-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add keycloak versions to circleci test job #294
Conversation
Nice job I guess we have to go through the failing tests and see why they are failing, if needed ignore them for that version. |
@mrparkers Could you take a look at TestAccKeycloakProvider_passwordGrant In the test you get a 403 forbidden after a GET for an newly created Realm.
|
That test makes sure that the provider is correctly able to handle the password grant when authenticating to keycloak. I think the reason it depends on that environment variable was because we originally ran the entire suite of tests using the password grant in CI, but I ended up removing that and never removed the need for that environment variable. This test can probably run every time now. I'm not sure why it's failing for the latest Keycloak versions. I'll run it locally and take a look. |
I pushed a fix that should fix the failing tests relating to the password grant for Keycloak >= 9. I suppose they made a change that requires that you specify the client secret during the password grant for confidential clients (which I think we should have been doing anyways, but it hasn't been caught until now). Regarding the PR, I think this is an awesome change since we can never have too many tests, but this will probably make me run out of my weekly allocation of free CircleCI credits. Would you mind changing this to only test against the latest released version for every major release? So instead of testing 8.0.0, 8.0.1, and 8.0.2, let's change it to only test 8.0.2. Right now I'm working on running a different CI server (Drone) on my own hardware, so we'll be able to test as many Keycloak versions as we want. |
Totally makes sense to me. What do you think about testing against all versions for the release job? You get the best of both worlds, we maintain good coverage during development and ensure no regression bugs sneak in during a release. |
That seems like a good idea to me. In the mean time we everything green from keycloak version 7 and up. I took a look at only error on version 6, and i can not reproduce it locally, the number of expected events is 63 instead of 67 on CI .... On version 4 and 5 the same 3 tests are failing. Perhaps they are new features not supported on those versions. I might check those later. But the question that pops to my mind, do we want to support those older version? |
@tomrutsaert Great question. Given that 4.8.3 came out in January of last year I don't think it's asking too much to support it. Once it becomes cumbersome (and perhaps it already has) we should think about dropping support, but do so with cause. @mrparkers Just a thought, but if CircleCI credits are a problem maybe we just run circle with a few (maybe just the latest?) version(s) during development and save full-regression for the release process. The current pipeline appears to only run once the release tag has been pushed which puts us in the unfortunate position of needing to change the tag in the event a regression bug does sneak in. We may want to consider changing the release strategy slightly, perhaps add a circle config that matches the pattern That being said, there are really good reasons to stick with a very simple branching strategy and dancing around Circle credits may not be worth the added complexity. |
@hawknewton I don't necessarily have a problem with that and I don't think I'll run out of free credits by doing that. But I also don't think we have a lot to gain by testing against different patch releases. So you can add all versions back to the release job if you'd like. I might change this up a bit once I move to the new CI server though. But since it'll be running on my own personal hardware, we can test against all versions if we wish.
@tomrutsaert that's a good question. I think it's reasonable to officially support the latest three major versions, so in this case, 8.x, 9.x, and 10.x. That's not to say that we won't try to fix bugs if they exist on older versions, but I don't think we'll go out of our way to support them since that seems like a bit too much of a burden on an open source project. Of course, PRs are always welcome, and I would never reject a PR that adds additional support for older versions unless it actively breaks other functionality. |
@hawknewton yeah, the current release process wasn't designed to accommodate for this type of regression testing, which was intentional since I wanted to stay on the free tier. Again, this shouldn't be a problem in the future as I switch CI solutions so I don't have to worry about going over a free tier. I'd probably let full regression testing happen on all pushes to master to keep the release pipeline simple though. |
For now, why don't we just stick with the latest patch release all the way down to 4.8.3.Final as a compromise. |
@tomrutsaert Looks like a legit incompatibility. I'm not sure how you want to manage this. We could detect server version at runtime but it seems like a weird thing to do just for the tests. |
Eventually our tests will have to make different assertions based on the running version. This won't be the only case - for example, the 4.8.3.Final tests are failing due to the absence of the builtin I don't think the provider itself should make the distinction between different versions (although who knows, that might eventually be needed), but at the very least the tests should make different assertions against different versions as needed. |
🤣 😭 |
:-/ well it is not wrong, it is a strange version number..... |
@@ -86,7 +87,11 @@ func keycloakVersionIsGreaterThanOrEqualTo(keycloakClient *keycloak.KeycloakClie | |||
if err != nil { | |||
return false, fmt.Errorf("/serverInfo endpoint retuned an error, server Keycloak version could not be determined: %s", err) | |||
} | |||
keycloakServerInfoVersion, err = version.NewVersion(serverInfo.SystemInfo.ServerVersion) | |||
|
|||
regex := regexp.MustCompile(`^(\d+\.\d+\.\d+)`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my only suggestion here is that go-version does export their regular expressions that we can use instead: /~https://github.com/hashicorp/go-version/blob/master/version.go#L20-L31
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my only suggestion here is that go-version does export their regular expressions that we can use instead: /~https://github.com/hashicorp/go-version/blob/master/version.go#L20-L31
regex := `v?([0-9]+(\.[0-9]+)*?)` +
`(-([0-9]+[0-9A-Za-z\-~]*(\.[0-9A-Za-z\-~]+)*)|(-([A-Za-z\-~]+[0-9A-Za-z\-~]*(\.[0-9A-Za-z\-~]+)*)))?` +
`(\+([0-9A-Za-z\-~]+(\.[0-9A-Za-z\-~]+)*))?` +
`?`
r := regexp.MustCompile(regex)
fmt.Printf("%#v\n", r.FindStringSubmatch(`4.4.3.Final`))
[]string{"4", "4", "", "", "", "", "", "", "", "", "", ""}
No bueno, unfortunately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, nevermind then. I think what you have is good enough, especially since this is only used for tests.
Looks like we're good, the required |
.circleci/config.yml
Outdated
matrix: | ||
parameters: | ||
keycloak-version: | ||
# 4.8.3 doesn't have a docker image |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
last suggestion: can you remove this comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good! thanks for the PR!
This pull request makes use of the marix jobs feature to add additional Keycloak versions to the CircleCI acceptance test run. Additionally, I tacked on the circleci test reporter to make it easier to see failures.
As you can see there are test failures in all versions except
8.0.1
,8.0.0
,7.0.1
, and7.0.0
.Unfortunately there's no pre-built docker image forI've re-added4.8.3
so I pulled it.4.8.3
but it's also failing, unfortunately.