autonomic-bot
d5f5e86c7b
- tests/keycloak/PARITY.md: parity table (health_check ported); oidc_integration.py noted as Q3-deferred (cross-recipe test needs lasuite-docs + dep resolver). - tests/keycloak/functional/test_health_check.py: parity port of recipe-info/keycloak/tests/health_check.py — SOURCE comment. - tests/keycloak/functional/test_password_grant_token.py: NEW recipe-specific — password grant against /realms/master/protocol/openid-connect/token; decodes the JWT payload; asserts iss=https://<live_app>/realms/master, azp=admin-cli, typ=Bearer, exp in future, iat reasonable past. Reuses kc_admin.py helpers. - tests/keycloak/functional/test_create_client_and_use.py: NEW recipe-specific — admin creates a UUID-named confidential client via admin API → uses client credentials grant to obtain a service-account token → decodes JWT, asserts azp matches the new clientId, iss matches per-run domain → idempotent DELETE cleanup. - tests/keycloak/recipe_meta.py: bumped DEPLOY_TIMEOUT + HTTP_TIMEOUT 600 -> 900 (cold-start JVM + mariadb migration intermittently exceeds 600s on a 2-vCPU host; observed 502 fallback after 600s in run #1). Cold-verifiable on cc-ci (log /root/ccci-q2-keycloak-r3.log): RECIPE=keycloak cc-ci-run runner/run_recipe_ci.py all 5 stages PASS, deploy-count=1, head_ref=666649a6==chaos-version=666649a6 (HC1 non-vacuous), version 10.7.0+26.6.1 -> 10.7.1+26.6.2. Custom tier 3 PASS: parity health_check, JWT password-grant, client_credentials. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7 lines
406 B
Python
7 lines
406 B
Python
# Per-recipe harness config for keycloak (DB-backed: keycloak + mariadb). Read by the shared
|
|
# conftest — enrolling this recipe needs NO change to runner/harness code (D5).
|
|
HEALTH_PATH = "/realms/master" # 200 JSON once keycloak is up (not "/", which redirects)
|
|
HEALTH_OK = (200,)
|
|
DEPLOY_TIMEOUT = 900 # JVM + DB migration are slow on a 2-vCPU VM; observed 502 fallback up to ~10min
|
|
HTTP_TIMEOUT = 900
|