Test Forge backend with prod-preview SSO backend

[corinnekrych]

Test end to end fabric8-ui (local) + Keyclaok (pre-prod) + Forge (local or PROD) development environment,

Check with @akazakov if a different realm name is needed https://github.com/fabric8io/fabric8-generator/blob/master/src/main/java/io/fabric8/forge/generator/keycloak/KeycloakEndpoint.java#L29

[jstrachan]

don't follow the issue. You can test a local fabric8-ui and local/prod forge against the Prod tenants right?

Or you can install fabric8 completely on any cluster and test on that for non-prod. I'm not sure of the current status of pre-prod - does pre-prod talk to the Prod tenants?

[corinnekrych]

@jstrachan I think pre-prod use a different realm name. Instead of fabric8 it's fabric8-test so we should parametrize this in KC endpoint class.

[jstrachan]

I don't see any reason to use a different realm name in any cluster TBH; we use fabric8 as the realm name in all fabric8 installations. The name is local to the cluster anyways. Can't we just change the realm name in pre-prod and save ourselves a ton of work going around parameterising everything (KC, auth, forge, WIT, f8tenant etc)?

[corinnekrych]

tbh no clue why we use a different one @sbose @akazakov could you help on that one

[sbose78]

@corinnekrych , pre-prod has a realm named fabric8 too - that should work, and is used in https://prod-preview.openshift.io

fabric8-test realm is an alternative realm for services which need to talk to keycloak directly from local ( to ensure we don't have to put our pre-prod client secret on github )

[alexeykazakov]

Yes, @sbose78 is right.

We have the same realm in both prod and preview - "farbirc8" But we also have additional "fabric8-test" realm in preview for auth services if it runs locally. We need it to keep separate because we can't share "fabric8" realm secrets in github. So, there are two options:

1. UI runs locally pointing to backend services run in prod-preview. All these preview services should use preview sso (the same "fabric8" realm)
2. You want to run all services locally, then you should be able to configure the local services to point them to "fabric8-test".

And btw, we are going to switch OSO/GH token management/linking to Auth instead of using Keycloak for that in the following weeks. So, the majority of our services will talk to the Auth service and forget about Keycloak at all. Forge won't need to keep any KC settings.