From d81d089bf1edaa0aeab4aefcfc6402e3a6058a37 Mon Sep 17 00:00:00 2001
From: Jakub Schwan <jschwan@redhat.com>
Date: Wed, 22 Apr 2020 14:26:13 +0200
Subject: [PATCH] RHPAM-2762 & RHPAM-2777 add tests to verify issues
 fixImplement test scenarios using persistent test scenarioold test provider
 and change user impl will be removed in following commitClean framework and
 tests

---
 .../scenario/WorkbenchKieServerScenario.java  |  11 +-
 .../provider/KieServerClientProvider.java     |  12 +-
 .../KieServerControllerClientProvider.java    |  10 +-
 .../scenario/OpenShiftOperatorScenario.java   |  24 ++++
 ...kbenchKieServerPersistentScenarioImpl.java |  64 +++++++--
 .../WorkbenchKieServerScenarioImpl.java       |   6 +
 ...ieServerPersistentScenarioBuilderImpl.java |   8 --
 ...kbenchKieServerPersistentScenarioImpl.java |  10 ++
 .../WorkbenchKieServerScenarioImpl.java       |   7 +
 .../deployment/OpenShiftDeployment.java       |   2 +-
 ...chAdminUserPersistenceIntegrationTest.java |  60 ++++++++
 .../HttpsWorkbenchTestProvider.java           |   1 -
 .../PersistenceTestProvider.java              | 133 ++++++++++++++++++
 13 files changed, 320 insertions(+), 28 deletions(-)
 create mode 100644 test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/persistence/WorkbenchAdminUserPersistenceIntegrationTest.java

diff --git a/framework-cloud/framework-cloud-api/src/main/java/org/kie/cloud/api/scenario/WorkbenchKieServerScenario.java b/framework-cloud/framework-cloud-api/src/main/java/org/kie/cloud/api/scenario/WorkbenchKieServerScenario.java
index 515648917..841872f30 100644
--- a/framework-cloud/framework-cloud-api/src/main/java/org/kie/cloud/api/scenario/WorkbenchKieServerScenario.java
+++ b/framework-cloud/framework-cloud-api/src/main/java/org/kie/cloud/api/scenario/WorkbenchKieServerScenario.java
@@ -50,5 +50,14 @@ public interface WorkbenchKieServerScenario extends KieDeploymentScenario<Workbe
      */
     default Optional<PrometheusDeployment> getPrometheusDeployment() {
         return Optional.empty();
-    };
+    }
+
+    /**
+     * Change Kie Admin username and password for the scenario.
+     * After the change are deployments updated and method waits for new available pods.
+     *
+     * @param username New admin name. (To change only password put there same username as it was)
+     * @param password New admin password.
+     */
+    void changeUsernameAndPassword(String username, String password);
 }
diff --git a/framework-cloud/framework-cloud-common/src/main/java/org/kie/cloud/common/provider/KieServerClientProvider.java b/framework-cloud/framework-cloud-common/src/main/java/org/kie/cloud/common/provider/KieServerClientProvider.java
index 0a29500d8..b3522d658 100644
--- a/framework-cloud/framework-cloud-common/src/main/java/org/kie/cloud/common/provider/KieServerClientProvider.java
+++ b/framework-cloud/framework-cloud-common/src/main/java/org/kie/cloud/common/provider/KieServerClientProvider.java
@@ -66,8 +66,13 @@ public static KieServicesClient getKieServerClient(KieServerDeployment kieServer
                 kieServerDeployment.getUrl().toString() + "/services/rest/server", kieServerDeployment.getUsername(),
                 kieServerDeployment.getPassword(), clientTimeout);
         configuration.addExtraClasses(extraClasses);
-        KieServicesClient kieServerClient = KieServicesFactory.newKieServicesClient(configuration);
-        return kieServerClient;
+        return KieServicesFactory.newKieServicesClient(configuration);
+    }
+
+    public static KieServicesClient getKieServerClient(String url, String username, String password) {
+        KieServicesConfiguration configuration = KieServicesFactory.newRestConfiguration(
+                url + "/services/rest/server", username, password, KIE_SERVER_TIMEOUT);
+        return KieServicesFactory.newKieServicesClient(configuration);
     }
 
     public static KieServicesClient getKieServerJmsClient(URL amqHost) {
@@ -139,8 +144,7 @@ public static KieServicesClient getSmartRouterClient(SmartRouterDeployment smart
                 KieServerConstants.CAPABILITY_CASE,
                 KieServerConstants.CAPABILITY_DMN);
         configuration.setCapabilities(capabilities);
-        KieServicesClient kieServerClient = KieServicesFactory.newKieServicesClient(configuration);
-        return kieServerClient;
+        return KieServicesFactory.newKieServicesClient(configuration);
     }
 
     public static ProcessServicesClient getProcessClient(KieServerDeployment kieServerDeployment) {
diff --git a/framework-cloud/framework-cloud-common/src/main/java/org/kie/cloud/common/provider/KieServerControllerClientProvider.java b/framework-cloud/framework-cloud-common/src/main/java/org/kie/cloud/common/provider/KieServerControllerClientProvider.java
index e0411058f..020d82889 100644
--- a/framework-cloud/framework-cloud-common/src/main/java/org/kie/cloud/common/provider/KieServerControllerClientProvider.java
+++ b/framework-cloud/framework-cloud-common/src/main/java/org/kie/cloud/common/provider/KieServerControllerClientProvider.java
@@ -29,15 +29,17 @@
 public class KieServerControllerClientProvider {
 
     public static KieServerControllerClient getKieServerControllerClient(WorkbenchDeployment workbenchDeployment) {
-        KieServerControllerClient kieServerControllerClient = KieServerControllerClientFactory.newRestClient(workbenchDeployment.getUrl().toString() + "/rest/controller",
+        return KieServerControllerClientFactory.newRestClient(workbenchDeployment.getUrl().toString() + "/rest/controller",
                 workbenchDeployment.getUsername(), workbenchDeployment.getPassword());
-        return kieServerControllerClient;
+    }
+
+    public static KieServerControllerClient getKieServerControllerClient(String url, String username, String password) {
+        return KieServerControllerClientFactory.newRestClient(url + "/rest/controller", username, password);
     }
 
     public static KieServerControllerClient getKieServerControllerClient(ControllerDeployment controllerDeployment) {
-        KieServerControllerClient kieServerControllerClient = KieServerControllerClientFactory.newRestClient(controllerDeployment.getUrl().toString() + "/rest/controller",
+        return KieServerControllerClientFactory.newRestClient(controllerDeployment.getUrl().toString() + "/rest/controller",
                 controllerDeployment.getUsername(), controllerDeployment.getPassword());
-        return kieServerControllerClient;
     }
 
     /**
diff --git a/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/OpenShiftOperatorScenario.java b/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/OpenShiftOperatorScenario.java
index 1e1a0c94b..0320a2f32 100644
--- a/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/OpenShiftOperatorScenario.java
+++ b/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/OpenShiftOperatorScenario.java
@@ -181,6 +181,30 @@ protected void registerTrustedSecret(Server server) {
         server.setKeystoreSecret(OpenShiftConstants.getKieApplicationSecretName());
     }
 
+    protected boolean isCustomTrustedSecretRegistered(Console console) {
+        if (console.getKeystoreSecret() != null && !console.getKeystoreSecret().isEmpty() && console.getEnv().length > 0) {
+            return Stream.of(console.getEnv()).map(Env::getName).anyMatch("HTTPS_NAME"::equals) &&
+                    Stream.of(console.getEnv()).map(Env::getName).anyMatch("HTTPS_PASSWORD"::equals);
+        }
+        return false;
+    }
+
+    protected boolean isCustomTrustedSecretRegistered(SmartRouter smartRouter) {
+        if (smartRouter.getKeystoreSecret() != null && !smartRouter.getKeystoreSecret().isEmpty() && smartRouter.getEnv().length > 0) {
+            return Stream.of(smartRouter.getEnv()).map(Env::getName).anyMatch("KIE_SERVER_ROUTER_TLS_KEYSTORE_KEYALIAS"::equals) && 
+                    Stream.of(smartRouter.getEnv()).map(Env::getName).anyMatch("KIE_SERVER_ROUTER_TLS_KEYSTORE_PASSWORD"::equals);
+        }
+        return false;
+    }
+
+    protected boolean isCustomTrustedSecretRegistered(Server server) {
+        if (server.getKeystoreSecret() != null && !server.getKeystoreSecret().isEmpty() && server.getEnv().length > 0) {
+            return Stream.of(server.getEnv()).map(Env::getName).anyMatch("HTTPS_NAME"::equals) &&
+                    Stream.of(server.getEnv()).map(Env::getName).anyMatch("HTTPS_PASSWORD"::equals);
+        }
+        return false;
+    }
+
     /**
      * @return OpenShift client which is aware of KieApp custom resource.
      */
diff --git a/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/WorkbenchKieServerPersistentScenarioImpl.java b/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/WorkbenchKieServerPersistentScenarioImpl.java
index bde0d59f0..13c1bab6b 100644
--- a/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/WorkbenchKieServerPersistentScenarioImpl.java
+++ b/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/WorkbenchKieServerPersistentScenarioImpl.java
@@ -19,15 +19,20 @@
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
 
 import cz.xtf.core.waiting.SimpleWaiter;
 import cz.xtf.core.waiting.SupplierWaiter;
 import cz.xtf.core.waiting.WaiterException;
+import io.fabric8.kubernetes.api.model.ObjectMeta;
+import io.fabric8.kubernetes.api.model.Pod;
 import org.kie.cloud.api.deployment.ControllerDeployment;
 import org.kie.cloud.api.deployment.Deployment;
+import org.kie.cloud.api.deployment.Instance;
 import org.kie.cloud.api.deployment.KieServerDeployment;
 import org.kie.cloud.api.deployment.SmartRouterDeployment;
 import org.kie.cloud.api.deployment.SsoDeployment;
@@ -89,24 +94,29 @@ protected void deployCustomResource() {
             gitProvider = Git.createProvider(project, request.getGitSettings());
         }
 
-        registerTrustedSecret(kieApp.getSpec().getObjects().getConsole());
-
+        if (!isCustomTrustedSecretRegistered(kieApp.getSpec().getObjects().getConsole())) {
+            registerTrustedSecret(kieApp.getSpec().getObjects().getConsole());
+        }
         for (Server server : kieApp.getSpec().getObjects().getServers()) {
-            registerTrustedSecret(server);
+            if (!isCustomTrustedSecretRegistered(server)) {
+                registerTrustedSecret(server);
+            }
         }
 
         // deploy application
-        getKieAppClient().create(kieApp);
-        // Wait until the operator reconciliate the KieApp and add there missing informations
+        getKieAppClient().createOrReplace(kieApp);
         new SupplierWaiter<KieApp>(() -> getKieAppClient().withName(OpenShiftConstants.getKieApplicationName()).get(), kieApp -> kieApp.getStatus() != null).reason("Waiting for reconciliation to initialize all fields.").timeout(TimeUnit.MINUTES,1).waitFor();
+        new SimpleWaiter(this::isKieAppDeployed).reason("Waiting for KieApp to be deployed.")
+                                                .timeout(TimeUnit.MINUTES, 1)
+                                                .waitFor();
 
         workbenchDeployment = new WorkbenchOperatorDeployment(project, getKieAppClient());
-        workbenchDeployment.setUsername(DeploymentConstants.getAppUser());
-        workbenchDeployment.setPassword(DeploymentConstants.getAppPassword());
+        workbenchDeployment.setUsername(kieApp.getSpec().getCommonConfig().getAdminUser());
+        workbenchDeployment.setPassword(kieApp.getSpec().getCommonConfig().getAdminPassword());
 
         kieServerDeployment = new KieServerOperatorDeployment(project, getKieAppClient());
-        kieServerDeployment.setUsername(DeploymentConstants.getAppUser());
-        kieServerDeployment.setPassword(DeploymentConstants.getAppPassword());
+        kieServerDeployment.setUsername(kieApp.getSpec().getCommonConfig().getAdminUser());
+        kieServerDeployment.setPassword(kieApp.getSpec().getCommonConfig().getAdminPassword());
 
         logger.info("Waiting until all services are created.");
         try {
@@ -128,6 +138,10 @@ protected void deployCustomResource() {
         storeProjectInfoToPersistentVolume(workbenchDeployment, "/opt/eap/standalone/data/kie");
     }
 
+    private boolean isKieAppDeployed() {
+        return getKieAppClient().withName(OpenShiftConstants.getKieApplicationName()).get().getStatus().getPhase().equals("Deployed");
+    }
+
     @Override
     public WorkbenchDeployment getWorkbenchDeployment() {
         return workbenchDeployment;
@@ -179,4 +193,36 @@ public SsoDeployment getSsoDeployment() {
     public GitProvider getGitProvider() {
         return gitProvider;
     }
+
+    @Override
+    public void changeUsernameAndPassword(String username, String password) {
+        if(getDeployments().stream().allMatch(Deployment::isReady)) {
+            List<String> oldInstances = workbenchDeployment.getInstances().stream().map(Instance::getName).collect(Collectors.toList());
+            oldInstances.addAll(kieServerDeployment.getInstances().stream().map(Instance::getName).collect(Collectors.toList()));
+
+            kieApp = getKieAppClient().withName(OpenShiftConstants.getKieApplicationName()).get();
+            kieApp.getSpec().getCommonConfig().setAdminUser(username);
+            kieApp.getSpec().getCommonConfig().setAdminPassword(password);
+            deployCustomResource();
+
+            try {
+                new SimpleWaiter(() -> areInstancesDeleted(oldInstances)).timeout(TimeUnit.MINUTES, 5).interval(TimeUnit.SECONDS, 5).waitFor();
+            } catch (WaiterException e) {
+                throw new RuntimeException("Timeout while deploying application.", e);
+            }
+            logger.info("Waiting for Workbench deployment to become ready.");
+            workbenchDeployment.waitForScale();
+
+            logger.info("Waiting for Kie server deployment to become ready.");
+            kieServerDeployment.waitForScale();
+        } else{
+            throw new RuntimeException("Application is not ready for Username and password change. Please check first that application is ready.");
+        }
+    }
+
+    private boolean areInstancesDeleted(Collection<String> oldInstancesNames) {
+        return project.getOpenShift().getPods().stream().map(Pod::getMetadata)
+                                                        .map(ObjectMeta::getName)
+                                                        .noneMatch(oldInstancesNames::contains);
+    }
 }
diff --git a/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/WorkbenchKieServerScenarioImpl.java b/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/WorkbenchKieServerScenarioImpl.java
index 2f3f66b39..16b0bda84 100644
--- a/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/WorkbenchKieServerScenarioImpl.java
+++ b/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/WorkbenchKieServerScenarioImpl.java
@@ -52,6 +52,7 @@ public class WorkbenchKieServerScenarioImpl extends OpenShiftOperatorScenario<Wo
     private WorkbenchDeploymentImpl workbenchDeployment;
     private KieServerDeploymentImpl kieServerDeployment;
     private final ScenarioRequest request;
+
     private PrometheusDeployment prometheusDeployment;
     private GitProvider gitProvider;
 
@@ -162,4 +163,9 @@ public Optional<PrometheusDeployment> getPrometheusDeployment() {
     public GitProvider getGitProvider() {
         return gitProvider;
     }
+
+    @Override
+    public void changeUsernameAndPassword(String username, String password) {
+        throw new UnsupportedOperationException("Not supported.");
+    }
 }
diff --git a/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/builder/WorkbenchKieServerPersistentScenarioBuilderImpl.java b/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/builder/WorkbenchKieServerPersistentScenarioBuilderImpl.java
index baf77b1db..c69a9e859 100644
--- a/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/builder/WorkbenchKieServerPersistentScenarioBuilderImpl.java
+++ b/framework-cloud/framework-openshift-operator/src/main/java/org/kie/cloud/openshift/operator/scenario/builder/WorkbenchKieServerPersistentScenarioBuilderImpl.java
@@ -66,14 +66,6 @@ public WorkbenchKieServerPersistentScenarioBuilderImpl() {
         commonConfig.setAdminUser(DeploymentConstants.getAppUser());
         commonConfig.setAdminPassword(DeploymentConstants.getAppPassword());
         kieApp.getSpec().setCommonConfig(commonConfig);
-
-        Server server = new Server();
-        server.addEnvs(authenticationEnvVars);
-        kieApp.getSpec().getObjects().addServer(server);
-
-        Console console = new Console();
-        console.addEnvs(authenticationEnvVars);
-        kieApp.getSpec().getObjects().setConsole(console);
     }
 
     @Override
diff --git a/framework-cloud/framework-openshift-templates/src/main/java/org/kie/cloud/openshift/scenario/WorkbenchKieServerPersistentScenarioImpl.java b/framework-cloud/framework-openshift-templates/src/main/java/org/kie/cloud/openshift/scenario/WorkbenchKieServerPersistentScenarioImpl.java
index 5449dfa51..b812db3e2 100644
--- a/framework-cloud/framework-openshift-templates/src/main/java/org/kie/cloud/openshift/scenario/WorkbenchKieServerPersistentScenarioImpl.java
+++ b/framework-cloud/framework-openshift-templates/src/main/java/org/kie/cloud/openshift/scenario/WorkbenchKieServerPersistentScenarioImpl.java
@@ -19,9 +19,12 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 
+import cz.xtf.core.waiting.SimpleWaiter;
 import org.kie.cloud.api.deployment.ControllerDeployment;
 import org.kie.cloud.api.deployment.Deployment;
 import org.kie.cloud.api.deployment.KieServerDeployment;
@@ -32,6 +35,8 @@
 import org.kie.cloud.api.git.GitProvider;
 import org.kie.cloud.api.scenario.WorkbenchKieServerPersistentScenario;
 import org.kie.cloud.api.scenario.WorkbenchKieServerScenario;
+import org.kie.cloud.common.provider.KieServerControllerClientProvider;
+import org.kie.cloud.openshift.constants.OpenShiftConstants;
 import org.kie.cloud.openshift.constants.OpenShiftTemplateConstants;
 import org.kie.cloud.openshift.constants.ProjectSpecificPropertyNames;
 import org.kie.cloud.openshift.deployment.KieServerDeploymentImpl;
@@ -155,4 +160,9 @@ public SsoDeployment getSsoDeployment() {
     public GitProvider getGitProvider() {
         return gitProvider;
     }
+
+    @Override
+    public void changeUsernameAndPassword(String username, String password) {
+        throw new UnsupportedOperationException("Not supported.");
+    }
 }
diff --git a/framework-cloud/framework-openshift-templates/src/main/java/org/kie/cloud/openshift/scenario/WorkbenchKieServerScenarioImpl.java b/framework-cloud/framework-openshift-templates/src/main/java/org/kie/cloud/openshift/scenario/WorkbenchKieServerScenarioImpl.java
index 8797f00c6..bb13d6b8d 100644
--- a/framework-cloud/framework-openshift-templates/src/main/java/org/kie/cloud/openshift/scenario/WorkbenchKieServerScenarioImpl.java
+++ b/framework-cloud/framework-openshift-templates/src/main/java/org/kie/cloud/openshift/scenario/WorkbenchKieServerScenarioImpl.java
@@ -32,6 +32,8 @@
 import org.kie.cloud.api.deployment.constants.DeploymentConstants;
 import org.kie.cloud.api.git.GitProvider;
 import org.kie.cloud.api.scenario.WorkbenchKieServerScenario;
+import org.kie.cloud.common.provider.KieServerControllerClientProvider;
+import org.kie.cloud.openshift.constants.OpenShiftConstants;
 import org.kie.cloud.openshift.constants.OpenShiftTemplateConstants;
 import org.kie.cloud.openshift.deployment.KieServerDeploymentImpl;
 import org.kie.cloud.openshift.deployment.WorkbenchDeploymentImpl;
@@ -141,4 +143,9 @@ public Optional<PrometheusDeployment> getPrometheusDeployment() {
     public GitProvider getGitProvider() {
         return gitProvider;
     }
+
+    @Override
+    public void changeUsernameAndPassword(String username, String password) {
+        throw new UnsupportedOperationException("Not supported.");
+    }
 }
diff --git a/framework-cloud/framework-openshift/src/main/java/org/kie/cloud/openshift/deployment/OpenShiftDeployment.java b/framework-cloud/framework-openshift/src/main/java/org/kie/cloud/openshift/deployment/OpenShiftDeployment.java
index 71732c1b6..1f6b8220c 100644
--- a/framework-cloud/framework-openshift/src/main/java/org/kie/cloud/openshift/deployment/OpenShiftDeployment.java
+++ b/framework-cloud/framework-openshift/src/main/java/org/kie/cloud/openshift/deployment/OpenShiftDeployment.java
@@ -31,8 +31,8 @@
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
-import cz.xtf.core.openshift.OpenShift;
 import cz.xtf.core.waiting.SimpleWaiter;
+import cz.xtf.core.openshift.OpenShift;
 import io.fabric8.kubernetes.api.model.Pod;
 import io.fabric8.kubernetes.api.model.Quantity;
 import io.fabric8.kubernetes.api.model.Service;
diff --git a/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/persistence/WorkbenchAdminUserPersistenceIntegrationTest.java b/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/persistence/WorkbenchAdminUserPersistenceIntegrationTest.java
new file mode 100644
index 000000000..25c13ec9c
--- /dev/null
+++ b/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/persistence/WorkbenchAdminUserPersistenceIntegrationTest.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2020 Red Hat, Inc. and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+package org.kie.cloud.integrationtests.persistence;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.kie.cloud.api.scenario.WorkbenchKieServerScenario;
+import org.kie.cloud.integrationtests.category.TemplateNotSupported;
+import org.kie.cloud.integrationtests.testproviders.PersistenceTestProvider;
+import org.kie.cloud.tests.common.AbstractCloudIntegrationTest;
+import org.kie.cloud.tests.common.ScenarioDeployer;
+
+@Category({TemplateNotSupported.class})
+public class WorkbenchAdminUserPersistenceIntegrationTest extends AbstractCloudIntegrationTest {
+
+    private static WorkbenchKieServerScenario deploymentScenario;
+
+    private static PersistenceTestProvider persistenceTestProvider;
+
+    @BeforeClass
+    public static void initializeDeployment() {
+        deploymentScenario = deploymentScenarioFactory.getWorkbenchKieServerPersistentScenarioBuilder()
+                .withInternalMavenRepo()
+                .build();
+        deploymentScenario.setLogFolderName(WorkbenchAdminUserPersistenceIntegrationTest.class.getSimpleName());
+        ScenarioDeployer.deployScenario(deploymentScenario);
+
+        // Setup test providers
+        persistenceTestProvider = PersistenceTestProvider.create();
+    }
+
+    @AfterClass
+    public static void cleanEnvironment() {
+        ScenarioDeployer.undeployScenario(deploymentScenario);
+    }
+
+    @Test
+    public void testAdminUserPasswordChange() {
+        persistenceTestProvider.testAdminUserPasswordChange(deploymentScenario);
+    }
+
+    @Test
+    public void testAdminUserNameAndPasswordChange() {
+        persistenceTestProvider.testAdminUserNameAndPasswordChange(deploymentScenario);
+    }
+}
diff --git a/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/testproviders/HttpsWorkbenchTestProvider.java b/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/testproviders/HttpsWorkbenchTestProvider.java
index f54886f5c..8a8e8317c 100644
--- a/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/testproviders/HttpsWorkbenchTestProvider.java
+++ b/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/testproviders/HttpsWorkbenchTestProvider.java
@@ -18,7 +18,6 @@
 
 import java.io.IOException;
 import java.net.URL;
-import java.util.Map;
 import java.util.Objects;
 import java.util.stream.Stream;
 import java.util.stream.StreamSupport;
diff --git a/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/testproviders/PersistenceTestProvider.java b/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/testproviders/PersistenceTestProvider.java
index c3a8448de..dd23dbce7 100644
--- a/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/testproviders/PersistenceTestProvider.java
+++ b/test-cloud/test-cloud-remote/src/test/java/org/kie/cloud/integrationtests/testproviders/PersistenceTestProvider.java
@@ -17,6 +17,7 @@
 
 import java.util.Objects;
 
+import org.assertj.core.api.SoftAssertions;
 import org.kie.cloud.api.deployment.Deployment;
 import org.kie.cloud.api.scenario.DeploymentScenario;
 import org.kie.cloud.api.scenario.WorkbenchKieServerScenario;
@@ -25,16 +26,22 @@
 import org.kie.cloud.tests.common.client.util.Kjar;
 import org.kie.cloud.tests.common.client.util.WorkbenchUtils;
 import org.kie.cloud.utils.AwaitilityUtils;
+import org.kie.server.api.exception.KieServicesHttpException;
 import org.kie.server.api.model.KieContainerStatus;
 import org.kie.server.api.model.KieServerInfo;
 import org.kie.server.client.KieServicesClient;
 import org.kie.server.controller.api.model.spec.ServerTemplate;
 import org.kie.server.controller.client.KieServerControllerClient;
+import org.kie.server.controller.client.exception.KieServerControllerHTTPClientException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class PersistenceTestProvider {
 
+    private static final Logger logger = LoggerFactory.getLogger(PersistenceTestProvider.class);
+
     private PersistenceTestProvider() {}
 
     /**
@@ -85,6 +92,132 @@ public void testControllerPersistence(WorkbenchKieServerScenario deploymentScena
         }
     }
 
+
+    // Verifies https://issues.redhat.com/browse/RHPAM-2777
+    public void testAdminUserPasswordChange(WorkbenchKieServerScenario deploymentScenario) {
+        final String newPassword = "newpassword1234!";
+        final String oldPassword = deploymentScenario.getWorkbenchDeployment().getPassword();
+
+        final String username = deploymentScenario.getWorkbenchDeployment().getUsername();
+        String containerId = "testAdminUserPasswordChange";
+        final String workbenchUrl = deploymentScenario.getWorkbenchDeployment().getUrl().toString();
+        final String kieServerUrl = deploymentScenario.getKieServerDeployment().getUrl().toString();
+
+        KieServerControllerClient kieControllerClient = KieServerControllerClientProvider.getKieServerControllerClient(deploymentScenario.getWorkbenchDeployment());
+        KieServicesClient kieServerClient = KieServerClientProvider.getKieServerClient(deploymentScenario.getKieServerDeployment());
+
+        KieServerInfo serverInfo = kieServerClient.getServerInfo().getResult();
+        try {
+            WorkbenchUtils.saveContainerSpec(kieControllerClient, serverInfo.getServerId(), serverInfo.getName(), containerId, containerId, Kjar.DEFINITION, KieContainerStatus.STARTED);
+            // Check if old user can connect
+            SoftAssertions.assertSoftly(softly -> {
+                softly.assertAlso(isUserAuthorizedInWorkbench(workbenchUrl, username, oldPassword));
+                softly.assertAlso(isUserAuthorizedInKieServer(kieServerUrl, username, oldPassword));
+            });
+
+            logger.info("Change username to {} and password to {} in credential secret", username, newPassword);
+            deploymentScenario.changeUsernameAndPassword(username, newPassword);
+
+            SoftAssertions.assertSoftly(softly -> {
+                softly.assertAlso(isUserUnauthorizedInWorkbench(workbenchUrl, username, oldPassword));
+
+                softly.assertAlso(isUserAuthorizedInWorkbench(workbenchUrl, username, newPassword));
+
+                softly.assertAlso(isUserUnauthorizedInKieServer(kieServerUrl, username, oldPassword));
+
+                softly.assertAlso(isUserAuthorizedInKieServer(kieServerUrl, username, newPassword));
+            });
+        } finally {
+            deploymentScenario.changeUsernameAndPassword(username, oldPassword);
+            kieControllerClient.deleteContainerSpec(serverInfo.getServerId(), containerId);
+        }
+    }
+
+    // Verifies https://issues.redhat.com/browse/RHPAM-2762
+    public void testAdminUserNameAndPasswordChange(WorkbenchKieServerScenario deploymentScenario) {
+        final String newUsername = "newadminusername";
+        final String newPassword = "newpassword4321!";
+
+        final String oldUsername = deploymentScenario.getWorkbenchDeployment().getUsername();
+        final String oldPassword = deploymentScenario.getWorkbenchDeployment().getPassword();
+        String containerId = "testAdminUserNameAndPasswordChange";
+        final String workbenchUrl = deploymentScenario.getWorkbenchDeployment().getUrl().toString();
+        final String kieServerUrl = deploymentScenario.getKieServerDeployment().getUrl().toString();
+
+        KieServerControllerClient kieControllerClient = KieServerControllerClientProvider.getKieServerControllerClient(deploymentScenario.getWorkbenchDeployment());
+        KieServicesClient kieServerClient = KieServerClientProvider.getKieServerClient(deploymentScenario.getKieServerDeployment());
+
+        KieServerInfo serverInfo = kieServerClient.getServerInfo().getResult();
+        try {
+            WorkbenchUtils.saveContainerSpec(kieControllerClient, serverInfo.getServerId(), serverInfo.getName(), containerId, containerId, Kjar.DEFINITION, KieContainerStatus.STARTED);
+            // Check if old user can connect
+            SoftAssertions.assertSoftly(softly -> {
+                softly.assertAlso(isUserAuthorizedInWorkbench(workbenchUrl, oldUsername, oldPassword));
+                softly.assertAlso(isUserAuthorizedInKieServer(kieServerUrl, oldUsername, oldPassword));
+            });
+
+            logger.info("Change username to {} and password to {} in credential secret", newUsername, newPassword);
+            deploymentScenario.changeUsernameAndPassword(newUsername, newPassword);
+
+            SoftAssertions.assertSoftly(softly -> {
+                softly.assertAlso(isUserUnauthorizedInWorkbench(workbenchUrl, oldUsername, oldPassword));
+                softly.assertAlso(isUserUnauthorizedInWorkbench(workbenchUrl, oldUsername, newPassword));
+                softly.assertAlso(isUserUnauthorizedInWorkbench(workbenchUrl, newUsername, oldPassword));
+
+                softly.assertAlso(isUserAuthorizedInWorkbench(workbenchUrl, newUsername, newPassword));
+
+                softly.assertAlso(isUserUnauthorizedInKieServer(kieServerUrl, oldUsername, oldPassword));
+                softly.assertAlso(isUserUnauthorizedInKieServer(kieServerUrl, oldUsername, newPassword));
+                softly.assertAlso(isUserUnauthorizedInKieServer(kieServerUrl, newUsername, oldPassword));
+
+                softly.assertAlso(isUserAuthorizedInKieServer(kieServerUrl, newUsername, newPassword));
+            });
+        } finally {
+            deploymentScenario.changeUsernameAndPassword(oldUsername, oldPassword);
+            kieControllerClient.deleteContainerSpec(serverInfo.getServerId(), containerId);
+        }
+    }
+
+    private SoftAssertions isUserAuthorizedInWorkbench(String url, String username, String password) {
+        KieServerControllerClient kieControllerClient = KieServerControllerClientProvider.getKieServerControllerClient(url, username, password);
+        SoftAssertions softly = new SoftAssertions();
+        softly.assertThat(kieControllerClient.listServerTemplates().getServerTemplates())
+              .as("List Server Templates after login with username %s and password %s", username, password)
+              .hasSize(1);
+        return softly;
+    }
+
+    private SoftAssertions isUserUnauthorizedInWorkbench(String url, String username, String password) {
+        KieServerControllerClient kieControllerClient = KieServerControllerClientProvider.getKieServerControllerClient(url, username, password);
+        SoftAssertions softly = new SoftAssertions();
+        softly.assertThatThrownBy(() -> {
+            kieControllerClient.listServerTemplates().getServerTemplates();
+        }).as("Exception after login with username %s and password %s", username, password)
+              .isInstanceOf(KieServerControllerHTTPClientException.class)
+              .hasMessageContainingAll("401");
+        return softly;
+    }
+
+    private SoftAssertions isUserAuthorizedInKieServer(String url, String username, String password) {
+        KieServicesClient kieServerClient = KieServerClientProvider.getKieServerClient(url, username, password);
+        SoftAssertions softly = new SoftAssertions();
+        softly.assertThat(kieServerClient.getServerInfo().getResult())
+              .as("GET server info of Kie Server login as username %s with password %s", username, password)
+              .isNotNull();
+        return softly;
+    }
+
+    private SoftAssertions isUserUnauthorizedInKieServer(String url, String username, String password) {
+        SoftAssertions softly = new SoftAssertions();
+        softly.assertThatThrownBy(() -> {
+            KieServerClientProvider.getKieServerClient(url, username, password);
+        }).as("Exception create client for Kie Server login as username %s with password %s", username, password)
+              .isInstanceOf(RuntimeException.class)
+              .hasCauseInstanceOf(KieServicesHttpException.class)
+              .hasMessageContainingAll("401", "Unauthorized");
+        return softly;
+    }
+
     private static void scaleToZeroAndBackToOne(Deployment deployment) {
         deployment.scale(0);
         deployment.waitForScale();