From ce27ea975f829b3f76092f97e147a8ba31435df6 Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Tue, 26 Aug 2025 10:40:00 -0700
Subject: [PATCH] keycloak use 8080

---
 test/s3/iam/iam_config.json   |  6 ++--
 test/s3/iam/setup_keycloak.sh | 57 ++++++++++++++++++++++++++++-------
 2 files changed, 49 insertions(+), 14 deletions(-)

diff --git a/test/s3/iam/iam_config.json b/test/s3/iam/iam_config.json
index 24cf80f04..d931f8389 100644
--- a/test/s3/iam/iam_config.json
+++ b/test/s3/iam/iam_config.json
@@ -19,11 +19,11 @@
       "type": "oidc",
       "enabled": true,
       "config": {
-        "issuer": "http://localhost:8090/realms/seaweedfs-test",
+        "issuer": "http://localhost:8080/realms/seaweedfs-test",
         "clientId": "seaweedfs-s3",
         "clientSecret": "seaweedfs-s3-secret",
-        "jwksUri": "http://localhost:8090/realms/seaweedfs-test/protocol/openid-connect/certs",
-        "userInfoUri": "http://localhost:8090/realms/seaweedfs-test/protocol/openid-connect/userinfo",
+        "jwksUri": "http://localhost:8080/realms/seaweedfs-test/protocol/openid-connect/certs",
+        "userInfoUri": "http://localhost:8080/realms/seaweedfs-test/protocol/openid-connect/userinfo",
         "scopes": ["openid", "profile", "email"],
         "claimsMapping": {
           "username": "preferred_username",
diff --git a/test/s3/iam/setup_keycloak.sh b/test/s3/iam/setup_keycloak.sh
index b72c00c5f..555595a43 100755
--- a/test/s3/iam/setup_keycloak.sh
+++ b/test/s3/iam/setup_keycloak.sh
@@ -11,7 +11,7 @@ NC='\033[0m'
 
 KEYCLOAK_IMAGE="quay.io/keycloak/keycloak:26.0.7"
 CONTAINER_NAME="keycloak-iam-test"
-KEYCLOAK_PORT="8090"
+KEYCLOAK_PORT="8080"  # Default port
 KEYCLOAK_URL="http://localhost:${KEYCLOAK_PORT}"
 
 # Realm and test fixtures expected by tests
@@ -41,17 +41,37 @@ echo -e "${BLUE}🔧 Setting up Keycloak realm and users for SeaweedFS S3 IAM te
 echo "Keycloak URL: ${KEYCLOAK_URL}"
 
 ensure_container() {
-  # Check for any existing Keycloak container on port 8090
-  if docker ps --format '{{.Names}}\t{{.Ports}}' | grep -q ":8090->8080"; then
-    EXISTING_CONTAINER=$(docker ps --format '{{.Names}}\t{{.Ports}}' | grep ":8090->8080" | awk '{print $1}')
-    CONTAINER_NAME="$EXISTING_CONTAINER"
-    echo -e "${GREEN}✅ Using existing container '${CONTAINER_NAME}' on port 8090${NC}"
-    return 0
+  # Check for any existing Keycloak container and detect its port
+  local keycloak_containers=$(docker ps --format '{{.Names}}\t{{.Ports}}' | grep -E "(keycloak|quay.io/keycloak)")
+  
+  if [[ -n "$keycloak_containers" ]]; then
+    # Parse the first available Keycloak container
+    CONTAINER_NAME=$(echo "$keycloak_containers" | head -1 | awk '{print $1}')
+    
+    # Extract the external port from the port mapping using sed (compatible with older bash)
+    local port_mapping=$(echo "$keycloak_containers" | head -1 | awk '{print $2}')
+    local extracted_port=$(echo "$port_mapping" | sed -n 's/.*:\([0-9]*\)->8080.*/\1/p')
+    if [[ -n "$extracted_port" ]]; then
+      KEYCLOAK_PORT="$extracted_port"
+      KEYCLOAK_URL="http://localhost:${KEYCLOAK_PORT}"
+      echo -e "${GREEN}✅ Using existing container '${CONTAINER_NAME}' on port ${KEYCLOAK_PORT}${NC}"
+      return 0
+    fi
   fi
-  # Prefer any already running Keycloak container to avoid port conflicts
+  
+  # Fallback: check for specific container names  
   if docker ps --format '{{.Names}}' | grep -q '^keycloak$'; then
     CONTAINER_NAME="keycloak"
-    echo -e "${GREEN}✅ Using existing container '${CONTAINER_NAME}'${NC}"
+    # Try to detect port for 'keycloak' container using docker port command
+    local ports=$(docker port keycloak 8080 2>/dev/null | head -1)
+    if [[ -n "$ports" ]]; then
+      local extracted_port=$(echo "$ports" | sed -n 's/.*:\([0-9]*\)$/\1/p')
+      if [[ -n "$extracted_port" ]]; then
+        KEYCLOAK_PORT="$extracted_port"
+        KEYCLOAK_URL="http://localhost:${KEYCLOAK_PORT}"
+      fi
+    fi
+    echo -e "${GREEN}✅ Using existing container '${CONTAINER_NAME}' on port ${KEYCLOAK_PORT}${NC}"
     return 0
   fi
   if docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
@@ -89,12 +109,27 @@ wait_ready() {
 
 kcadm() {
   # Always authenticate before each command to ensure context
-  docker exec -i "${CONTAINER_NAME}" /opt/keycloak/bin/kcadm.sh config credentials --server "http://localhost:8080" --realm master --user admin --password admin123 >/dev/null 2>&1
+  # Try different admin passwords that might be used in different environments
+  local admin_passwords=("admin123" "admin" "password")
+  local auth_success=false
+  
+  for pwd in "${admin_passwords[@]}"; do
+    if docker exec -i "${CONTAINER_NAME}" /opt/keycloak/bin/kcadm.sh config credentials --server "http://localhost:8080" --realm master --user admin --password "$pwd" >/dev/null 2>&1; then
+      auth_success=true
+      break
+    fi
+  done
+  
+  if [[ "$auth_success" == false ]]; then
+    echo -e "${RED}❌ Failed to authenticate with any known admin password${NC}"
+    return 1
+  fi
+  
   docker exec -i "${CONTAINER_NAME}" /opt/keycloak/bin/kcadm.sh "$@"
 }
 
 admin_login() {
-  # This is now handled by each kcadm() call
+  # This is now handled by each kcadm() call  
   echo "Logging into http://localhost:8080 as user admin of realm master"
 }