[keycloak-dev] Migration to 4.2.1 extracting RESOURCE_URIs fails with fine-grained admin permissions
Pedro Igor Silva
psilva at redhat.com
Tue Aug 7 18:31:02 EDT 2018
Sent a PR: https://github.com/keycloak/keycloak/pull/5446.
On Tue, Aug 7, 2018 at 3:08 PM, Hynek Mlnarik <hmlnarik at redhat.com> wrote:
> Apologies for this oversight, this will be fixed in the next version.
>
> https://issues.jboss.org/browse/KEYCLOAK-8003
>
> On Tue, Aug 7, 2018 at 7:00 PM Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
> > Hello,
> >
> > I was just bitten by this as well 3hours ago, but thankfully only in our
> > staging environment. We had only one entry
> > in the RESOURCE_SERVER_RESOURCE table that had a null value in the uri
> and
> > icon_uri column.
> > This caused the migration to fail. In our prod env I there was no entry
> in
> > that table, so the migration went through.
> > As a quick fix in the staging env I just changed those uris to
> > http://doesnotexist.local and http://doesnotexist.local/icon
> respectively
> > to see make it pass.
> >
> > It seems that I triggered the creation of those entries in the
> > RESOURCE_SERVER_RESOURCE table when
> > I activated and deactivated the authz support for a client.
> >
> > I think this should be addressed in the migrations. There should be at
> > least a note about that in the migration guides.
> > It took me a while to find the table that contained the null values that
> > were indirectly causing the migration to fail.
> >
> > Cheers,
> > Thomas
> >
> > On Tue, Aug 7, 2018 at 5:25 PM Schuster Sebastian (INST/ESY1) <
> > Sebastian.Schuster at bosch-si.com> wrote:
> >
> > > Hi everybody,
> > >
> > > I just noticed that 4.2.1 contains a migration
> > > (jpa-changelog-authz-4.2.0.Final.xml) that extracts the URI column
> from
> > the
> > > RESOURCE_SERVER_RESOURCE table and puts it into a separate table
> > > RESOURCE_URIS. This table has a NOT NULL constraint on the new uri
> column
> > > (called VALUE). The accompanying data migration
> > > AuthzResourceUseMoreURIs.java selects rows from the old table and
> inserts
> > > URIs it into the new. This fails for all resources that did not have a
> > URI
> > > before because of the NOT NULL constraint, for example for
> > > Keycloak-internal resources like groups that don’t have a URI.
> > >
> > > Is this intended behavior?
> > >
> > > Best regards,
> > > Sebastian
> > >
> > > Mit freundlichen Grüßen / Best regards
> > >
> > > Dr.-Ing. Sebastian Schuster
> > >
> > > Engineering and Support (INST/ESY1)
> > > Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
> > > GERMANY | www.bosch-si.com<http://www.bosch-si.com>
> > > Tel. +49 30 726112-485 | Fax +49 30 726112-100 |
> > > Sebastian.Schuster at bosch-si.com<mailto:Sebastian.Schuster at bosch-si.com
> >
> > >
> > > Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
> > > Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung:
> Dr.
> > > Stefan Ferber, Michael Hahn
> > >
> > >
> > >
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list