Make auth tests use keycloak container for better reproducibility

app/pom.xml

@@ -293,6 +293,11 @@
       <artifactId>strimzi-test-container</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>com.github.dasniko</groupId>
+      <artifactId>testcontainers-keycloak</artifactId>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>io.zonky.test</groupId>
       <artifactId>embedded-postgres</artifactId>

app/src/test/java/io/apicurio/registry/auth/AuthTestAnonymousCredentials.java

@@ -9,13 +9,14 @@
 import io.apicurio.registry.types.ContentTypes;
 import io.apicurio.registry.utils.tests.ApicurioTestTags;
 import io.apicurio.registry.utils.tests.AuthTestProfileAnonymousCredentials;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
 import io.apicurio.registry.utils.tests.TestUtils;
 import io.kiota.http.vertx.VertXRequestAdapter;
 import io.quarkus.test.junit.QuarkusTest;
 import io.quarkus.test.junit.TestProfile;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
 
@@ -33,18 +34,23 @@ public class AuthTestAnonymousCredentials extends AbstractResourceTestBase {
 
     final String groupId = getClass().getSimpleName() + "Group";
 
+    @BeforeEach
+    protected void beforeEach() throws Exception {
+        setupRestAssured();
+    }
+
     @Test
     public void testWrongCreds() throws Exception {
-        var adapter = new VertXRequestAdapter(
-                buildOIDCWebClient(vertx, authServerUrl, JWKSMockServer.WRONG_CREDS_CLIENT_ID, "test55"));
+        var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrl,
+                KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test55"));
         adapter.setBaseUrl(registryV3ApiUrl);
         RegistryClient client = new RegistryClient(adapter);
 
         var exception = Assertions.assertThrows(Exception.class, () -> {
             client.groups().byGroupId(groupId).artifacts().get();
         });
 
-        assertTrue(exception.getMessage().contains("Unauthorized"));
+        assertTrue(exception.getMessage().contains("unauthorized"));
     }
 
     @Test

app/src/test/java/io/apicurio/registry/auth/AuthTestAuthenticatedReadAccess.java

@@ -9,7 +9,7 @@
 import io.apicurio.registry.types.ContentTypes;
 import io.apicurio.registry.utils.tests.ApicurioTestTags;
 import io.apicurio.registry.utils.tests.AuthTestProfileAuthenticatedReadAccess;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
 import io.apicurio.registry.utils.tests.TestUtils;
 import io.kiota.http.vertx.VertXRequestAdapter;
 import io.quarkus.test.junit.QuarkusTest;
@@ -34,7 +34,7 @@ public class AuthTestAuthenticatedReadAccess extends AbstractResourceTestBase {
     @Override
     protected RegistryClient createRestClientV3(Vertx vertx) {
         var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx, authServerUrl,
-                JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+                KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         return new RegistryClient(adapter);
     }
@@ -43,7 +43,7 @@ protected RegistryClient createRestClientV3(Vertx vertx) {
     public void testReadOperationWithNoRole() throws Exception {
         // Read-only operation should work with credentials but no role.
         var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx, authServerUrl,
-                JWKSMockServer.NO_ROLE_CLIENT_ID, "test1"));
+                KeycloakTestContainerManager.NO_ROLE_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         RegistryClient client = new RegistryClient(adapter);
         var results = client.search().artifacts().get(config -> config.queryParameters.groupId = groupId);

app/src/test/java/io/apicurio/registry/auth/AuthTestLocalRoles.java

@@ -16,7 +16,7 @@
 import io.apicurio.registry.types.ContentTypes;
 import io.apicurio.registry.utils.tests.ApicurioTestTags;
 import io.apicurio.registry.utils.tests.AuthTestProfileWithLocalRoles;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
 import io.apicurio.registry.utils.tests.TestUtils;
 import io.kiota.http.vertx.VertXRequestAdapter;
 import io.quarkus.test.junit.QuarkusTest;
@@ -49,8 +49,8 @@ public class AuthTestLocalRoles extends AbstractResourceTestBase {
 
     @Override
     protected RegistryClient createRestClientV3(Vertx vertx) {
-        var adapter = new VertXRequestAdapter(
-                buildOIDCWebClient(vertx, authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+        var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrlConfigured,
+                KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         return new RegistryClient(adapter);
     }
@@ -68,12 +68,12 @@ protected RegistryClient createRestClientV3(Vertx vertx) {
     @Test
     public void testLocalRoles() throws Exception {
         var adapterAdmin = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapterAdmin.setBaseUrl(registryV3ApiUrl);
         RegistryClient clientAdmin = new RegistryClient(adapterAdmin);
 
         var adapterAuth = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.NO_ROLE_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.NO_ROLE_CLIENT_ID, "test1"));
         adapterAuth.setBaseUrl(registryV3ApiUrl);
         RegistryClient client = new RegistryClient(adapterAuth);
 
@@ -95,7 +95,7 @@ public void testLocalRoles() throws Exception {
 
         // Now let's grant read-only access to the user.
         var roMapping = new RoleMapping();
-        roMapping.setPrincipalId(JWKSMockServer.NO_ROLE_CLIENT_ID);
+        roMapping.setPrincipalId(KeycloakTestContainerManager.NO_ROLE_CLIENT_ID);
         roMapping.setRole(RoleType.READ_ONLY);
 
         clientAdmin.admin().roleMappings().post(roMapping);
@@ -116,7 +116,8 @@ public void testLocalRoles() throws Exception {
         var devMapping = new UpdateRole();
         devMapping.setRole(RoleType.DEVELOPER);
 
-        clientAdmin.admin().roleMappings().byPrincipalId(JWKSMockServer.NO_ROLE_CLIENT_ID).put(devMapping);
+        clientAdmin.admin().roleMappings().byPrincipalId(KeycloakTestContainerManager.NO_ROLE_CLIENT_ID)
+                .put(devMapping);
 
         // Now the user can read and write but not admin
         client.groups().byGroupId(GroupId.DEFAULT.getRawGroupIdWithDefaultString()).artifacts().get();
@@ -132,15 +133,17 @@ public void testLocalRoles() throws Exception {
         var adminMapping = new UpdateRole();
         adminMapping.setRole(RoleType.ADMIN);
 
-        clientAdmin.admin().roleMappings().byPrincipalId(JWKSMockServer.NO_ROLE_CLIENT_ID).put(adminMapping);
+        clientAdmin.admin().roleMappings().byPrincipalId(KeycloakTestContainerManager.NO_ROLE_CLIENT_ID)
+                .put(adminMapping);
 
         // Now the user can do everything
         client.groups().byGroupId(GroupId.DEFAULT.getRawGroupIdWithDefaultString()).artifacts().get();
         client.groups().byGroupId(UUID.randomUUID().toString()).artifacts().post(createArtifact);
         client.admin().rules().post(createRule);
 
         // Now delete the role mapping
-        clientAdmin.admin().roleMappings().byPrincipalId(JWKSMockServer.NO_ROLE_CLIENT_ID).delete();
+        clientAdmin.admin().roleMappings().byPrincipalId(KeycloakTestContainerManager.NO_ROLE_CLIENT_ID)
+                .delete();
 
     }
 }

app/src/test/java/io/apicurio/registry/auth/AuthTestNoRoles.java

@@ -15,7 +15,7 @@
 import io.apicurio.registry.types.ContentTypes;
 import io.apicurio.registry.utils.tests.ApicurioTestTags;
 import io.apicurio.registry.utils.tests.AuthTestProfile;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
 import io.apicurio.registry.utils.tests.TestUtils;
 import io.kiota.http.vertx.VertXRequestAdapter;
 import io.quarkus.test.junit.QuarkusTest;
@@ -43,27 +43,27 @@ public class AuthTestNoRoles extends AbstractResourceTestBase {
     @Override
     protected RegistryClient createRestClientV3(Vertx vertx) {
         var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         return new RegistryClient(adapter);
     }
 
     @Test
     public void testWrongCreds() throws Exception {
         var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.WRONG_CREDS_CLIENT_ID, "test55"));
+                authServerUrlConfigured, KeycloakTestContainerManager.WRONG_CREDS_CLIENT_ID, "test55"));
         adapter.setBaseUrl(registryV3ApiUrl);
         RegistryClient client = new RegistryClient(adapter);
         var exception = Assertions.assertThrows(Exception.class, () -> {
             client.groups().byGroupId(groupId).artifacts().get();
         });
-        assertTrue(exception.getMessage().contains("Unauthorized"));
+        assertTrue(exception.getMessage().contains("unauthorized"));
     }
 
     @Test
     public void testAdminRole() throws Exception {
         var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         RegistryClient client = new RegistryClient(adapter);
         String artifactId = TestUtils.generateArtifactId();

app/src/test/java/io/apicurio/registry/auth/AuthTestProfileBasicClientCredentials.java

@@ -14,7 +14,7 @@
 import io.apicurio.registry.types.ContentTypes;
 import io.apicurio.registry.utils.tests.ApicurioTestTags;
 import io.apicurio.registry.utils.tests.AuthTestProfile;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
 import io.apicurio.registry.utils.tests.TestUtils;
 import io.kiota.http.vertx.VertXRequestAdapter;
 import io.quarkus.test.junit.QuarkusTest;
@@ -42,16 +42,16 @@ public class AuthTestProfileBasicClientCredentials extends AbstractResourceTestB
 
     @Override
     protected RegistryClient createRestClientV3(Vertx vertx) {
-        var adapter = new VertXRequestAdapter(
-                buildOIDCWebClient(vertx, authServerUrl, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+        var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrl,
+                KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         return new RegistryClient(adapter);
     }
 
     @Test
     public void testWrongCreds() throws Exception {
-        var adapter = new VertXRequestAdapter(
-                buildSimpleAuthWebClient(vertx, JWKSMockServer.WRONG_CREDS_CLIENT_ID, "test55"));
+        var adapter = new VertXRequestAdapter(buildSimpleAuthWebClient(vertx,
+                KeycloakTestContainerManager.WRONG_CREDS_CLIENT_ID, "test55"));
         adapter.setBaseUrl(registryV3ApiUrl);
         RegistryClient client = new RegistryClient(adapter);
         var exception = Assertions.assertThrows(Exception.class, () -> {
@@ -63,7 +63,7 @@ public void testWrongCreds() throws Exception {
     @Test
     public void testBasicAuthClientCredentials() throws Exception {
         var adapter = new VertXRequestAdapter(
-                buildSimpleAuthWebClient(vertx, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+                buildSimpleAuthWebClient(vertx, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         RegistryClient client = new RegistryClient(adapter);
         String artifactId = TestUtils.generateArtifactId();

app/src/test/java/io/apicurio/registry/auth/HeaderRoleSourceTest.java

@@ -11,7 +11,7 @@
 import io.apicurio.registry.types.ContentTypes;
 import io.apicurio.registry.utils.tests.ApicurioTestTags;
 import io.apicurio.registry.utils.tests.AuthTestProfileWithHeaderRoles;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
 import io.apicurio.registry.utils.tests.TestUtils;
 import io.kiota.http.vertx.VertXRequestAdapter;
 import io.quarkus.test.junit.QuarkusTest;
@@ -41,8 +41,8 @@ public class HeaderRoleSourceTest extends AbstractResourceTestBase {
 
     @Override
     protected RegistryClient createRestClientV3(Vertx vertx) {
-        var adapter = new VertXRequestAdapter(
-                buildOIDCWebClient(vertx, authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+        var adapter = new VertXRequestAdapter(buildOIDCWebClient(vertx, authServerUrlConfigured,
+                KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         return new RegistryClient(adapter);
     }
@@ -57,22 +57,22 @@ public void testLocalRoles() throws Exception {
         rule.setRuleType(io.apicurio.registry.rest.client.models.RuleType.VALIDITY);
 
         var noRoleAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.NO_ROLE_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.NO_ROLE_CLIENT_ID, "test1"));
         noRoleAdapter.setBaseUrl(registryV3ApiUrl);
         var noRoleClient = new RegistryClient(noRoleAdapter);
 
         var readAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.READONLY_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.READONLY_CLIENT_ID, "test1"));
         readAdapter.setBaseUrl(registryV3ApiUrl);
         var readClient = new RegistryClient(readAdapter);
 
         var devAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.DEVELOPER_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.DEVELOPER_CLIENT_ID, "test1"));
         devAdapter.setBaseUrl(registryV3ApiUrl);
         var devClient = new RegistryClient(devAdapter);
 
         var adminAdapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adminAdapter.setBaseUrl(registryV3ApiUrl);
         var adminClient = new RegistryClient(adminAdapter);
 

app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java

@@ -7,7 +7,7 @@
 import io.apicurio.registry.rest.client.RegistryClient;
 import io.apicurio.registry.utils.tests.ApicurioTestTags;
 import io.apicurio.registry.utils.tests.AuthTestProfile;
-import io.apicurio.registry.utils.tests.JWKSMockServer;
+import io.apicurio.registry.utils.tests.KeycloakTestContainerManager;
 import io.apicurio.registry.utils.tests.TestUtils;
 import io.kiota.http.vertx.VertXRequestAdapter;
 import io.quarkus.test.junit.QuarkusTest;
@@ -36,15 +36,15 @@ public class MojoAuthTest extends RegistryMojoTestBase {
 
     String clientSecret = "test1";
 
-    String clientScope = "testScope";
+    String clientScope = "openid";
 
-    String testUsername = "sr-test-user";
-    String testPassword = "sr-test-password";
+    String testUsername = "developer-client";
+    String testPassword = clientSecret;
 
     @Override
     protected RegistryClient createRestClientV3(Vertx vertx) {
         var adapter = new VertXRequestAdapter(VertXAuthFactory.buildOIDCWebClient(vertx,
-                authServerUrlConfigured, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
+                authServerUrlConfigured, KeycloakTestContainerManager.ADMIN_CLIENT_ID, "test1"));
         adapter.setBaseUrl(registryV3ApiUrl);
         return new RegistryClient(adapter);
     }
@@ -56,7 +56,7 @@ public void testRegister() throws IOException, MojoFailureException, MojoExecuti
         RegisterRegistryMojo registerRegistryMojo = new RegisterRegistryMojo();
         registerRegistryMojo.setRegistryUrl(TestUtils.getRegistryV3ApiUrl(testPort));
         registerRegistryMojo.setAuthServerUrl(authServerUrlConfigured);
-        registerRegistryMojo.setClientId(JWKSMockServer.ADMIN_CLIENT_ID);
+        registerRegistryMojo.setClientId(KeycloakTestContainerManager.ADMIN_CLIENT_ID);
         registerRegistryMojo.setClientSecret(clientSecret);
         registerRegistryMojo.setClientScope(clientScope);