try old seed keycloak

Author: SylvainSenechal

.github/scripts/end2end/run-e2e-ctst.sh

@@ -161,19 +161,16 @@ kubectl create clusterrolebinding serviceaccounts-cluster-admin \
   --clusterrole=cluster-admin \
   --group=system:serviceaccounts
 
-                # --arg keycloak_host "${OIDC_HOST:-keycloak.zenko.local}" \
-                # --arg keycloak_realm "${OIDC_REALM:-zenko}" \
-                
-                # --arg keycloak_username "${OIDC_USERNAME:-storage_manager}" \
-                # --arg keycloak_password "${OIDC_PASSWORD:-123}" \
-                # --arg keycloak_client_id "${OIDC_CLIENT_ID:-zenko-ui}" \
-
-
-# docker run \
-#     --rm \
-#     --network=host \
-#     "${E2E_IMAGE}" /bin/bash \
-#     -c "SUBDOMAIN=${SUBDOMAIN} CONTROL_PLANE_INGRESS_ENDPOINT=${OIDC_ENDPOINT} ACCOUNT=${ZENKO_ACCOUNT_NAME} KEYCLOAK_REALM=${KEYCLOAK_TEST_REALM_NAME} STORAGE_MANAGER=${STORAGE_MANAGER_USER_NAME} STORAGE_ACCOUNT_OWNER=${STORAGE_ACCOUNT_OWNER_USER_NAME} DATA_CONSUMER=${DATA_CONSUMER_USER_NAME} DATA_ACCESSOR=${DATA_ACCESSOR_USER_NAME} /ctst/node_modules/cli-testing/bin/seedKeycloak.sh"; [[ $? -eq 1 ]] && exit 1 || echo 'Keycloak Configured!'
+SUBDOMAIN=${SUBDOMAIN} \
+CONTROL_PLANE_INGRESS_ENDPOINT=${OIDC_ENDPOINT} \
+ACCOUNT=${ZENKO_ACCOUNT_NAME} \
+KEYCLOAK_REALM=${KEYCLOAK_TEST_REALM_NAME} \
+STORAGE_MANAGER=${STORAGE_MANAGER_USER_NAME} \
+STORAGE_ACCOUNT_OWNER=${STORAGE_ACCOUNT_OWNER_USER_NAME} \
+DATA_CONSUMER=${DATA_CONSUMER_USER_NAME} \
+DATA_ACCESSOR=${DATA_ACCESSOR_USER_NAME} \
+bash "$(dirname "$0")/seedKeycloak.sh" || exit 1
+echo 'Keycloak Configured!'
 
 # Running end2end ctst tests
 # Using overrides as we need to attach a local folder to the pod

.github/scripts/end2end/seedKeycloak.sh

@@ -0,0 +1,140 @@
+#!/bin/bash
+
+SUBDOMAIN=${SUBDOMAIN:-"my-company.com"}
+CONTROL_PLANE_INGRESS_ENDPOINT=${CONTROL_PLANE_INGRESS_ENDPOINT:-"https://ui.${SUBDOMAIN}"}
+ACCOUNT=${ACCOUNT:-"AccountTest"}
+URI="${CONTROL_PLANE_INGRESS_ENDPOINT}/auth/admin/realms/${KEYCLOAK_REALM:-"artesca"}"
+HEADER="Content-Type: application/json"
+STORAGE_MANAGER=${STORAGE_MANAGER:-"storage_manager"}
+STORAGE_ACCOUNT_OWNER=${STORAGE_ACCOUNT_OWNER:-"storage_account_owner"}
+DATA_CONSUMER=${DATA_CONSUMER:-"data_consumer"}
+DATA_ACCESSOR=${DATA_ACCESSOR:-"data_accessor"}
+PASSWORD_CONFIGURATION='[{"type":"password","value":"123","temporary":"false"}]'
+
+echo "Request for authorization"
+RESULT=`curl -k \
+    --data "username=${KEYCLOAK_USERNAME:-"admin"}&password=${KEYCLOAK_PASSWORD:-"password"}&grant_type=password&client_id=${KEYCLOAK_CLIENT_ID:-"admin-cli"}" \
+    ${CONTROL_PLANE_INGRESS_ENDPOINT}/auth/realms/master/protocol/openid-connect/token`
+[ -z "$RESULT" ] && exit 1
+
+echo "Recovery of the token"
+TOKEN=`echo $RESULT | sed 's/.*access_token":"//g' | sed 's/".*//g'`
+
+echo "Display token"
+echo $TOKEN
+
+echo "- Group creation"
+
+curl -k "${URI}/groups" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data '{"name":"'${ACCOUNT}'::StorageAccountOwner"}' || exit 1
+curl -k "${URI}/groups" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data '{"name":"'${ACCOUNT}'::DataConsumer"}' || exit 1
+curl -k "${URI}/groups" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data '{"name":"'${ACCOUNT}'::DataAccessor"}' || exit 1
+
+echo "- Role creation"
+
+curl -k "${URI}/roles" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data '{"name":"'${ACCOUNT}'::StorageAccountOwner"}' || exit 1
+curl -k "${URI}/roles" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data '{"name":"'${ACCOUNT}'::DataConsumer"}' || exit 1
+curl -k "${URI}/roles" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data '{"name":"'${ACCOUNT}'::DataAccessor"}' || exit 1
+
+echo "Done"
+
+echo "- User creation"
+
+curl -k "${URI}/users" \
+    -H "${HEADER}" \
+    -H "Authorization: bearer $TOKEN" \
+    --data "{\
+        \"username\":\"${STORAGE_MANAGER}\",\
+        \"firstName\":\"${STORAGE_MANAGER}\",\
+        \"lastName\":\"${STORAGE_MANAGER}\",\
+        \"email\":\"${STORAGE_MANAGER}@scality.com\",\
+        \"enabled\":\"true\",\
+        \"credentials\":${PASSWORD_CONFIGURATION},\
+        \"realmRoles\":[\"StorageManager\"]}" || exit 1
+
+curl -k "${URI}/users" \
+    -H "${HEADER}" \
+    -H "Authorization: bearer $TOKEN" \
+    --data "{\
+        \"username\":\"${STORAGE_ACCOUNT_OWNER}\",\
+        \"firstName\":\"${STORAGE_ACCOUNT_OWNER}\",\
+        \"lastName\":\"${STORAGE_ACCOUNT_OWNER}\",\
+        \"email\":\"${STORAGE_ACCOUNT_OWNER}@scality.com\",\
+        \"enabled\":\"true\",\
+        \"credentials\":${PASSWORD_CONFIGURATION},\
+        \"groups\":[\"${ACCOUNT}::StorageAccountOwner\"]}" || exit 1
+
+curl -k "${URI}/users" \
+    -H "${HEADER}" \
+    -H "Authorization: bearer $TOKEN" \
+    --data "{\
+        \"username\":\"${DATA_CONSUMER}\",\
+        \"firstName\":\"${DATA_CONSUMER}\",\
+        \"lastName\":\"${DATA_CONSUMER}\",\
+        \"email\":\"${DATA_CONSUMER}@scality.com\",\
+        \"enabled\":\"true\",\
+        \"credentials\":${PASSWORD_CONFIGURATION},\
+        \"groups\":[\"${ACCOUNT}::DataConsumer\"]}" || exit 1
+
+curl -k "${URI}/users" \
+    -H "${HEADER}" \
+    -H "Authorization: bearer $TOKEN" \
+    --data "{\
+        \"username\":\"${DATA_ACCESSOR}\",\
+        \"firstName\":\"${DATA_ACCESSOR}\",\
+        \"lastName\":\"${DATA_ACCESSOR}\",\
+        \"email\":\"${DATA_ACCESSOR}@scality.com\",\
+        \"enabled\":\"true\",\
+        \"credentials\":${PASSWORD_CONFIGURATION},\
+        \"groups\":[\"${ACCOUNT}::DataAccessor\"]}" || exit 1
+
+echo "Done"
+
+echo "- Attach the Storage Manager"
+
+ID=`curl -k "${URI}/users?username=${STORAGE_MANAGER}" -H "${HEADER}" -H "Authorization: bearer $TOKEN" \
+    | sed 's/.*id":"//g' | sed 's/".*//g'`
+[ -z "$ID" ] && exit 1
+
+ROLE=`curl -k "${URI}/roles" -H "${HEADER}" -H "Authorization: bearer $TOKEN" \
+    | jq -r '.[] | select(.. | .name? == "StorageManager")'`
+[ -z "$ROLE" ] && exit 1
+
+curl -k -X POST "${URI}/users/${ID}/role-mappings/realm" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data "[$ROLE]" || exit 1
+
+echo "- Attach the Storage Account Owner"
+
+ID=`curl -k "${URI}/users?username=${STORAGE_ACCOUNT_OWNER}" -H "${HEADER}" -H "Authorization: bearer $TOKEN" \
+    | sed 's/.*id":"//g' | sed 's/".*//g'`
+[ -z "$ID" ] && exit 1
+
+ROLE=`curl -k "${URI}/roles" -H "${HEADER}" -H "Authorization: bearer $TOKEN" \
+    | jq -r '.[] | select(.. | .name? == "'"${ACCOUNT}"'::StorageAccountOwner")'`
+[ -z "$ROLE" ] && exit 1
+
+curl -k -X POST "${URI}/users/${ID}/role-mappings/realm" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data "[$ROLE]" || exit 1
+
+echo "- Attach the Data Consumer"
+
+ID=`curl -k "${URI}/users?username=${DATA_CONSUMER}" -H "${HEADER}" -H "Authorization: bearer $TOKEN" \
+    | sed 's/.*id":"//g' | sed 's/".*//g'`
+[ -z "$ID" ] && exit 1
+
+ROLE=`curl -k "${URI}/roles" -H "${HEADER}" -H "Authorization: bearer $TOKEN" \
+    | jq -r '.[] | select(.. | .name? == "'"${ACCOUNT}"'::DataConsumer")'`
+[ -z "$ROLE" ] && exit 1
+
+curl -k -X POST "${URI}/users/${ID}/role-mappings/realm" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data "[$ROLE]" || exit 1
+
+echo "- Attach the Data Accessor"
+
+ID=`curl -k "${URI}/users?username=${DATA_ACCESSOR}" -H "${HEADER}" -H "Authorization: bearer $TOKEN" \
+    | sed 's/.*id":"//g' | sed 's/".*//g'`
+[ -z "$ID" ] && exit 1
+
+ROLE=`curl -k "${URI}/roles" -H "${HEADER}" -H "Authorization: bearer $TOKEN" \
+    | jq -r '.[] | select(.. | .name? == "'"${ACCOUNT}"'::DataAccessor")'`
+[ -z "$ROLE" ] && exit 1
+
+curl -k -X POST "${URI}/users/${ID}/role-mappings/realm" -H "${HEADER}" -H "Authorization: bearer $TOKEN" --data "[$ROLE]" || exit 1
+
+echo "Done"

tests/ctst/common/hooks.ts

@@ -16,7 +16,7 @@ import {
     cleanupAccount,
 } from './utils';
 
-import 'cli-testing/hooks/KeycloakSetup';
+// import 'cli-testing/hooks/KeycloakSetup';
 import 'cli-testing/hooks/Logger';
 import 'cli-testing/hooks/versionTags';
 

tests/ctst/steps/pra.ts

@@ -270,7 +270,7 @@ Then('object {string} should {string} be {string} and have the storage class {st
             Identity.useIdentity(IdentityEnum.ACCOUNT, Zenko.sites['source'].accountName);
         }
         try {
-            await verifyObjectLocation.call(this, objName, objectTransitionStatus, storageClass);
+            await verifyObjectLocation.call(this, objName, objectTransitionStatus, storageClass, 340000);
             if (isVerb === 'not') {
                 throw new Error(`Object ${objName} should not be ${objectTransitionStatus}`);
             }

tests/ctst/steps/utils/utils.ts

@@ -474,7 +474,7 @@ async function putBucketReplication(
 }
 
 async function verifyObjectLocation(this: Zenko, objectName: string,
-    objectTransitionStatus: string, storageClass: string) {
+    objectTransitionStatus: string, storageClass: string, timeoutMs = 120000) {
     const objName =
         getObjectNameWithBackendFlakiness.call(this, objectName) || this.getSaved<string>('objectName');
     this.resetCommand();
@@ -489,11 +489,15 @@ async function verifyObjectLocation(this: Zenko, objectName: string,
     const startTime = Date.now();
 
     while (!conditionOk) {
+        if (Date.now() - startTime > timeoutMs) {
+            throw new Error(
+                `verifyObjectLocation timed out after ${timeoutMs / 1000}s ` +
+                `waiting for object "${objName}" to reach status "${objectTransitionStatus}" ` +
+                `with storage class "${storageClass}"`
+            );
+        }
         const res = await S3.headObject(this.getCommandParameters());
         if (res.err?.includes('NotFound')) {
-            if (Date.now() - startTime > 300000) {
-                throw new Error('Object not found after 300 seconds');
-            }
             await Utils.sleep(1000);
             continue;
         } else if (res.err) {