Revert "Switch from legacy to new style keycloak container"
The image change switches from Wildfly to Quarkus, which seems to
come with undocumented impact to H2 databases because Keycloak
maintainers consider that "for development purposes only" and not to
be used in production.
When reintroducing this change, we'll include an actual RDBMS in
order to ease future upgrade work.
Retain the added test that exercises the admin credentials and API,
but adjust it back to the path used by the legacy image.
This reverts commit fb47277a56
.
Change-Id: I0908490cea852853f086e594a816343edaf6a454
This commit is contained in:
parent
d4c209e7a4
commit
2891745508
@ -4,18 +4,17 @@ version: '2'
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
keycloak:
|
keycloak:
|
||||||
image: quay.io/keycloak/keycloak:19.0
|
image: quay.io/keycloak/keycloak:legacy
|
||||||
network_mode: host
|
network_mode: host
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
KEYCLOAK_ADMIN: admin
|
- KEYCLOAK_USER=admin
|
||||||
KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak_admin_password }}"
|
- KEYCLOAK_PASSWORD="{{ keycloak_admin_password }}"
|
||||||
|
- DB_VENDOR=h2
|
||||||
|
- PROXY_ADDRESS_FORWARDING=true
|
||||||
command:
|
command:
|
||||||
- 'start'
|
-Djboss.bind.address.private=127.0.0.1
|
||||||
- '--hostname-strict=false'
|
-Djboss.bind.address=127.0.0.1
|
||||||
- '--http-enabled=true'
|
|
||||||
- '--http-host=127.0.0.1'
|
|
||||||
- '--proxy=edge'
|
|
||||||
volumes:
|
volumes:
|
||||||
- /var/keycloak/data:/opt/jboss/keycloak/standalone/data
|
- /var/keycloak/data:/opt/jboss/keycloak/standalone/data
|
||||||
- /var/log/keycloak:/opt/jboss/keycloak/standalone/log
|
- /var/log/keycloak:/opt/jboss/keycloak/standalone/log
|
||||||
|
@ -29,9 +29,9 @@ def test_keycloak_openid_config(host):
|
|||||||
# the proxy headers and is not hard-coded configuration.
|
# the proxy headers and is not hard-coded configuration.
|
||||||
cmd = host.run('curl --insecure '
|
cmd = host.run('curl --insecure '
|
||||||
'--resolve keycloak.opendev.org:443:127.0.0.1 '
|
'--resolve keycloak.opendev.org:443:127.0.0.1 '
|
||||||
'https://keycloak.opendev.org/realms/master'
|
'https://keycloak.opendev.org/auth/realms/master'
|
||||||
'/.well-known/openid-configuration')
|
'/.well-known/openid-configuration')
|
||||||
assert ('"issuer":"https://keycloak.opendev.org/realms/master"'
|
assert ('"issuer":"https://keycloak.opendev.org/auth/realms/master"'
|
||||||
in cmd.stdout)
|
in cmd.stdout)
|
||||||
|
|
||||||
def test_keycloak_admin_api(host):
|
def test_keycloak_admin_api(host):
|
||||||
@ -47,7 +47,7 @@ def test_keycloak_admin_api(host):
|
|||||||
'-d "grant_type=password" '
|
'-d "grant_type=password" '
|
||||||
'-d "client_id=admin-cli" '
|
'-d "client_id=admin-cli" '
|
||||||
'https://keycloak.opendev.org'
|
'https://keycloak.opendev.org'
|
||||||
'/realms/master/protocol/openid-connect/token')
|
'/auth/realms/master/protocol/openid-connect/token')
|
||||||
token = json.loads(cmd.stdout)
|
token = json.loads(cmd.stdout)
|
||||||
assert token["token_type"] == "Bearer"
|
assert token["token_type"] == "Bearer"
|
||||||
cmd = host.run('curl --insecure '
|
cmd = host.run('curl --insecure '
|
||||||
@ -55,5 +55,6 @@ def test_keycloak_admin_api(host):
|
|||||||
'-H "Authorization: Bearer %s" '
|
'-H "Authorization: Bearer %s" '
|
||||||
'-H "Content-Type: application/json" '
|
'-H "Content-Type: application/json" '
|
||||||
'https://keycloak.opendev.org'
|
'https://keycloak.opendev.org'
|
||||||
'/admin/realms/master/users/count' % token["access_token"])
|
'/auth/admin/realms/master/users/count'
|
||||||
|
% token["access_token"])
|
||||||
assert cmd.stdout == "1"
|
assert cmd.stdout == "1"
|
||||||
|
Loading…
Reference in New Issue
Block a user