From 21d8fc37882695e5536e6f2fb93858aacd67f025 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Fri, 2 Jan 2026 20:04:47 -0300
Subject: [PATCH] keycloak(atlas): retry realm settings job

---
 services/keycloak/realm-settings-job.yaml | 34 ++++++++++++++++-------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/services/keycloak/realm-settings-job.yaml b/services/keycloak/realm-settings-job.yaml
index 3ec64a3..f18ac6f 100644
--- a/services/keycloak/realm-settings-job.yaml
+++ b/services/keycloak/realm-settings-job.yaml
@@ -2,10 +2,10 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-realm-settings-7
+  name: keycloak-realm-settings-8
   namespace: sso
 spec:
-  backoffLimit: 2
+  backoffLimit: 0
   template:
     spec:
       affinity:
@@ -18,7 +18,7 @@ spec:
                     values: ["rpi5","rpi4"]
                   - key: node-role.kubernetes.io/worker
                     operator: Exists
-      restartPolicy: OnFailure
+      restartPolicy: Never
       containers:
         - name: configure
           image: python:3.11-alpine
@@ -57,6 +57,7 @@ spec:
               import json
               import os
               import urllib.parse
+              import urllib.error
               import urllib.request
 
               base_url = os.environ["KEYCLOAK_SERVER"].rstrip("/")
@@ -71,11 +72,20 @@ spec:
                       data = json.dumps(payload).encode()
                       headers["Content-Type"] = "application/json"
                   req = urllib.request.Request(url, data=data, headers=headers, method=method)
-                  with urllib.request.urlopen(req, timeout=30) as resp:
-                      body = resp.read()
-                      if not body:
-                          return resp.status, None
-                      return resp.status, json.loads(body.decode())
+                  try:
+                      with urllib.request.urlopen(req, timeout=30) as resp:
+                          body = resp.read()
+                          if not body:
+                              return resp.status, None
+                          return resp.status, json.loads(body.decode())
+                  except urllib.error.HTTPError as exc:
+                      raw = exc.read()
+                      if not raw:
+                          return exc.code, None
+                      try:
+                          return exc.code, json.loads(raw.decode())
+                      except Exception:
+                          return exc.code, {"raw": raw.decode(errors="replace")}
 
               token_data = urllib.parse.urlencode(
                   {
@@ -91,8 +101,12 @@ spec:
                   headers={"Content-Type": "application/x-www-form-urlencoded"},
                   method="POST",
               )
-              with urllib.request.urlopen(token_req, timeout=10) as resp:
-                  token_body = json.loads(resp.read().decode())
+              try:
+                  with urllib.request.urlopen(token_req, timeout=10) as resp:
+                      token_body = json.loads(resp.read().decode())
+              except urllib.error.HTTPError as exc:
+                  body = exc.read().decode(errors="replace")
+                  raise SystemExit(f"Token request failed: status={exc.code} body={body}")
               access_token = token_body["access_token"]
 
               # Update realm settings safely by fetching the full realm representation first.