crossplane-contrib / provider-keycloak

Apache License 2.0
25 stars 16 forks source link

User assigned roles don't reflect changes #184

Open vladimirblahoz opened 1 week ago

vladimirblahoz commented 1 week ago

When user.keycloak.crossplane.io/v1alpha1/Roles resource is created using roleIdRefs attribute to populate the Role mapping for the user, it translates the roleIdRefs for Keycloak role's IDs into roleIds. This field seems to be decisive in terms of which roles are actually mapped to the user. This "translation" of refs into Ids, however, seems to be happening only during the creation of the resource. Once the list of the roles is changed (even if say one role is deleted), the roleIds field seems unaffected and nothing happens in Keycloak.

Not to mention that if for some reason a role is deleted from keycloak and crossplane recreates it during reconciliation, the role is recreated with a brand new ID which causes all this role assignments to become detached from the real resources.

image