From 89425b54682b3f7de39c2d83c5eb17622bddeca7 Mon Sep 17 00:00:00 2001 From: Oguzcan Kirmemis Date: Fri, 14 Jul 2023 14:40:45 +0200 Subject: [PATCH] Fix keycloak operator version - Set refresh and access token timeouts for device-onboarding client resolves #407 Signed-off-by: Oguzcan Kirmemis --- .../keycloak/templates/keycloak-realm.yaml | 4 ++++ helm/install_operators.sh | 4 +++- test/bats/test-operators/install-plan-is-up.bats | 16 ++++++++++++++++ test/install-local-platform.sh | 11 ++++++++++- 4 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 test/bats/test-operators/install-plan-is-up.bats mode change 100644 => 100755 test/install-local-platform.sh diff --git a/helm/charts/keycloak/templates/keycloak-realm.yaml b/helm/charts/keycloak/templates/keycloak-realm.yaml index 81b1b54a..43589ba3 100644 --- a/helm/charts/keycloak/templates/keycloak-realm.yaml +++ b/helm/charts/keycloak/templates/keycloak-realm.yaml @@ -585,11 +585,15 @@ spec: - offline_access - type - gateway + - accounts - id: 475cee5e-0547-4daf-b97c-7062cce8093d clientId: device-onboarding publicClient: true standardFlowEnabled: true directAccessGrantsEnabled: true + attributes: + access.token.lifespan: 3600 + client.session.idle.timeout: 60 - id: 31c8cc5a-9df2-4606-927a-4aeda07c1e56 clientId: {{ .Values.keycloak.alerta.client }} publicClient: False diff --git a/helm/install_operators.sh b/helm/install_operators.sh index d71a1e8f..2096dcf9 100755 --- a/helm/install_operators.sh +++ b/helm/install_operators.sh @@ -42,6 +42,8 @@ spec: channel: fast source: operatorhubio-catalog sourceNamespace: olm + installPlanApproval: Manual + startingCSV: keycloak-operator.v21.1.2 --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription @@ -52,7 +54,7 @@ spec: name: strimzi-kafka-operator channel: strimzi-0.32.x source: operatorhubio-catalog - installPlanApproval: Automatic + installPlanApproval: Manual startingCSV: strimzi-cluster-operator.v0.32.0 sourceNamespace: olm EOF diff --git a/test/bats/test-operators/install-plan-is-up.bats b/test/bats/test-operators/install-plan-is-up.bats new file mode 100644 index 00000000..969f840a --- /dev/null +++ b/test/bats/test-operators/install-plan-is-up.bats @@ -0,0 +1,16 @@ +#!/usr/bin/env bats + +load "../lib/utils" +load "../lib/detik" + +# shellcheck disable=SC2034 # needed by detik libraries +DETIK_CLIENT_NAME="kubectl" +# shellcheck disable=SC2034 +DETIK_CLIENT_NAMESPACE="iff" + +@test "verify that OLM install-plan is up" { + + run try "at most 30 times every 10s to find 2 installplans named 'install-.*' with 'spec.approval' being 'Manual'" + [ "$status" -eq 0 ] + +} \ No newline at end of file diff --git a/test/install-local-platform.sh b/test/install-local-platform.sh old mode 100644 new mode 100755 index b5e7f6d7..038e7fdc --- a/test/install-local-platform.sh +++ b/test/install-local-platform.sh @@ -15,9 +15,18 @@ # set -e +NAMESPACE=iff + echo Install operators ( cd ../helm && bash ./install_operators.sh ) +echo Test whether operator install plans are coming up +( cd ./bats && bats test-operators/install-plan-is-up.bats ) + +echo Approve operator install plan +plan_name=$(kubectl get -n ${NAMESPACE} installplan -o json | jq -r ".items[0].metadata.name") +kubectl patch -n ${NAMESPACE} installplan ${plan_name} --type=merge -p '{"spec":{"approved":true}}' + echo Test whether operators are coming up ( cd ./bats && bats test-operators/*.bats ) @@ -28,7 +37,7 @@ echo Install first two parts of horizontal platform # Increase backoff limit for realm import job, unfortunately, right now, # keycloak operator does not reset the job if backoff limit is exceeded, # this behavior will probably be fixed in the future -kubectl -n iff patch job iff-keycloak-realm-import -p '{"spec":{"backoffLimit":60}}' +kubectl -n ${NAMESPACE} patch job iff-keycloak-realm-import -p '{"spec":{"backoffLimit":60}}' ( cd ./bats && bats test-horizontal-platform/horizontal-platform-up-and-running-first.bats ) echo Install second part