diff --git a/.github/scripts/aws/rds/pg_clear.sql b/.github/scripts/aws/rds/pg_clear.sql
new file mode 100644
index 00000000000..60fe75c8e02
--- /dev/null
+++ b/.github/scripts/aws/rds/pg_clear.sql
@@ -0,0 +1,3 @@
+DROP SCHEMA public CASCADE;
+CREATE SCHEMA public;
+GRANT ALL ON SCHEMA public TO public;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f594322fd8b..8f477cc07d8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -480,9 +480,9 @@ jobs:
echo "aurora-cluster-password=${PASS}" >> $GITHUB_OUTPUT
echo "region=${AWS_REGION}" >> $GITHUB_OUTPUT
curl --fail-with-body https://truststore.pki.rds.amazonaws.com/${AWS_REGION}/${AWS_REGION}-bundle.pem -o aws.pem
- PROPS+=' -Dkeycloak.connectionsJpa.jdbcParameters=\"?ssl=true&sslmode=verify-ca&sslrootcert=/opt/keycloak/aws.pem\"'
- echo "maven_properties=${PROPS}" >> $GITHUB_OUTPUT
+ JDBC_PARAMS='?ssl=true&sslmode=verify-ca&sslrootcert=/opt/keycloak/aws.pem'
+ echo "jdbc_params=${JDBC_PARAMS}" >> $GITHUB_OUTPUT
- id: aurora-create
name: Create Aurora DB
@@ -520,8 +520,8 @@ jobs:
run: |
EC2_CLUSTER_NAME=${{ steps.ec2-create.outputs.ec2_cluster }}
AWS_REGION=${{ steps.aurora-init.outputs.region }}
- PROPS='${{ steps.aurora-init.outputs.maven_properties }}'
-
+ PROPS="-Dkeycloak.connectionsJpa.jdbcParameters=\"${{ steps.aurora-init.outputs.jdbc_params }}\""
+
PROPS+=" -Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }} -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.aurora-cluster-password }}"
PROPS+=" -Djdbc.mvn.groupId=software.amazon.jdbc -Djdbc.mvn.artifactId=aws-advanced-jdbc-wrapper -Djdbc.mvn.version=2.3.1 -Djdbc.driver.tmp.dir=target/unpacked/keycloak-${{ env.old-version }}/providers"
@@ -553,7 +553,7 @@ jobs:
run: |
EC2_CLUSTER_NAME=${{ steps.ec2-create.outputs.ec2_cluster }}
AWS_REGION=${{ steps.aurora-init.outputs.region }}
- PROPS='${{ steps.aurora-init.outputs.maven_properties }}'
+ PROPS="-Dkeycloak.connectionsJpa.jdbcParameters=\"${{ steps.aurora-init.outputs.jdbc_params }}\""
PROPS+=" -Dauth.server.db.host=${{ steps.aurora-create.outputs.endpoint }} -Dkeycloak.connectionsJpa.password=${{ steps.aurora-init.outputs.aurora-cluster-password }}"
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
@@ -581,6 +581,50 @@ jobs:
name: aurora-integration-tests-mvn-logs
path: .github/scripts/ansible/files
+ - name: Clear Aurora DB schema
+ id: aurora-clear-db-schema
+ run: |
+ EC2_CLUSTER_NAME=${{ steps.ec2-create.outputs.ec2_cluster }}
+ AWS_REGION=${{ steps.aurora-init.outputs.region }}
+
+ cd .github/scripts/ansible
+ ./mvn_remote_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "-Pexecute-sql -f tests/base/pom.xml sql:execute@clear-schema -Dautocommit=true -Ddriver=software.amazon.jdbc.Driver -Durl=\"jdbc:aws-wrapper:postgresql://${{ steps.aurora-create.outputs.endpoint }}/keycloak${{ steps.aurora-init.outputs.jdbc_params }}\" -Dusername=keycloak -Dpassword=${{ steps.aurora-init.outputs.aurora-cluster-password }}"
+
+ - name: Run Aurora new database tests on EC2
+ id: aurora-new-integration-tests
+ run: |
+ EC2_CLUSTER_NAME=${{ steps.ec2-create.outputs.ec2_cluster }}
+ AWS_REGION=${{ steps.aurora-init.outputs.region }}
+
+ PROPS="-Dkc.test.database=remote -Dkc.test.database.vendor=postgres"
+ PROPS+=" -Dkc.test.database.user=keycloak"
+ PROPS+=" -Dkc.test.database.password=${{ steps.aurora-init.outputs.aurora-cluster-password }}"
+ PROPS+=" -Dkc.test.database.url=\"jdbc:aws-wrapper:postgresql://${{ steps.aurora-create.outputs.endpoint }}/keycloak${{ steps.aurora-init.outputs.jdbc_params }}\""
+ PROPS+=" -Dkc.test.database.driver=software.amazon.jdbc.Driver"
+ PROPS+=" -Dkc.test.database.driver.artifact=software.amazon.jdbc:aws-advanced-jdbc-wrapper"
+
+ cd .github/scripts/ansible
+ ./mvn_remote_runner.sh ${AWS_REGION} ${EC2_CLUSTER_NAME} "$PROPS package -f tests/pom.xml -Dtest=DatabaseTestSuite"
+
+ # Copy returned surefire-report directories to workspace root to ensure they're discovered
+ results=(files/keycloak/results/*)
+ rsync -a $results/* ../../../
+ rm -rf $results
+
+ - uses: ./.github/actions/upload-flaky-tests
+ name: Upload flaky tests
+ env:
+ GH_TOKEN: ${{ github.token }}
+ with:
+ job-name: AuroraDB IT
+
+ - name: EC2 Maven Logs
+ if: failure()
+ uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+ with:
+ name: aurora-new-integration-tests-mvn-logs
+ path: .github/scripts/ansible/files
+
- name: Delete EC2 Instance
if: always()
working-directory: .github/scripts/ansible
diff --git a/tests/base/pom.xml b/tests/base/pom.xml
index b16e0327ec7..333b59f705a 100755
--- a/tests/base/pom.xml
+++ b/tests/base/pom.xml
@@ -84,6 +84,11 @@
org.keycloak.testframework
keycloak-test-framework-db-tidb
+
+ software.amazon.jdbc
+ aws-advanced-jdbc-wrapper
+ ${aws-jdbc-wrapper.version}
+
org.keycloak.testframework
keycloak-test-framework-email-server
@@ -134,4 +139,42 @@
test
+
+
+
+ execute-sql
+
+
+
+ org.codehaus.mojo
+ sql-maven-plugin
+ 3.0.0
+
+
+ software.amazon.jdbc
+ aws-advanced-jdbc-wrapper
+ ${aws-jdbc-wrapper.version}
+
+
+ org.postgresql
+ postgresql
+ ${postgresql-jdbc.version}
+
+
+
+
+ clear-schema
+
+
+ ../../.github/scripts/aws/rds/pg_clear.sql
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/base/src/test/java/org/keycloak/tests/db/CaseSensitiveSchemaTest.java b/tests/base/src/test/java/org/keycloak/tests/db/CaseSensitiveSchemaTest.java
index fb99fe0fcf7..3c2f01fd0cd 100644
--- a/tests/base/src/test/java/org/keycloak/tests/db/CaseSensitiveSchemaTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/db/CaseSensitiveSchemaTest.java
@@ -12,9 +12,10 @@ import org.keycloak.testframework.server.KeycloakServerConfig;
import org.keycloak.testframework.server.KeycloakServerConfigBuilder;
@KeycloakIntegrationTest(config = CaseSensitiveSchemaTest.CaseSensitiveServerConfig.class)
+// Remotely running databases do not support running SQL init scripts.
// MSSQL does not support setting the default schema per session
// TiDb does not support setting the default schema per session.
-@DisabledForDatabases({"mssql", "tidb"})
+@DisabledForDatabases({ "remote", "mssql", "tidb" })
public class CaseSensitiveSchemaTest extends AbstractDBSchemaTest {
@InjectTestDatabase(config = CaseSensitiveDatabaseConfig.class)
diff --git a/tests/base/src/test/java/org/keycloak/tests/db/PreserveSchemaCaseLiquibaseTest.java b/tests/base/src/test/java/org/keycloak/tests/db/PreserveSchemaCaseLiquibaseTest.java
index 93f8c299509..f86f35c5c8a 100644
--- a/tests/base/src/test/java/org/keycloak/tests/db/PreserveSchemaCaseLiquibaseTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/db/PreserveSchemaCaseLiquibaseTest.java
@@ -13,10 +13,11 @@ import org.keycloak.testframework.server.KeycloakServerConfig;
import org.keycloak.testframework.server.KeycloakServerConfigBuilder;
@KeycloakIntegrationTest(config = PreserveSchemaCaseLiquibaseTest.PreserveSchemaCaseServerConfig.class)
+// Remotely running databases do not support running SQL init scripts.
// MSSQL does not support setting the default schema per session.
// TiDb does not support setting the default schema per session.
// Oracle image does not support configuring user/databases with '-'
-@DisabledForDatabases({ "mssql", "oracle", "tidb" })
+@DisabledForDatabases({ "remote", "mssql", "oracle", "tidb" })
public class PreserveSchemaCaseLiquibaseTest extends AbstractDBSchemaTest {
@InjectTestDatabase(config = PreserveSchemaCaseDatabaseConfig.class, lifecycle = LifeCycle.CLASS)