[issue 105] - Addint the RHSSO Template provisioner

.ci/openshift-ci/build-root/e2e-test-prod.sh

@@ -118,6 +118,7 @@ mvn test -Dmaven.repo.local=./local-repo-prod -pl testsuite/ -Pts.prod \
  -Dintersmash.rhsso.image=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:latest \
  -Dintersmash.rhsso.operators.catalog_source=redhat-operators \
  -Dintersmash.rhsso.operators.package_manifest=rhsso-operator \
+ -Dintersmash.rhsso.templates=https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/sso76-dev/templates/ \
  -Dintersmash.infinispan.image=registry.redhat.io/jboss-datagrid-7/datagrid73-openshift:latest \
  -Dintersmash.infinispan.operators.catalog_source=redhat-operators \
  -Dintersmash.infinispan.operators.package_manifest=datagrid \

README.md

@@ -260,7 +260,8 @@ Mapping of implemented provisioners:
 | Wildfly & Red Hat JBoss EAP 7/8       | :heavy_check_mark:         | :heavy_check_mark: | WildflyOperatorApplication           | WildflyOperatorProvisioner                  | Operator based provisioner, see details [below](#operator-based-provisioning)                                                                                                                                                                                                                                                                                  |
 | Red Hat JBoss EAP 7                   | :x:                        | :heavy_check_mark: | Eap7ImageOpenShiftApplication        | Eap7ImageOpenShiftProvisioner               | Available both for Git sources and binary based EAP 7 s2i (legacy) build, i.e. based on a pre-built deployment (i.e. a _WAR archive_)                                                                                                                                                                                                                          |
 | Red Hat JBoss EAP 7                   | :x:                        | :heavy_check_mark: | Eap7TemplateOpenShiftApplication     | Eap7TemplateOpenShiftProvisioner            | Available Git sources and template based EAP 7 s2i (legacy) build                                                                                                                                                                                                                                                                                              |
-| Red Hat SSO 7                         | :x:                        | :heavy_check_mark: | RhSsoOperatorApplication             | RhSsoOperatorProvisioner                    | Based on the archived Keycloak operator project, which contains the latest Red Hat SSO 7.z CRDs definitions, see details [below](#operator-based-provisioning)                                                                                                                                                                                                 |
+| Red Hat SSO 7                         | :x:                        | :heavy_check_mark: | RhSsoOperatorApplication             | RhSsoOperatorProvisioner                    | Based on the archived Keycloak operator project, which contains the latest Red Hat SSO 7.6.z CRDs definitions, see details [below](#operator-based-provisioning)                                                                                                                                                                                               |
+| Red Hat SSO 7                         | :x:                        | :heavy_check_mark: | RhSsoTemplateOpenShiftApplication    | RhSsoTemplateOpenShiftProvisioner           | Allows provisioning Red Hat SSO 7.6.z based on latest templates, see https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/sso76-dev/templates/                                                                                                                                                                                |
 
 
 The only thing users have to take care of is to implement the correct `Application` (see the table above) interface and 

testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/OpenShiftProvisionerTestBase.java

@@ -15,6 +15,8 @@
  */
 package org.jboss.intersmash.testsuite.provision.openshift;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
@@ -37,15 +39,19 @@
 import org.jboss.intersmash.tools.application.openshift.KafkaOperatorApplication;
 import org.jboss.intersmash.tools.application.openshift.MysqlImageOpenShiftApplication;
 import org.jboss.intersmash.tools.application.openshift.PostgreSQLImageOpenShiftApplication;
+import org.jboss.intersmash.tools.application.openshift.RhSsoTemplateOpenShiftApplication;
 import org.jboss.intersmash.tools.application.openshift.WildflyImageOpenShiftApplication;
 import org.jboss.intersmash.tools.application.openshift.input.BinarySource;
 import org.jboss.intersmash.tools.application.openshift.input.BuildInput;
 import org.jboss.intersmash.tools.application.openshift.input.BuildInputBuilder;
 import org.jboss.intersmash.tools.application.openshift.template.Eap7Template;
+import org.jboss.intersmash.tools.application.openshift.template.RhSsoTemplate;
+import org.jboss.intersmash.tools.util.ProcessKeystoreGenerator;
 import org.jboss.intersmash.tools.util.wildfly.Eap7CliScriptBuilder;
 
 import cz.xtf.builder.builders.SecretBuilder;
 import cz.xtf.builder.builders.secret.SecretType;
+import cz.xtf.core.config.OpenShiftConfig;
 import io.fabric8.kubernetes.api.model.EnvVar;
 import io.fabric8.kubernetes.api.model.EnvVarBuilder;
 import io.fabric8.kubernetes.api.model.Secret;
@@ -80,6 +86,56 @@ public class OpenShiftProvisionerTestBase {
 	static final String EAP7_TEST_APP_REPO = "https://github.com/openshift/openshift-jee-sample.git";
 	static final String EAP7_TEST_APP_REF = "master";
 
+	static RhSsoTemplateOpenShiftApplication getHttpsRhSso() {
+		return new RhSsoTemplateOpenShiftApplication() {
+			private final String secureAppHostname = "secure-" + getOpenShiftHostName();
+			private final Path keystore = ProcessKeystoreGenerator.generateKeystore(secureAppHostname);
+			private final String jceksFileName = "jgroups.jceks";
+			private final Path truststore = ProcessKeystoreGenerator.getTruststore();
+
+			@Override
+			public String getName() {
+				return "sso-app";
+			}
+
+			@Override
+			public Map<String, String> getParameters() {
+				Map<String, String> parameters = new HashMap<>();
+
+				parameters.put("APPLICATION_NAME", getName());
+				parameters.put("SSO_REALM", "eap-realm");
+				parameters.put("SSO_SERVICE_USERNAME", "client");
+				parameters.put("SSO_SERVICE_PASSWORD", "creator");
+				parameters.put("SSO_ADMIN_USERNAME", "admin");
+				parameters.put("SSO_ADMIN_PASSWORD", "admin");
+				parameters.put("JGROUPS_CLUSTER_PASSWORD", "xpaasQEpassword");
+				parameters.put("IMAGE_STREAM_NAMESPACE", OpenShiftConfig.namespace());
+
+				return Collections.unmodifiableMap(parameters);
+			}
+
+			@Override
+			public List<Secret> getSecrets() {
+				SecretBuilder sb;
+				try (InputStream is = getClass().getClassLoader().getResourceAsStream("certs/jgroups.jceks")) {
+					sb = new SecretBuilder(getName() + "-secret")
+							.addData(keystore.getFileName().toString(), keystore)
+							.addData(jceksFileName, is)
+							.addData(truststore.getFileName().toString(), truststore);
+				} catch (IOException e) {
+					throw new RuntimeException(e);
+				}
+
+				return Collections.singletonList(sb.build());
+			}
+
+			@Override
+			public RhSsoTemplate getTemplate() {
+				return RhSsoTemplate.X509_HTTPS;
+			}
+		};
+	}
+
 	static Eap7TemplateOpenShiftApplication getEap7OpenShiftTemplateApplication() {
 		return new Eap7TemplateOpenShiftApplication() {
 

testsuite/src/test/java/org/jboss/intersmash/testsuite/provision/openshift/ProvisionerCleanupTestCase.java

@@ -21,6 +21,7 @@
 import org.jboss.intersmash.tools.provision.openshift.MysqlImageOpenShiftProvisioner;
 import org.jboss.intersmash.tools.provision.openshift.OpenShiftProvisioner;
 import org.jboss.intersmash.tools.provision.openshift.PostgreSQLImageOpenShiftProvisioner;
+import org.jboss.intersmash.tools.provision.openshift.RhSsoTemplateOpenShiftProvisioner;
 import org.jboss.intersmash.tools.provision.openshift.WildflyBootableJarImageOpenShiftProvisioner;
 import org.jboss.intersmash.tools.provision.openshift.WildflyImageOpenShiftProvisioner;
 import org.junit.jupiter.api.Assertions;
@@ -48,7 +49,8 @@ private static Stream<OpenShiftProvisioner> provisionerProvider() {
 		} else if (IntersmashTestsuiteProperties.isProductizedTestExecutionProfileEnabled()) {
 			return Stream.of(
 					new WildflyImageOpenShiftProvisioner(
-							OpenShiftProvisionerTestBase.getWildflyOpenShiftLocalBinaryTargetServerApplication()));
+							OpenShiftProvisionerTestBase.getWildflyOpenShiftLocalBinaryTargetServerApplication()),
+					new RhSsoTemplateOpenShiftProvisioner(OpenShiftProvisionerTestBase.getHttpsRhSso()));
 		} else {
 			throw new IllegalStateException(
 					String.format("Unknown Intersmash test suite execution profile: %s",

tools/intersmash-tools-core/src/main/java/org/jboss/intersmash/tools/IntersmashConfig.java

@@ -112,8 +112,9 @@ public class IntersmashConfig {
 	private static final String INFINISPAN_IMAGE_URL = "intersmash.infinispan.image";
 
 	// KEYCLOAK/RHSSO
-	private static final String RHSSO_IMAGE_URL = "intersmash.rhsso.image";
 	private static final String KEYCLOAK_IMAGE_URL = "intersmash.keycloak.image";
+	private static final String RHSSO_IMAGE_URL = "intersmash.rhsso.image";
+	private static final String RHSSO_TEMPLATES = "intersmash.rhsso.templates";
 
 	// ACTIVEMQ
 	private static final String ACTIVEMQ_IMAGE_URL = "intersmash.activemq.image";
@@ -320,6 +321,10 @@ public static String rhSsoProductCode() {
 		return getProductCode(rhSsoImageURL());
 	}
 
+	public static String rhSsoTemplates() {
+		return XTFConfig.get(RHSSO_TEMPLATES);
+	}
+
 	public static String activeMQImageUrl() {
 		return XTFConfig.get(ACTIVEMQ_IMAGE_URL);
 	}

tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/RhSsoTemplateOpenShiftApplication.java

@@ -0,0 +1,63 @@
+package org.jboss.intersmash.tools.application.openshift;
+
+import java.nio.file.Path;
+
+import org.jboss.intersmash.tools.application.openshift.template.RhSsoTemplate;
+
+/**
+ * End user Application interface which presents RH-SSO template application on OpenShift Container Platform.
+ * <p>
+ * RH-SSO application that is supposed to run on OpenShift needs to implement this interface.
+ * Usage:
+ * <pre>
+ *     &#064;Appsint(
+ *     		&#064;Service(RhssoApp.class)
+ *     })
+ * </pre>
+ * The application will be deployed by:
+ * <ul>
+ *     <li>{@link RhSsoTemplateOpenShiftProvisioner}</li>
+ * </ul>
+ * <p>
+ * See {@link RhSsoTemplate} for available templates the
+ * application can represent.
+ */
+public interface RhSsoTemplateOpenShiftApplication extends TemplateApplication<RhSsoTemplate>, HasSecrets {
+
+	default String getName() {
+		return "rh-sso";
+	}
+
+	/**
+	 * Realm configuration in json format for Keycloak partial import
+	 * <p>
+	 * https://www.keycloak.org/docs/9.0/server_admin/index.html#importing-a-realm-from-exported-json-file
+	 * <p>
+	 * Requires template parameters SSO_REALM, SSO_SERVICE_USERNAME, SSO_SERVICE_PASSWORD to be set
+	 *
+	 * @return Instance of {@link Path} representing a YAML definition for the desired realm configuration
+	 */
+	default Path getRealmConfigurationFilePath() {
+		return null;
+	}
+
+	/**
+	 * Non x509 templates expose an HTTP route named after the application name;
+	 * x509 templates don't expose an HTTP route;
+	 *
+	 * @return The service HTTP route
+	 */
+	default String getHttpRouteName() {
+		return getTemplate().isX509() ? null : getName();
+	}
+
+	/**
+	 * Non x509 templates expose an HTTPS route named after the application name with the "secure-" prefix;
+	 * x509 templates expose an HTTPS route named after the application name;
+	 *
+	 * @return The service HTTPS route
+	 */
+	default String getHttpsRouteName() {
+		return getTemplate().isX509() ? getName() : String.format("secure-%s", getName());
+	}
+}

tools/intersmash-tools-provisioners/src/main/java/org/jboss/intersmash/tools/application/openshift/template/RhSsoTemplate.java

@@ -0,0 +1,46 @@
+package org.jboss.intersmash.tools.application.openshift.template;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.intersmash.tools.provision.openshift.template.OpenShiftTemplate;
+
+/**
+ * OpenShift template for RH-SSO.
+ * <p>
+ * See https://github.com/jboss-container-images/redhat-sso-7-openshift-image
+ */
+public enum RhSsoTemplate implements OpenShiftTemplate {
+	HTTPS("https"),
+	POSTGRESQL("postgresql"),
+	POSTGRESQL_PERSISTENT("postgresql-persistent"),
+	X509_HTTPS("x509-https"),
+	X509_POSTGRESQL_PERSISTENT("x509-postgresql-persistent");
+
+	private static final Map<String, RhSsoTemplate> BY_LABEL = new HashMap<>();
+
+	static {
+		for (RhSsoTemplate e : values()) {
+			BY_LABEL.put(e.label, e);
+		}
+	}
+
+	private String label;
+
+	RhSsoTemplate(String label) {
+		this.label = label;
+	}
+
+	@Override
+	public String getLabel() {
+		return label;
+	}
+
+	public boolean isX509() {
+		return label.contains("x509");
+	}
+
+	public static RhSsoTemplate valueOfLabel(String label) {
+		return BY_LABEL.get(label);
+	}
+}