Allow the dataset to generate users with a limited number of unique passwords

Closes #1237

Signed-off-by: Ryan Emerson <[email protected]>

Author: ryanemerson

dataset/dataset-import.sh

@@ -24,8 +24,9 @@ set_environment_variables () {
   STATUS_TIMEOUT="120"
   CREATE_TIMEOUT="3600"
   THREADS="-1"
+  UNIQUE_CREDENTIALS="-1"
 
-  while getopts ":a:r:n:c:u:e:o:g:i:p:l:t:C:T:" OPT
+  while getopts ":a:r:n:c:u:e:o:g:i:p:l:t:C:T:U:" OPT
   do
     case $OPT in
       a)
@@ -70,6 +71,9 @@ set_environment_variables () {
       T)
         THREADS=$OPTARG
         ;;
+      U)
+        UNIQUE_CREDENTIALS=$OPTARG
+        ;;
       ?)
         echo "Invalid option: $OPT, read the usage carefully -> "
         help
@@ -85,7 +89,7 @@ create_clients () {
 
 create_users () {
   echo "Creating $1 user/s in realm $2"
-  execute_command "create-users?count=$1&realm-name=$2"
+  execute_command "create-users?count=$1&realm-name=$2&unique-credential-count=$3"
 }
 
 create_events () {
@@ -201,7 +205,7 @@ main () {
       exit 0
       ;;
     create-users)
-      create_users $USERS_COUNT $REALM_NAME
+      create_users $USERS_COUNT $REALM_NAME $UNIQUE_CREDENTIALS
       exit 0
       ;;
     create-events)

dataset/src/main/java/org/keycloak/benchmark/dataset/DatasetResourceProvider.java

@@ -33,6 +33,7 @@
 import org.keycloak.benchmark.dataset.config.DatasetException;
 import org.keycloak.benchmark.dataset.organization.OrganizationProvisioner;
 import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
+import org.keycloak.credential.hash.PasswordHashProvider;
 import org.keycloak.events.Event;
 import org.keycloak.events.EventStoreProvider;
 import org.keycloak.events.EventType;
@@ -52,6 +53,7 @@
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.models.cache.CacheRealmProvider;
+import org.keycloak.models.credential.PasswordCredentialModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
@@ -71,6 +73,7 @@
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
+import java.util.stream.IntStream;
 
 import static org.keycloak.benchmark.dataset.config.DatasetOperation.CREATE_CLIENTS;
 import static org.keycloak.benchmark.dataset.config.DatasetOperation.CREATE_EVENTS;
@@ -435,6 +438,8 @@ private void createUsersImpl(Task task, DatasetConfig config, RealmModel realm)
     }
 
     private void addUserCreationTasks(RealmContext context, Task task, DatasetConfig config, ExecutorHelper executor, int startIndex, int usersCount) {
+        // Initialize password credentials if unique-credentials-count is configured
+        List<PasswordCredentialModel> credentials = initializeCredentials(config, context);
 
         for (int i = startIndex; i < (startIndex + usersCount); i += config.getUsersPerTransaction()) {
             final int usersStartIndex = i;
@@ -446,7 +451,7 @@ private void addUserCreationTasks(RealmContext context, Task task, DatasetConfig
             executor.addTaskRunningInTransaction(session -> {
                 KeycloakModelUtils.cloneContextRealmClientToSession(baseSession.getContext(), session);
 
-                createUsers(context, session, usersStartIndex, endIndex);
+                createUsers(context, session, usersStartIndex, endIndex, credentials);
 
                 task.debug(logger, "Created users in realm %s from %d to %d", context.getRealm().getName(), usersStartIndex, endIndex);
 
@@ -457,6 +462,17 @@ private void addUserCreationTasks(RealmContext context, Task task, DatasetConfig
         }
     }
 
+    private List<PasswordCredentialModel> initializeCredentials(DatasetConfig config, RealmContext context) {
+        PasswordPolicy policy = context.getRealm().getPasswordPolicy();
+        PasswordHashProvider hash = policy.getHashAlgorithm() != null ?
+              baseSession.getProvider(PasswordHashProvider.class, policy.getHashAlgorithm()) :
+              baseSession.getProvider(PasswordHashProvider.class);
+
+        return IntStream.range(0, config.getUniqueCredentialCount())
+              .boxed()
+              .map(i -> hash.encodedCredential("password-" + i, policy.getHashIterations()))
+              .toList();
+    }
 
     @GET
     @Path("/create-events")
@@ -1130,7 +1146,7 @@ private void createClients(RealmContext context, Task task, KeycloakSession sess
     }
 
     // Worker task to be triggered by single executor thread
-    private void createUsers(RealmContext context, KeycloakSession session, int startIndex, int endIndex) {
+    private void createUsers(RealmContext context, KeycloakSession session, int startIndex, int endIndex, List<PasswordCredentialModel> credentials) {
         // Refresh the realm
         RealmModel realm = session.realms().getRealm(context.getRealm().getId());
         DatasetConfig config = context.getConfig();
@@ -1147,8 +1163,13 @@ private void createUsers(RealmContext context, KeycloakSession session, int star
             user.setLastName(username + "-last");
             user.setEmail(username + String.format("@%s.com", realm.getName()));
 
-            String password = String.format("%s-password", username);
-            user.credentialManager().updateCredential(UserCredentialModel.password(password, false));
+            if (credentials.isEmpty()) {
+                String password = String.format("%s-password", username);
+                user.credentialManager().updateCredential(UserCredentialModel.password(password, false));
+            } else {
+                PasswordCredentialModel password = credentials.get(i % config.getUniqueCredentialCount());
+                user.credentialManager().createStoredCredential(password);
+            }
 
             // Assign a role to a user if any exist in the realm
             if (!context.getRealmRoles().isEmpty()) {

dataset/src/main/java/org/keycloak/benchmark/dataset/config/DatasetConfig.java

@@ -226,6 +226,9 @@ public class DatasetConfig {
     @QueryParamIntFill(paramName = "identity-provider-mappers-count", operations = CREATE_ORGS)
     private int identityProviderMappersCount;
 
+    @QueryParamIntFill(paramName = "unique-credential-count", defaultValue = 0, operations =  CREATE_USERS)
+    private int uniqueCredentialCount;
+
     // String representation of this configuration (cached here to not be computed in runtime)
     private String toString = "DatasetConfig []";
 
@@ -432,4 +435,8 @@ public int getIdentityProvidersCount() {
     public int getIdentityProviderMappersCount() {
         return identityProviderMappersCount;
     }
+
+    public int getUniqueCredentialCount() {
+        return uniqueCredentialCount;
+    }
 }