Migrate 013-quarkus-oidc-restlcient to Keycloak Dev Svc and enable na…

…tive tests
quarkus-qe · Sep 29, 2024 · 02451fd · 02451fd
1 parent 0e2f170
commit 02451fd
Show file tree

Hide file tree

Showing 8 changed files with 35 additions and 224 deletions.
diff --git a/013-quarkus-oidc-restclient/pom.xml b/013-quarkus-oidc-restclient/pom.xml
@@ -10,11 +10,7 @@
     <dependencies>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-resteasy-mutiny</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-resteasy-jackson</artifactId>
+            <artifactId>quarkus-rest-jackson</artifactId>
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
@@ -26,24 +22,23 @@
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-resteasy-client-mutiny</artifactId>
+            <artifactId>quarkus-rest-client</artifactId>
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-resteasy-client-oidc-filter</artifactId>
+            <artifactId>quarkus-rest-client-oidc-filter</artifactId>
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-resteasy-client-oidc-token-propagation</artifactId>
+            <artifactId>quarkus-rest-client-oidc-token-propagation</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-authz-client</artifactId>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-keycloak-admin-rest-client</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.testcontainers</groupId>
-            <artifactId>testcontainers</artifactId>
-            <scope>test</scope>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-test-keycloak-server</artifactId>
         </dependency>
         <dependency>
             <groupId>org.awaitility</groupId>
@@ -69,23 +64,6 @@
         </plugins>
     </build>
     <profiles>
-        <!--
-            Skip native build and run as keycloak-authz-client is not native ready
-            Rework would be needed, some notes are in https://github.com/quarkusio/quarkus/issues/27995
-            Quarkus QE test suite uses updated approach
-        -->
-        <profile>
-            <id>native</id>
-            <activation>
-                <property>
-                    <name>native</name>
-                </property>
-            </activation>
-            <properties>
-                <quarkus.native.enabled>false</quarkus.native.enabled>
-                <skipITs>true</skipITs>
-            </properties>
-        </profile>
         <!-- Skipped on Windows as does not support Linux Containers / Testcontainers -->
         <profile>
             <id>skip-tests-on-windows</id>

diff --git a/...dc-restclient/src/main/java/io/quarkus/qe/ping/clients/LookupAuthorizationPongClient.java b/...dc-restclient/src/main/java/io/quarkus/qe/ping/clients/LookupAuthorizationPongClient.java
@@ -1,14 +1,11 @@
 package io.quarkus.qe.ping.clients;
 
-import java.util.Collections;
-
-import org.apache.http.impl.client.HttpClients;
 import org.eclipse.microprofile.config.Config;
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.eclipse.microprofile.rest.client.annotation.ClientHeaderParam;
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
-import org.keycloak.authorization.client.AuthzClient;
-import org.keycloak.authorization.client.Configuration;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
 
 import io.quarkus.qe.model.Score;
 
@@ -61,13 +58,17 @@ default String lookupAuth() {
         String clientId = config.getValue("quarkus.oidc.client-id", String.class);
         String clientSecret = config.getValue("quarkus.oidc.credentials.secret", String.class);
 
-        AuthzClient authzClient = AuthzClient.create(new Configuration(
-                authUrl,
-                realm,
-                clientId,
-                Collections.singletonMap("secret", clientSecret),
-                HttpClients.createDefault()));
+        Keycloak keycloak = KeycloakBuilder.builder()
+                .serverUrl(authUrl)
+                .realm(realm)
+                .clientId(clientId)
+                .clientSecret(clientSecret)
+                .grantType("password")
+                .username("alice")
+                .password("alice")
+                .build();
 
-        return "Bearer " + authzClient.obtainAccessToken("test-user", "test-user").getToken();
+        String keycloakToken = keycloak.tokenManager().getAccessToken().getToken();
+        return "Bearer " + keycloakToken;
     }
 }
diff --git a/013-quarkus-oidc-restclient/src/main/resources/application.properties b/013-quarkus-oidc-restclient/src/main/resources/application.properties
@@ -2,10 +2,6 @@
 quarkus.http.port=8081
 
 # Security
-quarkus.oidc.auth-server-url=http://localhost:8180/auth/realms/test-realm
-quarkus.oidc.client-id=test-application-client
-quarkus.oidc.credentials.secret=test-application-client-secret
-
 quarkus.http.auth.permission.unsecured.paths=/generate-token/*
 quarkus.http.auth.permission.unsecured.policy=permit
 
@@ -15,16 +11,16 @@ org.eclipse.microprofile.rest.client.propagateHeaders=Authorization
 
 # OIDC Client Configuration
 quarkus.oidc-client.auth-server-url=${quarkus.oidc.auth-server-url}
-quarkus.oidc-client.client-id=test-application-client
-quarkus.oidc-client.credentials.secret=test-application-client-secret
+quarkus.oidc-client.client-id=${quarkus.oidc.client-id}
+quarkus.oidc-client.credentials.secret=${quarkus.oidc.credentials.secret}
 
 ## Normal User Password
 quarkus.oidc-client.test-user.auth-server-url=${quarkus.oidc.auth-server-url}
-quarkus.oidc-client.test-user.client-id=test-application-client
-quarkus.oidc-client.test-user.credentials.secret=test-application-client-secret
+quarkus.oidc-client.test-user.client-id=${quarkus.oidc.client-id}
+quarkus.oidc-client.test-user.credentials.secret=${quarkus.oidc.credentials.secret}
 quarkus.oidc-client.test-user.grant.type=password
-quarkus.oidc-client.test-user.grant-options.password.username=test-user
-quarkus.oidc-client.test-user.grant-options.password.password=test-user
+quarkus.oidc-client.test-user.grant-options.password.username=alice
+quarkus.oidc-client.test-user.grant-options.password.password=alice
 
 # RestClient
 io.quarkus.qe.ping.clients.PongClient/mp-rest/url=http://localhost:8081

diff --git a/013-quarkus-oidc-restclient/src/test/java/io/quarkus/qe/AbstractPingPongResourceTest.java b/013-quarkus-oidc-restclient/src/test/java/io/quarkus/qe/AbstractPingPongResourceTest.java
@@ -1,46 +1,25 @@
 package io.quarkus.qe;
 
 import static io.restassured.RestAssured.given;
-import static io.restassured.config.HttpClientConfig.httpClientConfig;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.is;
 
 import java.util.UUID;
 
 import org.apache.http.HttpStatus;
-import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.keycloak.authorization.client.AuthzClient;
 
-import io.quarkus.qe.containers.KeycloakTestResource;
 import io.quarkus.qe.model.Score;
-import io.quarkus.test.common.TestResourceScope;
-import io.quarkus.test.common.WithTestResource;
-import io.restassured.RestAssured;
-import io.restassured.config.RestAssuredConfig;
+import io.quarkus.test.keycloak.client.KeycloakTestClient;
 import io.restassured.http.ContentType;
 
-@WithTestResource(value = KeycloakTestResource.class, scope = TestResourceScope.MATCHING_RESOURCES)
 public abstract class AbstractPingPongResourceTest {
 
     private static final String PING_ENDPOINT = "/%s-ping";
     private static final String PONG_ENDPOINT = "/%s-pong";
-    private static final String USER = "test-user";
     private static final String WRONG_TOKEN = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
-    private static final String HTTP_SOCKET_TIMEOUT_PROPERTY = "http.socket.timeout";
-    private static final String HTTP_CONNECTION_TIMEOUT_PROPERTY = "http.connection.timeout";
-    private static final int TIMEOUT_IN_SECONDS = 1000;
-
-    AuthzClient authzClient;
-
-    @BeforeEach
-    public void setup() {
-        RestAssured.config = RestAssuredConfig.config()
-                .httpClient(httpClientConfig()
-                        .setParam(HTTP_SOCKET_TIMEOUT_PROPERTY, TIMEOUT_IN_SECONDS)
-                        .setParam(HTTP_CONNECTION_TIMEOUT_PROPERTY, TIMEOUT_IN_SECONDS));
-    }
+    private KeycloakTestClient keycloakTestClient = new KeycloakTestClient();
 
     @Test
     public void testPingUnauthorized() {
@@ -152,6 +131,6 @@ protected String pongEndpoint() {
     }
 
     private String createToken() {
-        return authzClient.obtainAccessToken(USER, USER).getToken();
+        return keycloakTestClient.getAccessToken("alice");
     }
 }
diff --git a/...stclient/src/test/java/io/quarkus/qe/NativeLookupAuthorizationRestPingPongResourceIT.java b/...stclient/src/test/java/io/quarkus/qe/NativeLookupAuthorizationRestPingPongResourceIT.java
@@ -1,10 +1,7 @@
 package io.quarkus.qe;
 
-import org.junit.jupiter.api.Disabled;
-
 import io.quarkus.test.junit.QuarkusIntegrationTest;
 
-@Disabled("Annotation @ClientHeaderParam not working in Native. Reported by https://github.com/quarkusio/quarkus/issues/13660")
 @QuarkusIntegrationTest
 public class NativeLookupAuthorizationRestPingPongResourceIT extends LookupAuthorizationRestPingPongResourceTest {
-}
+}
diff --git a/013-quarkus-oidc-restclient/src/test/java/io/quarkus/qe/containers/KeycloakTestResource.java b/013-quarkus-oidc-restclient/src/test/java/io/quarkus/qe/containers/KeycloakTestResource.java
diff --git a/013-quarkus-oidc-restclient/src/test/java/io/quarkus/qe/secured/SecuredResourceTest.java b/013-quarkus-oidc-restclient/src/test/java/io/quarkus/qe/secured/SecuredResourceTest.java
@@ -7,6 +7,7 @@
 import org.junit.jupiter.api.Test;
 
 import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.keycloak.client.KeycloakTestClient;
 
 @QuarkusTest
 public class SecuredResourceTest {
@@ -15,6 +16,8 @@ public class SecuredResourceTest {
     private static final String CLAIMS_FROM_BEANS_PATH = "/getClaimsFromBeans";
     private static final String CLAIMS_FROM_TOKEN_PATH = "/getClaimsFromToken";
 
+    private KeycloakTestClient keycloakClient = new KeycloakTestClient();
+
     @Test
     public void verifySecuredEndpointIsProtected() {
         given().get(SECURED_PATH + CLAIMS_FROM_BEANS_PATH)
@@ -38,7 +41,7 @@ private String getClaimsFromToken() {
     }
 
     private String getClaimsInstancesFromPath(String path) {
-        String token = given().when().get("/generate-token/test-user").then().statusCode(200).extract().asString();
+        String token = keycloakClient.getAccessToken("alice");
 
         return given()
                 .auth().preemptive().oauth2(token)

diff --git a/013-quarkus-oidc-restclient/src/test/resources/test-realm.json b/013-quarkus-oidc-restclient/src/test/resources/test-realm.json