Skip to content

Fix disabling of admin permissions in fine grained authz v2#1519

Open
michalvavrik wants to merge 1 commit into
keycloak:mainfrom
michalvavrik:fix/issue-1509
Open

Fix disabling of admin permissions in fine grained authz v2#1519
michalvavrik wants to merge 1 commit into
keycloak:mainfrom
michalvavrik:fix/issue-1509

Conversation

@michalvavrik

Copy link
Copy Markdown
Member

* Closes: keycloak#1509

* Makes sure that `admin_permissions_enabled` is not omitted from PUT when it is explicitly set in `.tf` resource.
It is done by distinguishing between true (set explicitly to true), false (set explicitly to false) and nil (unset, hence omitted)
I think this might not be the only case, e.g. `organizations_enabled` looks like it behaves same way, but I didn't explore that as I am only fixing the linked issue.

* Conditionally switches `admin-fine-grained-authz` from `v1` to `v2` in docker compose and test CI so that we can test this PR.
Currently `admin_permissions_enabled` is not tested because even by the existing test.
It is ignored due to the fact that tests are using `admin-fine-grained-authz:v1`.
However v1 has been deprecated since Keycloak 26.5.0 keycloak/keycloak#44121.
We should test it and make sure that the flag works.

* For version lesser than 26.5.0, 7 tests are disabled due to the fact that v2 does not support these scenarios:
  * https://github.com/keycloak/keycloak/blob/1ca15660f576eec7a81e60a00651d551d5045def/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java#L727
  * https://github.com/keycloak/keycloak/blob/1ca15660f576eec7a81e60a00651d551d5045def/services/src/main/java/org/keycloak/services/resources/admin/fgap/ClientPermissionsV2.java#L185

Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
@michalvavrik michalvavrik changed the title Fix disabling of admin permissions in fine graind authz v2 Fix disabling of admin permissions in fine grained authz v2 Mar 16, 2026
@michalvavrik

Copy link
Copy Markdown
Member Author

\cc @sschu

@michalvavrik

Copy link
Copy Markdown
Member Author

Looking at the #1187 it might not be desirable to switch to v2 for now, however the bug is legit and the admin_permissions_enabled is documented 🤷‍♂️

@michalvavrik

michalvavrik commented Mar 16, 2026

Copy link
Copy Markdown
Member Author

I can look into #1187 as a follow-up... actually there is #1517 in progress so maybe it is alright after all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

keycloak_realm: admin_permissions_enabled is not disabled if previously enabled

1 participant