KEYCLOAK-11779 Make feature controller which takes care of enabling/disabling features including restarting container if needed

testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java

@@ -92,6 +92,10 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Cookie;
 import javax.ws.rs.core.Response;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.text.ParseException;
@@ -101,6 +105,7 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -831,6 +836,25 @@ public class TestingResourceProvider implements RealmResourceProvider {
         return new TestJavascriptResource();
     }
 
+    private void setFeatureInProfileFile(File file, Profile.Feature featureProfile, String newState) {
+        Properties properties = new Properties();
+        if (file.isFile() && file.exists()) {
+            try (FileInputStream fis = new FileInputStream(file)) {
+                properties.load(fis);
+            } catch (IOException e) {
+                throw new RuntimeException("Unable to read profile.properties file");
+            }
+        }
+
+        properties.setProperty("feature." + featureProfile.toString().toLowerCase(), newState);
+
+        try (FileOutputStream fos = new FileOutputStream(file)) {
+            properties.store(fos, null);
+        } catch (IOException e) {
+            throw new RuntimeException("Unable to write to profile.properties file");
+        }
+    }
+
     @POST
     @Path("/enable-feature/{feature}")
     @Consumes(MediaType.APPLICATION_JSON)
@@ -848,6 +872,13 @@ public class TestingResourceProvider implements RealmResourceProvider {
             return Response.ok().build();
 
         System.setProperty("keycloak.profile.feature." + featureProfile.toString().toLowerCase(), "enabled");
+
+        String jbossServerConfigDir = System.getProperty("jboss.server.config.dir");
+        // If we are in jboss-based container, we need to write profile.properties file, otherwise the change in system property will disappear after restart
+        if (jbossServerConfigDir != null) {
+            setFeatureInProfileFile(new File(jbossServerConfigDir, "profile.properties"), featureProfile, "enabled");
+        }
+
         Profile.init();
 
         if (Profile.isFeatureEnabled(featureProfile))
@@ -873,6 +904,13 @@ public class TestingResourceProvider implements RealmResourceProvider {
             return Response.ok().build();
 
         System.getProperties().remove("keycloak.profile.feature." + featureProfile.toString().toLowerCase());
+
+        String jbossServerConfigDir = System.getProperty("jboss.server.config.dir");
+        // If we are in jboss-based container, we need to write profile.properties file, otherwise the change in system property will disappear after restart
+        if (jbossServerConfigDir != null) {
+            setFeatureInProfileFile(new File(jbossServerConfigDir, "profile.properties"), featureProfile, "disabled");
+        }
+
         Profile.init();
 
         if (!Profile.isFeatureEnabled(featureProfile))

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/ProfileAssume.java

@@ -76,7 +76,7 @@ public class ProfileAssume {
         Assume.assumeTrue("Ignoring test as community profile is not enabled", profile.equals("community"));
     }
 
-    private static boolean isFeatureEnabled(Profile.Feature feature) {
+    public static boolean isFeatureEnabled(Profile.Feature feature) {
         updateProfile();
         return !disabledFeatures.contains(feature.name());
     }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java

@@ -149,6 +149,10 @@ public final class TestContext {
     }
 
     public KeycloakTestingClient getTestingClient() {
+        if (testingClient == null) {
+            String authServerContextRoot = suiteContext.getAuthServerInfo().getContextRoot().toString();
+            testingClient = KeycloakTestingClient.getInstance(authServerContextRoot + "/auth");
+        }
         return testingClient;
     }
 

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/DisableFeature.java

@@ -0,0 +1,23 @@
+package org.keycloak.testsuite.arquillian.annotation;
+
+import org.keycloak.common.Profile;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Repeatable;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * @author mhajas
+ */
+@Retention(RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Repeatable(DisableFeatures.class)
+@Inherited
+public @interface DisableFeature {
+    Profile.Feature value();
+    boolean skipRestart() default false;
+}

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/DisableFeatures.java

@@ -0,0 +1,18 @@
+package org.keycloak.testsuite.arquillian.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * @author mhajas
+ */
+@Retention(RUNTIME)
+@Inherited
+@Target({ElementType.TYPE, ElementType.METHOD})
+public @interface DisableFeatures {
+    DisableFeature[] value() default {};
+}

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/EnableFeature.java

@@ -0,0 +1,23 @@
+package org.keycloak.testsuite.arquillian.annotation;
+
+import org.keycloak.common.Profile;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Repeatable;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * @author mhajas
+ */
+@Retention(RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Repeatable(EnableFeatures.class)
+@Inherited
+public @interface EnableFeature {
+    Profile.Feature value();
+    boolean skipRestart() default false;
+}

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/EnableFeatures.java

@@ -0,0 +1,19 @@
+package org.keycloak.testsuite.arquillian.annotation;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * @author mhajas
+ */
+@Retention(RUNTIME)
+@Inherited
+@Target({ElementType.TYPE, ElementType.METHOD})
+public @interface EnableFeatures {
+    EnableFeature[] value() default {};
+}

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/annotation/RestartContainer.java

@@ -52,9 +52,4 @@ public @interface RestartContainer {
      * @return Wait time in milliseconds after database initialization.
      */
     long intializeDatabaseWait() default 0;
-
-    /**
-     * @return Array of features, which should be enabled.
-     */
-    Profile.Feature[] enableFeatures() default {};
 }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakContainerEventsController.java

@@ -140,14 +140,6 @@ public class KeycloakContainerEventsController extends ContainerEventController
         if (restartContainer.withoutKeycloakAddUserFile()) {
             copyKeycloakAddUserFile();
         }
-
-        if (restartContainer.enableFeatures().length != 0) {
-            changeStateOfFeatures(restartContainer, false);
-            // Auth-server has to be restarted again. If not, the features will not to be disabled.
-            container.fire(new StopManualContainers());
-            container.fire(new StopSuiteContainers());
-            container.fire(new StartSuiteContainers());
-        }
     }
 
     /**
@@ -158,10 +150,6 @@ public class KeycloakContainerEventsController extends ContainerEventController
         if (restartContainer.withoutKeycloakAddUserFile()) {
             removeKeycloakAddUserFile();
         }
-
-        if (restartContainer.enableFeatures().length != 0) {
-            changeStateOfFeatures(restartContainer, true);
-        }
     }
 
     /**
@@ -263,81 +251,4 @@ public class KeycloakContainerEventsController extends ContainerEventController
             }
         }
     }
-
-    /**
-     * Change state of features, which are contained in {@code enableFeatures} param.
-     * This method either enable or disable features.
-     * If auth-server is JBossBased, then the features are either enabled or disabled via {@code profile.properties}.
-     *
-     * @param restartContainer to pass more information from test annotation.
-     * @param enableFeatures   if the features will be enabled or disabled.
-     */
-    private void changeStateOfFeatures(RestartContainer restartContainer, boolean enableFeatures) {
-        Optional<Container> authServerOptional = containerRegistry.get().getContainers().stream()
-                .filter(f -> f.getName().startsWith("auth-server-")).findFirst();
-
-        if (authServerOptional.isPresent()) {
-            Container authServer = authServerOptional.get();
-            boolean isJbossBased = new ContainerInfo(authServer).isJBossBased();
-
-            if (isJbossBased) {
-                ContainerDef conf = authServer.getContainerConfiguration();
-                String jbossHome = conf.getContainerProperty("jbossHome");
-                Path fileProps = null;
-                if (jbossHome != null) {
-                    try {
-                        Path dir = Paths.get(jbossHome + "/standalone/configuration");
-                        fileProps = dir.resolve("profile.properties");
-
-                        if (enableFeatures) {
-                            Path file = Files.createFile(fileProps);
-                            Properties props = new Properties();
-                            Arrays.stream(restartContainer.enableFeatures()).forEach(f -> props.setProperty("feature." + f.toString().toLowerCase(), "enabled"));
-                            PrintWriter pw = new PrintWriter(file.toFile());
-                            props.list(pw);
-                            pw.close();
-                        } else {
-                            Files.deleteIfExists(fileProps);
-                        }
-                    } catch (FileAlreadyExistsException ex) {
-                        changeFeaturesInExistingProps(restartContainer, fileProps, true);
-                    } catch (IOException e) {
-                        e.printStackTrace();
-                    }
-                }
-            } else {
-                if (enableFeatures) {
-                    Arrays.stream(restartContainer.enableFeatures())
-                            .forEach(f -> System.setProperty("keycloak.profile.feature." + f.toString().toLowerCase(), "enabled"));
-                } else {
-                    Arrays.stream(restartContainer.enableFeatures())
-                            .forEach(f -> System.getProperties().remove("keycloak.profile.feature." + f.toString().toLowerCase()));
-                }
-            }
-            Profile.init();
-        }
-    }
-
-    /**
-     * If exists {@code profile.properties} file, then another properties are only appended to the file.
-     *
-     * @param restartContainer to pass more information from test annotation
-     * @param file             path to profile.properties
-     * @param enableFeatures   if features will be enabled or disabled
-     */
-    private void changeFeaturesInExistingProps(RestartContainer restartContainer, Path file, boolean enableFeatures) {
-        Profile.Feature[] features = restartContainer.enableFeatures();
-        String state = enableFeatures ? "enabled" : "disabled";
-
-        if (features.length != 0) {
-            Properties props = new Properties();
-            try {
-                props.load(Files.newBufferedReader(file));
-                Arrays.stream(features).forEach(f -> props.setProperty("feature." + f.toString().toLowerCase(), state));
-                props.store(Files.newBufferedWriter(file), "");
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
-        }
-    }
 }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakContainerFeaturesController.java

@@ -0,0 +1,175 @@
+package org.keycloak.testsuite.arquillian.containers;
+
+import org.jboss.arquillian.container.spi.event.ContainerMultiControlEvent;
+import org.jboss.arquillian.container.spi.event.StartClassContainers;
+import org.jboss.arquillian.container.spi.event.StartContainer;
+import org.jboss.arquillian.container.spi.event.StartSuiteContainers;
+import org.jboss.arquillian.container.spi.event.StopContainer;
+import org.jboss.arquillian.container.spi.event.StopManualContainers;
+import org.jboss.arquillian.container.spi.event.StopSuiteContainers;
+import org.jboss.arquillian.core.api.Event;
+import org.jboss.arquillian.core.api.Instance;
+import org.jboss.arquillian.core.api.annotation.Inject;
+import org.jboss.arquillian.core.api.annotation.Observes;
+import org.jboss.arquillian.test.spi.event.suite.After;
+import org.jboss.arquillian.test.spi.event.suite.AfterClass;
+import org.jboss.arquillian.test.spi.event.suite.Before;
+import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
+import org.keycloak.common.Profile;
+import org.keycloak.testsuite.ProfileAssume;
+import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+import org.keycloak.testsuite.arquillian.SuiteContext;
+import org.keycloak.testsuite.arquillian.TestContext;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeatures;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeatures;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
+import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
+
+import java.lang.reflect.AnnotatedElement;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.function.BiConsumer;
+import java.util.stream.Collectors;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.getManagementClient;
+
+/**
+ * @author mhajas
+ */
+public class KeycloakContainerFeaturesController {
+
+    @Inject
+    private Instance<TestContext> testContextInstance;
+    @Inject
+    private Instance<SuiteContext> suiteContextInstance;
+    @Inject
+    private Event<StartContainer> startContainerEvent;
+    @Inject
+    private Event<StopContainer> stopContainerEvent;
+
+    public enum FeatureAction {
+        ENABLE(KeycloakTestingClient::enableFeature),
+        DISABLE(KeycloakTestingClient::disableFeature);
+
+        private BiConsumer<KeycloakTestingClient, Profile.Feature> featureConsumer;
+
+        FeatureAction(BiConsumer<KeycloakTestingClient, Profile.Feature> featureConsumer) {
+            this.featureConsumer = featureConsumer;
+        }
+
+        public void accept(KeycloakTestingClient testingClient, Profile.Feature feature) {
+            featureConsumer.accept(testingClient, feature);
+        }
+    }
+
+    public enum State {
+        BEFORE,
+        AFTER
+    }
+
+    private class UpdateFeature {
+        private Profile.Feature feature;
+        private boolean skipRestart;
+        private FeatureAction action;
+
+        public UpdateFeature(Profile.Feature feature, boolean skipRestart, FeatureAction action) {
+            this.feature = feature;
+            this.skipRestart = skipRestart;
+            this.action = action;
+        }
+
+        /**
+         * All features we want to enable/disable must be disabled/enabled
+         * otherwise at the end of a test the environment will be in an inconsistent state because we would disable/enable
+         * some feature which was enabled/disabled before test
+         *
+         */
+        private void assertValid() {
+            assertThat("An annotation requested to " + action.name()
+                            + " feature " + feature.name() + " however it was already in that state" ,
+                    ProfileAssume.isFeatureEnabled(feature),
+                    is(!(action == FeatureAction.ENABLE)));
+        }
+
+        private void assertPerformed() {
+            assertThat("An annotation requested to " + action.name() +
+                            " feature " + feature.name() + ", however after performing this operation " +
+                            "the feature is not in desired state" ,
+                    ProfileAssume.isFeatureEnabled(feature),
+                    is(action == FeatureAction.ENABLE));
+        }
+
+        public void performAction() {
+            assertValid();
+            action.accept(testContextInstance.get().getTestingClient(), feature);
+        }
+    }
+
+    public void restartAuthServer() throws Exception {
+        if (AuthServerTestEnricher.AUTH_SERVER_CONTAINER.equals("auth-server-remote")) {
+            OnlineManagementClient client = getManagementClient();
+            Administration administration = new Administration(client);
+            administration.reload();
+            client.close();
+        } else {
+            stopContainerEvent.fire(new StopContainer(suiteContextInstance.get().getAuthServerInfo().getArquillianContainer()));
+            startContainerEvent.fire(new StartContainer(suiteContextInstance.get().getAuthServerInfo().getArquillianContainer()));
+        }
+    }
+
+    private void updateFeatures(List<UpdateFeature> updateFeatures) throws Exception {
+        updateFeatures.forEach(UpdateFeature::performAction);
+
+        if (updateFeatures.stream().anyMatch(updateFeature -> !updateFeature.skipRestart)) {
+            restartAuthServer();
+            testContextInstance.get().reconnectAdminClient();
+        }
+
+        updateFeatures.forEach(UpdateFeature::assertPerformed);
+    }
+
+    private void checkAnnotatedElementForFeatureAnnotations(AnnotatedElement annotatedElement, State state) throws Exception {
+        List<UpdateFeature> updateFeatureList = new ArrayList<>(0);
+
+        if (annotatedElement.isAnnotationPresent(EnableFeatures.class) || annotatedElement.isAnnotationPresent(EnableFeature.class)) {
+            updateFeatureList.addAll(Arrays.stream(annotatedElement.getAnnotationsByType(EnableFeature.class))
+                    .map(annotation -> new UpdateFeature(annotation.value(), annotation.skipRestart(),
+                            state == State.BEFORE ? FeatureAction.ENABLE : FeatureAction.DISABLE))
+                    .collect(Collectors.toList()));
+        }
+
+        if (annotatedElement.isAnnotationPresent(DisableFeatures.class) || annotatedElement.isAnnotationPresent(DisableFeature.class)) {
+            updateFeatureList.addAll(Arrays.stream(annotatedElement.getAnnotationsByType(DisableFeature.class))
+                    .map(annotation -> new UpdateFeature(annotation.value(), annotation.skipRestart(),
+                            state == State.BEFORE ? FeatureAction.DISABLE : FeatureAction.ENABLE))
+                    .collect(Collectors.toList()));
+        }
+
+        if (!updateFeatureList.isEmpty()) {
+            updateFeatures(updateFeatureList);
+        }
+    }
+
+    public void handleEnableFeaturesAnnotationBeforeClass(@Observes(precedence = 1) BeforeClass event) throws Exception {
+        checkAnnotatedElementForFeatureAnnotations(event.getTestClass().getJavaClass(), State.BEFORE);
+    }
+
+    public void handleEnableFeaturesAnnotationBeforeTest(@Observes(precedence = 1) Before event) throws Exception {
+        checkAnnotatedElementForFeatureAnnotations(event.getTestMethod(), State.BEFORE);
+    }
+
+    public void handleEnableFeaturesAnnotationAfterTest(@Observes(precedence = 2) After event) throws Exception {
+        checkAnnotatedElementForFeatureAnnotations(event.getTestMethod(), State.AFTER);
+    }
+
+    public void handleEnableFeaturesAnnotationAfterClass(@Observes(precedence = 2) AfterClass event) throws Exception {
+        checkAnnotatedElementForFeatureAnnotations(event.getTestClass().getJavaClass(), State.AFTER);
+    }
+
+}

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakContainerTestExtension.java

@@ -112,6 +112,7 @@ public class KeycloakContainerTestExtension implements LoadableExtension {
             .observer(RemoteTestExecuter.class)
             .observer(DeploymentCommandObserver.class)
             .observer(ContainerCommandObserver.class)
-            .observer(RemoteResourceCommandObserver.class);
+            .observer(RemoteResourceCommandObserver.class)
+            .observer(KeycloakContainerFeaturesController.class);
     }
 }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java

@@ -19,10 +19,12 @@ package org.keycloak.testsuite.client;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLSession;
+import javax.ws.rs.core.Response;
 
 import org.jboss.resteasy.client.jaxrs.ResteasyClient;
 import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.jboss.resteasy.client.jaxrs.ResteasyWebTarget;
+import org.keycloak.common.Profile;
 import org.keycloak.testsuite.client.resources.TestApplicationResource;
 import org.keycloak.testsuite.client.resources.TestExampleCompanyResource;
 import org.keycloak.testsuite.client.resources.TestSamlApplicationResource;
@@ -31,6 +33,8 @@ import org.keycloak.testsuite.runonserver.*;
 import org.keycloak.testsuite.util.AdminClientUtil;
 import org.keycloak.util.JsonSerialization;
 
+import static org.junit.Assert.assertEquals;
+
 /**
  * @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
  */
@@ -71,6 +75,18 @@ public class KeycloakTestingClient implements AutoCloseable {
         return target.path("/realms/" + realm).proxy(TestingResource.class);
     }
 
+    public void enableFeature(Profile.Feature feature) {
+        try (Response response = testing().enableFeature(feature.toString())) {
+            assertEquals(200, response.getStatus());
+        }
+    }
+
+    public void disableFeature(Profile.Feature feature) {
+        try (Response response = testing().disableFeature(feature.toString())) {
+            assertEquals(200, response.getStatus());
+        }
+    }
+
     public TestApplicationResource testApp() { return target.proxy(TestApplicationResource.class); }
 
     public TestSamlApplicationResource testSamlApp() { return target.proxy(TestSamlApplicationResource.class); }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java

@@ -152,7 +152,6 @@ public abstract class AbstractKeycloakTest {
     private PropertiesConfiguration constantsProperties;
 
     private boolean resetTimeOffset;
-    private List<Profile.Feature> enabledFeatures = new ArrayList<>();
 
     @Before
     public void beforeAbstractKeycloakTest() throws Exception {
@@ -230,10 +229,6 @@ public abstract class AbstractKeycloakTest {
             testContext.getCleanups().clear();
         }
 
-        for (Profile.Feature feature : enabledFeatures) {
-            disableFeature(feature);
-        }
-
         postAfterAbstractKeycloak();
 
         // Remove all browsers from queue
@@ -329,11 +324,6 @@ public abstract class AbstractKeycloakTest {
     public KeycloakTestingClient getTestingClient() {
         if (testingClient == null) {
             testingClient = testContext.getTestingClient();
-            if (testingClient == null) {
-                String authServerContextRoot = suiteContext.getAuthServerInfo().getContextRoot().toString();
-                testingClient = KeycloakTestingClient.getInstance(authServerContextRoot + "/auth");
-                testContext.setTestingClient(testingClient);
-            }
         }
         return testingClient;
     }
@@ -639,17 +629,4 @@ public abstract class AbstractKeycloakTest {
         }
         return in;
     }
-
-    protected void enableFeature(Profile.Feature feature) {
-        enabledFeatures.add(feature);
-        try (Response response = getTestingClient().testing().enableFeature(feature.toString())) {
-            assertEquals(200, response.getStatus());
-        }
-    }
-
-    protected void disableFeature(Profile.Feature feature) {
-        try (Response response = getTestingClient().testing().disableFeature(feature.toString())) {
-            assertEquals(200, response.getStatus());
-        }
-    }
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AbstractRestServiceTest.java

@@ -19,7 +19,6 @@ package org.keycloak.testsuite.account;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 import static org.keycloak.common.Profile.Feature.ACCOUNT_API;
-import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
 
 import javax.ws.rs.core.Response;
 import java.io.IOException;
@@ -31,17 +30,21 @@ import org.apache.http.impl.client.HttpClientBuilder;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
+import org.junit.Test;
 import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.representations.account.SessionRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.util.TokenUtil;
 import org.keycloak.testsuite.util.UserBuilder;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  */
+@EnableFeature(value = ACCOUNT_API, skipRestart = true)
 public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakTest {
 
     @Rule
@@ -55,34 +58,17 @@ public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakT
     @Before
     public void before() {
         httpClient = HttpClientBuilder.create().build();
-        try {
-            checkIfFeatureWorks(false);
-            Response response = testingClient.testing().enableFeature(ACCOUNT_API.toString());
-            assertEquals(200, response.getStatus());
-            assumeFeatureEnabled(ACCOUNT_API);
-            checkIfFeatureWorks(true);
-        } catch (Exception e) {
-            disableFeature();
-            throw e;
-        }
     }
 
     @After
     public void after() {
         try {
-            disableFeature();
             httpClient.close();
         } catch (IOException e) {
             throw new RuntimeException(e);
         }
     }
 
-    private void disableFeature() {
-        Response response = testingClient.testing().disableFeature(ACCOUNT_API.toString());
-        assertEquals(200, response.getStatus());
-        checkIfFeatureWorks(false);
-    }
-
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
         testRealm.getUsers().add(UserBuilder.create().username("no-account-access").password("password").build());
@@ -96,6 +82,12 @@ public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakT
         return suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/realms/test/account" + (resource != null ? "/" + resource : "");
     }
 
+    @Test
+    @DisableFeature(value = ACCOUNT_API, skipRestart = true)
+    public void testFeatureDoesntWorkWhenDisabled() {
+        checkIfFeatureWorks(false);
+    }
+
     // Check if the feature really works
     private void checkIfFeatureWorks(boolean shouldWorks) {
         try {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceTest.java

@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.services.messages.Messages;
 import org.keycloak.services.resources.account.AccountCredentialResource;
 import org.keycloak.services.resources.account.AccountCredentialResource.PasswordUpdate;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.util.TokenUtil;
 
 import java.io.IOException;
@@ -41,7 +42,6 @@ import java.util.Map;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.junit.Assert.*;
 import static org.keycloak.common.Profile.Feature.ACCOUNT_API;
-import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -191,8 +191,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
     
     @Test
     public void testProfilePreviewPermissions() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-        
         TokenUtil noaccessToken = new TokenUtil("no-account-access", "password");
         TokenUtil viewToken = new TokenUtil("view-account-access", "password");
         
@@ -219,15 +217,11 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void testGetPasswordDetails() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-        
         getPasswordDetails();
     }
 
     @Test
     public void testPostPasswordUpdate() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-        
         //Get the time of lastUpdate
         AccountCredentialResource.PasswordDetails initialDetails = getPasswordDetails();
 
@@ -251,8 +245,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void testPasswordConfirmation() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-        
         updatePassword("password", "Str0ng3rP4ssw0rd", "confirmationDoesNotMatch", 400);
 
         updatePassword("password", "Str0ng3rP4ssw0rd", "Str0ng3rP4ssw0rd", 200);
@@ -294,8 +286,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void listApplications() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-applications-access", "password");
         List<ClientRepresentation> applications = SimpleHttp
                 .doGet(getAccountUrl("applications"), httpClient)
@@ -308,8 +298,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void listApplicationsWithoutPermission() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-account-access", "password");
         SimpleHttp.Response response = SimpleHttp
                 .doGet(getAccountUrl("applications"), httpClient)
@@ -321,8 +309,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void getWebConsoleApplication() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-applications-access", "password");
         String appId = "security-admin-console";
         ClientRepresentation webConsole = SimpleHttp
@@ -335,8 +321,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void getWebConsoleApplicationWithoutPermission() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-account-access", "password");
         String appId = "security-admin-console";
         SimpleHttp.Response response = SimpleHttp
@@ -349,8 +333,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void getNotExistingApplication() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-applications-access", "password");
         String appId = "not-existing";
         SimpleHttp.Response response = SimpleHttp
@@ -363,8 +345,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void createConsentForClient() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "security-admin-console";
 
@@ -389,8 +369,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void updateConsentForClient() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "security-admin-console";
 
@@ -435,8 +413,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void createConsentForNotExistingClient() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "not-existing";
 
@@ -459,8 +435,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void createConsentForClientWithoutPermission() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-consent-access", "password");
         String appId = "security-admin-console";
 
@@ -483,8 +457,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void createConsentForClientWithPut() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "security-admin-console";
 
@@ -509,8 +481,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void updateConsentForClientWithPut() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "security-admin-console";
 
@@ -555,8 +525,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void createConsentForNotExistingClientWithPut() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "not-existing";
 
@@ -579,8 +547,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void createConsentForClientWithoutPermissionWithPut() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-consent-access", "password");
         String appId = "security-admin-console";
 
@@ -603,8 +569,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void getConsentForClient() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "security-admin-console";
 
@@ -638,8 +602,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void getConsentForNotExistingClient() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-consent-access", "password");
         String appId = "not-existing";
         SimpleHttp.Response response = SimpleHttp
@@ -652,8 +614,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void getNotExistingConsentForClient() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-consent-access", "password");
         String appId = "security-admin-console";
         SimpleHttp.Response response = SimpleHttp
@@ -666,8 +626,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void getConsentWithoutPermission() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-applications-access", "password");
         String appId = "security-admin-console";
         SimpleHttp.Response response = SimpleHttp
@@ -680,8 +638,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void deleteConsentForClient() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "security-admin-console";
 
@@ -720,8 +676,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void deleteConsentForNotExistingClient() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("manage-consent-access", "password");
         String appId = "not-existing";
         SimpleHttp.Response response = SimpleHttp
@@ -735,8 +689,6 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void deleteConsentWithoutPermission() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil token = new TokenUtil("view-consent-access", "password");
         String appId = "security-admin-console";
         SimpleHttp.Response response = SimpleHttp

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/SessionRestServiceTest.java

@@ -21,7 +21,6 @@ import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 import static org.keycloak.common.Profile.Feature.ACCOUNT_API;
-import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
 
 import java.io.IOException;
 import java.util.List;
@@ -96,8 +95,6 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
 
     @Test
     public void testProfilePreviewPermissions() throws IOException {
-        assumeFeatureEnabled(ACCOUNT_API);
-
         TokenUtil noaccessToken = new TokenUtil("no-account-access", "password");
         TokenUtil viewToken = new TokenUtil("view-account-access", "password");
 
@@ -124,13 +121,6 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
                         .auth(viewToken.getToken()).asStatus());
     }
 
-    @Before
-    @Override
-    public void before() {
-        super.before();
-        assumeFeatureEnabled(ACCOUNT_API);
-    }
-
     @Test
     public void testGetSessions() throws Exception {
         oauth.setDriver(secondBrowser);
@@ -364,8 +354,8 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
         assertEquals("Other", device.getDevice());
 
         List<SessionRepresentation> sessions = device.getSessions();
-        assertEquals(2, sessions.size());
+        assertEquals(1, sessions.size());
-        SessionRepresentation session = sessions.stream().filter(rep -> rep.getCurrent() != null && rep.getCurrent()).findFirst().get();
+        SessionRepresentation session = sessions.get(0);
         assertEquals("127.0.0.1", session.getIpAddress());
         assertEquals(device.getLastAccess(), session.getLastAccess());
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBasePhotozExampleAdapterTest.java

@@ -74,6 +74,7 @@ import org.keycloak.representations.idm.authorization.ResourceServerRepresentati
 import org.keycloak.testsuite.adapter.page.PhotozClientAuthzTestApp;
 import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
 import org.keycloak.testsuite.auth.page.login.OAuthGrant;
 import org.keycloak.testsuite.util.DroneUtils;
@@ -93,6 +94,7 @@ import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public abstract class AbstractBasePhotozExampleAdapterTest extends AbstractPhotozJavascriptExecutorTest {
 
     protected static final String RESOURCE_SERVER_ID = "photoz-restful-api";
@@ -165,7 +167,6 @@ public abstract class AbstractBasePhotozExampleAdapterTest extends AbstractPhoto
 
     @Override
     public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
-        enableFeature(UPLOAD_SCRIPTS);
         RealmRepresentation realm = loadRealm(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-realm.json"));
 
         realm.setAccessTokenLifespan(30 + TOKEN_LIFESPAN_LEEWAY); // seconds

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBaseServletAuthzAdapterTest.java

@@ -28,6 +28,7 @@ import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
 import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
 import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.util.UIUtils;
 import org.openqa.selenium.By;
 import org.openqa.selenium.WebElement;
@@ -50,6 +51,7 @@ import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampleAdapterTest {
 
     protected static final String REALM_NAME = "servlet-authz";
@@ -58,11 +60,6 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl
     @ArquillianResource
     private Deployer deployer;
 
-    @Before
-    public void onBefore() {
-        enableFeature(UPLOAD_SCRIPTS);
-    }
-
     @Override
     public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
         testRealms.add(

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java

@@ -46,6 +46,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.testsuite.ProfileAssume;
 import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
 import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
 import org.keycloak.testsuite.util.UIUtils;
 import org.openqa.selenium.By;
@@ -62,6 +63,7 @@ import org.openqa.selenium.By;
 @AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
 @AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
 @AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
 
     protected static final String REALM_NAME = "servlet-policy-enforcer-authz";
@@ -72,7 +74,6 @@ public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
 
     @Override
     public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
-        enableFeature(UPLOAD_SCRIPTS);
         testRealms.add(
                 loadRealm(new File(TEST_APPS_HOME_DIR + "/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json")));
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java

@@ -34,6 +34,7 @@ import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
 import org.keycloak.testsuite.adapter.page.AngularCorsProductTestApp;
 import org.keycloak.testsuite.adapter.page.CorsDatabaseServiceTestApp;
 import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
 import org.keycloak.testsuite.auth.page.account.Account;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -51,6 +52,8 @@ import java.util.regex.Pattern;
 import static junit.framework.TestCase.assertNotNull;
 import org.junit.Assume;
 import org.keycloak.testsuite.util.DroneUtils;
+
+import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
 import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
 import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
 import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
@@ -71,6 +74,7 @@ import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
 
     public static final String CORS = "cors";
@@ -109,7 +113,6 @@ public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
 
     @Override
     public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
-        enableFeature(Profile.Feature.UPLOAD_SCRIPTS);
         testRealms.add(
                 loadRealm(new File(TEST_APPS_HOME_DIR + "/cors/cors-realm.json")));
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/BrokerLinkAndTokenExchangeTest.java

@@ -59,6 +59,8 @@ import org.keycloak.testsuite.ProfileAssume;
 import org.keycloak.testsuite.adapter.AbstractAdapterTest;
 import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
 import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
 import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
 import org.keycloak.testsuite.broker.BrokerTestTools;
@@ -100,6 +102,7 @@ import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SE
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
 public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest {
     public static final String CHILD_IDP = "child";
     public static final String PARENT_IDP = "parent-idp";
@@ -206,30 +209,23 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest
 
     }
 
-    @Before
+    @Test
-    public void enableFeature() throws Exception {
+    @DisableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
-        try {
+    @UncaughtServerErrorExpected
-            addIdpUser();
+    public void testFeatureDisabled() throws Exception {
-            addChildUser();
+        checkFeature(Response.Status.NOT_IMPLEMENTED.getStatusCode());
-            createBroker();
-
-            checkFeature(Response.Status.NOT_IMPLEMENTED.getStatusCode());
-            Response response = testingClient.testing().enableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
-            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            checkFeature(Response.Status.OK.getStatusCode());
-
-            ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
-        } catch (Exception e) {
-            disableFeature();
-            throw e;
-        }
     }
 
-    @After
+    @Test
-    public void disableFeature() throws Exception {
+    public void testFeatureEnabled() throws Exception {
-        Response response = testingClient.testing().disableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
+        checkFeature(Response.Status.OK.getStatusCode());
-        assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+    }
-        checkFeature(Response.Status.NOT_IMPLEMENTED.getStatusCode());
+
+    @Before
+    public void beforeTest() throws Exception {
+        addIdpUser();
+        addChildUser();
+        createBroker();
     }
 
     public void addIdpUser() {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java

@@ -49,6 +49,7 @@ import org.keycloak.services.resources.admin.permissions.GroupPermissionManageme
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.ProfileAssume;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
 import org.keycloak.testsuite.auth.page.AuthRealm;
 import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
@@ -86,19 +87,6 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
         testRealms.add(testRealmRep);
     }
 
-    @After
-    public void checkTokenExchangeFeature() throws Exception {
-        if (Profile.isFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE)) {
-            disableTokenExchange();
-        }
-    }
-
-    private void disableTokenExchange() throws Exception {
-        Response featureResponse = testingClient.testing().disableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
-        Assert.assertEquals(200, featureResponse.getStatus());
-        checkTokenExchange(false);
-    }
-
     public static void setupDemo(KeycloakSession session) {
         RealmModel realm = session.realms().getRealmByName(TEST);
         realm.addRole("realm-role");
@@ -867,6 +855,12 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
         }
     }
 
+    @Test
+    @UncaughtServerErrorExpected
+    public void testTokenExchangeDisabled() throws Exception {
+        checkTokenExchange(false);
+    }
+
     /**
      * KEYCLOAK-7406
      *
@@ -874,22 +868,13 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
      */
     @Test
     @UncaughtServerErrorExpected
+    @EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
     public void testWithTokenExchange() throws Exception {
-        try {
+        String exchanged = checkTokenExchange(true);
-            checkTokenExchange(false);
+        Assert.assertNotNull(exchanged);
-
+        try (Keycloak client = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
-            Response featureResponse = testingClient.testing().enableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
+                AuthRealm.MASTER, Constants.ADMIN_CLI_CLIENT_ID, exchanged, TLSUtils.initializeTLS())) {
-            Assert.assertEquals(200, featureResponse.getStatus());
+            Assert.assertNotNull(client.realm("master").roles().get("offline_access"));
-            ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
-
-            String exchanged = checkTokenExchange(true);
-            Assert.assertNotNull(exchanged);
-            try (Keycloak client = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
-                    AuthRealm.MASTER, Constants.ADMIN_CLI_CLIENT_ID, exchanged, TLSUtils.initializeTLS())) {
-                Assert.assertNotNull(client.realm("master").roles().get("offline_access"));
-            }
-        } finally {
-            disableTokenExchange();
         }
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java

@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.authorization.ResourceServerRepresentati
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.testsuite.ProfileAssume;
 import org.keycloak.testsuite.admin.client.AbstractClientTest;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.RealmBuilder;
 import org.keycloak.testsuite.util.UserBuilder;
@@ -44,15 +45,11 @@ import java.util.List;
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public abstract class AbstractAuthorizationTest extends AbstractClientTest {
 
     protected static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test";
 
-    @Before
-    public void onBefore() {
-        enableFeature(UPLOAD_SCRIPTS);
-    }
-    
     @Override
     public void setDefaultPageUriParameters() {
         super.setDefaultPageUriParameters();

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/JSPolicyManagementTest.java

@@ -18,6 +18,7 @@ package org.keycloak.testsuite.admin.client.authorization;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
+import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
 
 import java.util.Collections;
 
@@ -33,16 +34,13 @@ import org.keycloak.common.Profile;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
 import org.keycloak.representations.idm.authorization.Logic;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public class JSPolicyManagementTest extends AbstractPolicyManagementTest {
-
-    @Before
-    public void onBefore() {
-        enableFeature(Profile.Feature.UPLOAD_SCRIPTS);
-    }
     
     @Test
     public void testCreate() {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java

@@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
+import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
 
 import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
@@ -66,6 +67,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.OAuthClient;
 import org.keycloak.testsuite.util.RealmBuilder;
@@ -76,6 +78,7 @@ import org.keycloak.testsuite.util.UserBuilder;
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
 
     protected static final String REALM_NAME = "authz-test";
@@ -109,11 +112,6 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
                         .directAccessGrants())
                 .build());
     }
-    
-    @Before
-    public void onBefore() {
-        enableFeature(Profile.Feature.UPLOAD_SCRIPTS);
-    }
 
     @Test
     public void testEnforceUMAAccessWithClaimsUsingBearerToken() {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java

@@ -78,6 +78,7 @@ import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
 import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.OAuthClient;
 import org.keycloak.testsuite.util.RealmBuilder;
@@ -89,6 +90,7 @@ import org.keycloak.util.JsonSerialization;
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public class PolicyEnforcerTest extends AbstractKeycloakTest {
 
     private static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test";
@@ -127,7 +129,6 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
 
     @Before
     public void onBefore() {
-        enableFeature(UPLOAD_SCRIPTS);
         initAuthorizationSettings(getClientResource(RESOURCE_SERVER_CLIENT_ID));
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java

@@ -26,6 +26,7 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
 import org.keycloak.testsuite.ProfileAssume;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
 import org.keycloak.testsuite.util.ContainerAssume;
 
@@ -39,13 +40,12 @@ import static org.junit.Assert.fail;
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
-@RestartContainer(enableFeatures = Profile.Feature.AUTHZ_DROOLS_POLICY)
+@EnableFeature(Profile.Feature.AUTHZ_DROOLS_POLICY)
 public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
 
     @BeforeClass
     public static void verifyEnvironment() {
         ContainerAssume.assumeNotAuthServerUndertow();
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
         ContainerAssume.assumeNotAuthServerRemote();
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java

@@ -1,23 +1,18 @@
 package org.keycloak.testsuite.authz;
 
-import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
+import org.keycloak.common.Profile;
-
-import org.junit.Before;
 import org.keycloak.jose.jws.JWSInput;
 import org.keycloak.jose.jws.JWSInputException;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 
 /**
  * @author mhajas
  */
+@EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
 public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
 
-    @Before
-    public void onBefore() {
-        enableFeature(UPLOAD_SCRIPTS);
-    }
-
     protected AccessToken toAccessToken(String rpt) {
         AccessToken accessToken;
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java

@@ -46,7 +46,8 @@ import org.keycloak.representations.idm.authorization.PermissionTicketRepresenta
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.UmaPermissionRepresentation;
-import org.keycloak.testsuite.ProfileAssume;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.GroupBuilder;
 import org.keycloak.testsuite.util.RealmBuilder;
@@ -142,13 +143,12 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
 
     @Test
     public void testCreateDeprecatedFeaturesEnabled() {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
         testCreate();
     }
 
     @Test
+    @DisableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
     public void testCreateDeprecatedFeaturesDisabled() {
-        ProfileAssume.assumeFeatureDisabled(Profile.Feature.UPLOAD_SCRIPTS);
         testCreate();
     }
 
@@ -337,19 +337,18 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
     
     @Test
     public void testUpdateDeprecatedFeaturesEnabled() {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
         testUpdate();
     }
 
     @Test
+    @DisableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
     public void testUpdateDeprecatedFeaturesDisabled() {
-        ProfileAssume.assumeFeatureDisabled(Profile.Feature.UPLOAD_SCRIPTS);
         testUpdate();
     }
     
     @Test
+    @DisableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
     public void testUploadScriptDisabled() {
-        disableFeature(Profile.Feature.UPLOAD_SCRIPTS);
         ResourceRepresentation resource = new ResourceRepresentation();
 
         resource.setName("Resource A");

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java

@@ -38,6 +38,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.ProfileAssume;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.util.ExecutionBuilder;
 import org.keycloak.testsuite.util.FlowBuilder;
@@ -53,6 +54,7 @@ import java.util.Map;
  *
  * @author <a href="mailto:thomas.darimont@gmail.com">Thomas Darimont</a>
  */
+@EnableFeature(Profile.Feature.UPLOAD_SCRIPTS)
 public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
     @Page
@@ -65,13 +67,6 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
     public static final String EXECUTION_ID = "scriptAuth";
 
-    @BeforeClass
-    public static void verifyEnvironment() {
-        // TODO: we should probably enable SCRIPTS automatically when UPLOAD_SCRIPTS is enabled
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.SCRIPTS);
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
-    }
-
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
 
@@ -236,3 +231,4 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
         return configRep;
     }
 }
+

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java

@@ -42,6 +42,8 @@ import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.ProfileAssume;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
 import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
 import org.keycloak.testsuite.util.OAuthClient;
@@ -66,10 +68,9 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  */
+@EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
 public class ClientTokenExchangeTest extends AbstractKeycloakTest {
 
-    private final Profile.Feature FEATURE = Profile.Feature.TOKEN_EXCHANGE;
-
     @Rule
     public AssertEvents events = new AssertEvents(this);
 
@@ -78,30 +79,24 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
         return RunOnServerDeployment.create(ClientTokenExchangeTest.class);
     }
 
-    @Before
+    @Test
-    public void enableFeature() {
+    @UncaughtServerErrorExpected
+    @DisableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
+    public void checkFeatureDisabled() {
         // Required feature should return Status code 501 - Feature doesn't work
         testingClient.server().run(ClientTokenExchangeTest::addDirectExchanger);
         Assert.assertEquals(501, checkTokenExchange().getStatus());
         testingClient.server().run(ClientTokenExchangeTest::removeDirectExchanger);
+    }
 
-        // Test if required feature is enabled in Profiles.
+    @Test
-        Response response = testingClient.testing().enableFeature(FEATURE.toString());
+    public void checkFeatureEnabled() {
-        Assert.assertEquals(200, response.getStatus());
-
         // Test if the required feature really works.
         testingClient.server().run(ClientTokenExchangeTest::addDirectExchanger);
         Assert.assertEquals(200, checkTokenExchange().getStatus());
         testingClient.server().run(ClientTokenExchangeTest::removeDirectExchanger);
     }
 
-    @After
-    public void disableFeature() {
-        // Test if required feature is disabled.
-        Response response = testingClient.testing().disableFeature(FEATURE.toString());
-        Assert.assertEquals(200, response.getStatus());
-    }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation testRealmRep = new RealmRepresentation();
@@ -221,8 +216,6 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
     @Test
     @UncaughtServerErrorExpected
     public void testExchange() throws Exception {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
-
         testingClient.server().run(ClientTokenExchangeTest::setupRealm);
 
         oauth.realm(TEST);
@@ -265,8 +258,6 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
     @Test
     @UncaughtServerErrorExpected
     public void testImpersonation() throws Exception {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
-
         testingClient.server().run(ClientTokenExchangeTest::setupRealm);
 
         oauth.realm(TEST);
@@ -349,8 +340,6 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
     @Test
     @UncaughtServerErrorExpected
     public void testBadImpersonator() throws Exception {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
-
         testingClient.server().run(ClientTokenExchangeTest::setupRealm);
 
         oauth.realm(TEST);
@@ -393,8 +382,6 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
     @Test
     @UncaughtServerErrorExpected
     public void testDirectImpersonation() throws Exception {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
-
         testingClient.server().run(ClientTokenExchangeTest::setupRealm);
         Client httpClient = ClientBuilder.newClient();
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java

@@ -48,6 +48,7 @@ import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.ProfileAssume;
 import org.keycloak.testsuite.admin.ApiUtil;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.util.ClientManager;
 import org.keycloak.testsuite.util.OAuthClient;
 import org.keycloak.testsuite.util.ProtocolMapperUtil;
@@ -129,8 +130,8 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
     }
 
     @Test
+    @EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS) // This requires also SCRIPTS feature, therefore we need to restart container
     public void testTokenScriptMapping() {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS);
         {
             ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/openshift/OpenShiftTokenReviewEndpointTest.java

@@ -33,6 +33,7 @@ import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
 import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
 import org.keycloak.testsuite.util.ContainerAssume;
@@ -52,9 +53,8 @@ import java.util.Map;
 import static org.hamcrest.collection.IsIterableContainingInAnyOrder.containsInAnyOrder;
 import static org.junit.Assert.*;
 import static org.keycloak.common.Profile.Feature.OPENSHIFT_INTEGRATION;
-import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
 
-@RestartContainer(enableFeatures = OPENSHIFT_INTEGRATION)
+@EnableFeature(OPENSHIFT_INTEGRATION)
 public class OpenShiftTokenReviewEndpointTest extends AbstractTestRealmKeycloakTest {
 
     private static boolean flowConfigured;
@@ -93,8 +93,6 @@ public class OpenShiftTokenReviewEndpointTest extends AbstractTestRealmKeycloakT
 
     @Before
     public void enablePassthroughAuthenticator() {
-        assumeFeatureEnabled(OPENSHIFT_INTEGRATION);
-
         if (!flowConfigured) {
             HashMap<String, String> data = new HashMap<>();
             data.put("newName", "testsuite-client-dummy");

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/openshift/OpenshiftClientStorageTest.java

@@ -20,7 +20,6 @@ package org.keycloak.testsuite.openshift;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 import static org.keycloak.common.Profile.Feature.OPENSHIFT_INTEGRATION;
-import static org.keycloak.testsuite.ProfileAssume.assumeFeatureEnabled;
 import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername;
 
 import javax.ws.rs.core.Response;
@@ -56,6 +55,7 @@ import org.keycloak.storage.openshift.OpenshiftClientStorageProviderFactory;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.admin.ApiUtil;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.ConsentPage;
@@ -70,7 +70,7 @@ import org.keycloak.testsuite.util.OAuthClient;
  *
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
-@RestartContainer(enableFeatures = OPENSHIFT_INTEGRATION)
+@EnableFeature(OPENSHIFT_INTEGRATION)
 public final class OpenshiftClientStorageTest extends AbstractTestRealmKeycloakTest {
 
     private static Undertow OPENSHIFT_API_SERVER;
@@ -154,7 +154,6 @@ public final class OpenshiftClientStorageTest extends AbstractTestRealmKeycloakT
     public void onBefore() {
         ContainerAssume.assumeNotAuthServerRemote();
 
-        assumeFeatureEnabled(OPENSHIFT_INTEGRATION);
         ComponentRepresentation provider = new ComponentRepresentation();
 
         provider.setName("openshift-client-storage");

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/script/DeployedScriptAuthenticatorTest.java

@@ -52,6 +52,8 @@ import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.representations.provider.ScriptProviderDescriptor;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.ProfileAssume;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.forms.AbstractFlowTest;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.util.ContainerAssume;
@@ -64,6 +66,7 @@ import org.keycloak.util.JsonSerialization;
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(SCRIPTS)
 public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
 
     public static final String EXECUTION_ID = "scriptAuth";
@@ -183,7 +186,6 @@ public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
      */
     @Test
     public void loginShouldWorkWithScriptAuthenticator() {
-        ProfileAssume.assumeFeatureEnabled(SCRIPTS);
         configureFlows();
 
         loginPage.open();
@@ -198,7 +200,6 @@ public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
      */
     @Test
     public void loginShouldFailWithScriptAuthenticator() {
-        ProfileAssume.assumeFeatureEnabled(SCRIPTS);
         configureFlows();
 
         loginPage.open();
@@ -209,8 +210,8 @@ public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
     }
 
     @Test
+    @DisableFeature(SCRIPTS)
     public void testScriptAuthenticatorNotAvailable() {
-        ProfileAssume.assumeFeatureDisabled(UPLOAD_SCRIPTS);
         assertFalse(testRealm().flows().getAuthenticatorProviders().stream().anyMatch(
                 provider -> ScriptBasedAuthenticatorFactory.PROVIDER_ID.equals(provider.get("id"))));
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/script/DeployedScriptMapperTest.java

@@ -18,6 +18,7 @@ package org.keycloak.testsuite.script;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.keycloak.common.Profile.Feature.SCRIPTS;
 import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
 import static org.keycloak.testsuite.admin.ApiUtil.findClientResourceByClientId;
 import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT;
@@ -46,6 +47,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.provider.ScriptProviderDescriptor;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.ProfileAssume;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.util.ContainerAssume;
 import org.keycloak.testsuite.util.OAuthClient;
 import org.keycloak.util.JsonSerialization;
@@ -95,15 +97,14 @@ public class DeployedScriptMapperTest extends AbstractTestRealmKeycloakTest {
 
     @Test
     public void testScriptMapperNotAvailable() {
-        ProfileAssume.assumeFeatureDisabled(UPLOAD_SCRIPTS);
         assertFalse(adminClient.serverInfo().getInfo().getProtocolMapperTypes().get(OIDCLoginProtocol.LOGIN_PROTOCOL).stream()
                 .anyMatch(
                         mapper -> ScriptBasedOIDCProtocolMapper.PROVIDER_ID.equals(mapper.getId())));
     }
 
     @Test
+    @EnableFeature(SCRIPTS)
     public void testTokenScriptMapping() {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.SCRIPTS);
         {
             ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/script/DeployedScriptPolicyTest.java

@@ -52,6 +52,7 @@ import org.keycloak.representations.idm.authorization.ResourcePermissionRepresen
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.provider.ScriptProviderDescriptor;
 import org.keycloak.testsuite.ProfileAssume;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
 import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
 import org.keycloak.testsuite.authz.AbstractAuthzTest;
 import org.keycloak.testsuite.util.ClientBuilder;
@@ -119,15 +120,15 @@ public class DeployedScriptPolicyTest extends AbstractAuthzTest {
     }
 
     @Test
+    @DisableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
     public void testJSPolicyProviderNotAvailable() {
-        ProfileAssume.assumeFeatureDisabled(UPLOAD_SCRIPTS);
         assertFalse(getAuthorizationResource().policies().policyProviders().stream().anyMatch(rep -> "js".equals(rep.getType())));
     }
 
     @Test
     @UncaughtServerErrorExpected
+    @DisableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
     public void failCreateJSPolicy() {
-        ProfileAssume.assumeFeatureDisabled(UPLOAD_SCRIPTS);
         JSPolicyRepresentation grantPolicy = new JSPolicyRepresentation();
 
         grantPolicy.setName("JS Policy");

testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AggregatePolicyManagementTest.java

@@ -43,6 +43,7 @@ import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
 import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
 import org.keycloak.representations.idm.authorization.TimePolicyRepresentation;
 import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.console.page.clients.authorization.policy.AggregatePolicy;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.GroupBuilder;
@@ -51,13 +52,9 @@ import org.keycloak.testsuite.util.UserBuilder;
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public class AggregatePolicyManagementTest extends AbstractAuthorizationSettingsTest {
 
-    @Before
-    public void onBefore() {
-        enableFeature(UPLOAD_SCRIPTS);
-    }
-    
     @Before
     public void configureTest() {
         super.configureTest();

testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/JSPolicyManagementTest.java

@@ -26,18 +26,15 @@ import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
 import org.keycloak.representations.idm.authorization.Logic;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.console.page.clients.authorization.policy.JSPolicy;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
+@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
 public class JSPolicyManagementTest extends AbstractAuthorizationSettingsTest {
 
-    @Before
-    public void onBefore() {
-        enableFeature(UPLOAD_SCRIPTS);
-    }
-
     @Test
     public void testUpdate() throws InterruptedException {
         authorizationPage.navigateTo();