upds for keycloak not using auth in path

bcgov · Jun 13, 2024 · 03c9648 · 03c9648
1 parent f0b75e1
commit 03c9648
Show file tree

Hide file tree

Showing 28 changed files with 43,788 additions and 70,401 deletions.
diff --git a/.env.local b/.env.local
@@ -11,18 +11,18 @@ MONGO_URL=mongodb://mongodb:27017/keystonedb4
 MONGO_USER=
 MONGO_PASSWORD=
 KONG_URL=http://kong.localtest.me:8001
-JWKS_URL=http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/certs
+JWKS_URL=http://keycloak.localtest.me:9081/realms/master/protocol/openid-connect/certs
 FEEDER_URL=http://feeder.localtest.me:6000
 NEXT_PUBLIC_API_ROOT=http://oauth2proxy.localtest.me:4180
 GWA_API_URL=http://gwa-api.localtest.me:2000
 GWA_PROD_ENV_SLUG=E0000000
 GWA_RES_SVR_CLIENT_ID=gwa-api
 GWA_RES_SVR_CLIENT_SECRET=18900468-3db1-43f7-a8af-e75f079eb742
-KEYCLOAK_AUTH_URL=http://keycloak.localtest.me:9081/auth
+KEYCLOAK_AUTH_URL=http://keycloak.localtest.me:9081
 KEYCLOAK_REALM=master
 EMAIL_ENABLED=false
 EXTERNAL_URL=http://oauth2proxy.localtest.me:4180
-OIDC_ISSUER=http://keycloak.localtest.me:9081/auth/realms/master
+OIDC_ISSUER=http://keycloak.localtest.me:9081/realms/master
 LOCAL_ENV=true
 WORKING_PATH=/tmp
 DESTINATION_URL=

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -9,32 +9,41 @@ x-common-variables: &common-variables
 
 services:
   keycloak:
-    image: quay.io/keycloak/keycloak:15.1.1
+    image: quay.io/keycloak/keycloak:25.0.0
     container_name: keycloak
     hostname: keycloak
     depends_on:
       - kong-db
     command:
       [
-        '-b',
-        '0.0.0.0',
-        '-Djboss.socket.binding.port-offset=1001',
+        'start',
+        '--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true',
+        '--http-port=9081',
+        '--http-enabled=true',
+        '--hostname-strict=false',
+        '--proxy-headers=forwarded',
         '-Dkeycloak.migration.action=import',
         '-Dkeycloak.migration.provider=singleFile',
         '-Dkeycloak.migration.file=/tmp/realm-config/master-realm.json',
         '-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
-        '-Dkeycloak.profile.feature.upload_scripts=enabled',
+        '--db-url-host',
+        'kong-db',
+        '--db-username',
+        'keycloakuser',
+        '--db-password',
+        'keycloakuser',
       ]
     ports:
       - 9081:9081/tcp
     environment:
+      {}
       #KEYCLOAK_USER: local
       #KEYCLOAK_PASSWORD: local
-      DB_VENDOR: POSTGRES
-      DB_SCHEMA: public
-      DB_ADDR: kong-db:5432
-      DB_USER: keycloakuser
-      DB_PASSWORD: keycloakuser
+      # DB_VENDOR: POSTGRES
+      # DB_SCHEMA: public
+      # DB_ADDR: kong-db:5432
+      # DB_USER: keycloakuser
+      # DB_PASSWORD: keycloakuser
     volumes:
       - ./local/keycloak/master-realm.json:/tmp/realm-config/master-realm.json
     networks:

diff --git a/e2e/cypress.config.ts b/e2e/cypress.config.ts
@@ -61,7 +61,7 @@ export default defineConfig({
       CLIENT_SECRET: '8e1a17ed-cb93-4806-ac32-e303d1c86018',
       OIDC_ISSUER: 'http://keycloak.localtest.me:9081',
       TOKEN_URL:
-        'http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/token',
+        'http://keycloak.localtest.me:9081/realms/master/protocol/openid-connect/token',
       GWA_API_URL: 'http://gwa-api.localtest.me:2000/v2',
       KONG_URL: 'http://kong.localtest.me:8000',
       JWKS_URL: 'http://cypress-jwks-url.localtest.me:3500',

diff --git a/e2e/cypress/fixtures/api.json b/e2e/cypress/fixtures/api.json
@@ -10,11 +10,7 @@
       "title": "Planning and Innovation Division"
     },
     "orgName": "ministry-of-health",
-    "expectedScope": [
-      "Dataset.Manage",
-      "GroupAccess.Manage",
-      "Namespace.Assign"
-    ],
+    "expectedScope": ["Dataset.Manage", "GroupAccess.Manage", "Namespace.Assign"],
     "expectedNamespace": {
       "name": "gw-3a443",
       "orgUnit": "planning-and-innovation-division",
@@ -26,17 +22,11 @@
         "permissions": [
           {
             "resourceType": "organization",
-            "scopes": [
-              "GroupAccess.Manage",
-              "Namespace.Assign",
-              "Dataset.Manage"
-            ]
+            "scopes": ["GroupAccess.Manage", "Namespace.Assign", "Dataset.Manage"]
           },
           {
             "resourceType": "namespace",
-            "scopes": [
-              "Namespace.View"
-            ]
+            "scopes": ["Namespace.View"]
           }
         ]
       }
@@ -50,9 +40,7 @@
             "id": "janis@idir",
             "email": "janis@testmail.com"
           },
-          "roles": [
-            "organization-admin"
-          ]
+          "roles": ["organization-admin"]
         }
       ]
     }
@@ -72,10 +60,7 @@
       "order": 0,
       "isPublic": true,
       "isComplete": true,
-      "tags": [
-        "tag1",
-        "tag2"
-      ]
+      "tags": ["tag1", "tag2"]
     }
   },
   "apiDirectory": {
@@ -96,10 +81,7 @@
       "title": "Dataset for Test API",
       "isInCatalog": "false",
       "isDraft": "false",
-      "tags": [
-        "gateway",
-        "kong"
-      ],
+      "tags": ["gateway", "kong"],
       "organization": "ministry-of-health",
       "organizationUnit": "planning-and-innovation-division"
     },
@@ -111,10 +93,7 @@
       "view_audience": "Public",
       "security_class": "PUBLIC",
       "record_publish_date": "2017-09-05",
-      "tags": [
-        "tag1",
-        "tag2"
-      ],
+      "tags": ["tag1", "tag2"],
       "organization": {
         "name": "ministry-of-health",
         "title": "Ministry of Health"
@@ -149,11 +128,7 @@
       "license_title": "Access Only",
       "view_audience": "Government",
       "security_class": "LOW-PUBLIC",
-      "tags": [
-        "gateway",
-        "kong",
-        "openapi"
-      ],
+      "tags": ["gateway", "kong", "openapi"],
       "organization": {
         "name": "ministry-of-health",
         "title": "Ministry of Health"
@@ -197,7 +172,7 @@
       "environmentDetails": [
         {
           "environment": "dev",
-          "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master",
+          "issuerUrl": "http://keycloak.localtest.me:9081/realms/master",
           "clientRegistration": "managed",
           "clientId": "cypress-auth-profile",
           "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac"
@@ -214,7 +189,7 @@
       "environmentDetails": [
         {
           "environment": "test",
-          "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master",
+          "issuerUrl": "http://keycloak.localtest.me:9081/realms/master",
           "clientRegistration": "managed",
           "clientId": "gwa-api",
           "clientSecret": "18900468-3db1-43f7-a8af-e75f079eb742"
@@ -231,7 +206,7 @@
       "environmentDetails": [
         {
           "environment": "test",
-          "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master",
+          "issuerUrl": "http://keycloak.localtest.me:9081/realms/master",
           "clientRegistration": "managed",
           "clientId": "gwa-api",
           "clientSecret": "18900468-3db1-43f7-a8af-e75f079eb742"
@@ -251,7 +226,7 @@
           "clientRegistration": "managed",
           "clientSecret": "****",
           "environment": "test",
-          "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master",
+          "issuerUrl": "http://keycloak.localtest.me:9081/realms/master",
           "exists": true
         }
       ],
@@ -271,7 +246,7 @@
       "environmentDetails": [
         {
           "environment": "test",
-          "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master",
+          "issuerUrl": "http://keycloak.localtest.me:9081/realms/master",
           "clientRegistration": "managed",
           "clientId": "gwa-api",
           "clientSecret": "18900468-3db1-43f7-a8af-e75f079eb742"
@@ -282,12 +257,8 @@
     "shared_IDP_inheritFrom": {
       "environmentDetails": [],
       "mode": "auto",
-      "clientRoles": [
-        "administrator"
-      ],
-      "clientMappers": [
-        "test-audience"
-      ],
+      "clientRoles": ["administrator"],
+      "clientMappers": ["test-audience"],
       "flow": "client-credentials",
       "clientAuthenticator": "client-secret",
       "name": "my-auth-client-secret-1",
@@ -305,17 +276,13 @@
         {
           "exists": true,
           "environment": "test",
-          "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master",
+          "issuerUrl": "http://keycloak.localtest.me:9081/realms/master",
           "clientRegistration": "shared-idp",
           "clientId": "ap-my-auth-client-secret-1-test"
         }
       ],
-      "clientRoles": [
-        "administrator"
-      ],
-      "clientMappers": [
-        "test-audience"
-      ],
+      "clientRoles": ["administrator"],
+      "clientMappers": ["test-audience"],
       "isShared": false,
       "apiKeyName": "X-API-KEY",
       "inheritFrom": {
@@ -378,9 +345,7 @@
           "name": "CredentialIssuer.Admin"
         }
       ],
-      "permDomains": [
-        ".api.gov.bc.ca"
-      ],
+      "permDomains": [".api.gov.bc.ca"],
       "permDataPlane": "local.dataplane",
       "permProtectedNs": "deny",
       "org": "ministry-of-health",
@@ -395,4 +360,4 @@
       "displayName": "Test for GWA test"
     }
   }
-}
+}