Switch from legacy to new style keycloak container
When moving from DockerHub to Quay in 2022, we had to specify the legacy container tag because something also changed with the images themselves at that time in such a way that they no longer worked with our configs. The legacy images ceased being updated past v19, so specify the 19.0 tag in order to match the major version we're running in production, and work through the necessary container config changes before resuming upgrades to a more current version. Change-Id: I5bf587fe3d8327c17d71908104c0896f8baf0973
This commit is contained in:
parent
331ca64055
commit
fb47277a56
@ -4,17 +4,18 @@ version: '2'
|
||||
|
||||
services:
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:legacy
|
||||
image: quay.io/keycloak/keycloak:19.0
|
||||
network_mode: host
|
||||
restart: always
|
||||
environment:
|
||||
- KEYCLOAK_USER=admin
|
||||
- KEYCLOAK_PASSWORD="{{ keycloak_admin_password }}"
|
||||
- DB_VENDOR=h2
|
||||
- PROXY_ADDRESS_FORWARDING=true
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak_admin_password }}"
|
||||
command:
|
||||
-Djboss.bind.address.private=127.0.0.1
|
||||
-Djboss.bind.address=127.0.0.1
|
||||
- 'start'
|
||||
- '--hostname-strict=false'
|
||||
- '--http-enabled=true'
|
||||
- '--http-host=127.0.0.1'
|
||||
- '--proxy=edge'
|
||||
volumes:
|
||||
- /var/keycloak/data:/opt/jboss/keycloak/standalone/data
|
||||
- /var/log/keycloak:/opt/jboss/keycloak/standalone/log
|
||||
|
@ -14,6 +14,9 @@
|
||||
# under the License.
|
||||
|
||||
|
||||
import json
|
||||
|
||||
|
||||
testinfra_hosts = ['keycloak01.opendev.org']
|
||||
|
||||
|
||||
@ -26,7 +29,31 @@ def test_keycloak_openid_config(host):
|
||||
# the proxy headers and is not hard-coded configuration.
|
||||
cmd = host.run('curl --insecure '
|
||||
'--resolve keycloak.opendev.org:443:127.0.0.1 '
|
||||
'https://keycloak.opendev.org/auth/realms/master'
|
||||
'https://keycloak.opendev.org/realms/master'
|
||||
'/.well-known/openid-configuration')
|
||||
assert ('"issuer":"https://keycloak.opendev.org/auth/realms/master"'
|
||||
assert ('"issuer":"https://keycloak.opendev.org/realms/master"'
|
||||
in cmd.stdout)
|
||||
|
||||
def test_keycloak_admin_api(host):
|
||||
# This tests the admin account and password can be used to
|
||||
# acquire an OIDC bearer token and then use it to check the
|
||||
# user count.
|
||||
cmd = host.run('curl --insecure '
|
||||
'--resolve keycloak.opendev.org:443:127.0.0.1 '
|
||||
'-X POST '
|
||||
'-H "Content-Type: application/x-www-form-urlencoded" '
|
||||
'-d "username=admin" '
|
||||
'-d "password=testpassword" '
|
||||
'-d "grant_type=password" '
|
||||
'-d "client_id=admin-cli" '
|
||||
'https://keycloak.opendev.org'
|
||||
'/realms/master/protocol/openid-connect/token')
|
||||
token = json.loads(cmd.stdout)
|
||||
assert token["token_type"] == "Bearer"
|
||||
cmd = host.run('curl --insecure '
|
||||
'--resolve keycloak.opendev.org:443:127.0.0.1 '
|
||||
'-H "Authorization: Bearer %s" '
|
||||
'-H "Content-Type: application/json" '
|
||||
'https://keycloak.opendev.org'
|
||||
'/admin/realms/master/users/count' % token["access_token"])
|
||||
assert cmd.stdout == "1"
|
||||
|
Loading…
Reference in New Issue
Block a user