feat(tests): improve tests with actual keycloak connection

feat(micronaut): upgrade to 1.3.7 and testing lib 1.2.3 feat(test): try to actually create keycloak connection in test feat(test): food-realm feat(test): keycloak username feat(test): connect realms to keycloak feat(test): client-example fix: more logs fix: try testing latest only fix: debug fix: create keycloak-auth secret and configure keycloak via values file fix: values file syntax fix: file path fix: debug keycloak fix: debug keycloak fix: debug keycloak fix: debug keycloak fix: debug keycloak fix: debug keycloak fix: debug keycloak fix: debug keycloak fix: rm debug stuff fix: revert pom version changes fix: keycloak crd expects a secret with pw fix: rm debug log fix: revert kind change fix: proxy forwarding fix: proxy forwarding fix: use secret to auth with same creds in keycloak and keycloak controller admin client connection fix: revert keycloak chart change
kiwigrid · Sep 16, 2020 · ee1d69c · ee1d69c
1 parent 977ade5
commit ee1d69c
Show file tree

Hide file tree

Showing 9 changed files with 108 additions and 21 deletions.
diff --git a/.github/k8s-install.sh b/.github/k8s-install.sh
@@ -39,10 +39,24 @@ echo -e "\n##### create keycloak namespace #####\n"
 kubectl create namespace "${NAMESPACE}"
 
 echo -e "\n##### install keycloak #####\n"
-helm upgrade -i keycloak codecentric/keycloak --wait --namespace "${NAMESPACE}" --version "${KEYCLOAK_CHART_VERSION}"
+kubectl create secret generic keycloak-auth \
+    --namespace "${NAMESPACE}" \
+    --from-literal=username=keycloak \
+    --from-literal=password=keycloak
+
+helm upgrade -i keycloak codecentric/keycloak \
+    --wait \
+    --namespace "${NAMESPACE}" \
+    --version "${KEYCLOAK_CHART_VERSION}" \
+    --values .github/keycloak-values.yaml
 
 echo -e "\n##### install keycloak-controller #####\n"
-helm upgrade -i keycloak-controller kiwigrid/keycloak-controller --wait --namespace "${NAMESPACE}" --version "${KEYCLOAK_CONTROLLER_CHART_VERSION}" --set image.repository=keycloak-controller --set image.tag=ci-snapshot
+helm upgrade -i keycloak-controller kiwigrid/keycloak-controller \
+    --wait \
+    --namespace "${NAMESPACE}" \
+    --version "${KEYCLOAK_CONTROLLER_CHART_VERSION}" \
+    --set image.repository=keycloak-controller \
+    --set image.tag=ci-snapshot
 
 echo -e "\n##### install keycloak-controller crds #####\n"
 while IFS= read -r CRD; do
@@ -71,7 +85,7 @@ kubectl -n "${NAMESPACE}" get keycloaks.k8s.kiwigrid.com
 echo ""
 
 echo -e "\n##### check for errors in keycloak-controller logs #####\n"
-sleep 150
+sleep 20
 if kubectl -n "${NAMESPACE}" logs -l app.kubernetes.io/name=keycloak-controller | grep -q ERROR; then
     echo "errors found in logs :("
     kubectl -n "${NAMESPACE}" logs -l app.kubernetes.io/name=keycloak-controller

diff --git a/.github/keycloak-values.yaml b/.github/keycloak-values.yaml
@@ -0,0 +1,15 @@
+extraEnv: |
+  - name: KEYCLOAK_USER_FILE
+    value: /secrets/keycloak-auth/username
+  - name: KEYCLOAK_PASSWORD_FILE
+    value: /secrets/keycloak-auth/password
+  - name: PROXY_ADDRESS_FORWARDING
+    value: "true"
+extraVolumeMounts: |
+  - name: keycloak-auth
+    mountPath: /secrets/keycloak-auth
+    readOnly: true
+extraVolumes: |
+  - name: keycloak-auth
+    secret:
+      secretName: keycloak-auth
diff --git a/.github/kind-config.yaml b/.github/kind-config.yaml
@@ -1,5 +1,5 @@
 kind: Cluster
-apiVersion: kind.sigs.k8s.io/v1alpha3
+apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
 # the control plane node config
 - role: control-plane

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -25,15 +25,11 @@ jobs:
       matrix:
         k8s-version:
          - v1.14.10
-         - v1.15.7
-         - v1.16.9
-         - v1.17.5
-         - v1.18.6
+         - v1.15.12
+         - v1.16.15
+         - v1.17.11
+         - v1.18.8
         keycloak-chart:
-         # keycloak 9.0.0
-         - 7.7.1
-         # keycloak 10.0.0
-         - 8.3.0
          # keycloak 11.0.0
          - 9.0.1
         keycloak-controller-chart:
@@ -43,13 +39,13 @@ jobs:
         uses: actions/checkout@v2
       - name: Fetch history
         run: git fetch --prune --unshallow
+      - name: mvn build
+        run: .github/mvn-build.sh
       - name: Create kind ${{ matrix.k8s-version }} cluster
         uses: helm/kind-action@master
         with:
           config: .github/kind-config.yaml
           node_image: kindest/node:${{ matrix.k8s-version }}
-      - name: mvn build
-        run: .github/mvn-build.sh
       - name: build docker image & push to kind nodes
         run: .github/docker-build.sh
       - name: test keycloak-controller

diff --git a/examples/client-example.yaml b/examples/client-example.yaml
@@ -0,0 +1,47 @@
+apiVersion: k8s.kiwigrid.com/v1beta1
+kind: KeycloakClient
+metadata:
+  name: client-example
+spec:
+  keycloak: fully-configured-keycloak
+  realm: food-realm
+  clientId: client-example
+  clientType: confidential
+  defaultClientScopes:
+  - email
+  - profile
+  - roles
+  directAccessGrantsEnabled: true
+  standardFlowEnabled: true
+  implicitFlowEnabled: false
+  redirectUris:
+  - http://*
+  - https://*
+  mapper:
+  - name: audience
+    protocolMapper: oidc-audience-mapper
+    config:
+      claim.name: audience
+      access.token.claim: "true"
+      included.client.audience: client-example
+  - name: username
+    protocolMapper: oidc-usermodel-property-mapper
+    config:
+      access.token.claim: "true"
+      claim.name: username
+      jsonType.label: String
+      user.attribute: username
+  - name: clientRoles
+    protocolMapper: oidc-usermodel-client-role-mapper
+    config:
+      access.token.claim: "true"
+      claim.name: clientRoles
+      jsonType.label: String
+      multivalued: "true"
+  - name: roles
+    protocolMapper: oidc-usermodel-realm-role-mapper
+    config:
+      access.token.claim: "true"
+      claim.name: roles
+      jsonType.label: String
+      multivalued: "true"
diff --git a/examples/client-mappers-roles.yaml b/examples/client-mappers-roles.yaml
@@ -1,12 +1,16 @@
 apiVersion: k8s.kiwigrid.com/v1beta1
 kind: KeycloakClient
 metadata:
-  name: customized-client
+  name: pizza-service
 spec:
   keycloak: fully-configured-keycloak
   realm: food-realm
   clientId: pizza-service
   clientType: confidential
+  defaultClientScopes:
+  - email
+  - profile
+  - roles
   directAccessGrantsEnabled: true
   standardFlowEnabled: false
   implicitFlowEnabled: false

diff --git a/examples/keycloak-fully-configured.yaml b/examples/keycloak-fully-configured.yaml
@@ -3,10 +3,10 @@ kind: Keycloak
 metadata:
   name: fully-configured-keycloak
 spec:
-  url: https://keycloak.example.com/auth
+  url: http://keycloak-http.keycloak.svc.cluster.local/auth
   realm: master
   clientId: admin-cli
-  username: admin
-  passwordSecretNamespace: infrastructure
-  passwordSecretName: keycloak-http
+  username: keycloak
+  passwordSecretNamespace: keycloak
+  passwordSecretName: keycloak-auth
   passwordSecretKey: password
diff --git a/examples/realm-food.yaml b/examples/realm-food.yaml
@@ -0,0 +1,11 @@
+apiVersion: k8s.kiwigrid.com/v1beta1
+kind: KeycloakRealm
+metadata:
+  name: food-realm
+spec:
+  keycloak: fully-configured-keycloak
+  realm: food-realm
+  roles:
+  - admin
+  - member
+  - service
diff --git a/examples/realm.yaml b/examples/realm.yaml
@@ -3,8 +3,8 @@ kind: KeycloakRealm
 metadata:
   name: realm-example
 spec:
-  keycloak: keycloak-instance-example
-  realm: my-realm
+  keycloak: fully-configured-keycloak
+  realm: realm-example
   roles:
   - service
   - admin