search

gravitee-io / issues

Gravitee.io - API Platform - Issues
64 stars 26 forks source link

apim3-api startup fail when using uper case letter in oidc id #8132

Closed sebastien-helbert closed 1 year ago

sebastien-helbert commented 2 years ago

πŸ’₯

Describe the bug

On restart, apim3-api startup fail with io.gravitee.rest.api.service.impl.configuration.identity.IdentityProviderAlreadyExistsException: An identity provider with name <span class="error">[XXXX]</span> already exists. when using upper case chars in oidc id.

πŸŒ„

To Reproduce

  1. Configure a oidc like this one : https://docs.gravitee.io/apim/3.x/apim_installguide_authentication_keycloak.html#gravitee_yml_file_configuration but with the id Keycloak (capitalized) instead of keycloak

  2. First startup must be ok. Debug logs shows

    16:00:18.356 [graviteeio-node] INFO i.g.r.a.s.i.u.IdentityProviderUpgrader - Upsert identity provider config [oidc] 16:00:18.356 [graviteeio-node] DEBUG i.g.r.m.m.t.NoTransactionManager - Creating new transaction with name [io.gravitee.rest.api.service.impl.configuration.identity.IdentityProviderServiceImpl.findById]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'graviteeTransactionManager',+io.gravitee.rest.api.service.exceptions.AbstractManagementException 16:00:18.356 [graviteeio-node] DEBUG i.g.r.a.s.i.c.i.IdentityProviderServiceImpl - Find identity provider by ID: Keycloak 16:00:18.357 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Find identity provider by ID [Keycloak] 16:00:18.363 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Find identity provider by ID [Keycloak] - Done 16:00:18.363 [graviteeio-node] DEBUG i.g.r.m.m.t.NoTransactionManager - Initiating transaction commit 16:00:18.370 [graviteeio-node] DEBUG i.g.r.m.m.t.NoTransactionManager - Creating new transaction with name [io.gravitee.rest.api.service.impl.configuration.identity.IdentityProviderServiceImpl.create]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'graviteeTransactionManager',+io.gravitee.rest.api.service.exceptions.AbstractManagementException 16:00:18.370 [graviteeio-node] DEBUG i.g.r.a.s.i.c.i.IdentityProviderServiceImpl - Create identity provider io.gravitee.rest.api.model.configuration.identity.NewIdentityProviderEntity@49afa057 16:00:18.371 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Find identity provider by ID [keycloak] 16:00:18.452 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Find identity provider by ID [keycloak] - Done 16:00:18.456 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Create identity provider [Keycloak] 16:00:18.472 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Create identity provider [Keycloak] - Done

  3. Restart this apim3-api (conf. unchanged)

  4. Startup fails with this error :

    16:02:01.563 [graviteeio-node] INFO i.g.r.a.s.impl.UpgraderServiceImpl - Running upgrader io.gravitee.rest.api.service.impl.upgrade.IdentityProviderUpgrader 16:02:01.563 [graviteeio-node] INFO i.g.r.a.s.i.u.IdentityProviderUpgrader - Upsert identity provider config [oidc] 16:02:01.564 [graviteeio-node] DEBUG i.g.r.m.m.t.NoTransactionManager - Creating new transaction with name [io.gravitee.rest.api.service.impl.configuration.identity.IdentityProviderServiceImpl.findById]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'graviteeTransactionManager',+io.gravitee.rest.api.service.exceptions.AbstractManagementException 16:02:01.564 [graviteeio-node] DEBUG i.g.r.a.s.i.c.i.IdentityProviderServiceImpl - Find identity provider by ID: Keycloak 16:02:01.564 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Find identity provider by ID [Keycloak] 16:02:01.653 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Find identity provider by ID [Keycloak] - Done 16:02:01.653 [graviteeio-node] DEBUG i.g.r.m.m.t.NoTransactionManager - Initiating transaction commit 16:02:01.663 [graviteeio-node] DEBUG i.g.r.m.m.t.NoTransactionManager - Creating new transaction with name [io.gravitee.rest.api.service.impl.configuration.identity.IdentityProviderServiceImpl.create]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'graviteeTransactionManager',+io.gravitee.rest.api.service.exceptions.AbstractManagementException 16:02:01.663 [graviteeio-node] DEBUG i.g.r.a.s.i.c.i.IdentityProviderServiceImpl - Create identity provider io.gravitee.rest.api.model.configuration.identity.NewIdentityProviderEntity@a9c923f 16:02:01.670 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Find identity provider by ID [keycloak] 16:02:01.763 [graviteeio-node] DEBUG i.g.r.m.m.MongoIdentityProviderRepository - Find identity provider by ID [keycloak] - Done 16:02:01.853 [graviteeio-node] DEBUG i.g.r.m.m.t.NoTransactionManager - Initiating transaction commit 16:02:01.863 [graviteeio-node] ERROR i.g.r.a.s.node.GraviteeApisNode - An error occurred while starting component interface io.gravitee.rest.api.service.InitializerService io.gravitee.rest.api.service.impl.configuration.identity.IdentityProviderAlreadyExistsException: An identity provider with name [Keycloak] already exists. at io.gravitee.rest.api.service.impl.configuration.identity.IdentityProviderServiceImpl.create(IdentityProviderServiceImpl.java:74) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) at jdk.proxy3/jdk.proxy3.$Proxy80.create(Unknown Source) at io.gravitee.rest.api.service.impl.upgrade.IdentityProviderUpgrader.createIdp(IdentityProviderUpgrader.java:117) at io.gravitee.rest.api.service.impl.upgrade.IdentityProviderUpgrader.upgrade(IdentityProviderUpgrader.java:86) at io.gravitee.rest.api.service.impl.UpgraderServiceImpl.lambda$doStart$0(UpgraderServiceImpl.java:56)

in this case IdentityProviderUpgrader.java trigger an insert (method createIdp) instead a upgade (method updateIdp)

What are the impacted versions?

graviteeio/apim-management-api:3.17.2

edegenetais-nx commented 2 years ago

Hi : from what I see, version 3.15.13 and 3.15.16 are also impacted.

gaetanmaisse commented 1 year ago

πŸ‘‹πŸ» Hey @sebastien-helbert!

I'm late to the party but this issue has been fixed recently: https://github.com/gravitee-io/gravitee-api-management/pull/3127

The fix will be released in APIM 3.18.20, 3.19.8 and 3.20.2 πŸŽ‰