Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-1453

[GHI#29072] Startup probe should check for existence of an Admin user before returning 200

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      dist/quarkus

      Describe the bug

      As described in previous issue that was converted into discussion and can be seen at [0] we ran into a problem when trying to use Keycloak Admin user in our test environment right after Keycloak has been started.

      Currently, all Keycloak startup probes return 200 before Admin user is created and 5 out of 10 times API call with Admin user right after the startup will fail as there is a sligh delay between container being marked as ready for requests and admin user being created.

      [0] https://github.com/keycloak/keycloak/discussions/29047#discussioncomment-9220749

      Version

      24.0.3

      Regression

      [ ] The issue is a regression

      Expected behavior

      I'd expect that Keycloak is not marked as ready via startup probe until the Admin User has been created, as it can't reliably be used in such scenario

      Actual behavior

      Keycloak is marked as ready before the Admin User has been created, resulting in 401 when calling API right after startup

      How to Reproduce?

      Easiest case was to use parallel integratin testing with testcontainers framework and running Keycloak in a Docker container. I don't have a reproducer ready, but integration tests in https://github.com/dasniko/testcontainers-keycloak will fail if the startup probe is switched back to HTTP Probe and tests are run in parallel. The issue is fixed in latest git revision, but part of the commit can be reverted while retaining the parallel tests. https://github.com/dasniko/testcontainers-keycloak/commit/44339a3c6592eeef74f702806e13d6bc6db6b7ca

      Anything else?

      I am filling this issue as suggested in the discussion https://github.com/keycloak/keycloak/discussions/29047

            Unassigned Unassigned
            pvlha Pavel Vlha
            Keycloak Cloud Native
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: