search

quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.73k stars 2.67k forks source link

KeycloakContainer in integration-tests/kafka-oauth-keycloak is not aligned with Keycloak version used in devservices #24320

Open rsvoboda opened 2 years ago

rsvoboda commented 2 years ago

Describe the bug

KeycloakContainer in integration-tests/kafka-oauth-keycloak is not aligned with Keycloak version used in devservices

Quarkus moved to Keycloak version 17.0.0 with https://github.com/quarkusio/quarkus/pull/24108 but https://github.com/quarkusio/quarkus/blob/main/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java was left behind and not moved to version 17.0.00

Please update KeycloakContainer.java to version 17, my initial attempts didn't work well enough as Quarkus based Keycloak is used now in the main Keycloak image.

Expected behavior

KeycloakContainer in integration-tests/kafka-oauth-keycloak is aligned with Keycloak version used in devservices

Actual behavior

KeycloakContainer in integration-tests/kafka-oauth-keycloak is not aligned with Keycloak version used in devservices

How to Reproduce?

No response

Output of uname -a or ver

No response

Output of java -version

Java 17

GraalVM version (if different from Java)

No response

Quarkus version or git rev

Quarkus main

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response

quarkus-bot[bot] commented 2 years ago

/cc @cescoffier, @ozangunalp, @pedroigor, @sberyozkin, @stuartwdouglas

sberyozkin commented 2 years ago

Re assigning to Ozan

sberyozkin commented 2 years ago

@rsvoboda @ozangunalp I think for this test updating to quay.io/keycloak/keycloak:17.0.0-legacy image should do (-legacy is used to qualify WildFly based images) - most of OIDC tests use it as well as the next RH SSO will still be based on a WildFly based distro

sberyozkin commented 2 years ago

As far as using Quarkus based distro is concerned, it should become much easier for setting up the truststore, I've linked Ozan earlier to the code where TLS is setup (in integration-tests/oidc). But at the moment Keycloak(-X) can not import a realm file itself at the startup, so an AdminClient POST request is required to upload the realm file - it is done in DevServices for Keycloak, Ozan, I can show all the details. But for now IMHO just updating the image name to 17.0.0-legacy should do, Rostislav, do you agree ?

rsvoboda commented 2 years ago

That's a good point, +1 for -legacy

I can amend https://github.com/quarkusio/quarkus-quickstarts/pull/1080

Reassigning to me

rsvoboda commented 2 years ago

PR updated

sberyozkin commented 2 years ago

Thanks @rsvoboda, I left a comment there; @ozangunalp I'd like to propose to pass this property https://github.com/quarkusio/quarkus/blob/main/build-parent/pom.xml#L101 to this test, for it to pick up the next versions automatically

ozangunalp commented 2 years ago

@sberyozkin I am thinking of updating the test to use KeycloakTestResourceLifecycleManager with image name set using keycloak.docker.legacy.image property.

sberyozkin commented 2 years ago

Not sure that test resource can handle truststores though

geoand commented 1 year ago

Is this issue still relevant?

rsvoboda commented 1 year ago

I think this is still relevant.

https://github.com/quarkusio/quarkus/blob/main/integration-tests/kafka-oauth-keycloak/src/test/java/io/quarkus/it/kafka/containers/KeycloakContainer.java#L13 uses quay.io/keycloak/keycloak:16.1.1

https://github.com/quarkusio/quarkus/blob/main/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/DevServicesConfig.java#L38 uses quay.io/keycloak/keycloak:20.0.3