Keycloak fixes and Quarkus FW bump to 1.4.0.Beta5

[michalvavrik]

Summary

Main goal of this PR is to fix OCP failures related to the fact that Keycloak auth server URL has changed in our FW: quarkus-qe/quarkus-test-framework#960

• OpenShiftRhSsoOidcMtlsIT will require much more thinkering, at the very least I hit that config map name is created with illegal chars when resource is in nested directory. But I think it will be even more difficult, I'll address it later this week.
• I don't want to address all that repeated stuff of KC commands till Tests with Keycloak container should not be started at Keycloak DEV mode #1580 is done
• I also think some of these Keycloak starting commands are unnecessary at some of scenarios (I replaced one accidentally and it still works), let's address it when we get rid of start-dev because it all seems like a one big workaround for proper solution to me
• OidcRestClientIT failure (both baremetal and OCP) goes down to the Fix primitive class handling in Serialisers quarkusio/quarkus#37788, I hope it's going to be merged today as that reviewer is active in other Quarkus PRs
• new KC image does not accept args joined by space, we need to pass them one by one (which is correct way to do it anyway)

Please select the relevant options.

• Bug fix (non-breaking change which fixes an issue)
• Dependency update
• Refactoring
• Backport
• New scenario (non-breaking change which adds functionality)
• This change requires a documentation update
• This change requires execution against OCP (use run tests phrase in comment)

Checklist:

• Methods and classes used in PR scenarios are meaningful
• Commits are well encapsulated and follow the best practices

[michalvavrik]

run tests

[michalvavrik]

run tests

[michalvavrik]

Remaining OCP / baremetal failures are failing also without this PR, therefore they are not result of this PR.

[jedla97]

I looked at it. It's look good just two comments to clarify.

[jedla97]

Is there reason why --hostname-strict=false is removed when in other cases it stay.

[michalvavrik]

yes, I wrote about this (vaguely) in the PR description, I changed it accidentally and it made no difference, so I suppose it doesn't really matter. If it doesn't cause test failure I don't think it needs to be there. Good catch, it was mistake. If it is somehow important for you, I'll change it in next PR when fixing mTLS.

[jedla97]

If it's work I'm fine with it. Hope that this not cause the problem in future.

[michalvavrik]

If it's work I'm fine with it. Hope that this not cause the problem in future.

IMO tests need to be idempotent, otherwise our job will become very dangerous

[michalvavrik]

we will see other integration runs like Windows and Podman... I don't expect there should be difference.

[jedla97]

Why some of the command KeycloakContainers contains contain more commands that these two. When they were the same with using Container.

[michalvavrik]

I removed .withProperty("SSO_IMPORT_FILE", "resource::/keycloak-realm.json"); so I want to import it from command. I can't answer it in general, if you deem particular change wrong, please comment on the very change and I'll check.

[jedla97]

Just that somewhere @Conatiner change to this

@KeycloakContainer(command = { "start-dev", "--import-realm", "--hostname-strict=false",
            "--features=token-exchange" }, image = "${rhbk.image}")

and somewhere to this

@KeycloakContainer(command = { "start-dev", "--import-realm" }, image = "${rhbk.image}")

But this was answered in other comment so now there is probably no need for some of these commands.
But as it was written in PR description let's solve these problem as the start-dev is solved.

[michalvavrik]

just note - I won't pretend I couldn't make mistake, but this is how I worked:

• if I remove import env var, I need to add --import-realm
• If I change RHSSO for RHBK it is change from Wildfly to Quarkus based KC, so I followed what is done in that very project for non-OCP tests. so typically if there were --features=token-exchange for baremetal tests I just added it as well. I didn't try to think whether it needs to be in baremetal tests at the first place.

[jedla97]

Comments were explained and the PR it's look fine.