Mock services for testing cloud.redhat.com applications
Many thanks to @jctanner who laid a lot of the groundwork for this in https://github.com/jctanner/aa-hacking/
This is project offers a solution for mocking out certain service dependencies such as BOP, RBAC, entitlements, and SSO.
It relies on two pieces:
- crcmocks -- a collection of flask APIs that replace BOP, RBAC, entitlements APIs, interact with a
keycloak
deployment to set up SSO, and provide user management APIs so you can add additional users for testing. - keycloak -- a generic deployment of keycloak, which
crcmocks
will interact with and provision for you
See the Deploying
section below for information on how to deploy locally or on OpenShift.
When crcmocks
starts up, it uses options defined in its config to connect to a keycloak deployment and provision a realm, client, and users in the SSO backend.
NOTE: every time crcmocks
is restarted, it will re-intialize the users on the keycloak server. User data does not persist!
crcmocks
can also be deployed without a keycloak server (if, for example, you do not care about mocking SSO but want to use some of the other mock APIs). In this case, the env var KEYCLOAK=false
should be passed to start_crcmocks
Once you have the crcmocks
API service running (it listens on port 9000 by default) the following APIs are provided:
GET /_getRequests
-- returns a list of all API requests that have come into thecrcmocks
servicePOST /_clearRequests
-- clears the stored list of all API requestsPOST /_shutdown
-- shuts down the flask APIPOST /_manager/addUser
-- allows you to create new test user with JSONGET /_manager/users
-- returns JSON listing all users created in keycloakPOST /_manager/resetUsers
-- resets users back to default configurations
GET /_manager/ui
-- allows you to see which users have been created and add new users via a web browser
GET /api/rbac/v1/access/
-- returns a pre-canned response stating the user has access toinsights:*:*
GET /api/entitlements/v1/services
-- returns a canned response stating the user is entitled for a variety of services
GET /api/bop/v1/jwt
-- if keycloak is in use, returns the pubkey for the realm configured on the local keycloak deployment.GET /api/bop/v1/sendEmails
-- accepts a POST and simply stores the incoming request so it can be read later, allowing you to test if your application sent an email to the right users with the right subject/body/etc.POST /api/bop/v1/users
,
POST /api/bop/v1/accounts/<accountNumber>/usersBy
,
GET /api/bop/v2/accounts/<accountNumber>/users
-- returns a mocked BOP response listing all users, filtered, that have been created incrcmocks
First build the base image:
docker build -t mocks .
Then start two containers:
- Keycloak (SSO):
docker run -td --name mocks-keycloak -p 8080:8080 -e DB_VENDOR=h2 -e PROXY_ADDRESS_FORWARDING=true -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:latest
- Mock APIs:
docker run -td --name mocks -p 9000:9000 -e KEYCLOAK_URL="http://localhost:8080" mocks:latest
You can also pull the mocks image from quay.io/cloudservices/mocks
if you don't wish to build it.
Or, if you want to run the mock APIs directly on your host instead of in a container:
python3 -m venv .venv
source .venv/bin/activate
pip install .
KEYCLOAK_URL="http://localhost:8080" start_crcmocks
You will then need to point your application to use localhost:9000
for BOP, RBAC, and
entitlements API requests. You will need to update your running copy of insights-chrome
to point
to localhost:8080
as the SSO URL instead of sso.qa.redhat.com
. To do this you can edit this file
and re-build chrome with npm run build
.
When deploying to OpenShift, we have written automation that takes care of the following:
- update the 3scale configs to use the mock APIs deployed in this namespace (BOP, entitlements)
- deploy the
mocks
andmocks-keycloak
containers into a single deployment named "mocks" - set up
Service
objects forrbac:8080
andentitlements-api-go:3000
to route to the mock APIs - set up
Route
objects formocks-keycloak
and themocks
containers - update chrome in the front-end-aggregator deployment (if present) to use the mock SSO
The end result is you should be able to browse to your front-end-aggregator URL and log in using mock SSO
You can access the mock user management APIs as described above via the mock's Route
URL
Deployment configs for mocks are available in e2e-deploy using the service set mocks
Deploy an ephemeral instance of the front-end, gateway, and any other backend apps you want from e2e-deploy along with mocks
using ocdeployer. Example:
ocdeployer deploy -c -e smoke -s advisor,platform-mq,ingress,inventory,engine,gateway,front-end-aggregator, mocks --secrets-src-project secrets MYPROJECT
The mocks
service set has custom deploy logic defined that will set up the gateway and
front-end-aggregator.
mocks
is part of the insights-ephemeral
app in app-interface configurations. For example to deploy
"myapp" along with gateway, mocks, and a front-end, run:
bonfire config deploy --app myapp,gateway,insights-ephemeral
When deployed using bonfire, mocks makes use of the initializer to set up the gateway and front-end-aggregator
See enhancements