system-config/testinfra/test_keycloak.py
Jeremy Stanley f477e35561 Upgrade to Keycloak 23.0
This includes a switch from the "legacy" style Wildfly-based image
to a new setup using Quarkus.

Because Keycloak maintainers consider H2 databases as a test/dev
only option, there are no good migration and upgrade paths short of
export/import data. Go ahead and change our deployment model to rely
on a proper RDBMS, run locally from a container on the same server.

Change-Id: I01f8045563e9f6db6168b92c5a868b8095c0d97b
2024-02-06 05:33:37 +00:00

78 lines
3.1 KiB
Python

# Copyright 2018 Red Hat, Inc.
# Copyright 2021 Acme Gating, LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import json
testinfra_hosts = ['keycloak99.opendev.org']
def test_rdbms_listening(host):
keycloak = host.socket("tcp://::1:3306")
assert keycloak.is_listening
def test_keycloak_listening(host):
keycloak = host.socket("tcp://::1:8080")
assert keycloak.is_listening
def test_rdbms_used(host):
# This checks that keycloak created tables in the database,
# ensuring our intended database backend is actually used.
# The nested quotes get really ornery, so try to defuse some
# of it with a raw string included via string formatting.
query = (r'select DESCRIPTION from keycloak.KEYCLOAK_ROLE '
'where NAME=\\"default-roles-master\\"')
cmd = host.run(
"""docker-compose -f /etc/keycloak-docker/docker-compose.yaml \
exec -T mariadb bash -c '/usr/bin/mysql -B -p$MARIADB_PASSWORD \
-ukeycloak -e "%s"'""" % query)
assert ("role_default-roles" in cmd.stdout)
def test_keycloak_openid_config(host):
# This tests the proxy config since the output is determined by
# the proxy headers and is not hard-coded configuration.
cmd = host.run('curl --insecure '
'--resolve keycloak.opendev.org:443:[::1] '
'https://keycloak.opendev.org/realms/master'
'/.well-known/openid-configuration')
assert ('"issuer":"https://keycloak.opendev.org/realms/master"'
in cmd.stdout)
def test_keycloak_admin_api(host):
# This tests the admin account and password can be used to
# acquire an OIDC bearer token and then use it to check the
# user count.
cmd = host.run('curl --insecure '
'--resolve keycloak.opendev.org:443:[::1] '
'-X POST '
'-H "Content-Type: application/x-www-form-urlencoded" '
'-d "username=admin" '
'-d "password=testpassword" '
'-d "grant_type=password" '
'-d "client_id=admin-cli" '
'https://keycloak.opendev.org'
'/realms/master/protocol/openid-connect/token')
token = json.loads(cmd.stdout)
assert token["token_type"] == "Bearer"
cmd = host.run('curl --insecure '
'--resolve keycloak.opendev.org:443:[::1] '
'-H "Authorization: Bearer %s" '
'-H "Content-Type: application/json" '
'https://keycloak.opendev.org'
'/admin/realms/master/users/count' % token["access_token"])
assert cmd.stdout == "1"