fix tests

1 month ago · 72668a5339
3 changed files with 96 additions and 27 deletions
--- a/.github/workflows/s3-iam-tests.yml
+++ b/.github/workflows/s3-iam-tests.yml
@ -135,16 +135,29 @@ jobs:
              docker run -d \
                --name keycloak \
                -p 8080:8080 \
-                -e KEYCLOAK_ADMIN=admin \
-                -e KEYCLOAK_ADMIN_PASSWORD=admin \
+                -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
+                -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
                -e KC_HTTP_ENABLED=true \
                -e KC_HOSTNAME_STRICT=false \
                -e KC_HOSTNAME_STRICT_HTTPS=false \
                quay.io/keycloak/keycloak:26.0 \
                start-dev
              
-              # Wait for Keycloak
-              timeout 180 bash -c 'until curl -s http://localhost:8080/realms/master > /dev/null; do sleep 5; echo "Waiting for Keycloak..."; done'
+              # Wait for Keycloak with better health checking
+              timeout 300 bash -c '
+                while true; do
+                  if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then
+                    echo "✅ Keycloak health check passed"
+                    break
+                  fi
+                  if curl -s http://localhost:8080/realms/master > /dev/null 2>&1; then
+                    echo "✅ Keycloak master realm accessible"
+                    break
+                  fi
+                  echo "Waiting for Keycloak..."
+                  sleep 5
+                done
+              '
              
              # Setup Keycloak realm and users
              chmod +x setup_keycloak.sh
@ -224,8 +237,8 @@ jobs:
          docker run -d \
            --name keycloak \
            -p 8080:8080 \
-            -e KEYCLOAK_ADMIN=admin \
-            -e KEYCLOAK_ADMIN_PASSWORD=admin \
+            -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
+            -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
            -e KC_HTTP_ENABLED=true \
            -e KC_HOSTNAME_STRICT=false \
            -e KC_HOSTNAME_STRICT_HTTPS=false \
@ -233,7 +246,20 @@ jobs:
            start-dev
          
          echo "Waiting for Keycloak to be ready..."
-          timeout 180 bash -c 'until curl -s http://localhost:8080/realms/master > /dev/null; do sleep 5; echo "Waiting for Keycloak..."; done' || {
+          timeout 300 bash -c '
+            while true; do
+              if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then
+                echo "✅ Keycloak health check passed"
+                break
+              fi
+              if curl -s http://localhost:8080/realms/master > /dev/null 2>&1; then
+                echo "✅ Keycloak master realm accessible"
+                break
+              fi
+              echo "Waiting for Keycloak..."
+              sleep 5
+            done
+          ' || {
            echo "Keycloak failed to start"
            docker logs keycloak
            exit 1
--- a/test/s3/iam/setup_all_tests.sh
+++ b/test/s3/iam/setup_all_tests.sh
@ -80,19 +80,17 @@ setup_keycloak() {
    docker stop keycloak-iam-test 2>/dev/null || true
    docker rm keycloak-iam-test 2>/dev/null || true
    
-    # Start new Keycloak container
+    # Start new Keycloak container with correct environment variables for 26.0
    docker run -d \
        --name keycloak-iam-test \
        -p $KEYCLOAK_PORT:8080 \
-        -e KEYCLOAK_ADMIN=admin \
-        -e KEYCLOAK_ADMIN_PASSWORD=admin123 \
-        -e KC_HTTP_PORT=8080 \
+        -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
+        -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
+        -e KC_HTTP_ENABLED=true \
        -e KC_HOSTNAME_STRICT=false \
        -e KC_HOSTNAME_STRICT_HTTPS=false \
-        -e KC_HTTP_ENABLED=true \
        -e KC_HEALTH_ENABLED=true \
-        -v "$TEST_DIR/keycloak-realm.json:/opt/keycloak/data/import/realm.json:ro" \
-        quay.io/keycloak/keycloak:26.0.7 start-dev --import-realm
+        quay.io/keycloak/keycloak:26.0 start-dev
    
    # Wait for Keycloak to be ready
    if check_service "Keycloak" "http://localhost:$KEYCLOAK_PORT/health/ready"; then
--- a/test/s3/iam/setup_keycloak.sh
+++ b/test/s3/iam/setup_keycloak.sh
@ -6,8 +6,9 @@
 set -e

 KEYCLOAK_URL="${KEYCLOAK_URL:-http://localhost:8080}"
-ADMIN_USER="${KEYCLOAK_ADMIN:-admin}"
-ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-admin123}"
+# Support both old and new Keycloak environment variable formats
+ADMIN_USER="${KC_BOOTSTRAP_ADMIN_USERNAME:-${KEYCLOAK_ADMIN:-admin}}"
+ADMIN_PASSWORD="${KC_BOOTSTRAP_ADMIN_PASSWORD:-${KEYCLOAK_ADMIN_PASSWORD:-admin123}}"
 REALM_NAME="seaweedfs-test"
 CLIENT_ID="seaweedfs-s3"
 CLIENT_SECRET="seaweedfs-s3-secret"
@ -15,14 +16,42 @@ CLIENT_SECRET="seaweedfs-s3-secret"
 echo "🔧 Setting up Keycloak realm and users for SeaweedFS S3 IAM testing..."
 echo "Keycloak URL: $KEYCLOAK_URL"

-# Function to get admin access token
+# Function to get admin access token with retry logic
 get_admin_token() {
-    curl -s -X POST "$KEYCLOAK_URL/realms/master/protocol/openid-connect/token" \
+    local max_attempts=5
+    local attempt=1
+    
+    while [ $attempt -le $max_attempts ]; do
+        echo "🔑 Getting admin access token (attempt $attempt/$max_attempts)..."
+        
+        local response=$(curl -s -X POST "$KEYCLOAK_URL/realms/master/protocol/openid-connect/token" \
            -H "Content-Type: application/x-www-form-urlencoded" \
            -d "username=$ADMIN_USER" \
            -d "password=$ADMIN_PASSWORD" \
            -d "grant_type=password" \
-        -d "client_id=admin-cli" | jq -r '.access_token'
+            -d "client_id=admin-cli" 2>/dev/null || echo '{"error":"curl_failed"}')
+        
+        local token=$(echo "$response" | jq -r '.access_token // empty' 2>/dev/null || echo "")
+        
+        if [ -n "$token" ] && [ "$token" != "null" ] && [ "$token" != "" ]; then
+            echo "✅ Successfully obtained admin token"
+            echo "$token"
+            return 0
+        fi
+        
+        echo "⚠️  Failed to get token (attempt $attempt). Response: $response"
+        
+        if [ $attempt -eq $max_attempts ]; then
+            echo "❌ Failed to get admin access token after $max_attempts attempts"
+            echo "🔍 Checking Keycloak status..."
+            curl -s "$KEYCLOAK_URL/realms/master" || echo "Keycloak master realm not accessible"
+            return 1
+        fi
+        
+        echo "⏳ Waiting 5 seconds before retry..."
+        sleep 5
+        attempt=$((attempt + 1))
+    done
 }

 # Function to check if realm exists
@ -192,15 +221,31 @@ create_user() {
 main() {
    echo "🚀 Starting Keycloak setup..."
    
-    # Wait for Keycloak to be ready
+    # Wait for Keycloak to be ready with better health checking
    echo "⏳ Waiting for Keycloak to be ready..."
-    timeout 120 bash -c "until curl -s $KEYCLOAK_URL/realms/master > /dev/null; do sleep 2; done" || {
-        echo "❌ Keycloak is not ready after 120 seconds"
+    timeout 300 bash -c '
+        while true; do
+            # Try health endpoint first (if available)
+            if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then
+                echo "✅ Keycloak health check passed"
+                break
+            fi
+            
+            # Fallback to master realm check
+            if curl -s $KEYCLOAK_URL/realms/master > /dev/null 2>&1; then
+                echo "✅ Keycloak master realm accessible"
+                break
+            fi
+            
+            echo "Still waiting for Keycloak..."
+            sleep 5
+        done
+    ' || {
+        echo "❌ Keycloak is not ready after 300 seconds"
        exit 1
    }
    
    # Get admin token
-    echo "🔑 Getting admin access token..."
    ADMIN_TOKEN=$(get_admin_token)
    if [ -z "$ADMIN_TOKEN" ] || [ "$ADMIN_TOKEN" = "null" ]; then
        echo "❌ Failed to get admin access token"