Fix keycloak operator version

- Set refresh and access token timeouts for device-onboarding client resolves IndustryFusion#407 Signed-off-by: Oguzcan Kirmemis <oguzcan.kirmemis@gmail.com>
oguzcankirmemis · Jul 19, 2023 · 0745e50 · 0745e50
1 parent d135c81
commit 0745e50
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 2 deletions.
diff --git a/helm/charts/keycloak/templates/keycloak-realm.yaml b/helm/charts/keycloak/templates/keycloak-realm.yaml
@@ -585,11 +585,15 @@ spec:
           - offline_access
           - type
           - gateway
+          - accounts
       - id: 475cee5e-0547-4daf-b97c-7062cce8093d
         clientId: device-onboarding
         publicClient: true
         standardFlowEnabled: true
         directAccessGrantsEnabled: true
+        attributes:
+          access.token.lifespan: "3600"
+          client.session.idle.timeout: "60"
       - id: 31c8cc5a-9df2-4606-927a-4aeda07c1e56
         clientId: {{ .Values.keycloak.alerta.client }}
         publicClient: False

diff --git a/helm/install_operators.sh b/helm/install_operators.sh
@@ -42,6 +42,8 @@ spec:
   channel: fast
   source: operatorhubio-catalog
   sourceNamespace: olm
+  installPlanApproval: Manual
+  startingCSV: keycloak-operator.v21.1.2
 ---
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -52,7 +54,7 @@ spec:
   name: strimzi-kafka-operator
   channel: strimzi-0.32.x
   source: operatorhubio-catalog
-  installPlanApproval: Automatic
+  installPlanApproval: Manual
   startingCSV: strimzi-cluster-operator.v0.32.0
   sourceNamespace: olm
 EOF

diff --git a/test/bats/test-olm-install-plans/install-plan-is-up.bats b/test/bats/test-olm-install-plans/install-plan-is-up.bats
@@ -0,0 +1,16 @@
+#!/usr/bin/env bats
+
+load "../lib/utils"
+load "../lib/detik"
+
+# shellcheck disable=SC2034 # needed by detik libraries
+DETIK_CLIENT_NAME="kubectl"
+# shellcheck disable=SC2034
+DETIK_CLIENT_NAMESPACE="iff"
+
+@test "verify that OLM install-plan is up" {
+
+    run try "at most 30 times every 10s to get installplans named 'install-.*' and verify that 'spec.approval' is 'Manual'"
+    [ "$status" -eq 0 ]
+
+}
diff --git a/test/install-local-platform.sh b/test/install-local-platform.sh
@@ -15,9 +15,18 @@
 #
 set -e
 
+NAMESPACE=iff
+
 echo Install operators
 ( cd ../helm && bash ./install_operators.sh )
 
+echo Test whether operator install plans are coming up
+( cd ./bats && bats test-olm-install-plans/install-plan-is-up.bats )
+
+echo Approve operator install plan
+plan_name=$(kubectl get -n iff installplans -o json | jq -r '.items | map(select(.spec.approval == "Manual")) | .[0].metadata.name')
+kubectl patch -n ${NAMESPACE} installplan ${plan_name} --type=merge -p '{"spec":{"approved":true}}'
+
 echo Test whether operators are coming up
 ( cd ./bats && bats test-operators/*.bats )
 
@@ -28,7 +37,7 @@ echo Install first two parts of horizontal platform
 # Increase backoff limit for realm import job, unfortunately, right now,
 # keycloak operator does not reset the job if backoff limit is exceeded,
 # this behavior will probably be fixed in the future
-kubectl -n iff patch job iff-keycloak-realm-import -p '{"spec":{"backoffLimit":60}}'
+kubectl -n ${NAMESPACE} patch job iff-keycloak-realm-import -p '{"spec":{"backoffLimit":60}}'
 ( cd ./bats && bats test-horizontal-platform/horizontal-platform-up-and-running-first.bats )
 
 echo Install second part