nebari-dev / nebari

🪴 Nebari - your open source data science platform
https://nebari.dev
BSD 3-Clause "New" or "Revised" License
279 stars 92 forks source link

[BUG] - Why is the keycloak client name hard-coded to grafana for all services? #2428

Open krassowski opened 6 months ago

krassowski commented 6 months ago

Describe the bug

The client name for all services is currently hard-coded to grafana:

https://github.com/nebari-dev/nebari/blob/2f85ece2b00686de99d94695b55e1c7bb9dde642/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/keycloak-client/main.tf#L7-L13

Querying the clients list returns a list like:

[{'id': 'c2eeb1e0-a1bb-42eb-92a2-aebb197db7cd',
  'clientId': 'argo-server-sso',
  'name': 'grafana',
  'description': '',
  // (more properties)
  },
 {'id': '3f28662b-83d9-4e83-b633-ad3a80ad015d',
  'clientId': 'broker',
  'name': '${client_broker}',
  'surrogateAuthRequired': False,
  // (more properties)
},
 {'id': '003a0497-30d6-49a0-92aa-01573fc878d4',
  'clientId': 'conda_store',
  'name': 'grafana',
  'description': '',
  // (more properties)
},
 {'id': 'b37c5ba3-4f61-4bc3-a8f3-ddc58586951e',
  'clientId': 'forwardauth',
  'name': 'grafana',
  'description': '',  
  // (more properties)
},
 {'id': '1640b17e-bf0b-4c15-a351-c38a7cfa24ba',
  'clientId': 'grafana',
  'name': 'grafana',
  'description': '',  
  // (more properties)
},
 {'id': '47d8e54d-d4ab-42e1-af7c-753cc888da51',
  'clientId': 'jupyterhub',
  'name': 'grafana',
  'description': '',  
  // (more properties)
}]

This was introduced 2 years ago in https://github.com/nebari-dev/nebari/pull/1003.

Expected behavior

Either:

OS and architecture in which you are running Nebari

main branch

How to Reproduce the problem?

Query keycloak REAST API /auth/admin/realms/nebari/clients/ endpoint (with appropriate token).

Command output

No response

Versions and dependencies used.

No response

Compute environment

None

Integrations

No response

Anything else?

Spotted when working on https://github.com/nebari-dev/nebari/issues/2308

viniciusdc commented 6 months ago

As you can see, this was initially implemented as part of that PR, most probably due to testing Keycloaks management clients, and was overlooked when it was merged. Client names, if I am not mistaken, are mutable, so we should be able to rename them without affecting any previous versions.