Switch from legacy to new style keycloak container

When moving from DockerHub to Quay in 2022, we had to specify the
legacy container tag because something also changed with the images
themselves at that time in such a way that they no longer worked
with our configs. The legacy images ceased being updated past v19,
so specify the 19.0 tag in order to match the major version we're
running in production, and work through the necessary container
config changes before resuming upgrades to a more current version.

Change-Id: I5bf587fe3d8327c17d71908104c0896f8baf0973
This commit is contained in:
Jeremy Stanley 2024-01-12 15:30:12 +00:00
parent 331ca64055
commit fb47277a56
2 changed files with 37 additions and 9 deletions

View File

@ -4,17 +4,18 @@ version: '2'
services: services:
keycloak: keycloak:
image: quay.io/keycloak/keycloak:legacy image: quay.io/keycloak/keycloak:19.0
network_mode: host network_mode: host
restart: always restart: always
environment: environment:
- KEYCLOAK_USER=admin KEYCLOAK_ADMIN: admin
- KEYCLOAK_PASSWORD="{{ keycloak_admin_password }}" KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak_admin_password }}"
- DB_VENDOR=h2
- PROXY_ADDRESS_FORWARDING=true
command: command:
-Djboss.bind.address.private=127.0.0.1 - 'start'
-Djboss.bind.address=127.0.0.1 - '--hostname-strict=false'
- '--http-enabled=true'
- '--http-host=127.0.0.1'
- '--proxy=edge'
volumes: volumes:
- /var/keycloak/data:/opt/jboss/keycloak/standalone/data - /var/keycloak/data:/opt/jboss/keycloak/standalone/data
- /var/log/keycloak:/opt/jboss/keycloak/standalone/log - /var/log/keycloak:/opt/jboss/keycloak/standalone/log

View File

@ -14,6 +14,9 @@
# under the License. # under the License.
import json
testinfra_hosts = ['keycloak01.opendev.org'] testinfra_hosts = ['keycloak01.opendev.org']
@ -26,7 +29,31 @@ def test_keycloak_openid_config(host):
# the proxy headers and is not hard-coded configuration. # the proxy headers and is not hard-coded configuration.
cmd = host.run('curl --insecure ' cmd = host.run('curl --insecure '
'--resolve keycloak.opendev.org:443:127.0.0.1 ' '--resolve keycloak.opendev.org:443:127.0.0.1 '
'https://keycloak.opendev.org/auth/realms/master' 'https://keycloak.opendev.org/realms/master'
'/.well-known/openid-configuration') '/.well-known/openid-configuration')
assert ('"issuer":"https://keycloak.opendev.org/auth/realms/master"' assert ('"issuer":"https://keycloak.opendev.org/realms/master"'
in cmd.stdout) in cmd.stdout)
def test_keycloak_admin_api(host):
# This tests the admin account and password can be used to
# acquire an OIDC bearer token and then use it to check the
# user count.
cmd = host.run('curl --insecure '
'--resolve keycloak.opendev.org:443:127.0.0.1 '
'-X POST '
'-H "Content-Type: application/x-www-form-urlencoded" '
'-d "username=admin" '
'-d "password=testpassword" '
'-d "grant_type=password" '
'-d "client_id=admin-cli" '
'https://keycloak.opendev.org'
'/realms/master/protocol/openid-connect/token')
token = json.loads(cmd.stdout)
assert token["token_type"] == "Bearer"
cmd = host.run('curl --insecure '
'--resolve keycloak.opendev.org:443:127.0.0.1 '
'-H "Authorization: Bearer %s" '
'-H "Content-Type: application/json" '
'https://keycloak.opendev.org'
'/admin/realms/master/users/count' % token["access_token"])
assert cmd.stdout == "1"