State is lost when the Keycloak Provider Pod is restarted

[FelixLusseau]

Hi,

I'm using Crossplane to configure my Keycloak using ArgoCD.

I noticed that when I kill - or update - the crossplane-contrib-provider-keycloak Pod my already configured clients show this error :

CannotCreateExternalResource
async create failed: failed to create the resource: [{0 error sending POST request to /auth/admin/realms/my-realm/clients: 409 Conflict. Response body: {"errorMessage":"Client my-client already exists"} []}]

I have to delete the client in Keycloak, resynchronise ArgoCD and delete all the resources depending on this client to recreate it.

I use Crossplane 1.17.1 and provider-keycloak 1.6.0.

My role definition :

apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
  name: my-client-keycloak-client
  annotations:
    argocd.argoproj.io/sync-wave: "-7"
spec:
  forProvider:
    realmId: my-realm
    clientId: my-client
    accessType: CONFIDENTIAL
    directAccessGrantsEnabled: false
    oauth2DeviceAuthorizationGrantEnabled: false
    serviceAccountsEnabled: true
    standardFlowEnabled: false
  writeConnectionSecretToRef:
    name: my-client-api-user.keycloak.credentials
    namespace: some-namespace
  providerConfigRef:
    name: "keycloak-provider-config" 
  managementPolicies: ["Observe", "Create", "Update", "Delete"]

I have the same error if I want to recreate the client after restoring my cluster with the backup of the Keycloak database.

Thanks for your help

[FelixLusseau]

Hi

As an update, the problem seems to occur only when managementPolicies: ["Observe", "Create", "Update", "Delete"] is applied.

It can be related to this issue #126 that is the final goal of the managementPolicies here.