You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When user.keycloak.crossplane.io/v1alpha1/Roles resource is created using roleIdRefs attribute to populate the Role mapping for the user, it translates the roleIdRefs for Keycloak role's IDs into roleIds. This field seems to be decisive in terms of which roles are actually mapped to the user. This "translation" of refs into Ids, however, seems to be happening only during the creation of the resource. Once the list of the roles is changed (even if say one role is deleted), the roleIds field seems unaffected and nothing happens in Keycloak.
Not to mention that if for some reason a role is deleted from keycloak and crossplane recreates it during reconciliation, the role is recreated with a brand new ID which causes all this role assignments to become detached from the real resources.
The text was updated successfully, but these errors were encountered:
When
user.keycloak.crossplane.io/v1alpha1/Rolesresource is created usingroleIdRefsattribute to populate the Role mapping for the user, it translates theroleIdRefsfor Keycloak role's IDs intoroleIds. This field seems to be decisive in terms of which roles are actually mapped to the user. This "translation" of refs into Ids, however, seems to be happening only during the creation of the resource. Once the list of the roles is changed (even if say one role is deleted), theroleIdsfield seems unaffected and nothing happens in Keycloak.Not to mention that if for some reason a role is deleted from keycloak and crossplane recreates it during reconciliation, the role is recreated with a brand new ID which causes all this role assignments to become detached from the real resources.
The text was updated successfully, but these errors were encountered: