Realm name cannot have more than 36 characters #675
Comments
dmpv-cyber
added
kind/bug
|
There is another prop on the Realm constructor that could help solve this, internalId, when I set that prop to something that is less or equal to 36 characters long, for example an UUID, the name of the realm in that case can be bigger than 36 characters. code used to reproduce the issue: new Realm('name-a9c1ae55-6f5b-49de-8ef0-952a6c9c33aa-realm', {
internalId: 'a9c1ae55-6f5b-49de-8ef0-952a6c9c33aa',
realm: 'name-a9c1ae55-6f5b-49de-8ef0-952a6c9c33aa-realm'
}) |
|
Hi @dmpv-cyber sorry you had issues here. The problem looks like a wrong replacement decision on the second pulumi up. To work around it, are you able to use ignoreChanges for the property causing the replacement? https://www.pulumi.com/docs/iac/concepts/options/ignorechanges/ The pulumi keycloak provider is based on the terraform keycloak provider. Can you try to reproduce the issue there and report it to the keycloak developers? https://github.com/keycloak/terraform-provider-keycloak Let me know if that helps! |
VenelinMartinov
added
awaiting-feedback
|
Hi @VenelinMartinov Thank you for the response and the help provided! The ignoreChanges does work but it's not really a work around because, this can only be used if the resource was created a first time without that ignoreChanges set, on the second time we do a pulumi up and if we add that to the resource then all is good and it works. I did try to reproduce this error on terraform-keycloak-provider, but I was unable, it looks like all is good and working as intended, here is a sample of what I used to test this on terraform: terraform {
required_providers {
keycloak = {
source = "keycloak/keycloak"
version = ">= 5.0.0"
}
}
}
provider "keycloak" {
client_id = "pulumi"
client_secret = "client_secret"
url = "http://localhost:8080"
}
resource "keycloak_realm" "test" {
internal_id = "2bbe52b2-ca88-4220-b926-26b27a2525e5"
realm = "test-2bbe52b2-ca88-4220-b926-26b27a2525e5"
enabled = true
display_name = "Test"
}So, not sure if this an issue from pulumi-keycloak? I also noticed there are some more props on the realm resource that are marked with a replacement decision but they shouldn't be on the second time we do the pulumi up, for example: Thanks again for the answer and the time spent looking at this 😄 |
pulumi-bot
added
needs-triage
|
Hey @dmpv-cyber Can you please run Looking at your terraform code you are specifying Does the terraform issue reproduce if you run it with |
VenelinMartinov
added
awaiting-feedback
|
Thank you again for the time that you took looking into this @VenelinMartinov I tried running You are right about the About this command I have not really a good ideia of what can be the issue here, but maybe it's not connected with the refresh stack? |
pulumi-bot
added
needs-triage
|
@dmpv-cyber I tried to repro the problem and program worked fine for me and showed no diff on the second import * as keycloak from "@pulumi/keycloak";
new keycloak.Realm('name-a9c1ae55-6f5b-49de-8ef0-952a6c9c33aa-realm', {
internalId: 'a9c1ae55-6f5b-49de-8ef0-952a6c9c33aa',
realm: 'name-a9c1ae55-6f5b-49de-8ef0-952a6c9c33aa-realm'
})and ran:
Can you please upgrade your keycloak provider to the latest version (6.4.0) and try again. If that does not work, please post:
|
VenelinMartinov
added
needs-repro
|
@VenelinMartinov I used exactly the same code as you used this time around the only difference being on the keycloak provider version as I used the latest one I have available (6.3.0-alpha.1738648261) instead of (6.4.0) and encountered the same issue, ran:
Output of
Output of running pulumi commands with the environment variable PULUMI_DEBUG_GPRC="grpc.json": |
pulumi-bot
added
needs-triage
|
My bad, for the provider version I meant 6.2.1. What is the version of keycloak you are using? Looking at the logs it seems the provider is not responding correctly to the request to set the internal ID. It might be that your version doesn't support that parameter. Can you try upgrading that? |
|
No worries @VenelinMartinov, I switched the provider to 6.2.1 and it happens the same. I'm using the latest keycloak version (26.1.0) was this provider already tested against the latest version of keycloak? |
|
Yeah, I tested on the latest version too (26.1.0). Can you please try this with a fresh keycloak instance? It could be some difference in the instance configuration perhaps? I used https://www.keycloak.org/getting-started/getting-started-docker for running the instance and authenticated via a username and password. |
|
@VenelinMartinov I think I might have found the issue. I tried all the same things as before but this time instead of using the authentication via client credentials grant I used the same as you, via password grant and it did work, the second |
Describe what happened
When trying to create a new realm and if I define a realm prop bigger than 36 characters it will fail, because it will try to set the realm name also to the realm Id column on the database that has a limit of 36 characters.
Sample program
new Realm( 'name-a9c1ae55-6f5b-49de-8ef0-952a6c9c33aa-realm', { realm: 'name-a9c1ae55-6f5b-49de-8ef0-952a6c9c33aa', })Log output
error: sdk-v2/provider2.go:520: sdk.helper_schema: error sending POST request to /admin/realms: 409 Conflict. Response body: {"errorMessage":"Conflict detected. See logs for details"}: [email protected]If I check the logs I have:
Caused by: org.postgresql.util.PSQLException: ERROR: value too long for type character varying(36)Affected Resource(s)
Realm
Output of
pulumi aboutDependencies:
NAME VERSION
@pulumi/aws 6.66.2
@pulumi/awsx 2.19.0
@pulumi/keycloak 5.4.0
@pulumi/pulumi 3.144.1
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: