2891745508
The image change switches from Wildfly to Quarkus, which seems to
come with undocumented impact to H2 databases because Keycloak
maintainers consider that "for development purposes only" and not to
be used in production.
When reintroducing this change, we'll include an actual RDBMS in
order to ease future upgrade work.
Retain the added test that exercises the admin credentials and API,
but adjust it back to the path used by the legacy image.
This reverts commit fb47277a56.
Change-Id: I0908490cea852853f086e594a816343edaf6a454
61 lines
2.4 KiB
Python
61 lines
2.4 KiB
Python
# Copyright 2018 Red Hat, Inc.
|
|
# Copyright 2021 Acme Gating, LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
import json
|
|
|
|
|
|
testinfra_hosts = ['keycloak01.opendev.org']
|
|
|
|
|
|
def test_keycloak_listening(host):
|
|
keycloak = host.socket("tcp://127.0.0.1:8080")
|
|
assert keycloak.is_listening
|
|
|
|
def test_keycloak_openid_config(host):
|
|
# This tests the proxy config since the output is determined by
|
|
# the proxy headers and is not hard-coded configuration.
|
|
cmd = host.run('curl --insecure '
|
|
'--resolve keycloak.opendev.org:443:127.0.0.1 '
|
|
'https://keycloak.opendev.org/auth/realms/master'
|
|
'/.well-known/openid-configuration')
|
|
assert ('"issuer":"https://keycloak.opendev.org/auth/realms/master"'
|
|
in cmd.stdout)
|
|
|
|
def test_keycloak_admin_api(host):
|
|
# This tests the admin account and password can be used to
|
|
# acquire an OIDC bearer token and then use it to check the
|
|
# user count.
|
|
cmd = host.run('curl --insecure '
|
|
'--resolve keycloak.opendev.org:443:127.0.0.1 '
|
|
'-X POST '
|
|
'-H "Content-Type: application/x-www-form-urlencoded" '
|
|
'-d "username=admin" '
|
|
'-d "password=testpassword" '
|
|
'-d "grant_type=password" '
|
|
'-d "client_id=admin-cli" '
|
|
'https://keycloak.opendev.org'
|
|
'/auth/realms/master/protocol/openid-connect/token')
|
|
token = json.loads(cmd.stdout)
|
|
assert token["token_type"] == "Bearer"
|
|
cmd = host.run('curl --insecure '
|
|
'--resolve keycloak.opendev.org:443:127.0.0.1 '
|
|
'-H "Authorization: Bearer %s" '
|
|
'-H "Content-Type: application/json" '
|
|
'https://keycloak.opendev.org'
|
|
'/auth/admin/realms/master/users/count'
|
|
% token["access_token"])
|
|
assert cmd.stdout == "1"
|