Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authentication executions and flows do not have priority so flows will always be off and unchangeable #563

Open
drduker opened this issue Aug 20, 2024 · 5 comments
Open

authentication executions and flows do not have priority so flows will always be off and unchangeable #563

drduker opened this issue Aug 20, 2024 · 5 comments
Labels
awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). blocked The issue cannot be resolved without 3rd party action. kind/bug Some behavior is incorrect or out of spec

Comments

@drduker
Copy link

drduker commented Aug 20, 2024
edited
Loading

Describe what happened

All executions and subflows have priority of zero if not settable and no way to set with current usage so it makes setting up authentication flows useless.

Sample program

na

Log output

No response

Affected Resource(s)

No response

Output of pulumi about

pulumi creates, but what it creates is unusable

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@drduker drduker added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Aug 20, 2024
@drduker
Copy link
Author

drduker commented Aug 20, 2024

correction, authentications are only useful if you have a single execution per flow. But no one does that.

Example json of one that works my manually adding configuration:

      "authenticationExecutions": [
        {
          "authenticator": "auth-cookie",
          "authenticatorFlow": false,
          "requirement": "ALTERNATIVE",
          "priority": 0,
          "autheticatorFlow": false,
          "userSetupAllowed": false
        },
        {
          "authenticator": "auth-x509-client-username-form",
          "authenticatorFlow": false,
          "requirement": "ALTERNATIVE",
          "priority": 1,
          "autheticatorFlow": false,
          "userSetupAllowed": false
        },
        {
          "authenticatorFlow": true,
          "requirement": "ALTERNATIVE",
          "priority": 2,
          "autheticatorFlow": true,
          "flowAlias": "MFA Login",
          "userSetupAllowed": false
        }

What this provider creates configuration with brokecode:

        {
          "authenticatorFlow": true,
          "requirement": "ALTERNATIVE",
          "priority": 0,
          "autheticatorFlow": true,
          "flowAlias": "mfa_login",
          "userSetupAllowed": false
        },
        {
          "authenticator": "auth-x509-client-username-form",
          "authenticatorFlow": false,
          "requirement": "ALTERNATIVE",
          "priority": 0,
          "autheticatorFlow": false,
          "userSetupAllowed": false
        },
        {
          "authenticator": "auth-cookie",
          "authenticatorFlow": false,
          "requirement": "ALTERNATIVE",
          "priority": 0,
          "autheticatorFlow": false,
          "userSetupAllowed": false
        }

@VenelinMartinov
Copy link
Contributor

Hi @drduker, thanks for reporting. Could you please provide an example pulumi program which shows the issue?

@VenelinMartinov VenelinMartinov added needs-repro Needs repro steps before it can be triaged or fixed awaiting-feedback Blocked on input from the author and removed needs-triage Needs attention from the triage team labels Aug 21, 2024
@drduker
Copy link
Author

drduker commented Aug 28, 2024

The problem is that execution and subflows have specific order. Within the GUI you can move them up and down and the order certainly matters. However there is no usage available to define priority within inputs which sets the order within keycloak - https://www.pulumi.com/registry/packages/keycloak/api-docs/authentication/execution/#inputs

https://www.keycloak.org/docs-api/latest/rest-api/index.html#AuthenticatorConfigRepresentation

@pulumi-bot pulumi-bot added needs-triage Needs attention from the triage team and removed awaiting-feedback Blocked on input from the author labels Aug 28, 2024
@drduker
Copy link
Author

drduker commented Aug 28, 2024

terraform has a similar issue: keycloak/terraform-provider-keycloak#296

@iwahbe iwahbe added blocked The issue cannot be resolved without 3rd party action. awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). and removed needs-repro Needs repro steps before it can be triaged or fixed needs-triage Needs attention from the triage team labels Aug 29, 2024
@iwahbe
Copy link
Member

iwahbe commented Aug 29, 2024

This provider is generated from mrparkers terraform provider, so we will pick up the fix to keycloak/terraform-provider-keycloak#296 as soon as the upstream provider fixes it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). blocked The issue cannot be resolved without 3rd party action. kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@drduker @iwahbe @VenelinMartinov @pulumi-bot