Re: [keycloak-dev] Migration to 4.2.1 extracting RESOURCE_URIs fails with fine-grained admin permissions
Hello,
I was just bitten by this as well 3hours ago, but thankfully only in our
staging environment. We had only one entry
in the RESOURCE_SERVER_RESOURCE table that had a null value in the uri and
icon_uri column.
This caused the migration to fail. In our prod env I there was no entry in
that table, so the migration went through.
As a quick fix in the staging env I just changed those uris to
http://doesnotexist.local and http://doesnotexist.local/icon respectively
to see make it pass.
It seems that I triggered the creation of those entries in the
RESOURCE_SERVER_RESOURCE table when
I activated and deactivated the authz support for a client.
I think this should be addressed in the migrations. There should be at
least a note about that in the migration guides.
It took me a while to find the table that contained the null values that
were indirectly causing the migration to fail.
Cheers,
Thomas
On Tue, Aug 7, 2018 at 5:25 PM Schuster Sebastian (INST/ESY1) <
Sebastian.Schuster(a)bosch-si.com> wrote:
Hi everybody,
I just noticed that 4.2.1 contains a migration
(jpa-changelog-authz-4.2.0.Final.xml) that extracts the URI column from the
RESOURCE_SERVER_RESOURCE table and puts it into a separate table
RESOURCE_URIS. This table has a NOT NULL constraint on the new uri column
(called VALUE). The accompanying data migration
AuthzResourceUseMoreURIs.java selects rows from the old table and inserts
URIs it into the new. This fails for all resources that did not have a URI
before because of the NOT NULL constraint, for example for
Keycloak-internal resources like groups that don’t have a URI.
Is this intended behavior?
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Engineering and Support (INST/ESY1)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
GERMANY | www.bosch-si.com<http://www.bosch-si.com>
Tel. +49 30 726112-485 | Fax +49 30 726112-100 |
Sebastian.Schuster@bosch-si.com<mailto:Sebastian.Schuster@bosch-si.com>
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
Stefan Ferber, Michael Hahn
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev