From 023fea5e810fedcbfe98c29d0ec9b09783b68918 Mon Sep 17 00:00:00 2001
From: phala <phala@redhat.com>
Date: Fri, 17 May 2024 20:25:19 +0200
Subject: [PATCH 1/2] Change usage of middleName to lastName

---
 .../kuadrant/authorino/dinosaur/conftest.py   | 25 ++++++++++---------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/testsuite/tests/kuadrant/authorino/dinosaur/conftest.py b/testsuite/tests/kuadrant/authorino/dinosaur/conftest.py
index 2304a058..010f10b6 100644
--- a/testsuite/tests/kuadrant/authorino/dinosaur/conftest.py
+++ b/testsuite/tests/kuadrant/authorino/dinosaur/conftest.py
@@ -231,30 +231,31 @@ def authorization(authorization, keycloak, terms_and_conditions, cluster_info, a
 @pytest.fixture(scope="module")
 def user_with_valid_org_id(keycloak, blame):
     """
-    Creates new user with valid middle name.
-    Middle name is mapped to org ID in auth config.
+    Creates new user with valid last name.
+    last name is mapped to org ID in auth config.
     """
-    user = keycloak.realm.create_user(blame("someuser"), blame("password"))
-    user.assign_attribute({"middleName": "123"})
+    user = keycloak.realm.create_user(blame("someuser"), blame("password"), lastName="123")
     return HttpxOidcClientAuth.from_user(keycloak.get_token, user=user)
 
 
-@pytest.fixture(scope="module", params=["321", None])
-def user_with_invalid_org_id(keycloak, blame, request):
+# https://github.com/Kuadrant/testsuite/issues/396
+# @pytest.fixture(scope="module", params=["321", None])
+@pytest.fixture(scope="module")
+def user_with_invalid_org_id(keycloak, blame):
     """
-    Creates new user with valid middle name.
-    Middle name is mapped to org ID in auth config.
+    Creates new user with valid last name.
+    last name is mapped to org ID in auth config.
     """
-    user = keycloak.realm.create_user(blame("someuser"), blame("password"))
-    user.assign_attribute({"middleName": request.param})
+    user = keycloak.realm.create_user(blame("someuser"), blame("password"), lastName="321")
     return HttpxOidcClientAuth.from_user(keycloak.get_token, user=user)
 
 
 @pytest.fixture(scope="module")
 def user_with_invalid_email(keycloak, blame):
     """Creates new user with invalid email"""
-    user = keycloak.realm.create_user(blame("someuser"), blame("password"), email="denied-test-user1@example.com")
-    user.assign_attribute({"middleName": "123"})
+    user = keycloak.realm.create_user(
+        blame("someuser"), blame("password"), email="denied-test-user1@example.com", lastName="123"
+    )
     return HttpxOidcClientAuth.from_user(keycloak.get_token, user=user)
 
 

From a48658848a9ec4a90d0fc6ba9a1b2e6a02e9a4e4 Mon Sep 17 00:00:00 2001
From: phala <phala@redhat.com>
Date: Tue, 21 May 2024 12:40:22 +0200
Subject: [PATCH 2/2] Create better xfail for Dinosaur

---
 Makefile                                      |  2 +-
 .../kuadrant/authorino/dinosaur/conftest.py   | 19 ++++++++++++++++++-
 .../authorino/dinosaur/test_dinosaur.py       |  5 -----
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index c7072061..fe999826 100644
--- a/Makefile
+++ b/Makefile
@@ -49,7 +49,7 @@ authorino: poetry-no-dev
 
 authorino-standalone: ## Run only test capable of running with standalone Authorino
 authorino-standalone: poetry-no-dev
-	$(PYTEST) -n4 -m 'authorino and not kuadrant_only' --runxfail --dist loadfile --enforce --standalone $(flags) testsuite/tests/kuadrant/authorino
+	$(PYTEST) -n4 -m 'authorino and not kuadrant_only' --dist loadfile --enforce --standalone $(flags) testsuite/tests/kuadrant/authorino
 
 limitador: ## Run only Limitador related tests
 limitador: poetry-no-dev
diff --git a/testsuite/tests/kuadrant/authorino/dinosaur/conftest.py b/testsuite/tests/kuadrant/authorino/dinosaur/conftest.py
index 010f10b6..6c6c311b 100644
--- a/testsuite/tests/kuadrant/authorino/dinosaur/conftest.py
+++ b/testsuite/tests/kuadrant/authorino/dinosaur/conftest.py
@@ -3,6 +3,7 @@
 """
 
 import pytest
+from openshift_client import OpenShiftPythonException
 
 from testsuite.httpx.auth import HttpxOidcClientAuth
 from testsuite.oidc.keycloak import Keycloak
@@ -28,6 +29,22 @@ def admin_rhsso(blame, keycloak):
     return info
 
 
+@pytest.fixture(scope="module", autouse=True)
+def commit(request, authorization):
+    """
+    xFails tests if the commit fails with Too many branches exception
+    https://github.com/Kuadrant/kuadrant-operator/issues/566
+    This should happen only when using Kuadrant. The test should pass on AuthConfig
+    """
+    request.addfinalizer(authorization.delete)
+    try:
+        authorization.commit()
+        authorization.wait_for_ready()
+    except OpenShiftPythonException as exc:
+        if "Too many" in exc.result.err():
+            pytest.xfail("AuthPolicy max limit")
+
+
 @pytest.fixture()
 def admin_auth(admin_rhsso):
     """Returns Keycloak authentication object for HTTPX"""
@@ -116,7 +133,7 @@ def authorization(authorization, keycloak, terms_and_conditions, cluster_info, a
         "user-sso",
         keycloak.well_known["issuer"],
         ttl=3600,
-        defaults_properties={"org_id": ValueFrom("auth.identity.middle_name")},
+        defaults_properties={"org_id": ValueFrom("auth.identity.family_name")},
     )
     authorization.identity.add_oidc(
         "admin-sso", admin_rhsso.well_known["issuer"], ttl=3600, when=[PatternRef("admin-route")]
diff --git a/testsuite/tests/kuadrant/authorino/dinosaur/test_dinosaur.py b/testsuite/tests/kuadrant/authorino/dinosaur/test_dinosaur.py
index b3a596e6..45625aaf 100644
--- a/testsuite/tests/kuadrant/authorino/dinosaur/test_dinosaur.py
+++ b/testsuite/tests/kuadrant/authorino/dinosaur/test_dinosaur.py
@@ -3,14 +3,9 @@
 """
 
 import pytest
-from openshift_client import OpenShiftPythonException
 
 pytestmark = [
     pytest.mark.authorino,
-    pytest.mark.xfail(
-        reason="AuthPolicy max limit",
-        raises=OpenShiftPythonException,
-    ),
     pytest.mark.issue("https://github.com/Kuadrant/kuadrant-operator/issues/566"),
 ]