refactor keycload vars

Author: SylvainSenechal

.github/scripts/end2end/common.sh

@@ -1,11 +1,11 @@
 get_token() {
     curl -k -H "Host: keycloak.zenko.local" \
-        -d "client_id=${OIDC_CLIENT_ID}" \
-        -d "username=${OIDC_USERNAME}" \
+        -d "client_id=${KEYCLOAK_TEST_CLIENT_ID}" \
+        -d "username=${KEYCLOAK_TEST_USER}" \
         -d "password=${KEYCLOAK_TEST_PASSWORD}" \
         -d "grant_type=password" \
         -d "scope=openid" \
-        https://localhost/auth/realms/${OIDC_REALM}/protocol/openid-connect/token | \
+        https://localhost/auth/realms/${KEYCLOAK_TEST_REALM_NAME}/protocol/openid-connect/token | \
         jq -cr '.id_token'
 }
 

.github/scripts/end2end/configs/zenko.yaml

@@ -87,10 +87,10 @@ spec:
   management:
     provider: InCluster
     oidc:
-      provider: '${OIDC_ENDPOINT}/auth/realms/${OIDC_REALM}'
+      provider: '${KEYCLOAK_TEST_ENDPOINT}/auth/realms/${KEYCLOAK_TEST_REALM_NAME}'
       federatedProviders:
-        - '${OIDC_ENDPOINT}/auth/realms/${OIDC_REALM}'
-      vaultClientId: ${OIDC_CLIENT_ID}
+        - '${KEYCLOAK_TEST_ENDPOINT}/auth/realms/${KEYCLOAK_TEST_REALM_NAME}'
+      vaultClientId: ${KEYCLOAK_TEST_CLIENT_ID}
     api:
       ingress:
         hostname: ${ZENKO_MANAGEMENT_INGRESS}

.github/scripts/end2end/enable-https.sh

@@ -60,8 +60,8 @@ kubectl patch zenko/${ZENKO_NAME} --type=merge -p '{
 kubectl wait --for condition=Available --timeout 5m zenko/${ZENKO_NAME}
 
 # Update environment variables to use HTTPS URLs
-echo "OIDC_ENDPOINT=https://keycloak.zenko.local" >> $GITHUB_ENV
-echo "OIDC_HOST=keycloak.zenko.local" >> $GITHUB_ENV
+echo "KEYCLOAK_TEST_ENDPOINT=https://keycloak.zenko.local" >> $GITHUB_ENV
+echo "KEYCLOAK_TEST_HOST=keycloak.zenko.local" >> $GITHUB_ENV
 echo "ENABLE_KEYCLOAK_HTTPS=true" >> $GITHUB_ENV
 
 # Set the HTTPS ingress options for Keycloak

.github/scripts/end2end/keycloak-helper.sh

@@ -34,17 +34,17 @@ case $COMMAND in
         export OIDC_EMAIL=${OIDC_EMAIL:-"e2e@zenko.local"}
 
         envsubst < $DIR/configs/keycloak_user.json | \
-            ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh create users -r ${OIDC_REALM} -f -
+            ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh create users -r ${KEYCLOAK_TEST_REALM_NAME} -f -
 
         ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh set-password \
-            -r ${OIDC_REALM} \
-            --username ${OIDC_USERNAME} \
+            -r ${KEYCLOAK_TEST_REALM_NAME} \
+            --username ${KEYCLOAK_TEST_USER} \
             --new-password ${KEYCLOAK_TEST_PASSWORD}
 
         # attach StorageManager role to user
         ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh add-roles \
-          -r ${OIDC_REALM} \
-          --uusername ${OIDC_USERNAME} \
+          -r ${KEYCLOAK_TEST_REALM_NAME} \
+          --uusername ${KEYCLOAK_TEST_USER} \
           --rolename "StorageManager"
         ;;
 
@@ -54,9 +54,9 @@ case $COMMAND in
         export INSTANCE_ID=`kubectl -n ${NAMESPACE} get zenko -o jsonpath='{.items[0].status.instanceID}'`
 
         # get user id
-        USER_ID=$(${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh get users -r ${OIDC_REALM} -q "username=${OIDC_USERNAME}" | jq -r '.[0].id')
+        USER_ID=$(${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh get users -r ${KEYCLOAK_TEST_REALM_NAME} -q "username=${KEYCLOAK_TEST_USER}" | jq -r '.[0].id')
         # set instanceIds array attribute for user
-        ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh update users/${USER_ID} -r ${OIDC_REALM} -s 'attributes={"instanceIds":["'"${INSTANCE_ID}"'"],"role":"user"}'
+        ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh update users/${USER_ID} -r ${KEYCLOAK_TEST_REALM_NAME} -s 'attributes={"instanceIds":["'"${INSTANCE_ID}"'"],"role":"user"}'
 
 
         ;;

.github/scripts/end2end/load-config.sh

@@ -37,13 +37,11 @@ load_common() {
     ENV_VARS=()
 
     # From end2end.yaml
-    ENV_VARS+=("KEYCLOAK_TEST_REALM_NAME=$(get_env_var OIDC_REALM)")
-    ENV_VARS+=("KEYCLOAK_TEST_CLIENT_ID=$(get_env_var OIDC_CLIENT_ID)")
-    ENV_VARS+=("KEYCLOAK_TEST_USER=$(get_env_var OIDC_USERNAME)")
+    ENV_VARS+=("KEYCLOAK_TEST_REALM_NAME=$(get_env_var KEYCLOAK_TEST_REALM_NAME)")
+    ENV_VARS+=("KEYCLOAK_TEST_CLIENT_ID=$(get_env_var KEYCLOAK_TEST_CLIENT_ID)")
+    ENV_VARS+=("KEYCLOAK_TEST_USER=$(get_env_var KEYCLOAK_TEST_USER)")
     ENV_VARS+=("KEYCLOAK_TEST_PASSWORD=$(get_env_var KEYCLOAK_TEST_PASSWORD)")
-    ENV_VARS+=("KEYCLOAK_TEST_HOST=$(get_env_var OIDC_HOST)")
-    ENV_VARS+=("KEYCLOAK_TEST_PORT=80")
-    ENV_VARS+=("KEYCLOAK_TEST_GRANT_TYPE=password")
+    ENV_VARS+=("KEYCLOAK_TEST_HOST=$(get_env_var KEYCLOAK_TEST_HOST)")
     ENV_VARS+=("AZURE_ACCOUNT_NAME=$(get_env_var AZURE_ACCOUNT_NAME)")
     ENV_VARS+=("AZURE_SECRET_KEY=$(get_env_var AZURE_SECRET_KEY)")
     ENV_VARS+=("AZURE_BACKEND_ENDPOINT=$(get_env_var AZURE_BACKEND_ENDPOINT)")

.github/scripts/end2end/run-e2e-ctst.sh

@@ -32,13 +32,13 @@ ADMIN_PRA_SECRET_ACCESS_KEY=$(kubectl get secret end2end-pra-management-vault-ad
 
 VAULT_AUTH_HOST="${ZENKO_NAME}-connector-vault-auth-api.default.svc.cluster.local"
 # ZENKO_PORT="80"
-KEYCLOAK_TEST_USER=${OIDC_USERNAME}
+# KEYCLOAK_TEST_USER=${OIDC_USERNAME}
 # KEYCLOAK_TEST_PASSWORD=${OIDC_PASSWORD}
-KEYCLOAK_TEST_HOST=${OIDC_HOST}
-KEYCLOAK_TEST_PORT="80"
-KEYCLOAK_TEST_REALM_NAME=${OIDC_REALM}
-KEYCLOAK_TEST_CLIENT_ID=${OIDC_CLIENT_ID}
-KEYCLOAK_TEST_GRANT_TYPE="password"
+# KEYCLOAK_TEST_HOST=${OIDC_HOST}
+# KEYCLOAK_TEST_PORT="80"
+# KEYCLOAK_TEST_REALM_NAME=${OIDC_REALM}
+# KEYCLOAK_TEST_CLIENT_ID=${OIDC_CLIENT_ID}
+# KEYCLOAK_TEST_GRANT_TYPE="password"
 
 # get Zenko service users credentials
 BACKBEAT_LCBP_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-lcbp-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-lifecycle-bp-1\.json}' | base64 -d)
@@ -105,12 +105,6 @@ WORLD_PARAMETERS="$(jq -c <<EOF
   "PrometheusService":"${PROMETHEUS_NAME}-operated.default.svc.cluster.local",
   "KafkaHosts":"${KAFKA_HOST_PORT}",
   "KafkaAuthHosts":"${KAFKA_AUTH_HOST_PORT}",
-  "KeycloakUsername":"${KEYCLOAK_TEST_USER}",
-  "KeycloakHost":"${KEYCLOAK_TEST_HOST}",
-  "KeycloakPort":"${KEYCLOAK_TEST_PORT}",
-  "KeycloakRealm":"${KEYCLOAK_TEST_REALM_NAME}",
-  "KeycloakClientId":"${KEYCLOAK_TEST_CLIENT_ID}",
-  "KeycloakGrantType":"${KEYCLOAK_TEST_GRANT_TYPE}",
   "StorageManagerUsername":"ctst_storage_manager",
   "StorageAccountOwnerUsername":"ctst_storage_account_owner",
   "DataConsumerUsername":"ctst_data_consumer",
@@ -151,7 +145,7 @@ docker run \
     --rm \
     --network=host \
     "${E2E_IMAGE}" /bin/bash \
-    -c "SUBDOMAIN=${SUBDOMAIN} CONTROL_PLANE_INGRESS_ENDPOINT=${OIDC_ENDPOINT} ACCOUNT=${ZENKO_ACCOUNT_NAME} KEYCLOAK_REALM=${KEYCLOAK_TEST_REALM_NAME} STORAGE_MANAGER=ctst_storage_manager STORAGE_ACCOUNT_OWNER=ctst_storage_account_owner DATA_CONSUMER=ctst_data_consumer DATA_ACCESSOR=ctst_data_accessor /ctst/node_modules/cli-testing/bin/seedKeycloak.sh"; [[ $? -eq 1 ]] && exit 1 || echo 'Keycloak Configured!'
+    -c "SUBDOMAIN=${SUBDOMAIN} CONTROL_PLANE_INGRESS_ENDPOINT=${KEYCLOAK_TEST_ENDPOINT} ACCOUNT=${ZENKO_ACCOUNT_NAME} KEYCLOAK_REALM=${KEYCLOAK_TEST_REALM_NAME} STORAGE_MANAGER=ctst_storage_manager STORAGE_ACCOUNT_OWNER=ctst_storage_account_owner DATA_CONSUMER=ctst_data_consumer DATA_ACCESSOR=ctst_data_accessor /ctst/node_modules/cli-testing/bin/seedKeycloak.sh"; [[ $? -eq 1 ]] && exit 1 || echo 'Keycloak Configured!'
 
 # Grant access to Kube API (insecure, only for testing)
 kubectl create clusterrolebinding serviceaccounts-cluster-admin \

.github/scripts/end2end/run-e2e-test.sh

@@ -51,12 +51,12 @@ DESTINATION_SESSION_TOKEN=$(kubectl get secret "end2end-account-${CRR_DESTINATIO
 DESTINATION_ACCOUNT_ID=$(kubectl get secret "end2end-account-${CRR_DESTINATION_ACCOUNT_NAME}" -o jsonpath='{.data.AccountId}' | base64 -d)
 CRR_DESTINATION_INFO="{\"AccessKeyId\":\"${DESTINATION_ACCESS_KEY}\",\"SecretAccessKey\":\"${DESTINATION_SECRET_KEY}\",\"SessionToken\":\"${DESTINATION_SESSION_TOKEN}\",\"AccountId\":\"${DESTINATION_ACCOUNT_ID}\"}"
 OIDC_FULLNAME="${OIDC_FIRST_NAME} ${OIDC_LAST_NAME}"
-KEYCLOAK_TEST_USER="${OIDC_USERNAME}-norights"
-KEYCLOAK_TEST_HOST=${OIDC_ENDPOINT}
-KEYCLOAK_TEST_PORT="80"
-KEYCLOAK_TEST_REALM_NAME=${OIDC_REALM}
-KEYCLOAK_TEST_CLIENT_ID=${OIDC_CLIENT_ID}
-KEYCLOAK_TEST_GRANT_TYPE="password"
+KEYCLOAK_TEST_USER="${KEYCLOAK_TEST_USER}-norights"
+# KEYCLOAK_TEST_HOST=${OIDC_ENDPOINT}
+# KEYCLOAK_TEST_PORT="80"
+# KEYCLOAK_TEST_REALM_NAME=${OIDC_REALM}
+# KEYCLOAK_TEST_CLIENT_ID=${OIDC_CLIENT_ID}
+# KEYCLOAK_TEST_GRANT_TYPE="password"
 MOCHA_FILE=${MOCHA_FILE:-}
 
 run_e2e_test() {
@@ -81,11 +81,11 @@ run_e2e_test() {
         --env=TOKEN=${TOKEN} \
         --env=STAGE=${STAGE} \
         --env=CYPRESS_KEYCLOAK_USER_FULLNAME="${OIDC_FULLNAME}" \
-        --env=CYPRESS_KEYCLOAK_USERNAME=${OIDC_USERNAME} \
+        --env=CYPRESS_KEYCLOAK_USERNAME=${KEYCLOAK_TEST_USER} \
         --env=CYPRESS_KEYCLOAK_PASSWORD=${KEYCLOAK_TEST_PASSWORD} \
-        --env=CYPRESS_KEYCLOAK_ROOT=${OIDC_ENDPOINT} \
-        --env=CYPRESS_KEYCLOAK_CLIENT_ID=${OIDC_CLIENT_ID} \
-        --env=CYPRESS_KEYCLOAK_REALM=${OIDC_REALM} \
+        --env=CYPRESS_KEYCLOAK_ROOT=${KEYCLOAK_TEST_ENDPOINT} \
+        --env=CYPRESS_KEYCLOAK_CLIENT_ID=${KEYCLOAK_TEST_CLIENT_ID} \
+        --env=CYPRESS_KEYCLOAK_REALM=${KEYCLOAK_TEST_REALM_NAME} \
         --env=AWS_BACKEND_SOURCE_LOCATION=${AWS_BACKEND_SOURCE_LOCATION} \
         --env=AWS_BACKEND_DESTINATION_LOCATION=${AWS_BACKEND_DESTINATION_LOCATION} \
         --env=AWS_S3_FAIL_BACKEND_DESTINATION_LOCATION=${AWS_BACKEND_DESTINATION_FAIL_LOCATION} \
@@ -125,10 +125,8 @@ run_e2e_test() {
         --env=KEYCLOAK_TEST_USER=${KEYCLOAK_TEST_USER} \
         --env=KEYCLOAK_TEST_PASSWORD=${KEYCLOAK_TEST_PASSWORD} \
         --env=KEYCLOAK_TEST_HOST=${KEYCLOAK_TEST_HOST} \
-        --env=KEYCLOAK_TEST_PORT=${KEYCLOAK_TEST_PORT} \
         --env=KEYCLOAK_TEST_REALM_NAME=${KEYCLOAK_TEST_REALM_NAME} \
         --env=KEYCLOAK_TEST_CLIENT_ID=${KEYCLOAK_TEST_CLIENT_ID} \
-        --env=KEYCLOAK_TEST_GRANT_TYPE=${KEYCLOAK_TEST_GRANT_TYPE} \
         --env=BACKBEAT_BUCKET_CHECK_TIMEOUT_S=${BACKBEAT_BUCKET_CHECK_TIMEOUT_S} \
         --env=MONGO_DATABASE=${MONGO_DATABASE} \
         --env=MONGO_READ_PREFERENCE=${MONGO_READ_PREFERENCE} \

.github/workflows/end2end.yaml

@@ -18,9 +18,9 @@ env:
   OPERATOR_IMAGE: ""
   KIND_NODE_IMAGE: "kindest/node:v1.32.8@sha256:abd489f042d2b644e2d033f5c2d900bc707798d075e8186cb65e3f1367a9d5a1"
   VOLUME_ROOT: /artifacts
-  OIDC_REALM: "zenko"
-  OIDC_CLIENT_ID: "zenko-ui"
-  OIDC_USERNAME: 'storage_manager'
+  KEYCLOAK_TEST_REALM_NAME: "zenko"
+  KEYCLOAK_TEST_CLIENT_ID: "zenko-ui"
+  KEYCLOAK_TEST_USER: 'storage_manager'
   KEYCLOAK_TEST_PASSWORD: '123'
   OIDC_FIRST_NAME: 'hello'
   OIDC_LAST_NAME: 'world'
@@ -35,8 +35,8 @@ env:
   VAULT_TEST_IMAGE_NAME: ""
   VAULT_TEST_IMAGE_TAG: ""
   # http-env
-  OIDC_ENDPOINT: 'http://keycloak.zenko.local'
-  OIDC_HOST: 'keycloak.zenko.local'
+  KEYCLOAK_TEST_ENDPOINT: 'http://keycloak.zenko.local'
+  KEYCLOAK_TEST_HOST: 'keycloak.zenko.local'
   ENABLE_KEYCLOAK_HTTPS: 'false'
   KEYCLOAK_VERSION: '18.4.4'
   PROMETHEUS_NAME: "prometheus"
@@ -482,14 +482,14 @@ jobs:
         shell: bash
         run: bash keycloak-helper.sh add-user default end2end-pra
         env:
-          OIDC_USERNAME: 'zenko-end2end-pra'
+          KEYCLOAK_TEST_USER: 'zenko-end2end-pra'
           OIDC_EMAIL: 'e2e-pra@zenko.local'
         working-directory: ./.github/scripts/end2end
       - name: Configure E2E PRA test environment
         run: bash configure-e2e.sh end2end-pra ${E2E_IMAGE_NAME}:${E2E_IMAGE_TAG} default
         working-directory: ./.github/scripts/end2end
         env:
-          OIDC_USERNAME: 'zenko-end2end-pra'
+          KEYCLOAK_TEST_USER: 'zenko-end2end-pra'
       - name: Configure E2E CTST test environment
         run: bash configure-e2e-ctst.sh
         working-directory: ./.github/scripts/end2end

tests/ctst/world/Zenko.ts

@@ -63,13 +63,13 @@ export interface ZenkoWorldParameters extends ClientOptions {
     KafkaHosts: string;
     KafkaAuthHosts: string;
     PrometheusService: string;
-    KeycloakUsername: string;
-    KeycloakPassword: string;
-    KeycloakHost: string;
-    KeycloakPort: string;
-    KeycloakRealm: string;
-    KeycloakClientId: string;
-    KeycloakGrantType: string;
+    // KeycloakUsername: string;
+    // KeycloakPassword: string;
+    // KeycloakHost: string;
+    // KeycloakPort: string;
+    // KeycloakRealm: string;
+    // KeycloakClientId: string;
+    // KeycloakGrantType: string;
     // KeycloakTestPassword: string;
     StorageManagerUsername: string;
     StorageAccountOwnerUsername: string;
@@ -265,19 +265,19 @@ export default class Zenko extends World<ZenkoWorldParameters> {
             break;
         case EntityType.STORAGE_MANAGER:
             await this.prepareARWWI(this.parameters.StorageManagerUsername || 'storage_manager',
-                'storage-manager-role', this.parameters.KeycloakTestPassword);
+                'storage-manager-role', process.env.KEYCLOAK_TEST_PASSWORD);
             break;
         case EntityType.STORAGE_ACCOUNT_OWNER:
             await this.prepareARWWI(this.parameters.StorageAccountOwnerUsername || 'storage_account_owner',
-                'storage-account-owner-role', this.parameters.KeycloakTestPassword);
+                'storage-account-owner-role', process.env.KEYCLOAK_TEST_PASSWORD);
             break;
         case EntityType.DATA_CONSUMER:
             await this.prepareARWWI(this.parameters.DataConsumerUsername || 'data_consumer',
-                'data-consumer-role', this.parameters.KeycloakTestPassword);
+                'data-consumer-role', process.env.KEYCLOAK_TEST_PASSWORD);
             break;
         case EntityType.DATA_ACCESSOR:
             await this.prepareARWWI(this.parameters.DataAccessorUsername || 'data_accessor',
-                'data-accessor-role', this.parameters.KeycloakTestPassword);
+                'data-accessor-role', process.env.KEYCLOAK_TEST_PASSWORD);
             break;
         case EntityType.ASSUME_ROLE_USER:
             await this.prepareAssumeRole(false);
@@ -314,11 +314,11 @@ export default class Zenko extends World<ZenkoWorldParameters> {
             const webIdentityToken = await this.getWebIdentityToken(
                 ARWWIName,
                 ARWWIPassword || '123',
-                this.parameters.KeycloakHost || 'keycloak.zenko.local',
-                this.parameters.KeycloakPort || '80',
-                `/auth/realms/${this.parameters.KeycloakRealm || 'zenko'}/protocol/openid-connect/token`,
-                this.parameters.KeycloakClientId || Constants.K_CLIENT,
-                this.parameters.KeycloakGrantType || 'password',
+                process.env.KEYCLOAK_TEST_HOST,
+                '80',
+                `/auth/realms/${process.env.KEYCLOAK_TEST_REALM_NAME}/protocol/openid-connect/token`,
+                process.env.KEYCLOAK_TEST_CLIENT_ID || Constants.K_CLIENT,
+                'password',
             );
             if (!webIdentityToken) {
                 throw new Error('Error when trying to get a WebIdentity token.');
@@ -946,13 +946,13 @@ export default class Zenko extends World<ZenkoWorldParameters> {
         payload: object | string = {},
     ): Promise<{ statusCode: number; data: object } | { statusCode: number; err: unknown }> {
         const token = await this.getWebIdentityToken(
-            this.parameters.KeycloakUsername || 'storage_manager',
+            process.env.KEYCLOAK_TEST_USER,
             process.env.KEYCLOAK_TEST_PASSWORD,
-            this.parameters.KeycloakHost || 'keycloak.zenko.local',
-            this.parameters.KeycloakPort || '80',
-            `/auth/realms/${this.parameters.KeycloakRealm || 'zenko'}/protocol/openid-connect/token`,
-            this.parameters.KeycloakClientId || Constants.K_CLIENT,
-            this.parameters.KeycloakGrantType || 'password',
+            process.env.KEYCLOAK_TEST_HOST,
+            '80',
+            `/auth/realms/${process.env.KEYCLOAK_TEST_REALM_NAME || 'zenko'}/protocol/openid-connect/token`,
+            process.env.KEYCLOAK_TEST_CLIENT_ID || Constants.K_CLIENT,
+            'password',
         );
         const axiosInstance = axios.create();
         const protocol = process.env.SSL === 'false' ? 'http://' : 'https://';

tests/zenko_tests/node_tests/utils/getWebIdentityToken.js

@@ -2,12 +2,12 @@ const querystring = require('querystring');
 const http = require('http');
 const assert = require('assert');
 
-const HOST_1_URL = process.env.KEYCLOAK_TEST_HOST || 'http://keycloak.zenko.local';
-const HOST_1_PORT = parseInt(process.env.KEYCLOAK_TEST_PORT, 10) || 80;
+const HOST_1 = process.env.KEYCLOAK_TEST_HOST;
+const HOST_1_PORT = 80;
 const REALM_NAME = process.env.KEYCLOAK_TEST_REALM_NAME || 'zenko';
 const KEYCLOAK_PATH = `/auth/realms/${REALM_NAME}/protocol/openid-connect/token`;
 const CLIENT_ID = process.env.KEYCLOAK_TEST_CLIENT_ID || 'zenko-ui';
-const GRANT_TYPE = process.env.KEYCLOAK_TEST_GRANT_TYPE || 'password';
+const GRANT_TYPE = 'password';
 
 
 /**
@@ -33,9 +33,6 @@ function getWebIdentityToken(
     grandType,
     callback,
 ) {
-    // In Zenko, we are using an endpoint as the `KEYCLOAK_TEST_HOST` env variable
-    // So we should remove any existing http of https prefix in HOST_1_URL.
-    host = host.replace('https://', '').replace('http://', '');
     const userData = querystring.stringify({
         username,
         password,
@@ -82,7 +79,7 @@ function getTokenForIdentity(identity, callback) {
     getWebIdentityToken(
         identity,
         process.env.KEYCLOAK_TEST_PASSWORD,
-        HOST_1_URL,
+        HOST_1,
         HOST_1_PORT,
         KEYCLOAK_PATH,
         CLIENT_ID,