search

pulumi / pulumi-keycloak

A KeyCloak Pulumi resource package, providing multi-language access to KeyCloak
Apache License 2.0
35 stars 6 forks source link

`Realm.get` get's executed before `dependsOn` Resource is fully ready #519

Open ChristianRaoulis opened 2 weeks ago

ChristianRaoulis commented 2 weeks ago

Describe what happened

I'm deploying a Keycloak Helm Chart and load the master realm using the Realm.get method. That Realm.get method causes an

error: Preview failed: refreshing urn:pulumi:testing::softwarefactory::softwarefactory:namespaces:service-namespace$kubernetes:core/v1:Namespace$softwarefactory:keycloak$kubernetes:helm.sh/v3:Release$pulumi:providers:keycloak$keycloak:index/realm:Realm::master-realm: 1 error occurred:
        * error logging in: error sending POST request to https://<my domain>/realms/master/protocol/openid-connect/token: 404 Not Found

when my project gets deployed

Sample program

const keycloak = new HelmRelease("keycloak-helm-chart", {
  chart:          "keycloak",
  version:        "21.0.4",
  repositoryOpts: {
    repo: "https://charts.bitnami.com/bitnami",
  },
});

const provider = new KeycloakProvider("keycloak", {
   url:          'https://<keycloak url>',
   clientId:     "admin-cli",
   realm:        "master",
   username:     "admin",
   password:     "password",
   initialLogin: false,
}, {dependsOn: keycloak, parent: keycloak});

// This one causes the 404 error since keycloak isn't fully deployed yet
const masterRealm = Realm.get("master-realm", "master", {}, {parent: provider, provider: provider, dependsOn: keycloak});

Log output

Diagnostics:
  keycloak:index:Realm (master-realm):
    error: Preview failed: refreshing urn:pulumi:testing::softwarefactory::softwarefactory:namespaces:service-namespace$kubernetes:core/v1:Namespace$softwarefactory:keycloak$kubernetes:helm.sh/v3:Release$pulumi:providers:keycloak$keycloak:index/realm:Realm::master-realm: 1 error occurred:
        * error logging in: error sending POST request to https://<my domain>/realms/master/protocol/openid-connect/token: 404 Not Found

Affected Resource(s)

No response

Output of pulumi about

CLI          
Version      3.107.0
Go Version   go1.22.0
Go Compiler  gc

Plugins
NAME        VERSION
command     0.11.1
keycloak    5.3.2
kubernetes  4.13.1
nodejs      unknown
postgresql  3.11.1
random      4.16.2

Host     
OS       Microsoft Windows 11 Enterprise
Version  10.0.22631 Build 22631
Arch     x86_64

This project is written in nodejs: executable='C:\Users\A92615470\AppData\Local\pnpm\node.exe' version='v20.14.0'

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

iwahbe commented 2 weeks ago

Hi @ChristianRaoulis. I'm sorry your hitting this issue. I believe that this is a bug in the Pulumi engine, so I have opened an issue there: https://github.com/pulumi/pulumi/issues/16395.

You might be able to work around the bug by faking the dependsOn relationship with an apply:

const masterRealm = Realm.get("master-realm", keycloak.chart.apply((_) => "master"), {}, {parent: provider, provider: provider, dependsOn: keycloak});

It would be even better if you could use a property of keycloak (HelmRelease) that isn't known until the resource is created.