-
Notifications
You must be signed in to change notification settings - Fork 69
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
LB check with failover and session expiration test (#647)
* LB check with failover and session expiration test Signed-off-by: Martin Kanis <mkanis@redhat.com> * Make redirectUri configurable for exchangeCode Without this the code cannot be exchanged using DC_1 and DC_2 because Keycloak expects redirectUri to be equal LOAD_BALANCER's URL Signed-off-by: Michal Hajas <mhajas@redhat.com> * Do not print site down logs with each lb-check execution Signed-off-by: Michal Hajas <mhajas@redhat.com> * Move wait functionality to KeycloakClient Signed-off-by: Michal Hajas <mhajas@redhat.com> * Report useful output when expected input is not set Signed-off-by: Michal Hajas <mhajas@redhat.com> * Make log more clear Signed-off-by: Michal Hajas <mhajas@redhat.com> * Remove unused import Signed-off-by: Michal Hajas <mhajas@redhat.com> --------- Signed-off-by: Martin Kanis <mkanis@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>
- Loading branch information
1 parent
cee78bc
commit e6394ec
Showing
12 changed files
with
312 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
dataset/src/main/java/org/keycloak/benchmark/lb/TestMultiSiteLoadBalancerCheckProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package org.keycloak.benchmark.lb; | ||
|
||
import org.jboss.logging.Logger; | ||
import org.keycloak.connections.infinispan.InfinispanConnectionProvider; | ||
import org.keycloak.health.LoadBalancerCheckProvider; | ||
import org.keycloak.models.KeycloakSession; | ||
|
||
public class TestMultiSiteLoadBalancerCheckProvider implements LoadBalancerCheckProvider { | ||
|
||
protected static final Logger logger = Logger.getLogger(TestMultiSiteLoadBalancerCheckProvider.class); | ||
|
||
private final KeycloakSession session; | ||
|
||
public TestMultiSiteLoadBalancerCheckProvider(KeycloakSession session) { | ||
this.session = session; | ||
} | ||
|
||
@Override | ||
public boolean isDown() { | ||
String siteName = session.getProvider(InfinispanConnectionProvider.class).getTopologyInfo().getMySiteName(); | ||
boolean isDown = session.realms().getRealmByName("master").getAttribute("is-site-" + siteName + "-down", false); | ||
|
||
logger.debugf("Site %s is %s", siteName, isDown ? "DOWN" : "UP"); | ||
return isDown; | ||
} | ||
|
||
@Override | ||
public void close() { | ||
|
||
} | ||
} |
35 changes: 35 additions & 0 deletions
35
...rc/main/java/org/keycloak/benchmark/lb/TestMultiSiteLoadBalancerCheckProviderFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
package org.keycloak.benchmark.lb; | ||
|
||
import org.keycloak.Config; | ||
import org.keycloak.health.LoadBalancerCheckProvider; | ||
import org.keycloak.health.LoadBalancerCheckProviderFactory; | ||
import org.keycloak.models.KeycloakSession; | ||
import org.keycloak.models.KeycloakSessionFactory; | ||
|
||
public class TestMultiSiteLoadBalancerCheckProviderFactory implements LoadBalancerCheckProviderFactory { | ||
|
||
@Override | ||
public LoadBalancerCheckProvider create(KeycloakSession keycloakSession) { | ||
return new TestMultiSiteLoadBalancerCheckProvider(keycloakSession); | ||
} | ||
|
||
@Override | ||
public void init(Config.Scope scope) { | ||
|
||
} | ||
|
||
@Override | ||
public void postInit(KeycloakSessionFactory keycloakSessionFactory) { | ||
|
||
} | ||
|
||
@Override | ||
public void close() { | ||
|
||
} | ||
|
||
@Override | ||
public String getId() { | ||
return "test-multisite"; | ||
} | ||
} |
1 change: 1 addition & 0 deletions
1
...src/main/resources/META-INF/services/org.keycloak.health.LoadBalancerCheckProviderFactory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
org.keycloak.benchmark.lb.TestMultiSiteLoadBalancerCheckProviderFactory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
...ak-benchmark-crossdc-tests/src/test/java/org/keycloak/benchmark/crossdc/FailoverTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
package org.keycloak.benchmark.crossdc; | ||
|
||
import org.junit.jupiter.api.Test; | ||
|
||
import java.io.IOException; | ||
import java.net.URISyntaxException; | ||
import java.util.Map; | ||
import java.util.Set; | ||
|
||
import static org.junit.jupiter.api.Assertions.assertTrue; | ||
import static org.keycloak.benchmark.crossdc.util.InfinispanUtils.SESSIONS; | ||
|
||
public class FailoverTest extends AbstractCrossDCTest { | ||
|
||
@Test | ||
public void logoutUserWithFailoverTest() throws IOException, URISyntaxException, InterruptedException { | ||
// Login and exchange code in DC1 | ||
String code = LOAD_BALANCER_KEYCLOAK.usernamePasswordLogin( REALM_NAME, USERNAME, MAIN_PASSWORD, CLIENTID); | ||
Map<String, Object> tokensMap = LOAD_BALANCER_KEYCLOAK.exchangeCode(REALM_NAME, CLIENTID, CLIENT_SECRET, 200, code); | ||
|
||
DC_1.kc().markLBCheckDown(); | ||
DC_2.kc().waitToBeActive(LOAD_BALANCER_KEYCLOAK); | ||
|
||
// Verify if the user session UUID in code, we fetched from Keycloak exists in session cache key of external ISPN in DC2 | ||
Set<String> sessions = DC_2.ispn().cache(SESSIONS).keys(); | ||
assertTrue(sessions.contains(code.split("[.]")[1])); | ||
|
||
tokensMap = LOAD_BALANCER_KEYCLOAK.refreshToken(REALM_NAME, (String) tokensMap.get("refresh_token"), CLIENTID, CLIENT_SECRET, 200); | ||
|
||
LOAD_BALANCER_KEYCLOAK.logout(REALM_NAME, (String) tokensMap.get("id_token"), CLIENTID); | ||
|
||
LOAD_BALANCER_KEYCLOAK.refreshToken(REALM_NAME, (String) tokensMap.get("refresh_token"), CLIENTID, CLIENT_SECRET, 400); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
...ark-crossdc-tests/src/test/java/org/keycloak/benchmark/crossdc/SessionExpirationTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
package org.keycloak.benchmark.crossdc; | ||
|
||
import org.junit.jupiter.api.Test; | ||
import org.keycloak.representations.idm.RealmRepresentation; | ||
|
||
import java.io.IOException; | ||
import java.net.URISyntaxException; | ||
import java.util.Map; | ||
|
||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
import static org.keycloak.benchmark.crossdc.util.InfinispanUtils.CLIENT_SESSIONS; | ||
import static org.keycloak.benchmark.crossdc.util.InfinispanUtils.SESSIONS; | ||
|
||
public class SessionExpirationTest extends AbstractCrossDCTest { | ||
|
||
@Test | ||
public void sessionExpirationTest() throws IOException, URISyntaxException, InterruptedException { | ||
// set user/client session lifespan to 5s | ||
RealmRepresentation realm = LOAD_BALANCER_KEYCLOAK.adminClient().realm(REALM_NAME).toRepresentation(); | ||
realm.setSsoSessionMaxLifespan(5); | ||
realm.setClientSessionMaxLifespan(5); | ||
LOAD_BALANCER_KEYCLOAK.adminClient().realm(REALM_NAME).update(realm); | ||
|
||
// create a user and client session | ||
String code = LOAD_BALANCER_KEYCLOAK.usernamePasswordLogin(REALM_NAME, USERNAME, MAIN_PASSWORD, CLIENTID); | ||
Map<String, Object> tokensMap = LOAD_BALANCER_KEYCLOAK.exchangeCode(REALM_NAME, CLIENTID, CLIENT_SECRET, 200, code); | ||
|
||
// check the sessions are replicated in remote caches | ||
assertEquals(1, DC_1.ispn().cache(SESSIONS).size()); | ||
assertEquals(1, DC_2.ispn().cache(SESSIONS).size()); | ||
assertEquals(1, DC_1.ispn().cache(CLIENT_SESSIONS).size()); | ||
assertEquals(1, DC_2.ispn().cache(CLIENT_SESSIONS).size()); | ||
|
||
// check the sessions are replicated in embedded caches | ||
assertEquals(1, DC_1.kc().embeddedIspn().cache(SESSIONS).size()); | ||
assertEquals(1, DC_2.kc().embeddedIspn().cache(SESSIONS).size()); | ||
assertEquals(1, DC_1.kc().embeddedIspn().cache(CLIENT_SESSIONS).size()); | ||
assertEquals(1, DC_2.kc().embeddedIspn().cache(CLIENT_SESSIONS).size()); | ||
|
||
// let them expire | ||
Thread.sleep(6000); | ||
|
||
// check the remote caches are empty | ||
assertEquals(0, DC_1.ispn().cache(SESSIONS).size()); | ||
assertEquals(0, DC_2.ispn().cache(SESSIONS).size()); | ||
assertEquals(0, DC_1.ispn().cache(CLIENT_SESSIONS).size()); | ||
assertEquals(0, DC_2.ispn().cache(CLIENT_SESSIONS).size()); | ||
|
||
// check the embedded caches are empty | ||
assertEquals(0, DC_1.kc().embeddedIspn().cache(SESSIONS).size()); | ||
assertEquals(0, DC_2.kc().embeddedIspn().cache(SESSIONS).size()); | ||
assertEquals(0, DC_1.kc().embeddedIspn().cache(CLIENT_SESSIONS).size()); | ||
assertEquals(0, DC_2.kc().embeddedIspn().cache(CLIENT_SESSIONS).size()); | ||
|
||
// token refresh should fail | ||
DC_2.kc().refreshToken(REALM_NAME, (String) tokensMap.get("refresh_token"), CLIENTID, CLIENT_SECRET, 400); | ||
DC_1.kc().refreshToken(REALM_NAME, (String) tokensMap.get("refresh_token"), CLIENTID, CLIENT_SECRET, 400); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.