search

crossplane-contrib / provider-keycloak

Apache License 2.0
14 stars 11 forks source link

Saml Client Id ref does not work for any object #88

Open jholt96 opened 1 month ago

jholt96 commented 1 month ago

Summary

Any Client Id name reference is made to the OIDC Client crd instead. Currently the only way to use the samlclient is by creating the object, copying the id after it is created and using the clientId field.

I think the root issue is that its trying to resolve to mg.Spec.ForProvider.ClientID field instead of looking up the external-name annotation that get sets. e.g

kind: Client
  metadata:
    annotations:
      crossplane.io/external-name: uuid

Replicated Errors

apiVersion: samlclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
  name: gitlab-client
  labels:
    clientName: gitlab-client
    testing.upbound.io/example-name: client
spec:
  forProvider:
    realmIdRef:
      name: "dev-realm"
    clientId: gitlab
    rootUrl: https://test.com
    baseUrl: https://test.com
    idpInitiatedSsoUrlName: test.com
    masterSamlProcessingUrl: https://test.com/users/auth/saml/callback
    validRedirectUris: [https://test.com/users/auth/saml/callback]
    assertionConsumerPostUrl: https://test.com/users/auth/saml/callback
  providerConfigRef:
    name: "keycloak-provider-config"
---
apiVersion: client.keycloak.crossplane.io/v1alpha1
kind: ProtocolMapper
metadata:
  name: gitlab-nametest-property-mapper
spec:
  deletionPolicy: Delete
  forProvider:
    clientIdSelector:
      matchLabels:
        testing.upbound.io/example-name: client
    config:
      attribute.name: names
      attribute.nameformat: Basic
      friendly.name: Username
      property: Username
    name: username-test-mapper
    protocol: saml
    protocolMapper: saml-user-property-mapper
    realmIdRef:
      name: test-realm
  managementPolicies:
  - '*'
  providerConfigRef:
    name: keycloak-provider-config
status:
  atProvider: {}
  conditions:
  - lastTransitionTime: "2024-05-17T17:53:49Z"
    message: 'cannot resolve references: mg.Spec.ForProvider.ClientID: no resources
      matched selector'
    reason: ReconcileError
    status: "False"
    type: Synced
--- 
apiVersion: client.keycloak.crossplane.io/v1alpha1
kind: ProtocolMapper
metadata:
  name: gitlab-nametest2-property-mapper
spec:
  deletionPolicy: Delete
  forProvider:
    clientIdRef:
      name: gitlab-client
    config:
      attribute.name: names
      attribute.nameformat: Basic
      friendly.name: Username
      property: Username
    name: username1-test-mapper
    protocol: saml
    protocolMapper: saml-user-property-mapper
    realmIdRef:
      name: dev-realm
  providerConfigRef:
    name: keycloak-provider-config
status:
  atProvider: {}
  conditions:
  - lastTransitionTime: "2024-05-17T17:59:18Z"
    message: 'cannot resolve references: mg.Spec.ForProvider.ClientID: cannot get
      referenced resource: Client.openidclient.keycloak.crossplane.io "gitlab-client"
      not found'
    reason: ReconcileError
    status: "False"
    type: Synced
Breee commented 1 month ago

Yes, this is a major issue with the terraform upstream: https://github.com/mrparkers/terraform-provider-keycloak/issues/813 - sadly i never got recognized.

I'm now starting to look for a solution that allows to reference a generic client (saml or oidc). TBH it might be even better to move away from the upstream terraform keycloak provider and write the provider ourselves completely

I hope that I can provide you a solution soon

Breee commented 1 month ago

fyi, waiting for an answer in https://github.com/crossplane/upjet/issues/414 before i fix that.