diff --git a/.github/workflows/s3-iam-tests.yml b/.github/workflows/s3-iam-tests.yml index 8f7aeddc9..8649ab3cd 100644 --- a/.github/workflows/s3-iam-tests.yml +++ b/.github/workflows/s3-iam-tests.yml @@ -135,16 +135,29 @@ jobs: docker run -d \ --name keycloak \ -p 8080:8080 \ - -e KEYCLOAK_ADMIN=admin \ - -e KEYCLOAK_ADMIN_PASSWORD=admin \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ + -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ -e KC_HTTP_ENABLED=true \ -e KC_HOSTNAME_STRICT=false \ -e KC_HOSTNAME_STRICT_HTTPS=false \ quay.io/keycloak/keycloak:26.0 \ start-dev - # Wait for Keycloak - timeout 180 bash -c 'until curl -s http://localhost:8080/realms/master > /dev/null; do sleep 5; echo "Waiting for Keycloak..."; done' + # Wait for Keycloak with better health checking + timeout 300 bash -c ' + while true; do + if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then + echo "✅ Keycloak health check passed" + break + fi + if curl -s http://localhost:8080/realms/master > /dev/null 2>&1; then + echo "✅ Keycloak master realm accessible" + break + fi + echo "Waiting for Keycloak..." + sleep 5 + done + ' # Setup Keycloak realm and users chmod +x setup_keycloak.sh @@ -224,8 +237,8 @@ jobs: docker run -d \ --name keycloak \ -p 8080:8080 \ - -e KEYCLOAK_ADMIN=admin \ - -e KEYCLOAK_ADMIN_PASSWORD=admin \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ + -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ -e KC_HTTP_ENABLED=true \ -e KC_HOSTNAME_STRICT=false \ -e KC_HOSTNAME_STRICT_HTTPS=false \ @@ -233,7 +246,20 @@ jobs: start-dev echo "Waiting for Keycloak to be ready..." - timeout 180 bash -c 'until curl -s http://localhost:8080/realms/master > /dev/null; do sleep 5; echo "Waiting for Keycloak..."; done' || { + timeout 300 bash -c ' + while true; do + if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then + echo "✅ Keycloak health check passed" + break + fi + if curl -s http://localhost:8080/realms/master > /dev/null 2>&1; then + echo "✅ Keycloak master realm accessible" + break + fi + echo "Waiting for Keycloak..." + sleep 5 + done + ' || { echo "Keycloak failed to start" docker logs keycloak exit 1 diff --git a/test/s3/iam/setup_all_tests.sh b/test/s3/iam/setup_all_tests.sh index 899c1efcb..b847d6873 100755 --- a/test/s3/iam/setup_all_tests.sh +++ b/test/s3/iam/setup_all_tests.sh @@ -80,19 +80,17 @@ setup_keycloak() { docker stop keycloak-iam-test 2>/dev/null || true docker rm keycloak-iam-test 2>/dev/null || true - # Start new Keycloak container + # Start new Keycloak container with correct environment variables for 26.0 docker run -d \ --name keycloak-iam-test \ -p $KEYCLOAK_PORT:8080 \ - -e KEYCLOAK_ADMIN=admin \ - -e KEYCLOAK_ADMIN_PASSWORD=admin123 \ - -e KC_HTTP_PORT=8080 \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ + -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ + -e KC_HTTP_ENABLED=true \ -e KC_HOSTNAME_STRICT=false \ -e KC_HOSTNAME_STRICT_HTTPS=false \ - -e KC_HTTP_ENABLED=true \ -e KC_HEALTH_ENABLED=true \ - -v "$TEST_DIR/keycloak-realm.json:/opt/keycloak/data/import/realm.json:ro" \ - quay.io/keycloak/keycloak:26.0.7 start-dev --import-realm + quay.io/keycloak/keycloak:26.0 start-dev # Wait for Keycloak to be ready if check_service "Keycloak" "http://localhost:$KEYCLOAK_PORT/health/ready"; then diff --git a/test/s3/iam/setup_keycloak.sh b/test/s3/iam/setup_keycloak.sh index 8969348ab..5f6a44aee 100755 --- a/test/s3/iam/setup_keycloak.sh +++ b/test/s3/iam/setup_keycloak.sh @@ -6,8 +6,9 @@ set -e KEYCLOAK_URL="${KEYCLOAK_URL:-http://localhost:8080}" -ADMIN_USER="${KEYCLOAK_ADMIN:-admin}" -ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-admin123}" +# Support both old and new Keycloak environment variable formats +ADMIN_USER="${KC_BOOTSTRAP_ADMIN_USERNAME:-${KEYCLOAK_ADMIN:-admin}}" +ADMIN_PASSWORD="${KC_BOOTSTRAP_ADMIN_PASSWORD:-${KEYCLOAK_ADMIN_PASSWORD:-admin123}}" REALM_NAME="seaweedfs-test" CLIENT_ID="seaweedfs-s3" CLIENT_SECRET="seaweedfs-s3-secret" @@ -15,14 +16,42 @@ CLIENT_SECRET="seaweedfs-s3-secret" echo "🔧 Setting up Keycloak realm and users for SeaweedFS S3 IAM testing..." echo "Keycloak URL: $KEYCLOAK_URL" -# Function to get admin access token +# Function to get admin access token with retry logic get_admin_token() { - curl -s -X POST "$KEYCLOAK_URL/realms/master/protocol/openid-connect/token" \ - -H "Content-Type: application/x-www-form-urlencoded" \ - -d "username=$ADMIN_USER" \ - -d "password=$ADMIN_PASSWORD" \ - -d "grant_type=password" \ - -d "client_id=admin-cli" | jq -r '.access_token' + local max_attempts=5 + local attempt=1 + + while [ $attempt -le $max_attempts ]; do + echo "🔑 Getting admin access token (attempt $attempt/$max_attempts)..." + + local response=$(curl -s -X POST "$KEYCLOAK_URL/realms/master/protocol/openid-connect/token" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "username=$ADMIN_USER" \ + -d "password=$ADMIN_PASSWORD" \ + -d "grant_type=password" \ + -d "client_id=admin-cli" 2>/dev/null || echo '{"error":"curl_failed"}') + + local token=$(echo "$response" | jq -r '.access_token // empty' 2>/dev/null || echo "") + + if [ -n "$token" ] && [ "$token" != "null" ] && [ "$token" != "" ]; then + echo "✅ Successfully obtained admin token" + echo "$token" + return 0 + fi + + echo "⚠️ Failed to get token (attempt $attempt). Response: $response" + + if [ $attempt -eq $max_attempts ]; then + echo "❌ Failed to get admin access token after $max_attempts attempts" + echo "🔍 Checking Keycloak status..." + curl -s "$KEYCLOAK_URL/realms/master" || echo "Keycloak master realm not accessible" + return 1 + fi + + echo "⏳ Waiting 5 seconds before retry..." + sleep 5 + attempt=$((attempt + 1)) + done } # Function to check if realm exists @@ -192,15 +221,31 @@ create_user() { main() { echo "🚀 Starting Keycloak setup..." - # Wait for Keycloak to be ready + # Wait for Keycloak to be ready with better health checking echo "⏳ Waiting for Keycloak to be ready..." - timeout 120 bash -c "until curl -s $KEYCLOAK_URL/realms/master > /dev/null; do sleep 2; done" || { - echo "❌ Keycloak is not ready after 120 seconds" + timeout 300 bash -c ' + while true; do + # Try health endpoint first (if available) + if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then + echo "✅ Keycloak health check passed" + break + fi + + # Fallback to master realm check + if curl -s $KEYCLOAK_URL/realms/master > /dev/null 2>&1; then + echo "✅ Keycloak master realm accessible" + break + fi + + echo "Still waiting for Keycloak..." + sleep 5 + done + ' || { + echo "❌ Keycloak is not ready after 300 seconds" exit 1 } # Get admin token - echo "🔑 Getting admin access token..." ADMIN_TOKEN=$(get_admin_token) if [ -z "$ADMIN_TOKEN" ] || [ "$ADMIN_TOKEN" = "null" ]; then echo "❌ Failed to get admin access token"