Improve the way OIDC init failures are handled

[sberyozkin]

Fixes #16725

This PR:

• restores the OIDC server failing to start if auth-server-url is invalid and logs the message
• keeps attempting recovering the connection if the URL is valid when the requests arrive and logs the message
• if auth-server-url is empty and it is a DEV mode - lets server to start - this is typical scenario for starting with dev mode after for ex generating a test project - but fails to start if it is not a DEV mode
• test showing the recovery in action is added - the mock server is started after the Quarkus endpoint has been initialized
• updated the retry code to report ConnectException as opposed to IllegalStateException which is reported right now when the retries are exhausted

Going forward we can also do:

• always fail as it used to be a case - but only if the system property is set
• let users handle the OIDC startup events - and fail only of the user handler confirms it is needed, etc

[quarkus-bot]

This workflow status is outdated as a new workflow run has been triggered.

Failing Jobs - Building 2fcafe7

⚠️ Artifacts of the workflow run were not available thus the report misses some details.

Status	Name	Step	Test failures	Logs	Raw logs
⌛	Initial JDK 11 Build		⚠️ Check →	Logs	Raw logs
⌛	Attach pull request number		⚠️ Check →	Logs	Raw logs
⌛	CI Sanity Check		⚠️ Check →	Logs	Raw logs
🚫	Devtools Tests - JDK ${{ matrix.java.name }}
🚫	Devtools Tests - JDK 11 Windows
🚫	Gradle Tests - JDK 11 ${{ matrix.os.family }}
🚫	JVM Tests - JDK ${{ matrix.java.name }}
🚫	JVM Tests - JDK 11 Windows
🚫	Maven Tests - JDK ${{ matrix.java.name }}
🚫	Maven Tests - JDK 11 Windows
🚫	MicroProfile TCKs Tests
🚫	Native Tests - ${{ matrix.category }}
⌛	Native Tests - Read JSON matrix		⚠️ Check →	Logs	Raw logs
🚫	Native Tests - Windows - ${{ matrix.category }}

[quarkus-bot]

This workflow status is outdated as a new workflow run has been triggered.

Failing Jobs - Building 4ae75ad

Status	Name	Step	Test failures	Logs	Raw logs
✖	JVM Tests - JDK 11	Build	Test failures	Logs	Raw logs
✔️	JVM Tests - JDK 15

Full information is available in the Build summary check run.

Test Failures

⚙️ JVM Tests - JDK 11 #

📦 extensions/oidc/deployment

✖ io.quarkus.oidc.test.CodeFlowDevModeDefaultTenantTestCase.testAccessAndRefreshTokenInjectionDevMode - More details - Source on GitHub

✖ io.quarkus.oidc.test.CodeFlowDevModeTestCase.testAccessAndRefreshTokenInjectionDevMode - More details - Source on GitHub

✖ io.quarkus.oidc.test.SecurityDisabledTestCase. - More details - Source on GitHub

[sberyozkin]

There was a Keycloak image pull problem which cause a test failure - but I had to restart

[quarkus-bot]

This workflow status is outdated as a new workflow run has been triggered.

Failing Jobs - Building 4ae75ad

Status	Name	Step	Test failures	Logs	Raw logs
✔️	JVM Tests - JDK 11
✖	JVM Tests - JDK 15	Build	Test failures	Logs	Raw logs
✖	Native Tests - Security3	Build	⚠️ Check →	Logs	Raw logs

Full information is available in the Build summary check run.

Test Failures

⚙️ JVM Tests - JDK 15 #

📦 extensions/oidc/deployment

✖ io.quarkus.oidc.test.CodeFlowDevModeDefaultTenantTestCase.testAccessAndRefreshTokenInjectionDevMode - More details - Source on GitHub

✖ io.quarkus.oidc.test.CodeFlowDevModeTestCase.testAccessAndRefreshTokenInjectionDevMode - More details - Source on GitHub

✖ io.quarkus.oidc.test.SecurityDisabledTestCase. - More details - Source on GitHub

[sberyozkin]

Seeing

Failed to execute goal io.fabric8:docker-maven-plugin:0.31.0:start (docker-start) on project quarkus-integration-test-keycloak-authorization: I/O Error: Unable to pull 'quay.io/keycloak/keycloak:12.0.4' from registry 'quay.io' : filesystem layer verification failed for digest sha256:76cc9a281497e32fd06bee0e3bbcb1d9610db913f8811425beb8f491af8af0ac -> [Help 1]

will retry tomorrow

[quarkus-bot]

This workflow status is outdated as a new workflow run has been triggered.

🚫 This workflow run has been cancelled.

Failing Jobs - Building 7199cd3

Status	Name	Step	Test failures	Logs	Raw logs
✖	JVM Tests - JDK 11	Build	Test failures	Logs	Raw logs
✔️	JVM Tests - JDK 15
⌛	Native Tests - Misc4		⚠️ Check →	Logs	Raw logs
⌛	Native Tests - Security2	Build	Test failures	Logs	Raw logs
✖	Native Tests - Security3	Build	⚠️ Check →	Logs	Raw logs
⌛	Native Tests - Spring		⚠️ Check →	Logs	Raw logs
⌛	Native Tests - gRPC		⚠️ Check →	Logs	Raw logs

Full information is available in the Build summary check run.

Test Failures

⚙️ JVM Tests - JDK 11 #

📦 extensions/oidc/deployment

✖ io.quarkus.oidc.test.CodeFlowDevModeDefaultTenantTestCase.testAccessAndRefreshTokenInjectionDevMode - More details - Source on GitHub

✖ io.quarkus.oidc.test.CodeFlowDevModeTestCase.testAccessAndRefreshTokenInjectionDevMode - More details - Source on GitHub

✖ io.quarkus.oidc.test.SecurityDisabledTestCase. - More details - Source on GitHub

---

⚙️ Native Tests - Security2 #

📦 integration-tests/oidc

✖ io.quarkus.it.keycloak.BearerTokenAuthorizationInGraalITCase.testAccessAdminResourceCustomHeaderNoBearerScheme - More details - Source on GitHub

[sberyozkin]

Hi @pedroigor oh thanks :-), was just about to update you I've added a config property :-)
cheers

[sberyozkin]

Adding a backport label given that before 1.13.1 it was failing immediately in case of the invalid/badly structured URL which this PR restores - but it is probably not critical

[gsmet]

This one cannot be backported because you remove extensions/oidc/deployment/src/test/java/io/quarkus/oidc/test/KeycloakDevModeRealmResourceManager.java which is used by some tests in 1.13.