From 3ed2305603655db785e7cdbb5dd40232665a83f2 Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Tue, 26 Aug 2025 19:42:56 -0700
Subject: [PATCH] consistent passwords

---
 test/s3/iam/s3_iam_framework.go             | 10 ++++++----
 test/s3/iam/s3_keycloak_integration_test.go |  3 ++-
 test/s3/iam/setup_keycloak.sh               | 12 ++++++------
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/test/s3/iam/s3_iam_framework.go b/test/s3/iam/s3_iam_framework.go
index 51e52d23b..f1bdc97f3 100644
--- a/test/s3/iam/s3_iam_framework.go
+++ b/test/s3/iam/s3_iam_framework.go
@@ -197,11 +197,13 @@ func (f *S3IAMTestFramework) getKeycloakToken(username string) (string, error) {
 
 // getTestUserPassword returns the password for test users
 func (f *S3IAMTestFramework) getTestUserPassword(username string) string {
+	// Password generation matches setup_keycloak_docker.sh logic:
+	// password="${username//[^a-zA-Z]/}123" (removes non-alphabetic chars + "123")
 	userPasswords := map[string]string{
-		"admin-user":      "admin123",
-		"read-user":       "read123",
-		"write-user":      "readwrite123",
-		"write-only-user": "writeonly123",
+		"admin-user":      "adminuser123",      // "admin-user" -> "adminuser" + "123"
+		"read-user":       "readuser123",       // "read-user" -> "readuser" + "123"
+		"write-user":      "writeuser123",      // "write-user" -> "writeuser" + "123"
+		"write-only-user": "writeonlyuser123", // "write-only-user" -> "writeonlyuser" + "123"
 	}
 
 	return userPasswords[username]
diff --git a/test/s3/iam/s3_keycloak_integration_test.go b/test/s3/iam/s3_keycloak_integration_test.go
index 09203f357..9b8623307 100644
--- a/test/s3/iam/s3_keycloak_integration_test.go
+++ b/test/s3/iam/s3_keycloak_integration_test.go
@@ -129,7 +129,8 @@ func TestKeycloakTokenExpiration(t *testing.T) {
 	}
 
 	// Get a short-lived token (if Keycloak is configured for it)
-	tokenResp, err := framework.keycloakClient.AuthenticateUser("admin-user", "admin123")
+	// Use consistent password that matches Docker setup script logic: "adminuser123"
+	tokenResp, err := framework.keycloakClient.AuthenticateUser("admin-user", "adminuser123")
 	require.NoError(t, err)
 
 	// Verify token properties
diff --git a/test/s3/iam/setup_keycloak.sh b/test/s3/iam/setup_keycloak.sh
index 603cb2a73..5d3cc45d6 100755
--- a/test/s3/iam/setup_keycloak.sh
+++ b/test/s3/iam/setup_keycloak.sh
@@ -24,13 +24,13 @@ ROLE_READONLY="s3-read-only"
 ROLE_WRITEONLY="s3-write-only"
 ROLE_READWRITE="s3-read-write"
 
-# User credentials (compatible with older bash versions)
+# User credentials (matches Docker setup script logic: removes non-alphabetic chars + "123")
 get_user_password() {
   case "$1" in
-    "admin-user") echo "admin123" ;;
-    "read-user") echo "read123" ;;
-    "write-user") echo "readwrite123" ;;
-    "write-only-user") echo "writeonly123" ;;
+    "admin-user") echo "adminuser123" ;;        # "admin-user" -> "adminuser123"
+    "read-user") echo "readuser123" ;;          # "read-user" -> "readuser123"
+    "write-user") echo "writeuser123" ;;        # "write-user" -> "writeuser123"
+    "write-only-user") echo "writeonlyuser123" ;;  # "write-only-user" -> "writeonlyuser123"
     *) echo "" ;;
   esac
 }
@@ -342,7 +342,7 @@ main() {
     -d "client_id=${CLIENT_ID}" \
     -d "client_secret=${CLIENT_SECRET}" \
     -d "username=admin-user" \
-    -d "password=admin123" \
+    -d "password=adminuser123" \
     -d "scope=openid profile email" \
     -o /tmp/auth_test_response.json)