Use secured hydra endpoints for PTs

Author: Praveen2112

testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/HydraIdentityProvider.java

@@ -79,7 +79,7 @@ public void extendEnvironment(Environment.Builder builder)
                 .withEnv("OAUTH2_EXPOSE_INTERNAL_ERRORS", "1")
                 .withEnv("GODEBUG", "http2debug=1")
                 .withEnv("DSN", DSN)
-                .withEnv("URLS_SELF_ISSUER", "http://hydra:4444/")
+                .withEnv("URLS_SELF_ISSUER", "https://hydra:4444/")
                 .withEnv("URLS_CONSENT", "http://hydra-consent:3000/consent")
                 .withEnv("URLS_LOGIN", "http://hydra-consent:3000/login")
                 .withEnv("SERVE_TLS_KEY_PATH", "/tmp/certs/hydra.pem")
@@ -88,7 +88,7 @@ public void extendEnvironment(Environment.Builder builder)
                 .withEnv("TTL_ACCESS_TOKEN", TTL_ACCESS_TOKEN_IN_SECONDS + "s")
                 .withEnv("TTL_REFRESH_TOKEN", TTL_REFRESH_TOKEN_IN_SECONDS + "s")
                 .withEnv("OAUTH2_ALLOWED_TOP_LEVEL_CLAIMS", "groups")
-                .withCommand("serve", "all", "--dangerous-force-http")
+                .withCommand("serve", "all")
                 .withCopyFileToContainer(forHostPath(configDir.getPath("cert/hydra.pem")), "/tmp/certs/hydra.pem")
                 .waitingFor(new WaitAllStrategy()
                         .withStrategy(Wait.forLogMessage(".*Setting up http server on :4444.*", 1))
@@ -135,7 +135,7 @@ public DockerContainer createClient(
     {
         DockerContainer clientCreatingContainer = new DockerContainer(HYDRA_IMAGE, "hydra-client-preparation")
                 .withCommand("clients", "create",
-                        "--endpoint", "http://hydra:4445",
+                        "--endpoint", "https://hydra:4445",
                         "--skip-tls-verify",
                         "--id", clientId,
                         "--secret", clientSecret,

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/common/hydra-identity-provider/login_and_consent_server.py

@@ -6,7 +6,7 @@
 from urllib.parse import urlparse, parse_qs
 from urllib.request import Request, urlopen
 
-HYDRA_ADMIN_URL = os.getenv("HYDRA_ADMIN_URL", "http://hydra:4445")
+HYDRA_ADMIN_URL = os.getenv("HYDRA_ADMIN_URL", "https://hydra:4445")
 PORT = os.getenv("PORT", 3000)
 SSL_CONTEXT = ssl.create_default_context()
 SSL_CONTEXT.check_hostname = False

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/conf/environment/singlenode-oauth2-authenticated-http-proxy/trino/config.properties

@@ -13,10 +13,10 @@ http-server.authentication.type=oauth2
 http-server.https.port=7778
 http-server.https.enabled=true
 http-server.https.keystore.path=/docker/trino-product-tests/conf/trino/etc/trino.pem
-http-server.authentication.oauth2.issuer=http://hydra:4444/
-http-server.authentication.oauth2.auth-url=http://hydra:4444/oauth2/auth
-http-server.authentication.oauth2.token-url=http://hydra:4444/oauth2/token
-http-server.authentication.oauth2.jwks-url=http://hydra:4444/.well-known/jwks.json
+http-server.authentication.oauth2.issuer=https://hydra:4444/
+http-server.authentication.oauth2.auth-url=https://hydra:4444/oauth2/auth
+http-server.authentication.oauth2.token-url=https://hydra:4444/oauth2/token
+http-server.authentication.oauth2.jwks-url=https://hydra:4444/.well-known/jwks.json
 http-server.authentication.oauth2.client-id=trinodb_client_id
 http-server.authentication.oauth2.client-secret=trinodb_client_secret
 http-server.authentication.oauth2.user-mapping.pattern=(.*)(@.*)?

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/conf/environment/singlenode-oauth2-authenticated-https-proxy/trino/config.properties

@@ -13,10 +13,10 @@ http-server.authentication.type=oauth2
 http-server.https.port=7778
 http-server.https.enabled=true
 http-server.https.keystore.path=/docker/trino-product-tests/conf/trino/etc/trino.pem
-http-server.authentication.oauth2.issuer=http://hydra:4444/
-http-server.authentication.oauth2.auth-url=http://hydra:4444/oauth2/auth
-http-server.authentication.oauth2.token-url=http://hydra:4444/oauth2/token
-http-server.authentication.oauth2.jwks-url=http://hydra:4444/.well-known/jwks.json
+http-server.authentication.oauth2.issuer=https://hydra:4444/
+http-server.authentication.oauth2.auth-url=https://hydra:4444/oauth2/auth
+http-server.authentication.oauth2.token-url=https://hydra:4444/oauth2/token
+http-server.authentication.oauth2.jwks-url=https://hydra:4444/.well-known/jwks.json
 http-server.authentication.oauth2.client-id=trinodb_client_id
 http-server.authentication.oauth2.client-secret=trinodb_client_secret
 http-server.authentication.oauth2.user-mapping.pattern=(.*)(@.*)?

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/conf/environment/singlenode-oauth2-http-proxy/config.properties

@@ -13,10 +13,10 @@ http-server.authentication.type=oauth2
 http-server.https.port=7778
 http-server.https.enabled=true
 http-server.https.keystore.path=/docker/trino-product-tests/conf/trino/etc/trino.pem
-http-server.authentication.oauth2.issuer=http://hydra:4444/
-http-server.authentication.oauth2.auth-url=http://hydra:4444/oauth2/auth
-http-server.authentication.oauth2.token-url=http://hydra:4444/oauth2/token
-http-server.authentication.oauth2.jwks-url=http://hydra:4444/.well-known/jwks.json
+http-server.authentication.oauth2.issuer=https://hydra:4444/
+http-server.authentication.oauth2.auth-url=https://hydra:4444/oauth2/auth
+http-server.authentication.oauth2.token-url=https://hydra:4444/oauth2/token
+http-server.authentication.oauth2.jwks-url=https://hydra:4444/.well-known/jwks.json
 http-server.authentication.oauth2.client-id=trinodb_client_id
 http-server.authentication.oauth2.client-secret=trinodb_client_secret
 http-server.authentication.oauth2.user-mapping.pattern=(.*)(@.*)?

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/conf/environment/singlenode-oauth2-https-proxy/config.properties

@@ -13,10 +13,10 @@ http-server.authentication.type=oauth2
 http-server.https.port=7778
 http-server.https.enabled=true
 http-server.https.keystore.path=/docker/trino-product-tests/conf/trino/etc/trino.pem
-http-server.authentication.oauth2.issuer=http://hydra:4444/
-http-server.authentication.oauth2.auth-url=http://hydra:4444/oauth2/auth
-http-server.authentication.oauth2.token-url=http://hydra:4444/oauth2/token
-http-server.authentication.oauth2.jwks-url=http://hydra:4444/.well-known/jwks.json
+http-server.authentication.oauth2.issuer=https://hydra:4444/
+http-server.authentication.oauth2.auth-url=https://hydra:4444/oauth2/auth
+http-server.authentication.oauth2.token-url=https://hydra:4444/oauth2/token
+http-server.authentication.oauth2.jwks-url=https://hydra:4444/.well-known/jwks.json
 http-server.authentication.oauth2.client-id=trinodb_client_id
 http-server.authentication.oauth2.client-secret=trinodb_client_secret
 http-server.authentication.oauth2.user-mapping.pattern=(.*)(@.*)?

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/conf/environment/singlenode-oauth2-refresh/config.properties

@@ -13,11 +13,11 @@ http-server.authentication.type=oauth2
 http-server.https.port=7778
 http-server.https.enabled=true
 http-server.https.keystore.path=/docker/trino-product-tests/conf/trino/etc/trino.pem
-http-server.authentication.oauth2.issuer=http://hydra:4444/
+http-server.authentication.oauth2.issuer=https://hydra:4444/
 http-server.authentication.oauth2.scopes=openid,offline
-http-server.authentication.oauth2.auth-url=http://hydra:4444/oauth2/auth
-http-server.authentication.oauth2.token-url=http://hydra:4444/oauth2/token
-http-server.authentication.oauth2.jwks-url=http://hydra:4444/.well-known/jwks.json
+http-server.authentication.oauth2.auth-url=https://hydra:4444/oauth2/auth
+http-server.authentication.oauth2.token-url=https://hydra:4444/oauth2/token
+http-server.authentication.oauth2.jwks-url=https://hydra:4444/.well-known/jwks.json
 http-server.authentication.oauth2.client-id=trinodb_client_id
 http-server.authentication.oauth2.client-secret=trinodb_client_secret
 http-server.authentication.oauth2.user-mapping.pattern=(.*)(@.*)?

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/conf/environment/singlenode-oauth2/config.properties

@@ -13,10 +13,10 @@ http-server.authentication.type=oauth2
 http-server.https.port=7778
 http-server.https.enabled=true
 http-server.https.keystore.path=/docker/trino-product-tests/conf/trino/etc/trino.pem
-http-server.authentication.oauth2.issuer=http://hydra:4444/
-http-server.authentication.oauth2.auth-url=http://hydra:4444/oauth2/auth
-http-server.authentication.oauth2.token-url=http://hydra:4444/oauth2/token
-http-server.authentication.oauth2.jwks-url=http://hydra:4444/.well-known/jwks.json
+http-server.authentication.oauth2.issuer=https://hydra:4444/
+http-server.authentication.oauth2.auth-url=https://hydra:4444/oauth2/auth
+http-server.authentication.oauth2.token-url=https://hydra:4444/oauth2/token
+http-server.authentication.oauth2.jwks-url=https://hydra:4444/.well-known/jwks.json
 http-server.authentication.oauth2.client-id=trinodb_client_id
 http-server.authentication.oauth2.client-secret=trinodb_client_secret
 http-server.authentication.oauth2.user-mapping.pattern=(.*)(@.*)?

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/conf/environment/singlenode-oidc-refresh/config.properties

@@ -13,7 +13,7 @@ http-server.authentication.type=oauth2
 http-server.https.port=7778
 http-server.https.enabled=true
 http-server.https.keystore.path=/docker/trino-product-tests/conf/trino/etc/trino.pem
-http-server.authentication.oauth2.issuer=http://hydra:4444/
+http-server.authentication.oauth2.issuer=https://hydra:4444/
 http-server.authentication.oauth2.scopes=openid,offline
 http-server.authentication.oauth2.client-id=trinodb_client_id
 http-server.authentication.oauth2.client-secret=trinodb_client_secret

testing/trino-product-tests-launcher/src/main/resources/docker/trino-product-tests/conf/environment/singlenode-oidc/config.properties

@@ -13,7 +13,7 @@ http-server.authentication.type=oauth2
 http-server.https.port=7778
 http-server.https.enabled=true
 http-server.https.keystore.path=/docker/trino-product-tests/conf/trino/etc/trino.pem
-http-server.authentication.oauth2.issuer=http://hydra:4444/
+http-server.authentication.oauth2.issuer=https://hydra:4444/
 http-server.authentication.oauth2.client-id=trinodb_client_id
 http-server.authentication.oauth2.client-secret=trinodb_client_secret
 http-server.authentication.oauth2.user-mapping.pattern=(.*)(@.*)?