KiJ|f0HCEx;TsmxzT&HE!qpDjr z$^Qd|$N?R1u1|AP1cc=Jpy6Ir!Qemue&P2zBPrc7~418>1+bXu|>ZK3@Z$M9f%140Nj{)Dp}rO=fB;uPTq zc6WIvR+16+4F-nN$CxPdzP-@)}C0a9n1hwsd2si!K4LBDVpUs=2K9TuSO6} z^PdzPr>P{qnbFF%R81QeDRc4K+w9Y6RoYlMC#>Si4#^b(nk@gQIHTu((rhcdpJvWO+??%LgYFjBA^PKcKXz3+THO( zy{D|Y$vZkD%C?0imVop@!JG4B@5rms^^N%bLiQcpExbRPu_a`c_?LNCd6zg>fw=wJ z$^hMwFLhLM#@sHufyixs$5Us|K#c62-qJ}6muMHu%aJ!Im5AooWAB2!a|jaCEkR;P zW%yvje(rjiqmOV8?Wfsx>YJ#*C9)A)y(k zMe{iS2|1%v8Y%SygJOMQOn&3_Fx#?M=}Tj#$>zzU@zsH)*QWLr4#8?{Q=LKjl3&~2 zaA&%dkEWCrm;_BZVw)sDa9(u)AIEd$(^us~Tx+0Qes&A8=TTzsa=&}uM7e#SWfW65 zA&vH2N}8C=P$yoqkh0q}Z^ET#qr)k>cBX}CjYx@6ln5O0PA94!-a~k5!b0Rt3gjwFpexe zF(@wSMc~Dm%lPFV9^|^m+l^bbp*KIZHwCCI)W*}xH+4^QHY|LaNksPj;x0w*2y`ZJ zTIs`I7Cd3mrjib$6F7F>WFf? z_*$Q%=vkne3o_}`gEf{Pj=vElRKSOOCso8D?8@dB`;khsmFVweXnUNL`+o)w9oPj} z^||(&H#fQ21ogVp>C(a07Yv=Rhb;pOWcGJ+q2M(t+5=HXlPEOz_QA&0uOd&Q;&aKI zoop4`PMJcL%7~q{4=F6rmq8b$#}TE0ne#0aM)Bun*?X^s`ZE`>r#|_a6)nIB9FD%M zTwOt2-ST|xFqaa_=hTGxb2{J8!yzVQLedD__VVq%jh;Vw%HFmr&v~9)w0D;`H&p6F zJ6j3vVw4qDM}@;E>1yv|oJcauJ@TJB`A2BBlhi>Wg+-sr%5>3CsXAho)XVMP>wS~t zglp|b0m&F8*MF&PP$p-!*natGid+Xroz6lrR5)87Ye(OMUav-e{hO5EYb}Yp7C*4c z+;-oX;Hk}mY9PGoeXJVX2~O*H^mVOCq_m&7Y@w2RHWH9vvFqYs<1MG1sYqr8hT%rp zM;-^D#f7@S+Ly$9mAbe=@bOcd@$B-5J^t^K@$J8G^ z`IJ}MNPFGn5kCWjsjA%w&-D{k&-)*1vY9Xvo{d5&B+t#P{%bT=G(QX_RM(%o zhm<%g(%k;IwpxE4)X{W-BXcL@Yyg{PsLTze3aqPrrWZUxn)W5*8mlE=m*u%% zC9MU%Xsh?|g|bkja9{km>HhpkugjQUR$l}nEIm-JAYy#~j%`*<^$U0ww7**LUGJ5D zhh;>*ELYv&h-(DoR{0lA4g(ddtNl9DXHk5SHv~~^^`dfOExuh_Xsx@0X9_k5{Qy>) z{u@SW;W8Qg#=UhCdFfvbxrpy)9G=KpJn!84B#&3>6MGRYf@L0GWL8BeOw#-4aQc$^ zm|uzik+$h~-!d8#<1;8lmRghb9vEa5;Q3bgrz#9-uF}_IO z*Asn#v*jOG(2$1RUi8;M^ka~{6Li;FMTOg&IcxjUlSml8WuqxpRCaY;?r$mdBRE4< z;48Y`>^GGrFo}=v+4fPSrt?kCQlfB7a3LMsWEk3(Rrcx+1evsQqjTYtok$0z6)Zj) zee3Fm*kw^S zD6hRz8I8*V6!{%?E;H(HZ@CHj!F%>21E;tm_Okk!)W0x~haYt5Y+rAZ-XLYZJ=B7v zLChdrY%Crk40Kv7048wod!D%{W`7solj{)VnP+u`Qmzjs@cm|bVDyBP*Ias^$cKiU PS4>NAM|2FdsQiBcJ+?}0 diff --git a/integration-tests/kafka-oauth-keycloak/src/test/resources/keycloak/scripts/keycloak-ssl.cli b/integration-tests/kafka-oauth-keycloak/src/test/resources/keycloak/scripts/keycloak-ssl.cli deleted file mode 100644 index ee01c530da18b..0000000000000 --- a/integration-tests/kafka-oauth-keycloak/src/test/resources/keycloak/scripts/keycloak-ssl.cli +++ /dev/null @@ -1,4 +0,0 @@ -embed-server --server-config=standalone-ha.xml -/core-service=management/security-realm=UndertowRealm:add() -/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-path=certs/keycloak.server.keystore.p12, keystore-relative-to=jboss.server.config.dir, keystore-password=changeit) -/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=security-realm, value=UndertowRealm)