From 3f19d01d0044b9d2a038edb14d04d9b1b871af88 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Sat, 3 Jan 2026 15:48:40 -0300 Subject: [PATCH] keycloak: make token exchange permissions job idempotent --- ...al-e2e-token-exchange-permissions-job.yaml | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml b/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml index f372b20..a7fd79d 100644 --- a/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml +++ b/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: keycloak-portal-e2e-token-exchange-permissions-3 + name: keycloak-portal-e2e-token-exchange-permissions-4 namespace: sso spec: backoffLimit: 6 @@ -189,9 +189,23 @@ spec: token, create_rep, ) - if status != 201 or not isinstance(created, dict) or not created.get("id"): - raise SystemExit(f"Failed creating policy {policy_name!r} (status={status}) resp={created}") - policy = created + if status == 409: + status, policies = http_json( + "GET", + f"{base_url}/admin/realms/{realm}/clients/{rm_uuid}/authz/resource-server/policy/search?name={urllib.parse.quote(policy_name)}&fields=id,name,type,config", + token, + ) + if status == 200 and isinstance(policies, list): + for item in policies: + if isinstance(item, dict) and item.get("name") == policy_name: + policy = item + break + if policy is None: + raise SystemExit(f"Policy {policy_name!r} exists but could not be retrieved") + else: + if status != 201 or not isinstance(created, dict) or not created.get("id"): + raise SystemExit(f"Failed creating policy {policy_name!r} (status={status}) resp={created}") + policy = created policy_id = policy.get("id") if not isinstance(policy_id, str) or not policy_id: