Re: [keycloak-dev] Migration to 4.2.1 extracting RESOURCE_URIs fails with fine-grained admin permissions

Hello, I was just bitten by this as well 3hours ago, but thankfully only in our staging environment. We had only one entry in the RESOURCE_SERVER_RESOURCE table that had a null value in the uri and icon_uri column. This caused the migration to fail. In our prod env I there was no entry in that table, so the migration went through. As a quick fix in the staging env I just changed those uris to http://doesnotexist.local and http://doesnotexist.local/icon respectively to see make it pass. It seems that I triggered the creation of those entries in the RESOURCE_SERVER_RESOURCE table when I activated and deactivated the authz support for a client. I think this should be addressed in the migrations. There should be at least a note about that in the migration guides. It took me a while to find the table that contained the null values that were indirectly causing the migration to fail. Cheers, Thomas On Tue, Aug 7, 2018 at 5:25 PM Schuster Sebastian (INST/ESY1) < Sebastian.Schuster@bosch-si.com<mailto:Sebastian.Schuster@bosch-si.com>> wrote: > Hi everybody, > > I just noticed that 4.2.1 contains a migration > (jpa-changelog-authz-4.2.0.Final.xml) that extracts the URI column from the > RESOURCE_SERVER_RESOURCE table and puts it into a separate table > RESOURCE_URIS. This table has a NOT NULL constraint on the new uri column > (called VALUE). The accompanying data migration > AuthzResourceUseMoreURIs.java selects rows from the old table and inserts > URIs it into the new. This fails for all resources that did not have a URI > before because of the NOT NULL constraint, for example for > Keycloak-internal resources like groups that don’t have a URI. > > Is this intended behavior? > > Best regards, > Sebastian > > Mit freundlichen Grüßen / Best regards > > Dr.-Ing. Sebastian Schuster > > Engineering and Support (INST/ESY1) > Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | > GERMANY | www.bosch-si.com<http://www.bosch-si.com><http://www.bosch-si.co... > Tel. +49 30 726112-485 | Fax +49 30 726112-100 | > Sebastian.Schuster@bosch-si.com<mailto:Sebastian.Schuster@bosch-si.com><mailto:Sebastian.Schuster@bosch-si.com<mailto:Sebastian.Schuster@bosch-si.com>> > > Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B > Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. > Stefan Ferber, Michael Hahn > > > > _______________________________________________ > keycloak-dev mailing list > keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-dev _______________________________________________ keycloak-dev mailing list keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-dev