Forgerock OAuth provider

[bddvlpr]

Description

This PR adds ForgeRock as a supported OAuth2 identity provider. While writing it up I noticed that the new Keycloak provider (committed 4 days ago) would have been a line-for-line copy of this OIDC pipeline. Rather than duplicating it I've abstracted the process into a shared OIDC provider and reduced both the new Keycloak and ForgeRock providers to thin subclasses. \

Perhaps in the future this should be handled as an unbound provider (just a generic OIDC provider, pluggable with any OIDC-compliant server), but for now, this'll do.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Currently only tested against a mock setup, hence why this is a draft. Moved (and merged) the keycloak test into the abstraction layer test.

How did you try to break this feature and the system with this change?

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache CloudStack community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md)
Here are some useful points:

• In case of a new feature add useful documentation (raise doc PR at https://github.com/apache/cloudstack-documentation)
• Be patient and persistent. It might take some time to get a review or get the final approval from the committers.
• Pay attention to the quality of your code, ensure tests are passing and your PR doesn't have conflicts.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Issues, Mailing list and Slack.
• Be sure to read the CloudStack Coding Conventions.
  Apache CloudStack is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: dev@cloudstack.apache.org (https://cloudstack.apache.org/mailing-lists.html)
  Slack: https://apachecloudstack.slack.com/

[weizhouapache]

@bddvlpr
good job !

[codecov]

Codecov Report

❌ Patch coverage is 65.11628% with 30 lines in your changes missing coverage. Please review.
✅ Project coverage is 18.94%. Comparing base (82986f6) to head (3284edd).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...dstack/oauth2/oidc/AbstractOIDCOAuth2Provider.java	74.66%	13 Missing and 6 partials ⚠️
...tack/oauth2/forgerock/ForgeRockOAuth2Provider.java	0.00%	7 Missing ⚠️
...k/oauth2/api/command/RegisterOAuthProviderCmd.java	0.00%	2 Missing and 1 partial ⚠️
...dstack/oauth2/keycloak/KeycloakOAuth2Provider.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #13499   +/-   ##
=========================================
  Coverage     18.94%   18.94%           
- Complexity    18363    18365    +2     
=========================================
  Files          6192     6194    +2     
  Lines        556361   556380   +19     
  Branches      67908    67909    +1     
=========================================
+ Hits         105397   105413   +16     
- Misses       439393   439394    +1     
- Partials      11571    11573    +2     

Flag	Coverage Δ
uitests	3.51% <ø> (-0.01%)	⬇️
unittests	20.15% <65.11%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[DaanHoogland]

@blueorangutan package

[blueorangutan]

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 18391

[DaanHoogland]

clgtm. I don’t think the current smoke test suite makes sense for this PR. manual testing needed.