fix(RHIDP-3674, RHIDP-3965): Add MVP scenario that matches latest v1.…

…2 version of RHDH, fix oauth2 proxy for OLM install method Signed-off-by: Pavel Macík <[email protected]>
redhat-performance · Sep 17, 2024 · 1252581 · 1252581
1 parent 8959f01
commit 1252581
Show file tree

Hide file tree

Showing 18 changed files with 687 additions and 134 deletions.
diff --git a/Makefile b/Makefile
@@ -35,8 +35,8 @@ export RHDH_HELM_CHART_VERSION ?=
 export RHDH_HELM_RELEASE_NAME ?= rhdh
 
 # RHDH OLM subscription to deploy
-export RHDH_OLM_INDEX_IMAGE ?= quay.io/rhdh/iib:1.2-v$(shell oc version -o json | jq -r '.openshiftVersion' | sed -r -e "s,([0-9]+\.[0-9]+)\..+,\1,")-$(shell oc version -o json | jq -r '.serverVersion.platform' | sed -r -e "s,linux/,," | sed -e 's,amd64,x86_64,')
-export RHDH_OLM_CHANNEL ?= fast
+export RHDH_OLM_INDEX_IMAGE ?= registry.redhat.io/redhat/redhat-operator-index:v$(shell oc version -o json | jq -r '.openshiftVersion' | sed -r -e "s,([0-9]+\.[0-9]+)\..+,\1,")
+export RHDH_OLM_CHANNEL ?= fast-1.2
 
 # RHDH horizontal scaling
 export RHDH_DEPLOYMENT_REPLICAS ?= 1
@@ -48,7 +48,7 @@ export RHDH_RESOURCES_MEMORY_REQUESTS ?=
 export RHDH_RESOURCES_MEMORY_LIMITS ?=
 export RHDH_KEYCLOAK_REPLICAS ?= 1
 export LOCUST_EXTRA_CMD ?=
-export AUTH_PROVIDER ?=
+export AUTH_PROVIDER ?= keycloak
 
 # RHDH install method - one of 'helm' or 'olm'
 export RHDH_INSTALL_METHOD ?= helm
@@ -175,7 +175,7 @@ test: $(TMP_DIR) $(ARTIFACT_DIR)
 ifneq ($(shell test '$(AUTH_PROVIDER)' == 'keycloak' && echo 1 || echo 0),0)
 	$(eval key_pass := $(shell oc -n  rhdh-performance  get secret perf-test-secrets -o template --template='{{.data.keycloak_user_pass}}' | base64 -d))
 	$(eval key_host := $(shell oc  -n  rhdh-performance  get routes/keycloak -o template  --template='{{.spec.host}}' ))
-	$(eval LOCUST_EXTRA_CMD := --keycloak-host $(key_host) --keycloak-password $(key_pass)  )
+	$(eval LOCUST_EXTRA_CMD := $(LOCUST_EXTRA_CMD) --keycloak-host $(key_host) --keycloak-password $(key_pass)  )
 ifneq ($(shell test $(USERS) -gt $(WORKERS) && echo 1 || echo 0),0)
 	@echo "users greater than  workers "
 else

diff --git a/ci-scripts/dev-sandbox/Makefile b/ci-scripts/dev-sandbox/Makefile
@@ -1,8 +1,8 @@
 #SHELL="/bin/bash -x"
 
-export RHDH_OLM_INDEX_IMAGE ?= quay.io/rhdh/iib:1.2-v4.15-x86_64
+export RHDH_OLM_INDEX_IMAGE ?= registry.redhat.io/redhat/redhat-operator-index:v4.15
 export RHDH_OPERATOR_NAMESPACE ?= rhdh-operator
-export RHDH_OLM_CHANNEL ?= fast
+export RHDH_OLM_CHANNEL ?= fast-1.2
 export RHDH_OLM_OPERATOR_PACKAGE ?= rhdh
 
 export ARTIFACT_DIR ?=

diff --git a/ci-scripts/dev-sandbox/run.sh b/ci-scripts/dev-sandbox/run.sh
@@ -44,7 +44,11 @@ collect_counts "baseline-counts-post"
 
 # testing env
 if [ "$RHDH_INSTALL_METHOD" == "olm" ]; then
-    rhdh_route="backstage-developer-hub"
+    if [ "$AUTH_PROVIDER" == "keycloak" ]; then
+        rhdh_route="rhdh"
+    else
+        rhdh_route="backstage-developer-hub"
+    fi
 elif [ "$RHDH_INSTALL_METHOD" == "helm" ]; then
     export RHDH_HELM_RELEASE_NAME RHDH_HELM_CHART
 

diff --git a/ci-scripts/rhdh-setup/create_resource.sh b/ci-scripts/rhdh-setup/create_resource.sh
@@ -45,7 +45,11 @@ backstage_url() {
     if [ "$RHDH_INSTALL_METHOD" == "helm" ]; then
       rhdh_route="${RHDH_HELM_RELEASE_NAME}-${RHDH_HELM_CHART}"
     else
-      rhdh_route="backstage-developer-hub"
+      if [ "$AUTH_PROVIDER" == "keycloak" ]; then
+        rhdh_route="rhdh"
+      else
+        rhdh_route="backstage-developer-hub"
+      fi
     fi
     echo -n "https://$(oc get routes "${rhdh_route}" -n "${RHDH_NAMESPACE}" -o jsonpath='{.spec.host}')" >"$f"
   fi
@@ -149,14 +153,27 @@ create_cmp() {
 }
 
 create_group() {
-  token=$(get_token)
-  groupname="group${0}"
-  echo "    g, group:default/${groupname}, role:default/perf_admin" >>"$TMP_DIR/group-rbac.yaml"
-  curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/groups" \
-    -H 'Content-Type: application/json' \
-    -H 'Authorization: Bearer '"$token" \
-    --data-raw '{"name": "'"${groupname}"'"}' |& tee -a "$TMP_DIR/create_group.log"
-  echo "[INFO][$(date --utc -Ins)] Group $groupname created" >>"$TMP_DIR/create_group.log"
+  max_attempts=5
+  attempt=1
+  while ((attempt <= max_attempts)); do
+    token=$(get_token)
+    groupname="group${0}"
+    echo "    g, group:default/${groupname}, role:default/perf_admin" >>"$TMP_DIR/group-rbac.yaml"
+    curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/groups" \
+      -H 'Content-Type: application/json' \
+      -H 'Authorization: Bearer '"$token" \
+      --data-raw '{"name": "'"${groupname}"'"}' |& tee -a "$TMP_DIR/create_group.log"
+    if [ "${PIPESTATUS[0]}" -eq 0 ]; then
+      echo "[INFO][$(date --utc -Ins)] Group $groupname created" >>"$TMP_DIR/create_group.log"
+      return
+    else
+      echo "[WARNING][$(date --utc -Ins)] Unable to create the $groupname group at $attempt. attempt. Trying again up to $max_attempts times." >>"$TMP_DIR/create_group.log"
+      ((attempt++))
+    fi
+  done
+  if [[ $attempt -gt $max_attempts ]]; then
+    echo "[ERROR][$(date --utc -Ins)] Unable to create the $groupname group in $max_attempts attempts, giving up!" |& tee -a "$TMP_DIR/create_group.log"
+  fi
 }
 
 create_groups() {
@@ -166,16 +183,29 @@ create_groups() {
 }
 
 create_user() {
-  token=$(get_token)
-  grp=$(echo "${0}%${GROUP_COUNT}" | bc)
-  [[ $grp -eq 0 ]] && grp=${GROUP_COUNT}
-  username="test${0}"
-  groupname="group${grp}"
-  curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/users" \
-    -H 'Content-Type: application/json' \
-    -H 'Authorization: Bearer '"$token" \
-    --data-raw '{"firstName":"'"${username}"'","lastName":"tester", "email":"'"${username}"'@test.com","emailVerified":"true", "enabled":"true", "username":"'"${username}"'","groups":["/'"${groupname}"'"],"credentials":[{"type":"password","value":"'"${KEYCLOAK_USER_PASS}"'","temporary":false}]}' |& tee -a "$TMP_DIR/create_user.log"
-  echo "[INFO][$(date --utc -Ins)] User $username ($groupname) created" >>"$TMP_DIR/create_user.log"
+  max_attempts=5
+  attempt=1
+  while ((attempt <= max_attempts)); do
+    token=$(get_token)
+    grp=$(echo "${0}%${GROUP_COUNT}" | bc)
+    [[ $grp -eq 0 ]] && grp=${GROUP_COUNT}
+    username="test${0}"
+    groupname="group${grp}"
+    curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/users" \
+      -H 'Content-Type: application/json' \
+      -H 'Authorization: Bearer '"$token" \
+      --data-raw '{"firstName":"'"${username}"'","lastName":"tester", "email":"'"${username}"'@test.com","emailVerified":"true", "enabled":"true", "username":"'"${username}"'","groups":["/'"${groupname}"'"],"credentials":[{"type":"password","value":"'"${KEYCLOAK_USER_PASS}"'","temporary":false}]}' |& tee -a "$TMP_DIR/create_user.log"
+    if [ "${PIPESTATUS[0]}" -eq 0 ]; then
+      echo "[INFO][$(date --utc -Ins)] User $username ($groupname) created" >>"$TMP_DIR/create_user.log"
+      return
+    else
+      echo "[WARNING][$(date --utc -Ins)] Unable to create the $username user at $attempt. attempt. Trying again up to $max_attempts times." >>"$TMP_DIR/create_user.log"
+      ((attempt++))
+    fi
+  done
+  if [[ $attempt -gt $max_attempts ]]; then
+    echo "[ERROR][$(date --utc -Ins)] Unable to create the $username user in $max_attempts attempts, giving up!" |& tee -a "$TMP_DIR/create_user.log"
+  fi
 }
 
 create_users() {
@@ -267,19 +297,20 @@ get_token() {
   trap "rm -rf $token_lockfile; exit" INT TERM EXIT HUP
 
   timeout_timestamp=$(date -d "60 seconds" "+%s")
-  while [ ! -f "$token_file" ] || [ ! -s "$token_file" ] || [ "$(date +%s)" -gt "$(jq -rc '.expires_in_timestamp' "$token_file")" ]; do
+  while [ ! -f "$token_file" ] || [ ! -s "$token_file" ] || [ -z "$(jq -rc '.expires_in_timestamp' "$token_file")" ] || [ "$(date +%s)" -gt "$(jq -rc '.expires_in_timestamp' "$token_file")" ]; do
     log_token_info "Refreshing keycloak token"
     if [ "$(date "+%s")" -gt "$timeout_timestamp" ]; then
       log_token_err "Timeout getting keycloak token"
       exit 1
     fi
     if [[ ${service} == 'rhdh' ]]; then
+      log_token_info "Refreshing RHDH token"
       [[ -f "$token_file" ]] && rm -rf "$token_file" && rm -rf "$TMP_DIR/cookie.jar"
       if ! rhdh_token >"$token_file"; then
         log_token_err "Unable to get token, re-attempting"
       fi
     else
-      keycloak_pass=$(oc -n "${RHDH_NAMESPACE}" get secret credential-example-sso -o template --template='{{.data.ADMIN_PASSWORD}}' | base64 -d)
+      keycloak_pass=$(oc -n "${RHDH_NAMESPACE}" get secret credential-rhdh-sso -o template --template='{{.data.ADMIN_PASSWORD}}' | base64 -d)
       if ! keycloak_token >"$token_file"; then
         log_token_err "Unable to get token, re-attempting"
       fi

diff --git a/ci-scripts/rhdh-setup/deploy.sh b/ci-scripts/rhdh-setup/deploy.sh
@@ -41,9 +41,9 @@ export RHDH_HELM_CHART=${RHDH_HELM_CHART:-redhat-developer-hub}
 export RHDH_HELM_CHART_VERSION=${RHDH_HELM_CHART_VERSION:-}
 
 OCP_VER="$(oc version -o json | jq -r '.openshiftVersion' | sed -r -e "s#([0-9]+\.[0-9]+)\..+#\1#")"
-OCP_ARCH="$(oc version -o json | jq -r '.serverVersion.platform' | sed -r -e "s#linux/##" | sed -e 's#amd64#x86_64#')"
-export RHDH_OLM_INDEX_IMAGE="${RHDH_OLM_INDEX_IMAGE:-quay.io/rhdh/iib:1.2-v${OCP_VER}-${OCP_ARCH}}"
-export RHDH_OLM_CHANNEL=${RHDH_OLM_CHANNEL:-fast}
+#OCP_ARCH="$(oc version -o json | jq -r '.serverVersion.platform' | sed -r -e "s#linux/##" | sed -e 's#amd64#x86_64#')"
+export RHDH_OLM_INDEX_IMAGE="${RHDH_OLM_INDEX_IMAGE:-registry.redhat.io/redhat/redhat-operator-index:v${OCP_VER}}"
+export RHDH_OLM_CHANNEL=${RHDH_OLM_CHANNEL:-fast-1.2}
 export RHDH_OLM_OPERATOR_PACKAGE=${RHDH_OLM_OPERATOR_PACKAGE:-rhdh}
 
 export PRE_LOAD_DB="${PRE_LOAD_DB:-true}"
@@ -173,6 +173,15 @@ keycloak_install() {
     envsubst <template/keycloak/keycloak.yaml | $clin apply -f -
     wait_to_start statefulset keycloak 450 600
     envsubst <template/keycloak/keycloakRealm.yaml | $clin apply -f -
+    if [ "$INSTALL_METHOD" == "helm" ]; then
+        export OAUTH2_REDIRECT_URI=https://${RHDH_HELM_RELEASE_NAME}-${RHDH_HELM_CHART}-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/oauth2/callback
+    elif [ "$INSTALL_METHOD" == "olm" ]; then
+        if [ "$AUTH_PROVIDER" == "keycloak" ]; then
+            export OAUTH2_REDIRECT_URI=https://rhdh-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/oauth2/callback
+        else
+            export OAUTH2_REDIRECT_URI=https://backstage-developer-hub-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/oauth2/callback
+        fi
+    fi
     envsubst <template/keycloak/keycloakClient.yaml | $clin apply -f -
     envsubst <template/keycloak/keycloakUser.yaml | $clin apply -f -
 }
@@ -197,6 +206,18 @@ backstage_install() {
     cp "template/backstage/app-config.yaml" "$TMP_DIR/app-config.yaml"
     if [ "${AUTH_PROVIDER}" == "keycloak" ]; then yq -i '. |= . + {"signInPage":"oauth2Proxy"}' "$TMP_DIR/app-config.yaml"; fi
     if [ "${AUTH_PROVIDER}" == "keycloak" ]; then yq -i '. |= . + {"auth":{"environment":"production","providers":{"oauth2Proxy":{}}}}' "$TMP_DIR/app-config.yaml"; else yq -i '. |= . + {"auth":{"providers":{"guest":{"dangerouslyAllowOutsideDevelopment":true}}}}' "$TMP_DIR/app-config.yaml"; fi
+    if [ "$INSTALL_METHOD" == "helm" ]; then
+        base_url="https://${RHDH_HELM_RELEASE_NAME}-${RHDH_HELM_CHART}-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}"
+    elif [ "$INSTALL_METHOD" == "olm" ]; then
+        if [ "$AUTH_PROVIDER" == "keycloak" ]; then
+            base_url="https://rhdh-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}"
+        else
+            base_url="https://backstage-developer-hub-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}"
+        fi
+    fi
+    yq -i '.app.baseUrl="'"$base_url"'"' "$TMP_DIR/app-config.yaml"
+    yq -i '.backend.baseUrl="'"$base_url"'"' "$TMP_DIR/app-config.yaml"
+    yq -i '.backend.cors.origin="'"$base_url"'"' "$TMP_DIR/app-config.yaml"
     until envsubst <template/backstage/secret-rhdh-pull-secret.yaml | $clin apply -f -; do $clin delete secret rhdh-pull-secret --ignore-not-found=true; done
     if ${ENABLE_RBAC}; then yq -i '. |= . + load("template/backstage/'$INSTALL_METHOD'/app-rbac-patch.yaml")' "$TMP_DIR/app-config.yaml"; fi
     until $clin create configmap app-config-rhdh --from-file "app-config.rhdh.yaml=$TMP_DIR/app-config.yaml"; do $clin delete configmap app-config-rhdh --ignore-not-found=true; done
@@ -215,7 +236,7 @@ backstage_install() {
         return 1
     fi
     if [ "${AUTH_PROVIDER}" == "keycloak" ] && ${RHDH_METRIC}; then $clin create -f template/backstage/rhdh-metrics-service.yaml; fi
-    if ${RHDH_METRIC}; then envsubst <template/backstage/rhdh-servicemonitor.yaml| $clin create -f -; fi
+    if ${RHDH_METRIC}; then envsubst <template/backstage/rhdh-servicemonitor.yaml | $clin create -f -; fi
 }
 
 # shellcheck disable=SC2016,SC1004
@@ -292,6 +313,10 @@ install_rhdh_with_olm() {
     set +x
     wait_for_crd backstages.rhdh.redhat.com
 
+    if [ "$AUTH_PROVIDER" == "keycloak" ]; then
+        envsubst <template/backstage/olm/rhdh-oauth2.deployment.yaml | $clin apply -f -
+    fi
+
     backstage_yaml="$TMP_DIR/backstage.yaml"
     envsubst <template/backstage/olm/backstage.yaml >"$backstage_yaml"
     if ${ENABLE_RBAC}; then

diff --git a/ci-scripts/rhdh-setup/template/backstage/olm/rhdh-oauth2.deployment.yaml b/ci-scripts/rhdh-setup/template/backstage/olm/rhdh-oauth2.deployment.yaml
@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rhdh
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: oauth2
+      app.kubernetes.io/instance: rhdh
+      app.kubernetes.io/name: developer-hub
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: oauth2
+        app.kubernetes.io/instance: rhdh
+        app.kubernetes.io/name: developer-hub
+    spec:
+      containers:
+        - args:
+            - --provider=oidc
+            - --email-domain=*
+            - --upstream=http://backstage-developer-hub:80
+            - --http-address=0.0.0.0:4180
+            - --skip-provider-button
+          env:
+            - name: OAUTH2_PROXY_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  key: CLIENT_ID
+                  name: keycloak-client-secret-backstage
+            - name: OAUTH2_PROXY_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  key: CLIENT_SECRET
+                  name: keycloak-client-secret-backstage
+            - name: OAUTH2_PROXY_COOKIE_SECRET
+              valueFrom:
+                secretKeyRef:
+                  key: keycloak_cookie_secret
+                  name: perf-test-secrets
+            - name: OAUTH2_PROXY_OIDC_ISSUER_URL
+              value: https://keycloak-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/auth/realms/backstage
+            - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
+              value: "true"
+          image: quay.io/oauth2-proxy/oauth2-proxy:latest
+          imagePullPolicy: IfNotPresent
+          name: oauth2-proxy
+          ports:
+            - containerPort: 4180
+              name: oauth2-proxy
+              protocol: TCP
+          resources: {}
+      imagePullSecrets:
+        - name: rhdh-pull-secret
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rhdh
+spec:
+  ports:
+    - name: oauth2-proxy
+      port: 4180
+      protocol: TCP
+      targetPort: oauth2-proxy
+  selector:
+    app.kubernetes.io/component: oauth2
+    app.kubernetes.io/instance: rhdh
+    app.kubernetes.io/name: developer-hub
+  type: ClusterIP
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: rhdh
+spec:
+  path: /
+  port:
+    targetPort: 4180
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: rhdh
+    weight: 100
+  wildcardPolicy: None
diff --git a/ci-scripts/rhdh-setup/template/keycloak/keycloak.yaml b/ci-scripts/rhdh-setup/template/keycloak/keycloak.yaml
@@ -1,7 +1,7 @@
 apiVersion: keycloak.org/v1alpha1
 kind: Keycloak
 metadata:
-  name: example-sso
+  name: rhdh-sso
   labels:
     app: sso
 spec:

diff --git a/ci-scripts/rhdh-setup/template/keycloak/keycloakClient.yaml b/ci-scripts/rhdh-setup/template/keycloak/keycloakClient.yaml
@@ -17,7 +17,7 @@ spec:
     implicitFlowEnabled: false
     publicClient: false
     redirectUris:
-      - https://${RHDH_HELM_RELEASE_NAME}-${RHDH_HELM_CHART}-${RHDH_NAMESPACE}.${OPENSHIFT_APP_DOMAIN}/oauth2/callback
+      - ${OAUTH2_REDIRECT_URI}
     serviceAccountsEnabled: true
     standardFlowEnabled: true
   realmSelector:

diff --git a/ci-scripts/scalability/test-scalability.sh b/ci-scripts/scalability/test-scalability.sh
@@ -46,12 +46,14 @@ wait_for_indexing() {
     COOKIE="$TMP_DIR/cookie.jar"
     if [ "$INSTALL_METHOD" == "helm" ]; then
         rhdh_route="${RHDH_HELM_RELEASE_NAME}-${RHDH_HELM_CHART}"
-        #rhdh_route="rhdh-redhat-developer-hub"
     else
-        rhdh_route="backstage-developer-hub"
+        if [ "$AUTH_PROVIDER" == "keycloak" ]; then
+            rhdh_route="rhdh"
+        else
+            rhdh_route="backstage-developer-hub"
+        fi
     fi
     if [ "$WAIT_FOR_SEARCH_INDEX" == "true" ]; then
-        rhdh_route="${RHDH_HELM_RELEASE_NAME}-${RHDH_HELM_CHART}"
         HOST="https://$(oc get routes "${rhdh_route}" -n "${RHDH_NAMESPACE:-rhdh-performance}" -o jsonpath='{.spec.host}')"
 
         start=$(date +%s)

diff --git a/ci-scripts/setup.sh b/ci-scripts/setup.sh
@@ -17,10 +17,10 @@ GITHUB_USER=$(cat /usr/local/ci-secrets/backstage-performance/github.user)
 GITHUB_REPO=$(cat /usr/local/ci-secrets/backstage-performance/github.repo)
 QUAY_TOKEN=$(cat /usr/local/ci-secrets/backstage-performance/quay.token)
 
-export RHDH_DEPLOYMENT_REPLICAS=${RHDH_DEPLOYMENT_REPLICAS:-5}
-export RHDH_DB_REPLICAS=${RHDH_DB_REPLICAS:-5}
+export RHDH_DEPLOYMENT_REPLICAS=${RHDH_DEPLOYMENT_REPLICAS:-1}
+export RHDH_DB_REPLICAS=${RHDH_DB_REPLICAS:-1}
 export RHDH_DB_STORAGE=${RHDH_DB_STORAGE:-1Gi}
-export RHDH_KEYCLOAK_REPLICAS=${RHDH_KEYCLOAK_REPLICAS:-5}
+export RHDH_KEYCLOAK_REPLICAS=${RHDH_KEYCLOAK_REPLICAS:-1}
 
 export API_COUNT=${API_COUNT:-1000}
 export COMPONENT_COUNT=${COMPONENT_COUNT:-1000}

diff --git a/ci-scripts/test.sh b/ci-scripts/test.sh
@@ -13,11 +13,15 @@ source "$(readlink -m "$SCRIPT_DIR"/../test.env)"
 export SCENARIO RHDH_INSTALL_METHOD AUTH_PROVIDER
 
 RHDH_INSTALL_METHOD=${RHDH_INSTALL_METHOD:-helm}
-AUTH_PROVIDER=${AUTH_PROVIDER:-}
+AUTH_PROVIDER=${AUTH_PROVIDER:-keycloak}
 
 # testing env
 if [ "$RHDH_INSTALL_METHOD" == "olm" ]; then
-    rhdh_route="backstage-developer-hub"
+    if [ "$AUTH_PROVIDER" == "keycloak" ]; then
+        rhdh_route="rhdh"
+    else
+        rhdh_route="backstage-developer-hub"
+    fi
 elif [ "$RHDH_INSTALL_METHOD" == "helm" ]; then
     export RHDH_HELM_RELEASE_NAME RHDH_HELM_CHART