github.com/argoproj-labs/argocd-operator@v0.10.0/tests/ocp/1-001_validate_rhsso/04-verifyRealmCreation.yaml

github.com/argoproj-labs/argocd-operator@v0.10.0/tests/ocp/1-001_validate_rhsso/04-verifyRealmCreation.yaml (about)

     1  # This step is executed after the RHSSO deployment, service, secret, route objects are created and verified.
     2  # Reads the username and password from keycloak secret.
     3  # Requests keycloak for an access token.
     4  # Verifies Realm and Argo CD client creation.
     5  apiVersion: kuttl.dev/v1beta1
     6  kind: TestStep
     7  commands:
     8  - script: |
     9      # Set the needed parameter for the authorization
    10      KEYCLOAK_URL=$(oc get route keycloak -n $NAMESPACE -o jsonpath='{.spec.host}')
    11      tenant=argocd
    12      USER=$(oc get secret keycloak-secret -n $NAMESPACE -o jsonpath='{.data.SSO_USERNAME}' | base64 --decode)
    13      PASSWORD=$(oc get secret keycloak-secret -n $NAMESPACE -o jsonpath='{.data.SSO_PASSWORD}' | base64 --decode)
    14      GRANT_TYPE=password
    15      CLIENT_ID=admin-cli
    16      
    17      # Execute the CURL command to request the access-token
    18      access_token=$(curl -d "client_id=$CLIENT_ID" -d "username=$USER" -d "password=$PASSWORD" -d "grant_type=$GRANT_TYPE" "https://$KEYCLOAK_URL/auth/realms/master/protocol/openid-connect/token" -k | sed -n 's|.*"access_token":"\([^"]*\)".*|\1|p')
    19  
    20      # Execute the CURL command to verify the realm and client creation
    21      clientFound=$(curl -H "Content-Type: application/json" -H "Authorization: bearer $access_token" "https://$KEYCLOAK_URL/auth/admin/realms/$tenant/clients" -k | grep '"clientId":"argocd"')
    22      if ! [ "$clientFound" = "" ]; then
    23        echo "argocd realm and client creation verified"
    24      else
    25        echo "argocd client not found"
    26        exit 1
    27      fi
    28  
    29      # Verify OpenShift-v4 IdP creation
    30      IdPFound=$(curl -H "Content-Type: application/json" -H "Authorization: bearer $access_token" "https://$KEYCLOAK_URL/auth/admin/realms/$tenant/identity-provider/instances" -k | grep -i OpenShift-v4)
    31      if ! [ "$IdPFound" = "" ]; then
    32        echo "OpenShift-v4 IdP creation verified"
    33      else
    34        echo "OpenShift-v4 IdP not found"
    35        exit 1
    36      fi
    37  
    38      # Verify OpenShift-v4 IdP creation
    39      syncModeVerified=$(curl -H "Content-Type: application/json" -H "Authorization: bearer $access_token" "https://$KEYCLOAK_URL/auth/admin/realms/$tenant/identity-provider/instances" -k | grep -i '"syncMode":"FORCE"')
    40      if ! [ "$syncModeVerified" = "" ]; then
    41        echo "syncMode set to Force, verified"
    42      else
    43        echo "syncMode not set to Force"
    44        exit 1
    45      fi