diff --git a/vkpr-test/keycloak-test.bats b/vkpr-test/keycloak-test.bats index 7da1e92e..25ce27f7 100644 --- a/vkpr-test/keycloak-test.bats +++ b/vkpr-test/keycloak-test.bats @@ -12,7 +12,8 @@ setup_file() { kubectl wait --for=condition=ready --timeout=1m pod --all echo "setup: installing keycloak...." >&3 rit vkpr keycloak install --default - kubectl wait --for=condition=ready --timeout=1m pod --all + kubectl wait --for=condition=ready --timeout=2m pod --all + sleep 60 sleep 2 fi } @@ -24,10 +25,23 @@ setup() { @test "Check if keycloak is up" { run curlKeycloak + expected='"realm":"master"' + assert_equal "$output" "$expected" +} + +@test "Generate Token to use in OpenID" { + run curlKeycloakToken actual="${lines[3]}" trim "$actual" - actual="$TRIMMED" - expected='"realm":"master"' + expected='"access_token"' + assert_equal "$actual" "$expected" +} + +@test "Show the name from userinfo with OpenID endpoint" { + run curlKeycloakUserinfo + actual="${lines[6]}" + trim "$actual" + expected='Sample Admin' assert_equal "$actual" "$expected" } @@ -46,10 +60,21 @@ teardown_file() { } curlKeycloak(){ - content=$(curl -H "Host: keycloak.localhost" http://127.0.0.1:8000/auth/realms/master) + content=$(curl -s -H "Host: vkpr-keycloak.localhost" http://127.0.0.1:8000/auth/realms/master) echo ${content:1:16} } +curlKeycloakToken(){ + content=$(curl -X POST -H "Host: vkpr-keycloak.localhost" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&username=sample-admin&password=password&client_secret=3162d962-c3d1-498e-8cb3-a1ae0005c4d9&client_id=grafana&scope=openid" http://127.0.0.1:8000/auth/realms/grafana/protocol/openid-connect/token/) + echo ${content:1:14} +} + +curlKeycloakUserinfo(){ + TOKEN_VALUE=$(curl -X POST -H "Host: vkpr-keycloak.localhost" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&username=sample-admin&password=password&client_secret=3162d962-c3d1-498e-8cb3-a1ae0005c4d9&client_id=grafana&scope=openid" http://127.0.0.1:8000/auth/realms/grafana/protocol/openid-connect/token/ | $VKPR_HOME/bin/jq -r '.access_token') + content=$(curl -X POST -H "Host: vkpr-keycloak.localhost" -H "Authorization: Bearer ${TOKEN_VALUE}" http://127.0.0.1:8000/auth/realms/grafana/protocol/openid-connect/userinfo | $VKPR_HOME/bin/jq -r '.name') + echo ${content} +} + trim() { local var="$*" # remove leading whitespace characters diff --git a/vkpr/keycloak/install/src/utils/realm.json b/vkpr/keycloak/install/src/utils/realm.json index 5d0aaeaf..c3a78d4f 100644 --- a/vkpr/keycloak/install/src/utils/realm.json +++ b/vkpr/keycloak/install/src/utils/realm.json @@ -43,6 +43,65 @@ "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, + "users": [ + { + "username": "sample-user", + "enabled": true, + "email": "sample-user@example", + "firstName": "Sample", + "lastName": "User", + "credentials": [ + { + "type": "password", + "value": "password" + } + ], + "realmRoles": [], + "clientRoles": { + "grafana": [ + "viewer" + ] + } + }, + { + "username": "sample-editor", + "enabled": true, + "email": "sample-editor@example", + "firstName": "Sample", + "lastName": "Editor", + "credentials": [ + { + "type": "password", + "value": "password" + } + ], + "realmRoles": [], + "clientRoles": { + "grafana": [ + "editor" + ] + } + }, + { + "username": "sample-admin", + "enabled": true, + "email": "sample-admin@example", + "firstName": "Sample", + "lastName": "Admin", + "credentials": [ + { + "type": "password", + "value": "password" + } + ], + "realmRoles": [], + "clientRoles": { + "grafana": [ + "admin" + ] + } + } + ], "roles": { "realm": [ { diff --git a/vkpr/loki/install/src/unix/formula/formula.sh b/vkpr/loki/install/src/unix/formula/formula.sh index 56d03478..e4875c98 100755 --- a/vkpr/loki/install/src/unix/formula/formula.sh +++ b/vkpr/loki/install/src/unix/formula/formula.sh @@ -12,69 +12,37 @@ addRepLoki(){ echoColor "green" "Installing Loki..." $VKPR_HELM repo add grafana https://grafana.github.io/helm-charts $VKPR_HELM repo update - } - - installLoki(){ - $VKPR_HELM upgrade --install --wait --timeout 5m vkpr-loki-stack -f $VKPR_EXTERNAL_LOKI_VALUES grafana/loki-stack - } - - existGrafana(){ - check_pod_name "vkpr-prometheus-stack-grafana" - if [[ $POD_EXISTS == true ]]; then - echoColor "yellow" "Adding Loki to Grafana's datasource..." - local LOGINGRAFANA="$($VKPR_KUBECTL get secret vkpr-prometheus-stack-grafana -o yaml | $VKPR_YQ eval '.data.admin-user' - | base64 -d):$($VKPR_KUBECTL get secret vkpr-prometheus-stack-grafana -o yaml | $VKPR_YQ eval '.data.admin-password' - | base64 -d)" - local TOKEN_API_GRAFANA=$(curl -k -X POST -H "Host: grafana.localhost" -H "Content-Type: application/json" -d '{"name": "apikeycurl","role": "Admin"}' http://$LOGINGRAFANA@127.0.0.1:8000/api/auth/keys | $VKPR_JQ --raw-output '.key') - if [[ $TOKEN_API_GRAFANA == "" ]]; then - echoColor "red" "Api Token can only be request once or ingress is not installed." - fi - - curl -K -X -H "Host: grafana.localhost" -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN_API_GRAFANA" -d ' - { - "name":"loki", - "type":"loki", - "url":"vkpr-loki-stack.default.svs.cluster.local:3100", - "access":"proxy", - "basicAuth":false, - "editable": true - }' http://127.0.0.1:8000/api/datasources - - fi - } +} - check_pod_name(){ - for pod in $($VKPR_KUBECTL get pods | awk 'NR>1{print $1}'); do - if [[ "$pod" == "$1"* ]]; then - POD_EXISTS=true # pod name found a match, then returns True - return - fi - done - POD_EXISTS=false - } +installLoki(){ + $VKPR_HELM upgrade --install --wait --timeout 5m vkpr-loki-stack -f $VKPR_EXTERNAL_LOKI_VALUES grafana/loki-stack +} existGrafana() { if [[ $(checkExistingGrafana) = "vkpr-prometheus-stack-grafana" ]]; then local LOGINGRAFANA="$($VKPR_KUBECTL get secret vkpr-prometheus-stack-grafana -o yaml | $VKPR_YQ eval '.data.admin-user' - | base64 -d):$($VKPR_KUBECTL get secret vkpr-prometheus-stack-grafana -o yaml | $VKPR_YQ eval '.data.admin-password' - | base64 -d)" - local TOKEN_API_GRAFANA=$(curl -sk -X POST -H "Host: grafana.localhost" \ - -H "Content-Type: application/json" \ - -d ' - { - "name":"apikeycurl", - "role": "Admin" - } - ' http://$LOGINGRAFANA@127.0.0.1:8000/api/auth/keys | $VKPR_JQ --raw-output '.key') - curl -sk -X POST -H "Host: grafana.localhost" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $TOKEN_API_GRAFANA" \ - -d ' + local TOKEN_API_GRAFANA=$(curl -k -X POST -H "Host: grafana.localhost" -H "Content-Type: application/json" -d '{"name": "apikeycurl","role": "Admin"}' http://$LOGINGRAFANA@127.0.0.1:8000/api/auth/keys | $VKPR_JQ --raw-output '.key') + if [[ $TOKEN_API_GRAFANA == "" ]]; then + echoColor "red" "Api Token can only be request once or ingress is not installed." + fi + curl -K -X -H "Host: grafana.localhost" -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN_API_GRAFANA" -d ' { - "name":"Loki", + "name":"loki", "type":"loki", - "url":"http://vkpr-loki-stack:3100", + "url":"vkpr-loki-stack.default.svs.cluster.local:3100", "access":"proxy", "basicAuth":false, "editable": true - } - ' http://127.0.0.1:8000/api/datasources > /dev/null + }' http://127.0.0.1:8000/api/datasources fi } +check_pod_name(){ + for pod in $($VKPR_KUBECTL get pods | awk 'NR>1{print $1}'); do + if [[ "$pod" == "$1"* ]]; then + POD_EXISTS=true # pod name found a match, then returns True + return + fi + done + POD_EXISTS=false +} \ No newline at end of file diff --git a/vkpr/postgres/install/src/unix/formula/formula.sh b/vkpr/postgres/install/src/unix/formula/formula.sh index 1024d5e0..3f623ed6 100755 --- a/vkpr/postgres/install/src/unix/formula/formula.sh +++ b/vkpr/postgres/install/src/unix/formula/formula.sh @@ -14,5 +14,5 @@ addRepoPostgres(){ installPostgres(){ echoColor "yellow" "Installing postgres..." - $VKPR_HELM upgrade -i --set global.postgresql.postgresqlPassword=$PASSWORD vkpr-postgres bitnami/postgresql + $VKPR_HELM upgrade -i --set global.postgresql.postgresqlPassword=$PASSWORD --set volumePermissions.enabled=true vkpr-postgres bitnami/postgresql } \ No newline at end of file