Dev environment: keycloak integration

[eguzki]

What

New development environment to test integration between APIcast and Keycloak

Based on Keycloak 23.0.4

Note: The policy chain includes the token introspection policy, but this is not a requirement for testing keycloak integration.

Verification Steps

• Build docker image from this git branch

make runtime-image IMAGE_NAME=apicast-test

• Run keycloak dev environment

cd dev-environments/keycloak-env/
make gateway IMAGE_NAME=apicast-test

• Keycloak provisioning. Create realm, clients, users

make keycloak-data

Admin web app available at http://127.0.0.1:9090, user: admin, pass: adminpass.

Access to the Keycloak CLI

docker compose -p keycloak-env exec keycloak /bin/bash      

Use the CLI

/opt/keycloak/bin/kcadm.sh --help                           

• Get JWT

  export ACCESS_TOKEN=$(make token)

• Run request to echo endpoint

curl -v --resolve stg.example.com:8080:127.0.0.1 -H "Authorization: Bearer ${ACCESS_TOKEN}" "http://stg.example.com:8080"

The response should be HTTP/1.1 200 OK

[eguzki]

Just nitpicking but maybe we should remove unnecessary fields from the apicast-config.json file?

I copied it from a real 3scale API response body, then updated some fields with specific values for this dev env and cleaned up a bit not relevant sensitive field's values. I wanted to keep structure and fields to make sure integration works.

[tkan145]

Not a big issue to me so feel free to merge when you are ready.