Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Saml Client Id ref does not work for any object #88

Open
jholt96 opened this issue May 17, 2024 · 2 comments
Open

Saml Client Id ref does not work for any object #88

jholt96 opened this issue May 17, 2024 · 2 comments

Comments

@jholt96
Copy link

jholt96 commented May 17, 2024

Summary

Any Client Id name reference is made to the OIDC Client crd instead. Currently the only way to use the samlclient is by creating the object, copying the id after it is created and using the clientId field.

I think the root issue is that its trying to resolve to mg.Spec.ForProvider.ClientID field instead of looking up the external-name annotation that get sets. e.g

kind: Client
  metadata:
    annotations:
      crossplane.io/external-name: uuid

Replicated Errors

apiVersion: samlclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
  name: gitlab-client
  labels:
    clientName: gitlab-client
    testing.upbound.io/example-name: client
spec:
  forProvider:
    realmIdRef:
      name: "dev-realm"
    clientId: gitlab
    rootUrl: https://test.com
    baseUrl: https://test.com
    idpInitiatedSsoUrlName: test.com
    masterSamlProcessingUrl: https://test.com/users/auth/saml/callback
    validRedirectUris: [https://test.com/users/auth/saml/callback]
    assertionConsumerPostUrl: https://test.com/users/auth/saml/callback
  providerConfigRef:
    name: "keycloak-provider-config"
---
apiVersion: client.keycloak.crossplane.io/v1alpha1
kind: ProtocolMapper
metadata:
  name: gitlab-nametest-property-mapper
spec:
  deletionPolicy: Delete
  forProvider:
    clientIdSelector:
      matchLabels:
        testing.upbound.io/example-name: client
    config:
      attribute.name: names
      attribute.nameformat: Basic
      friendly.name: Username
      property: Username
    name: username-test-mapper
    protocol: saml
    protocolMapper: saml-user-property-mapper
    realmIdRef:
      name: test-realm
  managementPolicies:
  - '*'
  providerConfigRef:
    name: keycloak-provider-config
status:
  atProvider: {}
  conditions:
  - lastTransitionTime: "2024-05-17T17:53:49Z"
    message: 'cannot resolve references: mg.Spec.ForProvider.ClientID: no resources
      matched selector'
    reason: ReconcileError
    status: "False"
    type: Synced
--- 
apiVersion: client.keycloak.crossplane.io/v1alpha1
kind: ProtocolMapper
metadata:
  name: gitlab-nametest2-property-mapper
spec:
  deletionPolicy: Delete
  forProvider:
    clientIdRef:
      name: gitlab-client
    config:
      attribute.name: names
      attribute.nameformat: Basic
      friendly.name: Username
      property: Username
    name: username1-test-mapper
    protocol: saml
    protocolMapper: saml-user-property-mapper
    realmIdRef:
      name: dev-realm
  providerConfigRef:
    name: keycloak-provider-config
status:
  atProvider: {}
  conditions:
  - lastTransitionTime: "2024-05-17T17:59:18Z"
    message: 'cannot resolve references: mg.Spec.ForProvider.ClientID: cannot get
      referenced resource: Client.openidclient.keycloak.crossplane.io "gitlab-client"
      not found'
    reason: ReconcileError
    status: "False"
    type: Synced
@Breee
Copy link
Collaborator

Breee commented May 18, 2024

Yes, this is a major issue with the terraform upstream: keycloak/terraform-provider-keycloak#813 - sadly i never got recognized.

I'm now starting to look for a solution that allows to reference a generic client (saml or oidc).
TBH it might be even better to move away from the upstream terraform keycloak provider and write the provider ourselves completely

I hope that I can provide you a solution soon

@Breee
Copy link
Collaborator

Breee commented Jun 4, 2024

fyi, waiting for an answer in crossplane/upjet#414 before i fix that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants