terraform-provider-keycloak icon indicating copy to clipboard operation
terraform-provider-keycloak copied to clipboard

Published 20 hours ago verified publisher icon mrparkers

Support for Keycloak 19.0.0

Open tanadeau opened this issue 2 years ago • 2 comments

See https://www.keycloak.org/2022/07/keycloak-1900-released. Thank you for creating and maintaining this project.

tanadeau avatar Jul 28 '22 16:07 tanadeau

The current version 3.10.0 does not work with Keycloak 19.0.1. A configuration of OID clients etc. is no longer possible after a Keycloak update to version 19.

I get the following error:

Error: error sending GET request to /admin/realms/XXXXXXXXX/clients/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee: 403 Forbidden. Response body: {"error":"unknown_error"}

  with module. ... .keycloak_openid_client.client,
  on ../../../modules/authentication/keycloak/oid-client/main.tf line 1, in resource "keycloak_openid_client" "client":
   1: resource "keycloak_openid_client" "client" {

My configuration:

Terraform v1.2.7
on darwin_amd64
+ provider registry.terraform.io/mrparkers/keycloak v3.10.0

provider "keycloak" {
  url = "https://....."
  base_path = ""
  realm = "master"
  client_id = "....."
  client_secret = "......"
}

Edit 1:

I have tried something else. I have changed the provider configuration:

provider "keycloak" {
  url = "https://....."
  base_path = ""
  realm = "master"
  client_id = "admin-cli"
  username = "...."
  password = "......"
}

The user has the admin role.

With this configuration I can use the resource keycloak_openid_client again without errors.

Edit 2:

I should read the error message more carefully. The Keycloak server responds with an HTTP status 403 Forbidden.

I could solve the problem by assigning the necessary roles to the service account of the OpenID client.

However, I don`t know why after the Keycloak update these roles have to be assigned explicitly.

martinreck avatar Sep 16 '22 09:09 martinreck

Hey @martinreck, sorry to hear about Keycloak v19 not working. Based on the information I'm seeing in your edits, I agree that something might have unexpectedly changed with the roles that your client was assigned. I'm not sure I could tell you what happened here.

I did end up opening a PR to update the versions of Keycloak that are tested in the test suite, and it looks like v19 seems to be working just fine: https://github.com/mrparkers/terraform-provider-keycloak/pull/733

I still need to make some changes to switch over to Quarkus, but so far everything looks to be in order. Let me know if you run into anything else or if you have any other questions for me.

mrparkers avatar Sep 19 '22 14:09 mrparkers