Add ExternalOIDCWithUpstreamParity e2e tests

Author: xingxingxia

test/extended/authentication/keycloak_client.go

@@ -66,6 +66,10 @@ func (kc *keycloakClient) CreateGroup(name string) error {
 	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusCreated {
+		// If the group already exists (409 Conflict), that's fine - we can reuse it
+		if resp.StatusCode == http.StatusConflict {
+			return nil
+		}
 		respBytes, _ := io.ReadAll(resp.Body)
 		return fmt.Errorf("failed creating group %q: %s - %s", name, resp.Status, respBytes)
 	}
@@ -131,6 +135,43 @@ func (kc *keycloakClient) CreateUser(username, password string, groups ...string
 	return nil
 }
 
+func (kc *keycloakClient) CreateUserWithEmail(username, email, password string, groups ...string) error {
+	userURL := kc.adminURL.JoinPath("users")
+
+	user := user{
+		Username:      username,
+		Email:         email,
+		Enabled:       true,
+		EmailVerified: true,
+		Groups:        groups,
+		Credentials: []credential{
+			{
+				Temporary: false,
+				Type:      credentialTypePassword,
+				Value:     password,
+			},
+		},
+	}
+
+	userBytes, err := json.Marshal(user)
+	if err != nil {
+		return fmt.Errorf("marshalling user configuration %v", user)
+	}
+
+	resp, err := kc.DoRequest(http.MethodPost, userURL.String(), runtime.ContentTypeJSON, true, bytes.NewBuffer(userBytes))
+	if err != nil {
+		return fmt.Errorf("sending POST request to %q to create user %v", userURL.String(), user)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusCreated {
+		respBytes, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("failed creating user %v: %s - %s", user, resp.Status, respBytes)
+	}
+
+	return nil
+}
+
 type authenticationResponse struct {
 	AccessToken      string `json:"access_token"`
 	IDToken          string `json:"id_token"`