Error when RoleRepresentation.getDescription() returns no description

[schuerg]

Current Behavior

An error is thrown when org.keycloak.representations.idm.RoleRepresentation.getDescription() returns null.

It happens, when roles have no description.

This happens here https://github.com/adorsys/keycloak-config-cli/blob/main/src/main/java/de/adorsys/keycloak/config/util/KeycloakUtil.java#L50

Cannot invoke "String.equals(Object)" because the return value of "org.keycloak.representations.idm.RoleRepresentation.getDescription()" is null
	at de.adorsys.keycloak.config.util.KeycloakUtil.isDefaultRole(KeycloakUtil.java:50)

Here is the complete error log with stacktrace:

2023-12-15 13:24:21.809  INFO 1 --- [           main] ConditionEvaluationReportLoggingListener : 

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2023-12-15 13:24:21.852 ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed

java.lang.IllegalStateException: Failed to execute CommandLineRunner
	at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:771)
	at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:752)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1303)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1292)
	at de.adorsys.keycloak.config.KeycloakConfigApplication.main(KeycloakConfigApplication.java:35)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
	at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:467)
Caused by: java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "org.keycloak.representations.idm.RoleRepresentation.getDescription()" is null
	at de.adorsys.keycloak.config.util.KeycloakUtil.isDefaultRole(KeycloakUtil.java:50)
	at de.adorsys.keycloak.config.service.RoleImportService.deleteRealmRolesMissingInImport(RoleImportService.java:262)
	at de.adorsys.keycloak.config.service.RoleImportService.doImport(RoleImportService.java:94)
	at de.adorsys.keycloak.config.service.RealmImportService.configureRealm(RealmImportService.java:199)
	at de.adorsys.keycloak.config.service.RealmImportService.updateRealm(RealmImportService.java:192)
	at de.adorsys.keycloak.config.service.RealmImportService.updateRealmIfNecessary(RealmImportService.java:150)
	at de.adorsys.keycloak.config.service.RealmImportService.doImport(RealmImportService.java:141)
	at de.adorsys.keycloak.config.KeycloakConfigRunner.run(KeycloakConfigRunner.java:79)
	at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:768)
	... 13 common frames omitted

Expected Behavior

Should execute without error.

Environment

• Keycloak Version: 21.1.2
• keycloak-config-cli Version: docker.io/adorsys/keycloak-config-cli:5.10.0-21.1.1

[toussa]

I went through the same bug with those versions:

• keycloak : 25.0.4
• keycloak-config-cli: adorsys/keycloak-config-cli:6.1.6-25.0.1

note: Adding the description in the config file (yaml in my case) did not fix the problem, I had to manually add a description for my default role in the database

2024-08-28T16:36:18.087Z  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : Starting KeycloakConfigApplication v6.1.6 using Java 21.0.4 with PID 1 (/app/keycloak-config-cli.jar started by nobody in /)
2024-08-28T16:36:18.093Z  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : No active profile set, falling back to 1 default profile: "default"
2024-08-28T16:36:18.573Z  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : Started KeycloakConfigApplication in 0.865 seconds (process running for 1.197)
2024-08-28T16:36:19.141Z  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : Importing file 'file:/var/keycloak_config_sync/configuration.yaml'
2024-08-28T16:36:19.339Z  INFO 1 --- [           main] d.a.k.config.provider.KeycloakProvider   : Wait 120 seconds until http://keycloak:8080 is available ...
2024-08-28T16:36:19.836Z  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : keycloak-config-cli ran in 00:00.881.
2024-08-28T16:36:19.837Z  INFO 1 --- [           main] .s.b.a.l.ConditionEvaluationReportLogger : 

Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
2024-08-28T16:36:19.852Z ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed

java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "org.keycloak.representations.idm.RoleRepresentation.getDescription()" is null
        at de.adorsys.keycloak.config.util.KeycloakUtil.isDefaultRole(KeycloakUtil.java:49)
        at de.adorsys.keycloak.config.service.RoleImportService.deleteRealmRolesMissingInImport(RoleImportService.java:262)
        at de.adorsys.keycloak.config.service.RoleImportService.doImport(RoleImportService.java:94)
        at de.adorsys.keycloak.config.service.RealmImportService.configureRealm(RealmImportService.java:204)
        at de.adorsys.keycloak.config.service.RealmImportService.updateRealm(RealmImportService.java:196)
        at de.adorsys.keycloak.config.service.RealmImportService.updateRealmIfNecessary(RealmImportService.java:154)
        at de.adorsys.keycloak.config.service.RealmImportService.doImport(RealmImportService.java:145)
        at de.adorsys.keycloak.config.KeycloakConfigRunner.run(KeycloakConfigRunner.java:79)
        at org.springframework.boot.SpringApplication.lambda$callRunner$5(SpringApplication.java:790)
        at org.springframework.util.function.ThrowingConsumer$1.acceptWithException(ThrowingConsumer.java:83)
        at org.springframework.util.function.ThrowingConsumer.accept(ThrowingConsumer.java:60)
        at org.springframework.util.function.ThrowingConsumer$1.accept(ThrowingConsumer.java:88)
        at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:798)
        at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:789)
        at org.springframework.boot.SpringApplication.lambda$callRunners$3(SpringApplication.java:774)
        at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source)
        at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(Unknown Source)
        at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
        at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
        at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
        at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
        at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source)
        at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:774)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:341)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1354)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1343)
        at de.adorsys.keycloak.config.KeycloakConfigApplication.main(KeycloakConfigApplication.java:35)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91)
        at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53)
        at org.springframework.boot.loader.launch.PropertiesLauncher.main(PropertiesLauncher.java:574)

error Command failed with exit code 1.

[Motouom]

Hello @schuerg and @toussa.

Thanks for reporting the issue.

We have tried with to reproduce your issue but everything seems to work fine.
starting with @toussa Environment, i create a realm with roles that have no descriptions as such

{
  "realm": "tests-realm",
  "enabled": true,
  "roles": {
    "realm": [
      {
        "name": "role-with-description"
        
      },
      {
        "name": "another-role"
      },
      {
        "name": "default-roles-test-realm"
      }
    ],
    "client": {
      "account": [
        {
          "name": "view-profile",
          "description": "View the user's profile"
        },
        {
          "name": "manage-account",
          "description": "Manage the user's account"
        }
      ]
    }
  },
  "clients": [
    {
      "clientId": "test-client",
      "enabled": true,
      "clientAuthenticatorType": "client-secret",
      "secret": "test-secret",
      "redirectUris": ["http://localhost:8080/*"],
      "webOrigins": ["+"]
    }
  ],
  "users": [
    {
      "username": "testuser",
      "enabled": true,
      "email": "testuser@example.com",
      "firstName": "Test",
      "lastName": "User",
      "credentials": [
        {
          "type": "password",
          "value": "password",
          "temporary": false
        }
      ],
      "realmRoles": [
        "role-with-description"
      ]
    }
  ]
}

and this is the output i get

The above result is archieved with the environment that was provided by @toussa
keycloak : 25.0.4 keycloak-config-cli: adorsys/keycloak-config-cli:6.1.6-25.0.1

same thing for @schuerg. i used his same environment and everything worked just fine.

Please what i would propose to you is that, you should provided steps to reproduce or a json or yaml import that we can use, since we might have wrongly understood the issue, or wrongly tried to reproduce it. You can also try to use the latest version of KC-CLI and keycloak console since most issues have been solves there.

[toussa]

Hi @Motouom , thanks for your response.

Unfortunately, I don't have the time yet to create a mini configuration that shows the bug. I hope I'll have time later to help you reproduce the bug.

I came across the same bug recently, with the same stacktrace.
When I look rapidly at the code, it looks like it' "normal" because it asserts that there is a description:

public static boolean isDefaultRole(RoleRepresentation role) {
        if (StringUtils.startsWith(role.getName(), "default-roles-") && role.getDescription().equals("${role_default-roles}")) {
            return true;
        }

        return isDefaultResource("role", role.getName(), role.getDescription());
    }

=> role.getDescription().equals(...) if there is no description, it throws.

https://github.com/adorsys/keycloak-config-cli/blob/3d035001b2eaa6e7c5a9e984d0046645c42ba978/src/main/java/de/adorsys/keycloak/config/util/KeycloakUtil.java#L48C5-L54C6

[Motouom]

Hi @Motouom , thanks for your response.

Unfortunately, I don't have the time yet to create a mini configuration that shows the bug. I hope I'll have time later to help you reproduce the bug.

I came across the same bug recently, with the same stacktrace.
When I look rapidly at the code, it looks like it' "normal" because it asserts that there is a description:

public static boolean isDefaultRole(RoleRepresentation role) {
        if (StringUtils.startsWith(role.getName(), "default-roles-") && role.getDescription().equals("${role_default-roles}")) {
            return true;
        }

        return isDefaultResource("role", role.getName(), role.getDescription());
    }

=> role.getDescription().equals(...) if there is no description, it throws.

https://github.com/adorsys/keycloak-config-cli/blob/3d035001b2eaa6e7c5a9e984d0046645c42ba978/src/main/java/de/adorsys/keycloak/config/util/KeycloakUtil.java#L48C5-L54C6

Hello @toussa.

Thank you for the reply.

I will look further into it then.

Nice time.

[toussa]

I can add the following regarding my big configuration.yaml: every roles have a description.
Looking at the stacktrace, it crashes in deleteRealmRolesMissingInImport(RoleImportService.java:262) .

When I look at the keycloak_role table, I see that my default role does not have a description (it wasn't a problem in my last keycloack version(13)) but it looks like to be the issue now.

when I set some random description directly in database, it works (after restarting the keycloak container).

What's "funny" is that I also have a NULL description for another role but It seems not an issue (uma_protection)