Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-3907

DockerClientTest failure [GHI#44117]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      testsuite

      Describe the bug

      The test DockerClientTest is failing recently. The error is the following:

      2025-11-11T11:18:53.5271268Z DockerClientTest ++ STDOUT: Using default tag: latest
2025-11-11T11:18:53.5272006Z DockerClientTest ++ The push refers to repository [localhost:5000/empty]
2025-11-11T11:18:53.5272635Z DockerClientTest ++ 
2025-11-11T11:18:53.5273017Z DockerClientTest ++ ---
2025-11-11T11:18:53.5274740Z DockerClientTest ++ STDERR: failed to authorize: failed to fetch oauth token: Post "https://172.17.0.1:8543/auth/realms/docker-test-realm/protocol/docker-v2/auth": tls: failed to verify certificate: x509: cannot validate certificate for 172.17.0.1 because it doesn't contain any IP SANs
2025-11-11T11:18:53.5276480Z DockerClientTest ++ 
2025-11-11T11:18:53.5277240Z DockerClientTest ++ 11:16:40,533 INFO  [org.keycloak.testsuite.docker.DockerClientTest] calling all TestCleanup
2025-11-11T11:18:53.5278361Z DockerClientTest ++ 11:16:40,576 INFO  [org.keycloak.testsuite.util.WaitUtils] Wait: 5000ms
2025-11-11T11:18:53.5279839Z DockerClientTest ++ 11:16:45,678 ERROR [org.keycloak.testsuite.docker.DockerClientTest] [DockerClientTest] shouldPerformDockerAuthAgainstRegistry() FAILED
2025-11-11T11:18:53.5281926Z DockerClientTest ++ 11:16:45,678 INFO  [org.keycloak.testsuite.docker.DockerClientTest] [DockerClientTest] shouldPerformDockerAuthAgainstRegistry() FINISHED
2025-11-11T11:18:53.5283114Z DockerClientTest ++ 
2025-11-11T11:18:53.5283503Z DockerClientTest ++ 
2025-11-11T11:18:53.5283895Z DockerClientTest ++ Log has ended

      So I suppose docker is checking now the SANs extensions in the certificate and TLS is failing. This test creates a docker registry and configures it to use keycloak. So the IP is the host network in the runner. My vote is to use plain http for this test.

      Version

      999.0.0-SNAPSHOT

      Regression

      [ ] The issue is a regression

      Expected behavior

      Test should work OK.

      Actual behavior

      Test failure .

      How to Reproduce?

      See for example this run: https://github.com/keycloak/keycloak/actions/runs/19263277490/job/55073417805?pr=44030

      Anything else?

      No response

              Unassigned Unassigned
              pvlha Pavel Vlha
              Keycloak Core Clients
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: