github.com/argoproj-labs/argocd-operator@v0.10.0/tests/ocp/1-001_validate_rhsso/03-verify-oidc.yaml

github.com/argoproj-labs/argocd-operator@v0.10.0/tests/ocp/1-001_validate_rhsso/03-verify-oidc.yaml (about)

     1  apiVersion: kuttl.dev/v1beta1
     2  kind: TestStep
     3  commands:
     4  # verify OIDC config
     5  # verify issuer
     6  - script: |
     7      issuer=$(kubectl get configmap argocd-cm -o jsonpath='{.data.oidc\.config}' -n $NAMESPACE | grep issuer | awk -F' ' '{print $2}')
     8      keycloakRoute=$(kubectl get route keycloak -n $NAMESPACE -o jsonpath='{.spec.host}')
     9      if [[ "${issuer}" == "https://${keycloakRoute}/auth/realms/argocd" ]]; then 
    10        echo "issuer matched"
    11      else 
    12        echo "issuer mismatched"
    13        echo "${issuer} not equals ${keycloakRoute}/auth/realms/argocd"
    14        exit 1
    15      fi  
    16  # verify oidc config name, clientid
    17  - script: | 
    18      clientid=$(kubectl get configmap argocd-cm -o jsonpath='{.data.oidc\.config}' -n $NAMESPACE | grep clientid | awk -F' ' '{print $2}')
    19      name=$(kubectl get configmap argocd-cm -o jsonpath='{.data.oidc\.config}' -n $NAMESPACE | grep name | awk -F' ' '{print $2}')
    20      rootCA=$(kubectl get configmap argocd-cm -o jsonpath='{.data.oidc\.config}' -n $NAMESPACE | grep rootca | awk -F' ' '{print $2}')
    21  
    22      if [[ "${clientid}" == "argocd" && "${name}" == "Keycloak" && "${rootCA}" == "'---BEGIN---END---'"  ]]; then 
    23        echo "oidc name, clientid and rootCA matched"
    24      else 
    25        echo "oidc name, clientid or rootCA mismatched"
    26        echo "${clientid}, ${name} and ${rootCA}"
    27        exit 1
    28      fi