f477e35561
This includes a switch from the "legacy" style Wildfly-based image to a new setup using Quarkus. Because Keycloak maintainers consider H2 databases as a test/dev only option, there are no good migration and upgrade paths short of export/import data. Go ahead and change our deployment model to rely on a proper RDBMS, run locally from a container on the same server. Change-Id: I01f8045563e9f6db6168b92c5a868b8095c0d97b
78 lines
3.1 KiB
Python
78 lines
3.1 KiB
Python
# Copyright 2018 Red Hat, Inc.
|
|
# Copyright 2021 Acme Gating, LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
import json
|
|
|
|
|
|
testinfra_hosts = ['keycloak99.opendev.org']
|
|
|
|
|
|
def test_rdbms_listening(host):
|
|
keycloak = host.socket("tcp://::1:3306")
|
|
assert keycloak.is_listening
|
|
|
|
def test_keycloak_listening(host):
|
|
keycloak = host.socket("tcp://::1:8080")
|
|
assert keycloak.is_listening
|
|
|
|
def test_rdbms_used(host):
|
|
# This checks that keycloak created tables in the database,
|
|
# ensuring our intended database backend is actually used.
|
|
|
|
# The nested quotes get really ornery, so try to defuse some
|
|
# of it with a raw string included via string formatting.
|
|
query = (r'select DESCRIPTION from keycloak.KEYCLOAK_ROLE '
|
|
'where NAME=\\"default-roles-master\\"')
|
|
cmd = host.run(
|
|
"""docker-compose -f /etc/keycloak-docker/docker-compose.yaml \
|
|
exec -T mariadb bash -c '/usr/bin/mysql -B -p$MARIADB_PASSWORD \
|
|
-ukeycloak -e "%s"'""" % query)
|
|
assert ("role_default-roles" in cmd.stdout)
|
|
|
|
def test_keycloak_openid_config(host):
|
|
# This tests the proxy config since the output is determined by
|
|
# the proxy headers and is not hard-coded configuration.
|
|
cmd = host.run('curl --insecure '
|
|
'--resolve keycloak.opendev.org:443:[::1] '
|
|
'https://keycloak.opendev.org/realms/master'
|
|
'/.well-known/openid-configuration')
|
|
assert ('"issuer":"https://keycloak.opendev.org/realms/master"'
|
|
in cmd.stdout)
|
|
|
|
def test_keycloak_admin_api(host):
|
|
# This tests the admin account and password can be used to
|
|
# acquire an OIDC bearer token and then use it to check the
|
|
# user count.
|
|
cmd = host.run('curl --insecure '
|
|
'--resolve keycloak.opendev.org:443:[::1] '
|
|
'-X POST '
|
|
'-H "Content-Type: application/x-www-form-urlencoded" '
|
|
'-d "username=admin" '
|
|
'-d "password=testpassword" '
|
|
'-d "grant_type=password" '
|
|
'-d "client_id=admin-cli" '
|
|
'https://keycloak.opendev.org'
|
|
'/realms/master/protocol/openid-connect/token')
|
|
token = json.loads(cmd.stdout)
|
|
assert token["token_type"] == "Bearer"
|
|
cmd = host.run('curl --insecure '
|
|
'--resolve keycloak.opendev.org:443:[::1] '
|
|
'-H "Authorization: Bearer %s" '
|
|
'-H "Content-Type: application/json" '
|
|
'https://keycloak.opendev.org'
|
|
'/admin/realms/master/users/count' % token["access_token"])
|
|
assert cmd.stdout == "1"
|