Closed bvegso closed 9 months ago
omitempty
from the PublicClient
property in the API type KeycloakAPIClient
, that broke all of the testskeycloak-config-cli
works to see if it has a default for the setting in the client representation: it relies on org.keycloak.representations.idm.ClientRepresentation
and i could not find any relevant code for setting a default for this valueThanks for the detailed report. Interesting, this might require an api change to have these bools as pointers instead. I first have to figure out if there are other similar fields and if this is just since kc v23.
so the suspicion is that this was working with Keycloak 22.x? i will try that
so the suspicion is that this was working with Keycloak 22.x? i will try that
I just verified this with v20.x and there is the same problem.
v2.1.0 was released with a fix for this. Thanks for reporting.
verified, works, thanks heaps.
note: i had to uninstall the chart, remove the "latest" v2.0.7 ghcr.io/doodlescheduling/keycloak-controller
image from minikube manually and re-deploy the chart for keycloak-controller to start using the v2.1.0 "latest" image.
UPDATE: not sure how this happened, but when i first applied the v2.1.0 chart, it had "latest" image reference in my pod:
% k describe pod -n idp keycloak-controller-69776bd655-qsg7w
Name: keycloak-controller-69776bd655-qsg7w
...
Containers:
keycloak-controller:
Container ID: docker://1dc581c5098e9aae333b6c8296f4b2138aaadb4b0aba05b7e0555adc79122f4d
Image: ghcr.io/doodlescheduling/keycloak-controller:latest
Image ID: docker-pullable://ghcr.io/doodlescheduling/keycloak-controller@sha256:696db80f336b481742557d20edd3945a7c4f618b46efe32addf5ad702c953411
but now after having removed the 2.1.0 chart and reinstalled 2.1.0, it looks as expected:
% k describe pod -n idp keycloak-controller-6b56cbf59-fms4c
Name: keycloak-controller-6b56cbf59-fms4c
...
Containers:
keycloak-controller:
Container ID: docker://afd6df7f4d08b4ab0ce90883e411d783010f28e0a94e1845088250dd2d44fe3e
Image: ghcr.io/doodlescheduling/keycloak-controller:v2.1.0
Image ID: docker-pullable://ghcr.io/doodlescheduling/keycloak-controller@sha256:b6d8f1fb937f9e5164b160b41abd7e8280c709329a73be00227a32a2f17416bd
Describe the bug
When I deploy the controller and create a KeycloakRealm and a KeycloakClient for that realm, if Client Authentication needs to be enabled, I have to specify
client.spec.publicClient: false
. This gets translated into a REST API request containing"publicClient":true
in the end and Client Authentication is not enabled. I found the reason to be that in keycloak-controller,publicClient
is omitted from the generatedrealm.json
because it is boolean false, and the property hasomitempty
specified: https://github.com/DoodleScheduling/keycloak-controller/blob/0eec656cc41362d6e026622515604de54ef7a546/api/v1beta1/keycloakclient_types.go#L133C4-L133C4Note:
latest
tag is used foradorsys/keycloak-config-cli
bacauselatest-23.0.3
does not exist. At the time of writing,latest
has digest73a3369546ac
(which islatest-23.0.1
)Note: the client was created on the Keycloak 23.0.3 UI and exported as JSON, converted to YAML and added to the KeyclockClient resource descriptor.
The custom resources:
In the reconciler pod, the generated
realm.json
does not have thepublicClient
property, as expected, in line withomitempty
:In keycloak-config-cli, the request contains a
true
value forpublicClient
:To Reproduce
Steps to reproduce the behavior:
test4-client-secret
in realmtest-realm
.Expected behavior
Client Authentication should be enabled for client
test4-client-secret
in realmtest-realm
Environment
Additional context
Minikube running on Docker Desktop 4.26.1 (131620) on MacOS 14.2.1 on Intel.