glue: preserve keycloak profile updates

2026-01-20 03:59:19 -03:00 · 2026-01-20 03:59:19 -03:00 · 56b36330b2
commit 56b36330b2
parent 557663f524
2 changed files with 32 additions and 2 deletions
--- a/services/mailu/scripts/mailu_sync.py
+++ b/services/mailu/scripts/mailu_sync.py
@ -130,7 +130,9 @@ def kc_update_attributes(token, user, attributes):
    if not isinstance(current_attrs, dict):
        current_attrs = {}
    current_attrs.update(attributes)
-    resp = SESSION.put(user_url, headers=headers, json={"attributes": current_attrs}, timeout=20)
+    payload = _safe_update_payload(current_payload)
+    payload["attributes"] = current_attrs
+    resp = SESSION.put(user_url, headers=headers, json=payload, timeout=20)
    resp.raise_for_status()
    verify = SESSION.get(
        user_url,
@ -144,6 +146,34 @@ def kc_update_attributes(token, user, attributes):
        raise Exception(f"attribute not persisted for {user.get('email') or user['username']}")


+def _safe_update_payload(user_payload: dict) -> dict:
+    payload: dict = {}
+    username = user_payload.get("username")
+    if isinstance(username, str):
+        payload["username"] = username
+    enabled = user_payload.get("enabled")
+    if isinstance(enabled, bool):
+        payload["enabled"] = enabled
+    email = user_payload.get("email")
+    if isinstance(email, str):
+        payload["email"] = email
+    email_verified = user_payload.get("emailVerified")
+    if isinstance(email_verified, bool):
+        payload["emailVerified"] = email_verified
+    first_name = user_payload.get("firstName")
+    if isinstance(first_name, str):
+        payload["firstName"] = first_name
+    last_name = user_payload.get("lastName")
+    if isinstance(last_name, str):
+        payload["lastName"] = last_name
+    actions = user_payload.get("requiredActions")
+    if isinstance(actions, list):
+        payload["requiredActions"] = [a for a in actions if isinstance(a, str)]
+    attrs = user_payload.get("attributes")
+    payload["attributes"] = attrs if isinstance(attrs, dict) else {}
+    return payload
+
+
 def random_password():
    alphabet = string.ascii_letters + string.digits
    return "".join(secrets.choice(alphabet) for _ in range(24))
--- a/services/maintenance/kustomization.yaml
+++ b/services/maintenance/kustomization.yaml
@ -26,7 +26,7 @@ resources:

 images:
  - name: registry.bstein.dev/bstein/ariadne
-    newTag: 0.1.0-5 # {"$imagepolicy": "maintenance:ariadne"}
+    newTag: 0.1.0-6 # {"$imagepolicy": "maintenance:ariadne"}

 configMapGenerator:
  - name: disable-k3s-traefik-script