Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Nov 16, 2022. It is now read-only.

KEYCLOAK-12841: allow creating users without credentials #128

Merged
merged 1 commit into from
Feb 7, 2020
Merged

KEYCLOAK-12841: allow creating users without credentials #128

merged 1 commit into from
Feb 7, 2020

Conversation

@pb82
Copy link
Contributor

@pb82 pb82 commented Jan 30, 2020

JIRA ID

https://issues.redhat.com/browse/KEYCLOAK-12841

Additional Information

If no credentials are provided when creating users, the operator should not assign random ones. There are legitimate use cases where users without credentials are needed.

Verification Steps

  1. Deploy Keycloak from this branch
  2. Create a realm
  3. Create a user in the realm
  4. Check the user output secret: it should only contain a username but no password
  5. Login to the admin console and check the user: in the credential section there should be no 'Disable credentials' section

Checklist:

  • Verified by team member
  • Comments where necessary
  • Automated Tests
  • Documentation changes if necessary

Additional Notes

Note that once credentials are assigned to a user, it is not possible to remove them via the CR. Keycloak ignores an update with removed credentials.

@coveralls
Copy link

Coverage Status

Coverage decreased (-0.2%) to 41.871% when pulling fe8b9ac on pb82:no-default-credentials into e99da8a on keycloak:master.

@stianst
Copy link
Contributor

stianst commented Jan 31, 2020

From my perspective this is a correct fix. The operator should not apply different defaults to creating users (or anything else) than what Keycloak does. As such no passwords should be generated if credentials are not included.

@stianst stianst requested a review from slaskawi January 31, 2020 07:20
@stianst stianst self-assigned this Jan 31, 2020
slaskawi
slaskawi approved these changes Jan 31, 2020
View reviewed changes
Copy link
Contributor

@slaskawi slaskawi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this one also LGTM.

@stianst Ready to be merged from my perspective.

@stianst
Copy link
Contributor

stianst commented Jan 31, 2020

Question - does this need any updates to documentation? Does the documentation state something around passwords being generated?

@pb82
Copy link
Contributor Author

pb82 commented Jan 31, 2020

@stianst The documentation inside the operator does not say anything about generated passwords. It only gives an example that includes credentials.

@slaskawi Is there another location where you keep operator docs?

@slaskawi
Copy link
Contributor

slaskawi commented Feb 3, 2020

@pb82 At the moment - no. But once we're unblocked, I'll provide proper updates to keycloak-documentation repo.

@slaskawi
Copy link
Contributor

slaskawi commented Feb 5, 2020

@stianst @abstractj This one is ready to be merged.

@stianst stianst merged commit b527c8b into keycloak:master Feb 7, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@stianst stianst stianst approved these changes

@slaskawi slaskawi slaskawi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@stianst stianst

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pb82 @coveralls @stianst @slaskawi