Skip to content

feat(KLEF): Propogate ensure admin#11

Merged
isaacwallace123 merged 1 commit intomainfrom
feat/KLEF_Add_Advanced_Settings
Apr 7, 2026
Merged

feat(KLEF): Propogate ensure admin#11
isaacwallace123 merged 1 commit intomainfrom
feat/KLEF_Add_Advanced_Settings

Conversation

@JeremyNRoos
Copy link
Copy Markdown
Contributor

@JeremyNRoos JeremyNRoos commented Apr 7, 2026

Pull Request

Summary

  • Propagates EnsureAdmin errors up through EnsureRealm so the startup retry loop keeps retrying until the admin user actually exists
  • Moves KEYCLOAK_PUBLIC_URL and AUTH_MODE config fields to advanced settings to reduce noise for typical deployments

Related Issues

Closes #

Changes

What's Included

  • client.go: EnsureAdmin failure now returns fmt.Errorf("ensure admin: %w", err) from EnsureRealm instead of being silently swallowed — this keeps ready: false on the platform side until the admin user is created and reachable
  • kleff-plugin.json: KEYCLOAK_PUBLIC_URL and AUTH_MODE marked advanced: true so the setup form only shows the essential fields by default

What's Not Included

  • Changes to the gRPC server startup order (Keycloak's gRPC already starts only after EnsureRealm completes)

Testing

How Was This Tested?

  • Activated Keycloak and verified the login page stays on the loading spinner until the admin user is confirmed in Keycloak
  • Verified the config sheet hides Public URL and Login Mode under "Show advanced settings"

Test Coverage

  • Unit tests added or updated
  • Integration tests added or updated
  • Manually tested end-to-end

Breaking Changes

Does this PR introduce breaking changes?

  • Yes
  • No

Security Considerations

  • This PR affects authentication or authorization logic

Ensures the admin account is confirmed to exist before the platform marks the IDP as ready. Previously, a transient EnsureAdmin failure would be silently ignored, leaving the IDP "ready" with no admin account.

Documentation

Does this PR require documentation updates?

  • Yes
  • No

UI/UX (If Applicable)

  • Changes styles or theme tokens

Advanced config fields are now hidden by default behind the "Show advanced settings" toggle.

Pre-Merge Checklist

  • PR title follows semantic format (fix: propagate EnsureAdmin error to keep loading until admin exists)
  • All CI checks passing
  • Code follows project style guidelines
  • No debug logs or commented-out code left in
  • Dependencies reviewed (no unnecessary additions)
  • No sensitive information included

Reviewer Notes

Before this fix: if EnsureAdmin failed (e.g. Keycloak API rate-limited the request), the error was printed and discarded. EnsureRealm returned nil, gRPC started, and the platform set ready: true — but no admin user existed yet. The user would see the login form, try logging in, and get a 401.

@JeremyNRoos JeremyNRoos self-assigned this Apr 7, 2026
@isaacwallace123 isaacwallace123 merged commit 74b930f into main Apr 7, 2026
1 check passed
@isaacwallace123 isaacwallace123 deleted the feat/KLEF_Add_Advanced_Settings branch April 7, 2026 23:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@isaacwallace123 isaacwallace123 isaacwallace123 approved these changes

Assignees

@JeremyNRoos JeremyNRoos

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JeremyNRoos @isaacwallace123