search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.94k stars 9.18k forks source link

[bitnami/keycloak-config-cli] Importing Realm With Identity Provider Error #29851

Open a-priestley opened 1 week ago

a-priestley commented 1 week ago

Name and Version

bitnami/keycloak-config-cli:6.1.6-debian-12-r4

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Using the bitnami/keycloak Helm chart version 24 (keycloak version 26)
  2. Configure keycloak-config-cli with a realm using an identity-provider: 
    keycloakConfigCli:
configuration:
test.json: |
  {
    "realm" : "test",
    "identityProviders": [
      {
        "alias": "my-idp"
        // rest of config
      }
    ]
  }
  3. Deploy using helm
  4. Note the following error in the config-cli logs: 
    2024-10-09T13:47:27.499Z ERROR 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : jakarta.ws.rs.ProcessingEx
ception: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "hideOnLogin" (class org.keycl
oak.representations.idm.IdentityProviderRepresentation), not marked as ignorable (15 known properties: "enabled", "firstBrok
erLoginFlowAlias", "trustEmail", "linkOnly", "providerId", "displayName", "alias", "postBrokerLoginFlowAlias", "addReadToken
RoleOnCreate", "authenticateByDefault", "internalId", "updateProfileFirstLogin", "updateProfileFirstLoginMode", "config", "s
toreToken"])                                                                                                                
at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 317] (through reference ch
ain: java.util.ArrayList[0]->org.keycloak.representations.idm.IdentityProviderRepresentation["hideOnLogin"])                
2024-10-09T13:47:27.500Z  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : keycloak-config-cli ran in
00:05.701.
  5. Also note that although the deployment status is marked as "failed", the realm import goes ahead.

What is the expected behavior?

When exporting a realm as json manually, we can see that hideOnLogin is included as a property of identityProviders. keycloak-config-cli should identify hideOnLogin as a valid field for identityProviders.

What do you see instead?

The error above suggests that keycloak-config-cli does not currently have the correct definition for the property in question.

Additional information

Checking the upstream source, note that a similar definition exists, but it is nested within the config property, and possesses the name hideOnLoginPage.

carrodher commented 1 week ago

Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

rblaine95 commented 1 week ago

This appears to be due to Keycloak Config CLI not currently supporting Keycloak 26 (https://github.com/adorsys/keycloak-config-cli/issues/1160)

2024-10-11T09:05:15.634Z  WARN 1 --- [           main] d.a.k.config.provider.KeycloakProvider   : Local keycloak-config-cli (6.1.6-25.0.1) and remote Keycloak (26.0.0) may not compatible.
2024-10-11T09:05:16.147Z ERROR 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : jakarta.ws.rs.ProcessingException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "hideOnLogin" (class org.keycloak.representations.idm.IdentityProviderRepresentation), not marked as ignorable (15 known properties: "enabled", "firstBrokerLoginFlowAlias", "trustEmail", "linkOnly", "providerId", "displayName", "alias", "postBrokerLoginFlowAlias", "addReadTokenRoleOnCreate", "authenticateByDefault", "internalId", "updateProfileFirstLogin", "updateProfileFirstLoginMode", "config", "storeToken"])
 at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 314] (through reference chain: java.util.ArrayList[0]->org.keycloak.representations.idm.IdentityProviderRepresentation["hideOnLogin"])

I am experiencing this in testing upgrading bitnami/keycloak 22 -> 23 -> 24.

$ k get job keycloak-keycloak-config-cli -o yaml | grep image
        image: docker.io/bitnami/keycloak-config-cli:6.1.6-debian-12-r4
$ k get job keycloak-keycloak-config-cli -o jsonpath='{.metadata.labels}' | jq
{
  "app.kubernetes.io/component": "keycloak-config-cli",
  "app.kubernetes.io/instance": "keycloak",
  "app.kubernetes.io/managed-by": "Helm",
  "app.kubernetes.io/name": "keycloak",
  "app.kubernetes.io/version": "26.0.0",
  "helm.sh/chart": "keycloak-24.0.0",
  "tags.datadoghq.com/env": "local",
  "tags.datadoghq.com/service": "keycloak",
  "tags.datadoghq.com/version": "26.0.0"
}