# Copyright 2018 Red Hat, Inc. # Copyright 2021 Acme Gating, LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import json testinfra_hosts = ['keycloak01.opendev.org'] def test_keycloak_listening(host): keycloak = host.socket("tcp://127.0.0.1:8080") assert keycloak.is_listening def test_keycloak_openid_config(host): # This tests the proxy config since the output is determined by # the proxy headers and is not hard-coded configuration. cmd = host.run('curl --insecure ' '--resolve keycloak.opendev.org:443:127.0.0.1 ' 'https://keycloak.opendev.org/auth/realms/master' '/.well-known/openid-configuration') assert ('"issuer":"https://keycloak.opendev.org/auth/realms/master"' in cmd.stdout) def test_keycloak_admin_api(host): # This tests the admin account and password can be used to # acquire an OIDC bearer token and then use it to check the # user count. cmd = host.run('curl --insecure ' '--resolve keycloak.opendev.org:443:127.0.0.1 ' '-X POST ' '-H "Content-Type: application/x-www-form-urlencoded" ' '-d "username=admin" ' '-d "password=testpassword" ' '-d "grant_type=password" ' '-d "client_id=admin-cli" ' 'https://keycloak.opendev.org' '/auth/realms/master/protocol/openid-connect/token') token = json.loads(cmd.stdout) assert token["token_type"] == "Bearer" cmd = host.run('curl --insecure ' '--resolve keycloak.opendev.org:443:127.0.0.1 ' '-H "Authorization: Bearer %s" ' '-H "Content-Type: application/json" ' 'https://keycloak.opendev.org' '/auth/admin/realms/master/users/count' % token["access_token"]) assert cmd.stdout == "1"