SSSD testing with GH actions

Closes https://github.com/keycloak/keycloak/issues/20265

.github/scripts/run-ipa-tests.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -o pipefail
+
+echo "Modifying /etc/sssd/sssd.conf file"
+if ! grep -q ^ldap_user_extra_attrs /etc/sssd/sssd.conf; then
+  sed -i '/ldap_tls_cacert/a ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname, telephoneNumber:telephoneNumber' /etc/sssd/sssd.conf
+fi
+if ! grep -q ^user_attributes /etc/sssd/sssd.conf; then
+  sed -i '/allowed_uids/a user_attributes = +mail, +telephoneNumber, +givenname, +sn' /etc/sssd/sssd.conf
+fi
+
+systemctl restart sssd
+sss_cache -E
+
+echo "Creating /etc/pam.d/keycloak file for PAM"
+cat >/etc/pam.d/keycloak <<EOF
+auth    required   pam_sss.so
+account required   pam_sss.so
+EOF
+
+if [[ "true" == "$1" ]]; then
+  echo "Adding users and groups for the test"
+
+  printf "%b" "password\n" | kinit admin
+  ipa group-add --desc='test group' testgroup
+  ipa user-add emily --first=Emily --last=Jones --email=emily@jones.com --random
+  ipa group-add-member testgroup --users=emily
+  ipa user-add bart --first=bart --last=bart --email= --random
+  ipa user-add david --first=david --last=david --random
+  kdestroy
+
+  ldapmodify -D "cn=Directory Manager" -w password <<EOF
+dn: uid=emily,cn=users,cn=accounts,dc=example,dc=test
+changetype: modify
+replace: userpassword
+userpassword: emily123
+
+dn: uid=bart,cn=users,cn=accounts,dc=example,dc=test
+changetype: modify
+replace: userpassword
+userpassword: bart123
+
+dn: uid=david,cn=users,cn=accounts,dc=example,dc=test
+changetype: modify
+replace: userpassword
+userpassword: david123
+
+EOF
+
+  printf "%b" "password\n" | kinit admin
+  ipa user-disable david
+  kdestroy
+fi
+
+echo "Installing jdk-17 in the container"
+dnf install -y java-17-openjdk-devel
+export JAVA_HOME=/etc/alternatives/java_sdk_17
+
+echo "Building quarkus keyclok server with SSSD integration"
+./mvnw install -nsu -B -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus
+
+echo "Executing SSSD tests"
+./mvnw -f testsuite/integration-arquillian/tests/other/sssd/pom.xml test -Psssd-testing -Pauth-server-quarkus

.github/scripts/run-ipa.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -o pipefail
+DOCKER=podman
+
+if [ -f "$HOME/ipa-data.tar" ]; then
+  echo "Using data from previous execution"
+  sudo tar xpf "$HOME/ipa-data.tar" -C "$HOME"
+else
+  mkdir "$HOME/ipa-data"
+fi
+
+echo "Starting ipa-server container"
+container=$($DOCKER run --detach --rm -h ipa.example.test --sysctl net.ipv6.conf.all.disable_ipv6=0 --workdir /github/workspace -v "$HOME/ipa-data":"/data":Z -v "$1":"/github/workspace" -v "$HOME/.m2":"/root/.m2" freeipa/freeipa-server:rocky-9 ipa-server-install --unattended --realm=EXAMPLE.TEST --ds-password=password --admin-password=password --idstart=60000)
+
+echo "Container $container started, waiting ipa-server configuration"
+sleep 30
+line=$($DOCKER logs $container | tail -1)
+regexp="FreeIPA server configured.|FreeIPA server started."
+while ! [[ "$line" =~ $regexp ]]; do
+  sleep 30
+  line=$($DOCKER logs $container | tail -1)
+  if [ $? -ne 0 ]; then
+    exit 1
+  fi
+done
+
+new_install="false"
+if [[ $line == "FreeIPA server configured." ]]; then
+  new_install="true"
+fi
+echo "The server is ready, performing tests"
+$DOCKER exec $container .github/scripts/run-ipa-tests.sh $new_install
+result=$?
+
+$DOCKER stop $container
+
+if [ $result -eq 0 ]; then
+  echo "Doing a backup of the ipa-data directory for caching"
+  sudo tar cpf "$HOME/ipa-data.tar" -C "$HOME" ipa-data
+fi
+
+echo "Tests executed with result: $result"
+exit $result