From 37c6bbef22433b1df8db4f2ad0e8865d682a8bda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= <mvavrik@redhat.com>
Date: Sun, 2 Apr 2023 09:54:27 +0200
Subject: [PATCH] Disable OpenAPI definition check for allowed roles in
 security scheme

Disables assertion of roles allowed to access path in generated OpenAPI definition. We already had to [disable same check for OIDC classic](https://github.com/quarkus-qe/quarkus-test-suite/pull/1129) and now that [daily build # 779 failed](https://github.com/quarkus-qe/quarkus-test-suite/actions/runs/4585690826/jobs/8098110705), we know it is also affected by https://github.com/quarkusio/quarkus/issues/32112
---
 .../reactive/extended/OpenApiStoreSchemaIT.java          | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/security/keycloak-oidc-client-reactive-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/reactive/extended/OpenApiStoreSchemaIT.java b/security/keycloak-oidc-client-reactive-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/reactive/extended/OpenApiStoreSchemaIT.java
index b826e1f3d4..2465df4f1f 100644
--- a/security/keycloak-oidc-client-reactive-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/reactive/extended/OpenApiStoreSchemaIT.java
+++ b/security/keycloak-oidc-client-reactive-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/reactive/extended/OpenApiStoreSchemaIT.java
@@ -83,13 +83,14 @@ private void assertContent(JsonObject content) {
         assertTrue(content.getJsonObject("paths").containsKey("/rest-pong"), "Missing expected path: /rest-pong");
 
         // verify that path /secured/admin is only accessible by user with role 'admin'
-        var expectedRole = getRequiredRoleForPath(content, "/secured/admin");
-        assertEquals("admin", expectedRole);
+        // var expectedRole = getRequiredRoleForPath(content, "/secured/admin");
+        // assertEquals("admin", expectedRole);
 
         // verify that path /secured/getClaimsFromBeans is accessible by any authenticated user
-        expectedRole = getRequiredRoleForPath(content, "/secured/getClaimsFromBeans");
+        // TODO: enable when https://github.com/quarkusio/quarkus/issues/32112 get fixed
+        // expectedRole = getRequiredRoleForPath(content, "/secured/getClaimsFromBeans");
         // note: '**' is equivalent of @Authenticated and @RolesAllowed("**")
-        assertEquals("**", expectedRole);
+        // assertEquals("**", expectedRole);
 
         // verify 'oidc' security schema
         var securitySchema = content