TL;DR: Starting from Keycloak v22, GET-ing a re

Provider crash when adding keycloak_default_roles on new realm about terraform-provider-keycloak HOT 2 OPEN

TBeijen commented on July 25, 2024

Provider crash when adding keycloak_default_roles on new realm

from terraform-provider-keycloak.

Comments (2)

TBeijen commented on July 25, 2024

~~It appears as if there is a caching issue in Keycloak. I'm not sure if that's expected behaviour from Keycloak's part~~
It's not caching, it's returning an incomplete 200 instead of a 403 by keycloak from v22 upwards: keycloak/keycloak#26301

Keycloak version: v22.0.5. Local setup, single pod.

Below script can be used to reproduce the scenario. As it turns out, bound to the access token used, GET-ing the realm using same access token used to create it, returns a minimal response.

After fetching a new access token, the full realm JSON is returned.

Test script and output

Shell script creating, then repeatedly fetching the realm:

#!/bin/sh
set -e

kc_host=$KC_HOST
kc_client_id=$KC_CLIENT_ID
kc_client_secret=$KC_CLIENT_SECRET

realm=$1

get_token() {
    token=$(curl -X POST "$kc_host/realms/master/protocol/openid-connect/token" --http1.1 \
    -d "client_id=$kc_client_id" \
    -d "client_secret=$kc_client_secret" \
    -d 'grant_type=client_credentials' \
    -k -s | jq -r '.access_token')
    echo $token
}

create_realm()  {
    token=$1
    response=$(curl -X POST "$kc_host/admin/realms" --http1.1 \
    -H "Authorization: Bearer $token" \
    -H "Content-Type: application/json" \
    -d '{"realm":"'$realm'","enabled":true}' \
    -k -s)
    echo $response
}

get_realm() {
    token=$1
    qs=$2
    response=$(curl -X GET "$kc_host/admin/realms/${realm}${qs}" --http1.1 \
    -H "Authorization: Bearer $token" \
    -k -s)
    echo $response
}

delete_realm() {
    token=$1
    response=$(curl -X DELETE "$kc_host/admin/realms/${realm}" --http1.1 \
    -H "Authorization: Bearer $token" \
    -k -s)
    echo $response
}

parse() {
    cat |jq -M '{"realm": .realm, "defaultRole.id": .defaultRole.id }'
}

echo
echo "Creating realm $realm"
token=$(get_token)
create_realm $token
echo
echo "Getting realm $realm"
echo $(get_realm $token |parse)
echo 
echo "Sleep & getting realm"
sleep 2
echo $(get_realm $token |parse)
echo 
echo "Cache busting query string & getting realm"
random_string=$(xxd -l4 -ps /dev/urandom)
echo $(get_realm $token "?random=${random_string}" |parse)
echo 
echo "New access token & getting realm"
token=$(get_token)
echo $(get_realm $token |parse)
echo 
echo "Cache busting query string & getting realm"
random_string=$(xxd -l4 -ps /dev/urandom)
echo $(get_realm $token "?random=${random_string}" |parse)
echo
echo "Deleting realm"
delete_realm $token

Sample output:

Creating realm foobar


Getting realm foobar
{ "realm": "foobar", "defaultRole.id": null }

Sleep & getting realm
{ "realm": "foobar", "defaultRole.id": null }

Cache busting query string & getting realm
{ "realm": "foobar", "defaultRole.id": null }

New access token & getting realm
{ "realm": "foobar", "defaultRole.id": "8c1d35b3-6f1b-426d-85a2-e93dd06719d4" }

Cache busting query string & getting realm
{ "realm": "foobar", "defaultRole.id": "8c1d35b3-6f1b-426d-85a2-e93dd06719d4" }

Deleting realm

from terraform-provider-keycloak.

Provider crash when adding keycloak_default_roles on new realm about terraform-provider-keycloak HOT 2 OPEN

Comments (2)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent