You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe what should be investigated or refactored
Currently we have a catchall for all any Keycloak client creation failures that logs an error "Failed to process client request ... This can occur if a client already exists with the same ID that Pepr isn't tracking.".
This error is often misleading because it can surface for any number of reasons that the client creation was invalid (client scopes, invalid URIs, etc). The result is a confusing error message and the real error message is only visible in the Keycloak logs themselves. It would be good to revisit this catch all and see if we can filter errors or better represent the true failure on the keycloak call.
## Description
This PR has a number of changes, mostly tied to operator behaviors and
bug fixes around failure logging. Included:
- URI Encoding of client ID on deletion/updates - when we call
updates/deletions on KC clients it gets appended to our URL for our
request and must be encoded
- Moves around the try/catch to only wrap the Keycloak API call so that
errors are surfaced more accurately in events and modifies the thrown
error from the Keycloak response to include the keycloak response status
and data (see #448)
- Adds a new Phase to Package for `Retrying` - this differentiates from
a `Pending` package that is already being reconciled to allow retries to
function as expected (see
#492)
- Moves uidSeen addition to patch status to handle infinite failure ->
pending -> failure ... loop on first apply (see
#525)
## Related Issue
Fixes#492Fixes#448Fixes#525
## Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)
## Checklist before merging
- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed
---------
Co-authored-by: Megamind <882485+jeff-mccoy@users.noreply.github.com>
Describe what should be investigated or refactored
Currently we have a catchall for all any Keycloak client creation failures that logs an error "Failed to process client request ... This can occur if a client already exists with the same ID that Pepr isn't tracking.".
This error is often misleading because it can surface for any number of reasons that the client creation was invalid (client scopes, invalid URIs, etc). The result is a confusing error message and the real error message is only visible in the Keycloak logs themselves. It would be good to revisit this catch all and see if we can filter errors or better represent the true failure on the keycloak call.
Links to any relevant code
uds-core/src/pepr/operator/controllers/keycloak/client-sync.ts
Lines 128 to 142 in 434844b
The text was updated successfully, but these errors were encountered: