Verify and Test the Migration
After running the migration template, both the 3scale and Connectivity Link versions of the application are running side by side. In this module you will verify the migrated resources and test both environments.
Step 1: Verify the Gateway is programmed
oc get gateway -n {user_name}-neuralbank-clExpected: PROGRAMMED: True
Step 2: Verify policies are enforced
oc get authpolicy -n {user_name}-neuralbank-cl -o wide
oc get ratelimitpolicy -n {user_name}-neuralbank-cl -o wideThe AuthPolicy should show ACCEPTED: True and ENFORCED: True.
Step 3: Test the migrated API (OIDC)
3.1 — Without token (expect redirect)
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" \
https://neuralbank-backend-{user_name}-neuralbank-cl.{cluster_domain}/api/v1/customersExpected: HTTP Status: 302
3.2 — Get a Bearer Token
TOKEN=$(curl -s -X POST \
"https://rhbk.{cluster_domain}/realms/neuralbank/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password" \
-d "client_id=neuralbank-frontend" \
-d "username={user_name}" \
-d "password={user_password}" \
| python3 -c "import json,sys; print(json.load(sys.stdin)['access_token'])")
echo "Token: ${TOKEN:0:50}..."Step 4: Compare the resources side by side
Step 5: Test the migrated API (API Key — if you migrated NFL Wallet)
Step 6: Browse in Developer Hub
-
Open Developer Hub and search for your migrated component in the Catalog.
-
Check the API tab — the OpenAPI spec should be available.
-
Check the Kuadrant section — the APIProduct should show as Published.
-
Verify the ArgoCD annotation links to the correct application.
Step 7: Validate the complete flow
Run this comprehensive check:
echo "=== Gateway ===" && \
oc get gateway -n {user_name}-neuralbank-cl && echo && \
echo "=== HTTPRoute ===" && \
oc get httproute -n {user_name}-neuralbank-cl && echo && \
echo "=== AuthPolicy ===" && \
oc get authpolicy -n {user_name}-neuralbank-cl -o wide && echo && \
echo "=== RateLimitPolicy ===" && \
oc get ratelimitpolicy -n {user_name}-neuralbank-cl -o wide && echo && \
echo "=== PlanPolicy ===" && \
oc get planpolicy -n {user_name}-neuralbank-cl && echo && \
echo "=== APIProduct ===" && \
oc get apiproduct -n {user_name}-neuralbank-clAll resources should exist and show healthy status.
Migration checklist
| Check | Status | Description |
|---|---|---|
Gateway PROGRAMMED |
✓ |
Istio gateway is accepting traffic |
AuthPolicy ENFORCED |
✓ |
Authentication is active |
RateLimitPolicy ENFORCED |
✓ |
Rate limiting is active |
API returns 200 with valid credentials |
✓ |
Backend is reachable through the new gateway |
API returns 401/302 without credentials |
✓ |
Authentication is blocking unauthorized access |
APIProduct Published |
✓ |
API is visible in Developer Hub |
ArgoCD Synced + Healthy |
✓ |
GitOps is working correctly |
Summary
You have successfully:
-
Verified all Connectivity Link resources are deployed and enforced
-
Tested the migrated API with the same credentials as the 3scale version
-
Compared both environments running side by side
-
Confirmed the migration preserved authentication, rate limiting, and API documentation