New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDCIdentityProvider Secret in InitProvider is required but should be optional #113

Open

denniskniep opened this issue Jun 18, 2024 · 1 comment

Contributor

denniskniep commented Jun 18, 2024

The Property IdentityProviderSpec.InitProvider.ClientSecretSecretRef
(see https://github.com/crossplane-contrib/provider-keycloak/blame/11f3432fc6cbf1f12168f6e3ba425f79ad0d5710/apis/oidc/v1alpha1/zz_identityprovider_types.go#L55-L57)

is a required field since updating upjet to to v1.4.0
(see https://github.com/crossplane/upjet/releases/tag/v1.4.0 -> Support for Secret References in spec.initProvider)

InitProvider properties are set if the value of the property should only be taken into account during creation and not during update
(see https://docs.crossplane.io/latest/concepts/managed-resources/#initprovider)

But from Keycloaks point of view the client secret of an OIDC IdentityProvider is NOT immutable.

Do we need to raise that issue to upjet, so that secret refs are generated as optional property?

The text was updated successfully, but these errors were encountered:

Collaborator

Breee commented Jun 20, 2024

Probably an upjet issue, maybe @haarchri can help to verify that.

Can you provide a minimal example ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment