Closed thomasdarimont closed 2 years ago
DId you see/test the current implementation?
https://github.com/adorsys/keycloak-config-cli/blob/main/docs/FEATURES.md#user---initial-password
More context: #489 #493
@jkroepke thanks for the quick response!
I totally missed that! This solves my problem,thanks!
Problem Statement
Given a realm configuration with default users, consecutive
keycloak-config-cli
runs fail with HTTP 400 Bad Request ifIMPORT_FORCE=true
is used and the password policypasswordHistory(1)
is enabled for a realm with default users that have a password set.Keycloak stack-trace:
See the bug.yaml for reference.
The problem is that
keycloak-config-cli
just tries to apply the same configuration (user password) again, which then triggers thepasswordHistory(1)
.Proposed Solution
The Keycloak Terraform provider uses a dedicated
initial_password
attribute to avoid "password history" password policies to be triggered on consecutive runs.It would be helpful if the
keycloak-config-cli
would offer a similar synthetic(?) property like__initialCredentials
on the user object, that is only used for user creation. This would effectively avoid this problem.Environment
Additional information
bug.yaml:
Command:
Acceptance Criteria