Add configuration to disable bootstrap of admin account

dasniko · Nov 5, 2024 · f2510aa · f2510aa
1 parent 6221e6d
commit f2510aa
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 2 deletions.
diff --git a/src/main/java/dasniko/testcontainers/keycloak/ExtendableKeycloakContainer.java b/src/main/java/dasniko/testcontainers/keycloak/ExtendableKeycloakContainer.java
@@ -125,6 +125,8 @@ public abstract class ExtendableKeycloakContainer<SELF extends ExtendableKeycloa
     private List<File> providerLibsLocations;
     private List<String> customCommandParts;
 
+    private boolean bootstrapAdmin = true;
+
     /**
      * Create a KeycloakContainer with default image and version tag
      */
@@ -164,8 +166,11 @@ protected void configure() {
             withEnv("KC_FEATURES_DISABLED", String.join(",", featuresDisabled));
         }
 
-        withEnv("KC_BOOTSTRAP_ADMIN_USERNAME", adminUsername);
-        withEnv("KC_BOOTSTRAP_ADMIN_PASSWORD", adminPassword);
+        if(bootstrapAdmin) {
+            withEnv("KC_BOOTSTRAP_ADMIN_USERNAME", adminUsername);
+            withEnv("KC_BOOTSTRAP_ADMIN_PASSWORD", adminPassword);
+        }
+
         withEnv("JAVA_OPTS_KC_HEAP", "-XX:InitialRAMPercentage=%d -XX:MaxRAMPercentage=%d".formatted(initialRamPercentage, maxRamPercentage));
 
         if (useTls && isNotBlank(tlsCertificateFilename)) {
@@ -515,6 +520,16 @@ private SELF withDebug(int hostPort, boolean suspend) {
         return self();
     }
 
+    /** Disable default bootstrapping of the keycloak admin. Useful when realms are imported. */
+    public SELF withoutBootstrapAdmin() {
+        this.bootstrapAdmin = false;
+        return self();
+    }
+
+    /**
+     * Returns the keycloak admin. Note that this may not return a functioning admin client
+     * if the master realm including users were imported.
+     */
     public Keycloak getKeycloakAdminClient() {
         if (useTls) {
             return Keycloak.getInstance(getAuthServerUrl(), MASTER_REALM, getAdminUsername(), getAdminPassword(), ADMIN_CLI_CLIENT, buildSslContext());

diff --git a/src/test/java/dasniko/testcontainers/keycloak/KeycloakContainerTest.java b/src/test/java/dasniko/testcontainers/keycloak/KeycloakContainerTest.java
@@ -1,6 +1,7 @@
 package dasniko.testcontainers.keycloak;
 
 import io.restassured.response.ValidatableResponse;
+import jakarta.ws.rs.NotAuthorizedException;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
@@ -23,6 +24,7 @@
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.startsWith;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
 
@@ -32,6 +34,7 @@
 public class KeycloakContainerTest {
 
     public static final String TEST_REALM_JSON = "/test-realm.json";
+    public static final String MASTER_REALM_USERS_JSON = "/master-realm.json";
 
     @Test
     public void shouldStartKeycloak() {
@@ -91,6 +94,22 @@ public void shouldImportMultipleRealms() {
         }
     }
 
+    @Test
+    public void shouldImportMasterRealmAdmin() {
+        try (KeycloakContainer keycloak = new KeycloakContainer()
+            .withoutBootstrapAdmin()
+            .withRealmImportFiles(MASTER_REALM_USERS_JSON)) {
+            keycloak.start();
+
+            // Throws because we have imported a different admin user with different password
+            assertThrows(NotAuthorizedException.class, () -> keycloak.getKeycloakAdminClient().tokenManager().getAccessToken());
+
+            // Set password from imported realm, see json file
+            keycloak.withAdminPassword("password");
+            keycloak.getKeycloakAdminClient().tokenManager().getAccessToken();
+        }
+    }
+
     @Test
     public void shouldReturnServerInfo() {
         try (KeycloakContainer keycloak = new KeycloakContainer()) {

diff --git a/src/test/resources/master-realm.json b/src/test/resources/master-realm.json
@@ -0,0 +1,23 @@
+{
+    "realm": "master",
+    "enabled": true,
+    "users": [
+        {
+            "username": "admin",
+            "firstName": "Example",
+            "lastName": "User",
+            "email": "example@keycloak.org",
+            "enabled": true,
+            "credentials": [
+                {
+                    "type": "password",
+                    "value": "password"
+                }
+            ],
+            "realmRoles": [
+                "admin",
+                "default-roles-master"
+            ]
+        }
+    ]
+}