search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.62k stars 8.99k forks source link

[bitnami/keycloak] keycloakConfigCli parameter is not working in 3.x.x chart version #6823

Closed ruzickap closed 2 years ago

ruzickap commented 3 years ago

Which chart: bitnami/keycloak

Describe the bug

keycloakConfigCli parameter stopped working when using helm chart version 3.x.x

keycloakConfigCli:
  enabled: true
  configuration:
    myrealm.yaml: |
      realm: myrealm
      enabled: true
      displayName: My Realm

This is working fine for helm chart version 2.x.x ...

To Reproduce

I used the current keycloak helm chart with the keycloakConfigCli:

keycloakConfigCli:
  enabled: true
  configuration:
    myrealm.yaml: |
      realm: myrealm
      enabled: true
      displayName: My Realm

The keycloak-keycloak-config-cli pods are failing:

kubectl get pods -n keycloak
NAME                                 READY   STATUS    RESTARTS   AGE
keycloak-0                           1/1     Running   0          75s
keycloak-keycloak-config-cli-htwj2   0/1     Error     0          11s
keycloak-keycloak-config-cli-rwkr6   0/1     Error     0          75s
keycloak-postgresql-0                1/1     Running   0          75s

Here is the log:

kubectl logs -n keycloak keycloak-keycloak-config-cli-htwj2
2021-07-01 18:19:33.272  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : Starting KeycloakConfigApplication v3.4.0 using Java 11.0.11 on keycloak-keycloak-config-cli-htwj2 with PID 1 (/opt/bitnami/keycloak-config-cli/keycloak-config-cli-12.0.4.jar started by ? in /opt/bitnami/keycloak-config-cli)
2021-07-01 18:19:33.275  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : No active profile set, falling back to default profiles: default
2021-07-01 18:19:34.074  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : Started KeycloakConfigApplication in 1.474 seconds (JVM running for 2.079)
2021-07-01 18:19:34.834  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : Importing file '/config/myrealm.yaml'
2021-07-01 18:19:34.840  INFO 1 --- [           main] d.a.k.config.provider.KeycloakProvider   : Wait 120 seconds until http://keycloak-headless:8080/auth is available ...
2021-07-01 18:19:35.768 ERROR 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : javax.ws.rs.ProcessingException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "oauth2DeviceCodeLifespan" (class org.keycloak.representations.idm.RealmRepresentation), not marked as ignorable (130 known properties: "userFederationMappers", "rememberMe", "duplicateEmailsAllowed", "adminEventsDetailsEnabled", "users", "clientOfflineSessionMaxLifespan", "webAuthnPolicyRequireResidentKey", "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister", "components", "otpPolicyType", "accessCodeLifespanUserAction", "id", "webAuthnPolicyAttestationConveyancePreference", "enabledEventTypes", "applications", "webAuthnPolicyPasswordlessSignatureAlgorithms", "eventsListeners", "ssoSessionMaxLifespanRememberMe", "defaultDefaultClientScopes", "webAuthnPolicyPasswordlessCreateTimeout", "clientOfflineSessionIdleTimeout", "notBefore", "publicKey", "smtpServer", "resetPasswordAllowed", "webAuthnPolicyAvoidSameAuthenticatorRegister", "accessTokenLifespanForImplicitFlow", "webAuthnPolicyPasswordlessUserVerificationRequirement", "clientScopes", "internationalizationEnabled", "attributes", "accessTokenLifespan", "passwordCredentialGrantAllowed", "federatedUsers", "applicationScopeMappings", "displayName" [truncated]])
 at [Source: (org.jboss.resteasy.specimpl.AbstractBuiltResponse$InputStreamWrapper); line: 1, column: 837] (through reference chain: org.keycloak.representations.idm.RealmRepresentation["oauth2DeviceCodeLifespan"])
2021-07-01 18:19:35.768  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : keycloak-config-cli running in 00:01.125.

Version of Helm and Kubernetes:

version.BuildInfo{Version:"v3.6.2", GitCommit:"ee407bdf364942bcb8e8c665f82e15aa28009b71", GitTreeState:"dirty", GoVersion:"go1.16.5"}
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.6", GitCommit:"8a62859e515889f07e3e3be6a1080413f17cf2c3", GitTreeState:"clean", BuildDate:"2021-04-15T03:28:42Z", GoVersion:"go1.15.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.4-eks-6b7464", GitCommit:"6b746440c04cb81db4426842b4ae65c3f7035e53", GitTreeState:"clean", BuildDate:"2021-03-19T19:33:03Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
miguelaeh commented 3 years ago

Hi @ruzickap ,

I can see the following in the logs:

 Importing file '/config/myrealm.yaml'

It seems the file is being properly loaded, so the actual error seems to be this one:

com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "oauth2DeviceCodeLifespan"

Could you clarify why that's related to keycloakConfigCli please?

ruzickap commented 3 years ago

The error you mentioned above is in the keycloak-keycloak-config-cli pod. This pod is only started if you use keycloakConfigCli parameter in helm chart (if I understand it well).

marcosbc commented 3 years ago

Thanks for reporting this, I've created an internal task for further investigating this issue. If you happen to find the issue in the meantime, feel free to make a contribution to either the container image or chart, we'd be glad to help with the release process.

benjamin658 commented 3 years ago

We just tried to upgrade the chart version to v4.0.0, and the same issue happens with the same configuration file as v2.4.6.

benjamin658 commented 3 years ago

The workaround is to use another image, and it works as expected.

  keycloakConfigCli:
    enabled: true
    existingConfigmap: *keycloakInitRealmConfigmap
    image:
      repository: adorsys/keycloak-config-cli
      tag: v4.0.1-14.0.0
ruzickap commented 2 years ago

Thank you @benjamin658. The workaround works fine for me:

keycloakConfigCli:
  enabled: true
  image:
    repository: adorsys/keycloak-config-cli
    tag: v4.0.1-14.0.0
  configuration:
    myrealm.yaml: |
      realm: myrealm
      enabled: true
      displayName: My Realm

I hope there will be final fix sooner or later...

jack1902 commented 2 years ago

@pablogalegoc @yilmi @Mauraza Sorry to @ so many of you but I'm running into the same issue around the image being completely broken from bitnami for keycloak-config-cli. Happy to open an issue against the docker image repo itself if needs be but this issue seems to have been left for sometime without much love?

miguelaeh commented 2 years ago

Hi guys, We had an issue in our issues tracking system and missed this one, missed the notifications fo this issue. I just checked the task that @marcosbc created, but it is still in our backlog. Sorry for the inconveniences

ruzickap commented 2 years ago

I believe this can be closed. Latest versions were fixed...