Make Keycloak DevService work with @QuarkusIntegrationTest and container launches

[geoand]

This is a WIP to fix #21935.

@sberyozkin unfortunately this does not yet work, (I think) because the token received from the KeycloakTestClient has iss of http://localhost:49267/auth/realms/quarkus (which is the URL the test can access Keycloak from - i.e. a URL accessible on the host machine), but the Quarkus application under test accesses the application using something like http://keycloak-uX81K:8080/auth/realms/quarkus - i.e. the URL that is usable in the container network.
What can we do to address this issue? Can we "patch" the token somehow?

P.S. This contains a lot of hacks, but for most of them, I don't see a way around them for this use case.

[sberyozkin]

Hi @geoand thanks very much for looking into it.

Re the issuer problem, adding quarkus.oidc.token.issuer=any should do it in the test.
Setting KEYCLOAK_FRONTEND_URL env var should also fix it - but here the host port is dynamic, so not sure if setting KEYCLOAK_FRONTEND_URL=http://localhost in KeycloakDevServicesProcessor can do it; skipping the issuer verification with any is probably the easiest approach.

Let me also check what Keycloak logs, may be it is possible to avoid using HttpWaitStrategy

[geoand]

Thanks! Let me try that out

[sberyozkin]

Re the logs, WildFly based one logs:

13:43:33,804 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 65) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
...
13:43:33,930 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 17430ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)

I think Registered web context: '/auth' for server check should be enough.. Though let me also check what is logged with Keycloak-X

[sberyozkin]

Keycloak-X reports:
Keycloak 15.0.2 on JVM (powered by Quarkus 1.13.3.Final) started - the underlying quarkus version will be changed with Keycloak 16.0.0. But I don't see a message like Registered web context:...

So the common pattern is:

• Default (wildfly) image: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started
• Keycloak-X image: Keycloak 15.0.2 on JVM (powered by Quarkus 1.13.3.Final) started

So checking the container log for Keycloak 15.0.2 ... started where the version can be retrieved from DockerImageName should be enough, suppose a regex can get it, what do you think ? If you'd like I can experiment on a PR just to switch away from HttpWaitStrategy ?

[geoand]

Thanks for checking @sberyozkin!

Yeah, I'll try that, it's a much better idea

[geoand]

Keep in mind however that some of the other hacks in this PR will remain

[sberyozkin]

Thanks, sure, having a few hacks will be not bad :-)

[geoand]

The fewer the better :)

[geoand]

Closing in favor of #21999