Keycloak DevService: Improve error messages and documentation for cli…

…ent timeouts

We used to experience a lot of flakiness due to the keycloak devservice starting,
but doing so with errors and therefore causing all tests that were running
with keycloak to emit 'IllegalArgument accessToken cannot be null'.
The start-up errors were a bit cryptic and unspecific and looked like this:

    2023-11-06 08:01:14,552 INFO  [tc.doc.sop.0.1] (build-7) Container docker-quay.sopdock/keycloak/keycloak:22.0.1 started in PT3M46.054007184S
    2023-11-06 08:01:18,712 ERROR [io.qua.oid.dep.dev.key.KeycloakDevServicesProcessor] (build-7) Admin token can not be acquired: null
    2023-11-06 08:01:19,655 ERROR [io.qua.oid.dep.dev.key.KeycloakDevServicesProcessor] (build-7) Realm rdpro can not be created 401 - Unauthorized
    2023-11-06 08:01:27,690 ERROR [io.qua.oid.dep.dev.key.KeycloakDevServicesProcessor] (build-7) Realm rdpro can not be created: Keycloak server is not available: Retries exhausted : 5 attempts against 1699257689687/1699257689656 expiration
    2023-11-06 08:01:27,699 INFO  [io.qua.oid.dep.dev.key.KeycloakDevServicesProcessor] (build-7) Dev Services for Keycloak started.

It took us some time to realize that `Admin token can not be acquired: null` actually meant
'Acquiring the Admin token timed out' and that 'null' was the TimeoutException's message.
Thankfully the property `quarkus.oidc.devui.web-client-timeout` exists to increase this timeout,
though it is somewhat oddly named ("devui"?).

I tried to improve the situation by making errors actually print the exception and stacktrace,
and by improving the user feedback a bit.

extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/DevUiConfig.java

@@ -70,6 +70,7 @@ public String getGrantType() {
      * The WebClient timeout.
      * Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting
      * tokens from OpenId Connect Provider and sending them to the service endpoint.
+     * This timeout is also used by the OIDC dev service admin client.
      */
     @ConfigItem(defaultValue = "4S")
     public Duration webClientTimeout;

extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/KeycloakDevServicesProcessor.java

@@ -28,6 +28,7 @@
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
+import io.smallrye.mutiny.TimeoutException;
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.jboss.logging.Logger;
 import org.keycloak.representations.idm.ClientRepresentation;
@@ -626,8 +627,11 @@ private String getAdminToken(WebClient client, String keycloakUrl) {
                     keycloakUrl + "/realms/master/protocol/openid-connect/token",
                     "admin-cli", null, "admin", "admin", null)
                     .await().atMost(oidcConfig.devui.webClientTimeout);
+        } catch (TimeoutException e) {
+            LOG.error("Admin token can not be acquired due to a client connection timeout. " +
+                      "You may try increasing the `quarkus.oidc.devui.web-client-timeout` property.");
         } catch (Throwable t) {
-            LOG.errorf("Admin token can not be acquired: %s", t.getMessage());
+            LOG.error("Admin token can not be acquired", t);
         }
         return null;
     }
@@ -673,7 +677,7 @@ private void createRealm(WebClient client, String token, String keycloakUrl, Rea
         } catch (Throwable t) {
             errors.add(String.format("Realm %s can not be created: %s", realm.getRealm(), t.getMessage()));
 
-            LOG.errorf("Realm %s can not be created: %s", realm.getRealm(), t.getMessage());
+            LOG.errorf(t, "Realm %s can not be created", realm.getRealm());
         }
     }