Add oic auth e2e

.github/renovate.json

@@ -81,7 +81,14 @@
       "matchStrings": ["ARG DOCKER_VERSION=(?<currentValue>.*?)\n"],
       "depNameTemplate": "docker",
       "datasourceTemplate": "docker"
+    },
+    {
+      "fileMatch": ["src/test/java/plugins/OicAuthPluginTest.java"],
+      "matchStrings": [".* KEYCLOAK_IMAGE =\n\\s*\"(?<repo>.*?):(?<currentValue>.*?)@(?<currentDigest>sha256:.*?)\";\n"],
+      "depNameTemplate": "{{{repo}}}",
+      "datasourceTemplate": "docker"
     }
+
   ],
   "customDatasources": {
     "firefox": {

docs/BROWSER.md

@@ -69,6 +69,8 @@ If the host running maven is different to the host running Selenium (e.g. `remot
 If this is the case you can specify the address to use using:
     `SELENIUM_PROXY_HOSTNAME=ip.address.of.host mvn install`
 **Important**: this could exposed the proxy wider beyond your machine and expose other internal services, so this should only be used on private or internal networks to prevent any information leak.
+The same issue will also impact any other containers started that the tests that the Browser (rather than Jenkins) needs to access.
+For [Testcontainers](https://testcontainers.com/) you can additionally set `TESTCONTAINERS_HOST_OVERRIDE=ip.address.of.host`
 
 ## Avoid focus steal with Xvnc on Linux
 If you select a real GUI browser, such as Firefox,

docs/DOCKER.md

@@ -71,3 +71,10 @@ It's best explained with an example:
 # Using a custom docker network
 
 If you are using a custom network for the container that executes the testing you may instruct the docker-fixtures to use the same one by setting the env variable `DOCKER_FIXTURES_NETWORK`to specify the network you want your fixtures to connect to. 
+
+# Using Testcontainers with a remote webdriver
+
+If you are using a containerized webdriver (or any other remote webdriver) then any containers launched will not be reachable from the remote web browser.
+This will be an issue for some tests that require the browser interact with the container (e.g. for authentication).
+If this is the case then the `TESTCONTAINERS_HOST_OVERRIDE` should be set to `host.docker.internal` or if the remote browser is non local the IP adddress of your machine.
+

pom.xml

@@ -69,6 +69,16 @@
         <artifactId>commons-io</artifactId>
         <version>2.16.1</version>
       </dependency>
+      <!--
+      Version needed for keycloak testcontainer.
+      As that dependency is test scope, the version used is the one coming from org.gitlab4j:gitlab4j-api, which is
+      older
+      -->
+      <dependency>
+        <groupId>jakarta.ws.rs</groupId>
+        <artifactId>jakarta.ws.rs-api</artifactId>
+        <version>3.1.0</version>
+      </dependency>
       <!-- RequireUpperBoundDeps between Mockito and Selenium -->
       <dependency>
         <groupId>net.bytebuddy</groupId>
@@ -212,6 +222,11 @@ and
       <artifactId>commons-net</artifactId>
       <version>3.11.1</version>
     </dependency>
+    <dependency>
+      <groupId>jakarta.xml.bind</groupId>
+      <artifactId>jakarta.xml.bind-api</artifactId>
+      <version>3.0.1</version>
+    </dependency>
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
@@ -364,6 +379,23 @@ and
       <artifactId>zt-zip</artifactId>
       <version>1.17</version>
     </dependency>
+    <!--
+    testcontainers
+    keycloak testcontainer
+    libraries needed for keycloak client
+    -->
+    <dependency>
+      <groupId>com.github.dasniko</groupId>
+      <artifactId>testcontainers-keycloak</artifactId>
+      <version>3.4.0</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>jakarta.annotation</groupId>
+      <artifactId>jakarta.annotation-api</artifactId>
+      <version>2.1.1</version>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>jakarta.mail</groupId>
       <artifactId>jakarta.mail-api</artifactId>

src/main/java/org/jenkinsci/test/acceptance/po/OicAuthSecurityRealm.java

@@ -0,0 +1,45 @@
+package org.jenkinsci.test.acceptance.po;
+
+/**
+ * Security Realm provided by oic-auth plugin
+ */
+@Describable("Login with Openid Connect")
+public class OicAuthSecurityRealm extends SecurityRealm {
+
+    public OicAuthSecurityRealm(GlobalSecurityConfig context, String path) {
+        super(context, path);
+    }
+
+    public void configureClient(String clientId, String clientSecret) {
+        control("clientId").set(clientId);
+        control("clientSecret").set(clientSecret);
+    }
+
+    public void setAutomaticConfiguration(String wellKnownEndpoint) {
+        control(by.radioButton("Automatic configuration")).click();
+        control("wellKnownOpenIDConfigurationUrl").set(wellKnownEndpoint);
+    }
+
+    public void setLogoutFromOpenidProvider(boolean logout) {
+        Control check = control(by.checkbox("Logout from OpenID Provider"));
+        if (logout) {
+            check.check();
+        } else {
+            check.uncheck();
+        }
+    }
+
+    public void setPostLogoutUrl(String postLogoutUrl) {
+        control("postLogoutRedirectUrl").set(postLogoutUrl);
+    }
+
+    public void setUserFields(
+            String userNameFieldName, String emailFieldName, String fullNameFieldName, String groupsFieldName) {
+        clickButton("User fields");
+        waitFor(by.path("/securityRealm/groupsFieldName"));
+        control("userNameField").set(userNameFieldName);
+        control("emailFieldName").set(emailFieldName);
+        control("fullNameFieldName").set(fullNameFieldName);
+        control("groupsFieldName").set(groupsFieldName);
+    }
+}

src/main/java/org/jenkinsci/test/acceptance/po/WhoAmI.java

@@ -0,0 +1,11 @@
+package org.jenkinsci.test.acceptance.po;
+
+/**
+ * Who Am I page in Jenkins
+ */
+public class WhoAmI extends ContainerPageObject {
+
+    public WhoAmI(ContainerPageObject parent) {
+        super(parent, parent.url("whoAmI/"));
+    }
+}

src/main/java/org/jenkinsci/test/acceptance/utils/keycloack/KeycloakUtils.java

@@ -0,0 +1,92 @@
+package org.jenkinsci.test.acceptance.utils.keycloack;
+
+import jakarta.inject.Inject;
+import java.net.URL;
+import org.jenkinsci.test.acceptance.po.CapybaraPortingLayerImpl;
+import org.jenkinsci.test.acceptance.utils.ElasticTime;
+import org.openqa.selenium.WebDriver;
+
+public class KeycloakUtils extends CapybaraPortingLayerImpl {
+
+    @Inject
+    public WebDriver driver;
+
+    @Inject
+    public ElasticTime time;
+
+    public KeycloakUtils() {
+        super(null);
+    }
+
+    public void open(URL url) {
+        visit(url);
+    }
+
+    public void login(String user) {
+        login(user, user);
+    }
+
+    public void login(String user, String passwd) {
+        waitFor(by.id("username"), 5);
+        find(by.id("username")).sendKeys(user);
+        find(by.id("password")).sendKeys(passwd);
+        find(by.id("kc-login")).click();
+    }
+
+    public User getCurrentUser(String keycloakUrl, String realm) {
+        driver.get(String.format("%s/realms/%s/account", keycloakUrl, realm));
+
+        waitFor(by.id("username"), 5);
+        String username = find(by.id("username")).getDomProperty("value");
+        String email = find(by.id("email")).getDomProperty("value");
+        String firstName = find(by.id("firstName")).getDomProperty("value");
+        String lastName = find(by.id("lastName")).getDomProperty("value");
+
+        return new User(null /* id not available in this page*/, username, email, firstName, lastName);
+    }
+
+    public void logout(User user) {
+        final String caption = user.getFirstName() + " " + user.getLastName();
+        waitFor(by.button(caption), 5);
+        clickButton(caption);
+        waitFor(by.button("Sign out"));
+        clickButton("Sign out");
+    }
+
+    public static class User {
+
+        private final String id;
+        private final String userName;
+        private final String email;
+        private final String firstName;
+        private final String lastName;
+
+        public User(String id, String userName, String email, String firstName, String lastName) {
+            this.id = id;
+            this.userName = userName;
+            this.email = email;
+            this.firstName = firstName;
+            this.lastName = lastName;
+        }
+
+        public String getId() {
+            return id;
+        }
+
+        public String getUserName() {
+            return userName;
+        }
+
+        public String getEmail() {
+            return email;
+        }
+
+        public String getFirstName() {
+            return firstName;
+        }
+
+        public String getLastName() {
+            return lastName;
+        }
+    }
+}