First pass at moving our tests to recent Keycloak version

We are running a very old legacy version for testing which is a bad
idea.
Especially since this version is using a very old JDK.

This is a first pass, it is still very rough and some tests are not
passing yet but I would like some feedback from a full CI run.

Co-authored-by: Michal Vavřík <[email protected]>

Author: 2 people

build-parent/pom.xml

@@ -98,9 +98,7 @@
 
         <!-- The image to use for tests that run Keycloak -->
         <keycloak.server.version>26.4.0</keycloak.server.version>
-        <keycloak.wildfly.version>19.0.3</keycloak.wildfly.version>
         <keycloak.docker.image>quay.io/keycloak/keycloak:${keycloak.server.version}</keycloak.docker.image>
-        <keycloak.docker.legacy.image>quay.io/keycloak/keycloak:${keycloak.wildfly.version}-legacy</keycloak.docker.legacy.image>
 
         <unboundid-ldap.version>7.0.3</unboundid-ldap.version>
 

extensions/devservices/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesProcessor.java

@@ -859,6 +859,7 @@ private static RealmRepresentation createDefaultRealmRep() {
         realm.setAccessTokenLifespan(600);
         realm.setSsoSessionMaxLifespan(600);
         realm.setRefreshTokenMaxReuse(10);
+        realm.setRequiredActions(List.of());
 
         RolesRepresentation roles = new RolesRepresentation();
         List<RoleRepresentation> realmRoles = new ArrayList<>();
@@ -907,6 +908,8 @@ private static UserRepresentation createUser(String username, String password, L
         user.setEnabled(true);
         user.setCredentials(new ArrayList<>());
         user.setRealmRoles(realmRoles);
+        user.setEmailVerified(true);
+        user.setRequiredActions(List.of());
 
         CredentialRepresentation credential = new CredentialRepresentation();
 

extensions/oidc-client-filter/deployment/pom.xml

@@ -112,7 +112,7 @@
                         <configuration>
                             <skip>false</skip>
                             <systemPropertyVariables>
-                                <keycloak.docker.image>${keycloak.docker.legacy.image}</keycloak.docker.image>
+                                <keycloak.docker.image>${keycloak.docker.image}</keycloak.docker.image>
                                 <keycloak.use.https>false</keycloak.use.https>
                             </systemPropertyVariables>
                         </configuration>

extensions/oidc-client-filter/deployment/src/test/java/io/quarkus/oidc/client/filter/AbstractRevokedAccessTokenDevModeTest.java

@@ -51,6 +51,8 @@ protected static QuarkusDevModeTest createQuarkusDevModeTest(String additionalPr
                                 quarkus.oidc-client.grant.type=password
                                 quarkus.oidc-client.grant-options.password.username=alice
                                 quarkus.oidc-client.grant-options.password.password=alice
+                                quarkus.oidc-client.scopes=openid
+                                quarkus.oidc-client.named.scopes=openid
                                 quarkus.oidc-client.named.auth-server-url=${quarkus.oidc.auth-server-url}
                                 quarkus.oidc-client.named.client-id=${quarkus.oidc.client-id}
                                 quarkus.oidc-client.named.credentials.client-secret.value=${quarkus.oidc.credentials.secret}

extensions/oidc-client-graphql/deployment/pom.xml

@@ -120,7 +120,7 @@
                         <configuration>
                             <skip>false</skip>
                             <systemPropertyVariables>
-                                <keycloak.docker.image>${keycloak.docker.legacy.image}</keycloak.docker.image>
+                                <keycloak.docker.image>${keycloak.docker.image}</keycloak.docker.image>
                                 <keycloak.use.https>false</keycloak.use.https>
                             </systemPropertyVariables>
                         </configuration>

extensions/oidc-client-reactive-filter/deployment/pom.xml

@@ -111,7 +111,7 @@
                         <configuration>
                             <skip>false</skip>
                             <systemPropertyVariables>
-                                <keycloak.docker.image>${keycloak.docker.legacy.image}</keycloak.docker.image>
+                                <keycloak.docker.image>${keycloak.docker.image}</keycloak.docker.image>
                                 <keycloak.use.https>false</keycloak.use.https>
                             </systemPropertyVariables>
                         </configuration>

extensions/oidc-client-reactive-filter/deployment/src/test/java/io/quarkus/oidc/client/reactive/filter/AbstractRevokedAccessTokenDevModeTest.java

@@ -55,6 +55,8 @@ protected static QuarkusDevModeTest createQuarkusDevModeTest(String additionalPr
                                 quarkus.oidc-client.grant.type=password
                                 quarkus.oidc-client.grant-options.password.username=alice
                                 quarkus.oidc-client.grant-options.password.password=alice
+                                quarkus.oidc-client.scopes=openid
+                                quarkus.oidc-client.named.scopes=openid
                                 quarkus.oidc-client.named.auth-server-url=${quarkus.oidc.auth-server-url}
                                 quarkus.oidc-client.named.client-id=${quarkus.oidc.client-id}
                                 quarkus.oidc-client.named.credentials.client-secret.value=${quarkus.oidc.credentials.secret}

extensions/oidc-client/deployment/pom.xml

@@ -13,7 +13,7 @@
     <name>Quarkus - OpenID Connect Client - Deployment</name>
 
     <properties>
-        <keycloak.url>http://localhost:8180/auth</keycloak.url>
+        <keycloak.url>http://localhost:8180</keycloak.url>
     </properties>
 
     <dependencies>
@@ -147,14 +147,16 @@
                 </plugins>
             </build>
         </profile>
-
         <profile>
             <id>docker-keycloak</id>
             <activation>
                 <property>
                     <name>start-containers</name>
                 </property>
             </activation>
+            <properties>
+                <keycloak.url>http://localhost:8180</keycloak.url>
+            </properties>
             <build>
                 <plugins>
                     <plugin>
@@ -163,16 +165,19 @@
                         <configuration>
                             <images>
                                 <image>
-                                    <name>${keycloak.docker.legacy.image}</name>
+                                    <name>${keycloak.docker.image}</name>
                                     <alias>quarkus-test-keycloak</alias>
                                     <run>
                                         <ports>
                                             <port>8180:8080</port>
                                         </ports>
                                         <env>
-                                            <KEYCLOAK_USER>admin</KEYCLOAK_USER>
-                                            <KEYCLOAK_PASSWORD>admin</KEYCLOAK_PASSWORD>
+                                            <KC_BOOTSTRAP_ADMIN_USERNAME>admin</KC_BOOTSTRAP_ADMIN_USERNAME>
+                                            <KC_BOOTSTRAP_ADMIN_PASSWORD>admin</KC_BOOTSTRAP_ADMIN_PASSWORD>
                                         </env>
+                                        <cmd>
+                                            <arg>start-dev</arg>
+                                        </cmd>
                                         <log>
                                             <prefix>Keycloak:</prefix>
                                             <date>default</date>

extensions/oidc-client/deployment/src/test/java/io/quarkus/oidc/client/KeycloakRealmClientCredentialsJwtPrivateKeyManager.java

@@ -4,6 +4,7 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.keycloak.representations.AccessTokenResponse;
@@ -64,6 +65,7 @@ private static RealmRepresentation createRealm(String name) {
         realm.setRefreshTokenMaxReuse(0);
         realm.setDefaultGroups(Arrays.asList("user"));
         realm.setDefaultRoles(Arrays.asList("user"));
+        realm.setRequiredActions(List.of());
 
         return realm;
     }

extensions/oidc-client/deployment/src/test/java/io/quarkus/oidc/client/KeycloakRealmClientCredentialsJwtPrivateKeyStoreManager.java

@@ -4,6 +4,7 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.keycloak.representations.AccessTokenResponse;
@@ -64,6 +65,7 @@ private static RealmRepresentation createRealm(String name) {
         realm.setRefreshTokenMaxReuse(0);
         realm.setDefaultGroups(Arrays.asList("user"));
         realm.setDefaultRoles(Arrays.asList("user"));
+        realm.setRequiredActions(List.of());
 
         return realm;
     }