search

mayope / keycloakmigration

Manage your Keycloak configuration with code.
https://mayope.net
MIT License
108 stars 22 forks source link

Group operations broken for Keycloak v23.0.0 #75

Open MrDeerly opened 7 months ago

MrDeerly commented 7 months ago

Hey!

It seems like group operations like "assignRoleToGroup" are broken when using the current Keycloak version. They seem to have changed their scheme so that subGroups are no longer part of the original group but must be fetched seperatly.

The related changes can be found here:

To get the subGroups of a group GET /admin/realms/{realm}/groups/{id}/children must be perfomed. (see https://www.keycloak.org/docs-api/23.0.1/rest-api/index.html)

Is there any chance you could look into that soon?

Thanks in advance!

 at [Source: (BufferedReader); line: 1, column: 200] (through reference chain: java.util.ArrayList[0]->de.klg71.keycloakmigration.keycloakapi.model.GroupListItem["subGroups"]) reading GET http://keycloak:8080/auth/admin/realms/XY/groups?search=Default
        at feign.FeignException.errorReading(FeignException.java:167) ~[keycloakmigration.jar:?]
        at feign.InvocationContext.proceed(InvocationContext.java:42) ~[keycloakmigration.jar:?]
        at feign.ResponseHandler.decode(ResponseHandler.java:122) ~[keycloakmigration.jar:?]
        at feign.ResponseHandler.handleResponse(ResponseHandler.java:73) ~[keycloakmigration.jar:?]
        at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:114) ~[keycloakmigration.jar:?]
        at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:70) ~[keycloakmigration.jar:?]
        at io.github.resilience4j.retry.Retry.lambda$decorateCheckedFunction$7bb28b04$1(Retry.java:187) ~[keycloakmigration.jar:?]
        at io.github.resilience4j.feign.DecoratorInvocationHandler.invoke(DecoratorInvocationHandler.java:95) ~[keycloakmigration.jar:?]
        at com.sun.proxy.$Proxy29.searchGroup(Unknown Source) ~[?:?]
        at de.klg71.keycloakmigration.keycloakapi.KeycloakClientHelperKt.existsGroup(KeycloakClientHelper.kt:85) ~[keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.changeControl.actions.group.AssignRoleToGroupAction.execute(AssignRoleToGroupAction.kt:22) ~[keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.changeControl.actions.Action.executeIt(Action.kt:37) ~[keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.changeControl.KeycloakMigration.doChange(KeycloakMigration.kt:45) [keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.changeControl.KeycloakMigration.execute$keycloakmigration(KeycloakMigration.kt:31) [keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.MainKt$migrate$1$1.invoke(Main.kt:74) [keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.MainKt$migrate$1$1.invoke(Main.kt:66) [keycloakmigration.jar:?]
        at org.koin.core.context.GlobalContext.startKoin(GlobalContext.kt:65) [keycloakmigration.jar:?]
        at org.koin.core.context.DefaultContextExtKt.startKoin(DefaultContextExt.kt:31) [keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.MainKt.migrate(Main.kt:66) [keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.MainKt$main$1.invoke(Main.kt:22) [keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.MainKt$main$1.invoke(Main.kt:20) [keycloakmigration.jar:?]
        at com.xenomachina.argparser.SystemExitExceptionKt.mainBody(SystemExitException.kt:74) [keycloakmigration.jar:?]
        at com.xenomachina.argparser.SystemExitExceptionKt.mainBody$default(SystemExitException.kt:72) [keycloakmigration.jar:?]
        at de.klg71.keycloakmigration.MainKt.main(Main.kt:20) [keycloakmigration.jar:?]
Caused by: com.fasterxml.jackson.module.kotlin.MissingKotlinParameterException: Instantiation of [simple type, class de.klg71.keycloakmigration.keycloakapi.model.GroupListItem] value failed for JSON property subGroups due to missing (therefore NULL) value for creator parameter subGroups which is a non-nullable type
 at [Source: (BufferedReader); line: 1, column: 200] (through reference chain: java.util.ArrayList[0]->de.klg71.keycloakmigration.keycloakapi.model.GroupListItem["subGroups"])
        at com.fasterxml.jackson.module.kotlin.KotlinValueInstantiator.createFromObjectWith(KotlinValueInstantiator.kt:84) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.impl.PropertyBasedCreator.build(PropertyBasedCreator.java:202) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:523) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1409) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:352) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:185) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer._deserializeFromArray(CollectionDeserializer.java:359) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:244) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:28) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4825) ~[keycloakmigration.jar:?]
        at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3801) ~[keycloakmigration.jar:?]
        at feign.jackson.JacksonDecoder.decode(JacksonDecoder.java:65) ~[keycloakmigration.jar:?]
        at feign.InvocationContext.proceed(InvocationContext.java:36) ~[keycloakmigration.jar:?]
        ... 22 more
klg71 commented 7 months ago

Hey @MrDeerly thanks for the report I guess I can schedule it for next week :)

MrDeerly commented 3 months ago

Hey @klg71,

any chance that you can schedule this soonish? :)

klg71 commented 2 months ago

Hey @MrDeerly I looked into the issue. I would like to update directly to 24. They changed some apis and there is an issue with custom user attributes. Currently keycloakmigration stores the migration state in custom attributes of the admin user. This is only possible if you enable the custom attribute flag first. If we would like to change this its gonna be a major effort and I don't have a solution for it right now.

mschneider82 commented 2 months ago

v24 is fine, lets skip 23

klg71 commented 2 months ago

I built a release candidate for keycloak 24: https://github.com/mayope/keycloakmigration/releases/tag/0.2.56.RC3. @MrDeerly could you check if this solves your issue? I couldn't reproduce it in my tests.

timonback commented 3 weeks ago

Just successfully tested 0.2.56.RC3 with keycloak 24 and 25.

As mentioned in the release notes, I had to set the attribute policy manually.

For our test setup, we can run the following migration in the first step to update the master realm first and create test realm afterwards - including the attribute policy:

...
changes:
  - updateRealm:
      id: master
      unmanagedAttributePolicy: ADMIN_EDIT
  - addRealm:
      name: ${REALM}
  - updateRealm:
      id: ${REALM}
      unmanagedAttributePolicy: ADMIN_EDIT

Thank you @klg71 for this great tool.

When do you plan to release a production version for Keycloak 24/25?

klg71 commented 3 weeks ago

If you don't have further remarks I will gladly promote the RC to production :)

timonback commented 3 weeks ago

If you don't have further remarks I will gladly promote the RC to production :)

Nothing further from my side, looking forward to upgrading.