-
Bug
-
Resolution: Done
-
Undefined
-
None
-
False
-
-
False
-
-
Before reporting an issue
[X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
dist/quarkus
Describe the bug
As described in previous issue that was converted into discussion and can be seen at [0] we ran into a problem when trying to use Keycloak Admin user in our test environment right after Keycloak has been started.
Currently, all Keycloak startup probes return 200 before Admin user is created and 5 out of 10 times API call with Admin user right after the startup will fail as there is a sligh delay between container being marked as ready for requests and admin user being created.
[0] https://github.com/keycloak/keycloak/discussions/29047#discussioncomment-9220749
Version
24.0.3
Regression
[ ] The issue is a regression
Expected behavior
I'd expect that Keycloak is not marked as ready via startup probe until the Admin User has been created, as it can't reliably be used in such scenario
Actual behavior
Keycloak is marked as ready before the Admin User has been created, resulting in 401 when calling API right after startup
How to Reproduce?
Easiest case was to use parallel integratin testing with testcontainers framework and running Keycloak in a Docker container. I don't have a reproducer ready, but integration tests in https://github.com/dasniko/testcontainers-keycloak will fail if the startup probe is switched back to HTTP Probe and tests are run in parallel. The issue is fixed in latest git revision, but part of the commit can be reverted while retaining the parallel tests. https://github.com/dasniko/testcontainers-keycloak/commit/44339a3c6592eeef74f702806e13d6bc6db6b7ca
Anything else?
I am filling this issue as suggested in the discussion https://github.com/keycloak/keycloak/discussions/29047
- links to