separate tests for keycloak

1 month ago · b3dd6b74be
2 changed files with 165 additions and 55 deletions
--- a/.github/workflows/s3-iam-tests.yml
+++ b/.github/workflows/s3-iam-tests.yml
@ -80,7 +80,7 @@ jobs:
    timeout-minutes: 25
    strategy:
      matrix:
        test-type: ["basic", "advanced", "policy-enforcement", "keycloak-integration"]
        test-type: ["basic", "advanced", "policy-enforcement"]
    steps:
      - name: Check out code
@ -129,60 +129,9 @@ jobs:
              make clean setup start-services wait-for-services
              go test -v -timeout 15m -run "TestS3IAMPolicyEnforcement|TestS3IAMBucketPolicy|TestS3IAMContextual" ./...
              ;;
            "keycloak-integration")
              echo "Running Keycloak integration tests..."
              # Start Keycloak container
              docker run -d \
                --name keycloak \
                -p 8080:8080 \
                -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
                -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
                -e KC_HTTP_ENABLED=true \
                -e KC_HOSTNAME_STRICT=false \
                -e KC_HOSTNAME_STRICT_HTTPS=false \
                quay.io/keycloak/keycloak:26.0 \
                start-dev
              # Wait for Keycloak with better health checking
              timeout 300 bash -c '
                while true; do
                  if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then
                    echo "✅ Keycloak health check passed"
                    break
                  fi
                  if curl -s http://localhost:8080/realms/master > /dev/null 2>&1; then
                    echo "✅ Keycloak master realm accessible"
                    break
                  fi
                  echo "Waiting for Keycloak..."
                  sleep 5
                done
              '
              # Setup Keycloak realm and users
              sudo apt-get update -y
              sudo apt-get install -y jq
              chmod +x setup_keycloak.sh
              ./setup_keycloak.sh
              # Wait for the test realm to be fully available
              echo "Waiting for seaweedfs-test realm to be available..."
              timeout 120 bash -c 'until curl -fs http://localhost:8080/realms/seaweedfs-test/.well-known/openid-configuration > /dev/null; do echo "... waiting for realm"; sleep 3; done' || {
                echo "❌ seaweedfs-test realm not available"
                docker logs keycloak --tail=200 || true
            *)
              echo "Unknown test type: ${{ matrix.test-type }}"
              exit 1
              }
              # Start SeaweedFS services
              make clean setup start-services wait-for-services
              # Run Keycloak tests
              export KEYCLOAK_URL="http://localhost:8080"
              go test -v -timeout 15m -run "TestKeycloak" ./...
              # Cleanup Keycloak
              docker stop keycloak || true
              docker rm keycloak || true
              ;;
          esac
--- a/.github/workflows/s3-keycloak-tests.yml
+++ b/.github/workflows/s3-keycloak-tests.yml
@ -0,0 +1,161 @@
 name: "S3 Keycloak Integration Tests"
 on:
  pull_request:
    paths:
      - 'weed/iam/**'
      - 'weed/s3api/**'
      - 'test/s3/iam/**'
      - '.github/workflows/s3-keycloak-tests.yml'
  push:
    branches: [ master ]
    paths:
      - 'weed/iam/**'
      - 'weed/s3api/**'
      - 'test/s3/iam/**'
      - '.github/workflows/s3-keycloak-tests.yml'
 concurrency:
  group: ${{ github.head_ref }}/s3-keycloak-tests
  cancel-in-progress: true
 permissions:
  contents: read
 defaults:
  run:
    working-directory: weed
 jobs:
  # Dedicated job for Keycloak integration tests
  s3-keycloak-integration-tests:
    name: S3 Keycloak Integration Tests
    runs-on: ubuntu-22.04
    timeout-minutes: 30
    steps:
      - name: Check out code
        uses: actions/checkout@v5
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: 'go.mod'
        id: go
      - name: Install SeaweedFS
        working-directory: weed
        run: |
          go install -buildvcs=false
      - name: Run Keycloak Integration Tests
        timeout-minutes: 25
        working-directory: test/s3/iam
        run: |
          set -x
          echo "=== System Information ==="
          uname -a
          free -h
          df -h
          echo "=== Starting S3 Keycloak Integration Tests ==="
          # Set WEED_BINARY to use the installed version
          export WEED_BINARY=$(which weed)
          export TEST_TIMEOUT=20m
          echo "Running Keycloak integration tests..."
          # Start Keycloak container first
          docker run -d \
            --name keycloak \
            -p 8080:8080 \
            -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
            -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
            -e KC_HTTP_ENABLED=true \
            -e KC_HOSTNAME_STRICT=false \
            -e KC_HOSTNAME_STRICT_HTTPS=false \
            quay.io/keycloak/keycloak:26.0 \
            start-dev
          # Wait for Keycloak with better health checking
          timeout 300 bash -c '
            while true; do
              if curl -s http://localhost:8080/health/ready > /dev/null 2>&1; then
                echo "✅ Keycloak health check passed"
                break
              fi
              echo "... waiting for Keycloak to be ready"
              sleep 5
            done
          '
          # Setup Keycloak configuration
          ./setup_keycloak.sh
          # Start SeaweedFS services
          make clean setup start-services wait-for-services
          # Verify service accessibility
          echo "=== Verifying Service Accessibility ==="
          curl -f http://localhost:8080/realms/master
          curl -s http://localhost:8333
          echo "✅ SeaweedFS S3 API is responding (IAM-protected endpoint)"
          # Run Keycloak-specific tests
          echo "=== Running Keycloak Tests ==="
          export KEYCLOAK_URL=http://localhost:8080
          export S3_ENDPOINT=http://localhost:8333
          # Wait for realm to be properly configured
          timeout 120 bash -c 'until curl -fs http://localhost:8080/realms/seaweedfs-test/.well-known/openid-configuration > /dev/null; do echo "... waiting for realm"; sleep 3; done'
          # Run the Keycloak integration tests
          go test -v -timeout 20m -run "TestKeycloak" ./...
      - name: Show server logs on failure
        if: failure()
        working-directory: test/s3/iam
        run: |
          echo "=== Service Logs ==="
          echo "--- Keycloak logs ---"
          docker logs keycloak --tail=100 || echo "No Keycloak container logs"
          echo "--- SeaweedFS Master logs ---"
          if [ -f weed-master.log ]; then
            tail -100 weed-master.log
          fi
          echo "--- SeaweedFS S3 logs ---"
          if [ -f weed-s3.log ]; then
            tail -100 weed-s3.log
          fi
          echo "--- SeaweedFS Filer logs ---"
          if [ -f weed-filer.log ]; then
            tail -100 weed-filer.log
          fi
          echo "=== System Status ==="
          ps aux | grep -E "(weed|keycloak)" || true
          netstat -tlnp | grep -E "(8333|9333|8080|8888)" || true
          docker ps -a || true
      - name: Cleanup
        if: always()
        working-directory: test/s3/iam
        run: |
          # Stop Keycloak container
          docker stop keycloak || true
          docker rm keycloak || true
          # Stop SeaweedFS services
          make clean || true
      - name: Upload test logs on failure
        if: failure()
        uses: actions/upload-artifact@v4
        with:
          name: s3-keycloak-test-logs
          path: |
            test/s3/iam/*.log
            test/s3/iam/test-volume-data/
          retention-days: 3