search

quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.73k stars 2.67k forks source link

Keycloack Dev Service not working with @QuarkusIntegrationTest #38884

Closed vincz777 closed 6 months ago

vincz777 commented 8 months ago

Describe the bug

When running a @QuarkusTest using the Keycloack Dev Service, everything works as expected. However running the exact same test as a @QuarkusIntegrationTest results in an error. Those lines are visible in the logs:

2024-02-20 11:18:20,658 ERROR [io.qua.oid.dep.dev.key.KeycloakDevServicesProcessor] (build-5) Admin token can not be acquired: null 2024-02-20 11:18:20,806 ERROR [io.qua.oid.dep.dev.key.KeycloakDevServicesProcessor] (build-5) Realm quarkus can not be created 401 - Unauthorized 2024-02-20 11:18:28,835 ERROR [io.qua.oid.dep.dev.key.KeycloakDevServicesProcessor] (build-5) Realm quarkus can not be created: Keycloak server is not available: Retries exhausted : 5 attempts against 1708424310834/1708424310807 expiration

When running the test in debug mode, setting a breakpoint in class KeycloakDevServicesProcessor where the admin token is retrieved, and running those commands from inside the Keycloack container:

bash-5.1$ cd /opt/keycloak/bin/ bash-5.1$ ./kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin Logging into http://localhost:8080 as user admin of realm master Enter password: ***** bash-5.1$ ./kcadm.sh update realms/master -s sslRequired=NONE

then the errors in the logs disappear.

Adding a breakpoint in my test before I try to get a token with keycloakClient.getClientAccessToken(), if I do this in the container:

./kcadm.sh update realms/quarkus -s sslRequired=NONE

Then the test passes as in the case of a simple @QuarkusTest

Expected behavior

The Keycloack Dev Service should work when running integration tests.

Actual behavior

The Keycloack Dev Service is not usable for integration tests as it seems there is some missing configuration about allowing access without SSL.

How to Reproduce?

Create a simple test in a project using Quarkus OIDC. In the test retrieve a client token:

String token = keycloakClient.getClientAccessToken() assertNotNull(token);

Run the test with annotation @QuarkusTest and observe the test passes.

Run the test with annotation @QuarkusIntegrationTest and observe the test fails.

Output of uname -a or ver

Linux 5.15.0-94-generic #104~20.04.1-Ubuntu SMP Tue Jan 16 13:34:09 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Output of java -version

java version "21" 2023-09-19 LTS Java(TM) SE Runtime Environment (build 21+35-LTS-2513) Java HotSpot(TM) 64-Bit Server VM (build 21+35-LTS-2513, mixed mode, sharing)

Quarkus version or git rev

3.2.6.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.9.5 (57804ffe001d7215b5e7bcb531cf83df38f93546)

Additional information

This link was helpful to understand what may be wrong: https://stackoverflow.com/questions/30622599/https-required-while-logging-in-to-keycloak-as-admin

quarkus-bot[bot] commented 8 months ago

/cc @geoand (devservices,testing), @stuartwdouglas (devservices)

sberyozkin commented 8 months ago

@vincz777 FYI, we have a lot of QuarkusIntegrationTests relying on Keycloak DevService, so please provide a reproducer. I'm not sure at what point HTTPS gets into the picture, please clarify. Thanks

vincz777 commented 8 months ago

Okay I will provide a reproducer. When I try to login into the admin console of the Keycloak container I get this message in the UI:

image

sberyozkin commented 8 months ago

@vincz777 I see you are on 3.2.6... Can you please retry in the latest 3.7.x just to check if it works ? Something may indeed be broken in 3.2.6...Reproducer would still help though

geoand commented 6 months ago

Closing as we did not receive feedback