Revert "Switch from legacy to new style keycloak container"

The image change switches from Wildfly to Quarkus, which seems to
come with undocumented impact to H2 databases because Keycloak
maintainers consider that "for development purposes only" and not to
be used in production.

When reintroducing this change, we'll include an actual RDBMS in
order to ease future upgrade work.

Retain the added test that exercises the admin credentials and API,
but adjust it back to the path used by the legacy image.

This reverts commit fb47277a56.

Change-Id: I0908490cea852853f086e594a816343edaf6a454
This commit is contained in:
Jeremy Stanley 2024-01-29 19:09:07 +00:00
parent d4c209e7a4
commit 2891745508
2 changed files with 12 additions and 12 deletions

View File

@ -4,18 +4,17 @@ version: '2'
services: services:
keycloak: keycloak:
image: quay.io/keycloak/keycloak:19.0 image: quay.io/keycloak/keycloak:legacy
network_mode: host network_mode: host
restart: always restart: always
environment: environment:
KEYCLOAK_ADMIN: admin - KEYCLOAK_USER=admin
KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak_admin_password }}" - KEYCLOAK_PASSWORD="{{ keycloak_admin_password }}"
- DB_VENDOR=h2
- PROXY_ADDRESS_FORWARDING=true
command: command:
- 'start' -Djboss.bind.address.private=127.0.0.1
- '--hostname-strict=false' -Djboss.bind.address=127.0.0.1
- '--http-enabled=true'
- '--http-host=127.0.0.1'
- '--proxy=edge'
volumes: volumes:
- /var/keycloak/data:/opt/jboss/keycloak/standalone/data - /var/keycloak/data:/opt/jboss/keycloak/standalone/data
- /var/log/keycloak:/opt/jboss/keycloak/standalone/log - /var/log/keycloak:/opt/jboss/keycloak/standalone/log

View File

@ -29,9 +29,9 @@ def test_keycloak_openid_config(host):
# the proxy headers and is not hard-coded configuration. # the proxy headers and is not hard-coded configuration.
cmd = host.run('curl --insecure ' cmd = host.run('curl --insecure '
'--resolve keycloak.opendev.org:443:127.0.0.1 ' '--resolve keycloak.opendev.org:443:127.0.0.1 '
'https://keycloak.opendev.org/realms/master' 'https://keycloak.opendev.org/auth/realms/master'
'/.well-known/openid-configuration') '/.well-known/openid-configuration')
assert ('"issuer":"https://keycloak.opendev.org/realms/master"' assert ('"issuer":"https://keycloak.opendev.org/auth/realms/master"'
in cmd.stdout) in cmd.stdout)
def test_keycloak_admin_api(host): def test_keycloak_admin_api(host):
@ -47,7 +47,7 @@ def test_keycloak_admin_api(host):
'-d "grant_type=password" ' '-d "grant_type=password" '
'-d "client_id=admin-cli" ' '-d "client_id=admin-cli" '
'https://keycloak.opendev.org' 'https://keycloak.opendev.org'
'/realms/master/protocol/openid-connect/token') '/auth/realms/master/protocol/openid-connect/token')
token = json.loads(cmd.stdout) token = json.loads(cmd.stdout)
assert token["token_type"] == "Bearer" assert token["token_type"] == "Bearer"
cmd = host.run('curl --insecure ' cmd = host.run('curl --insecure '
@ -55,5 +55,6 @@ def test_keycloak_admin_api(host):
'-H "Authorization: Bearer %s" ' '-H "Authorization: Bearer %s" '
'-H "Content-Type: application/json" ' '-H "Content-Type: application/json" '
'https://keycloak.opendev.org' 'https://keycloak.opendev.org'
'/admin/realms/master/users/count' % token["access_token"]) '/auth/admin/realms/master/users/count'
% token["access_token"])
assert cmd.stdout == "1" assert cmd.stdout == "1"