From f36996da11e77023e480475c5a94de227a0bf2cf Mon Sep 17 00:00:00 2001
From: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Date: Sat, 16 May 2026 21:57:44 +0200
Subject: [PATCH] script fix

---
 infra/values/base/keycloak-values.yaml | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/infra/values/base/keycloak-values.yaml b/infra/values/base/keycloak-values.yaml
index d7899fb..270c9be 100644
--- a/infra/values/base/keycloak-values.yaml
+++ b/infra/values/base/keycloak-values.yaml
@@ -532,39 +532,43 @@ extraDeploy:
                   } | with_entries(select(.value != null))')
 
                   # Check if client already exists
-                  EXISTING=$(curl -sf -H "Authorization: Bearer ${TOKEN}" \
-                    "${KEYCLOAK_URL}/admin/realms/${REALM}/clients?clientId=${CLIENT_ID}" \
-                    | jq -r '.[0].id // empty')
+                  EXISTING_RESPONSE=$(curl -s -H "Authorization: Bearer ${TOKEN}" \
+                    "${KEYCLOAK_URL}/admin/realms/${REALM}/clients?clientId=${CLIENT_ID}" || true)
+                  EXISTING=$(echo "$EXISTING_RESPONSE" | jq -r '.[0].id // empty' 2>/dev/null || true)
 
                   if [ -n "$EXISTING" ]; then
                     echo "  Updating existing Keycloak client (uuid: ${EXISTING})"
-                    HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" \
+                    RESPONSE=$(curl -s -w "\n%{http_code}" \
                       -H "Authorization: Bearer ${TOKEN}" \
                       -H "Content-Type: application/json" \
                       -X PUT -d "$KC_CLIENT" \
-                      "${KEYCLOAK_URL}/admin/realms/${REALM}/clients/${EXISTING}")
+                      "${KEYCLOAK_URL}/admin/realms/${REALM}/clients/${EXISTING}" || true)
+                    HTTP_CODE=$(echo "$RESPONSE" | tail -1)
+                    RESPONSE_BODY=$(echo "$RESPONSE" | sed '$d')
                     if [ "$HTTP_CODE" != "204" ] && [ "$HTTP_CODE" != "200" ]; then
-                      echo "  ERROR: Failed to update client '${CLIENT_ID}' (HTTP ${HTTP_CODE})"
+                      echo "  ERROR: Failed to update client '${CLIENT_ID}' (HTTP ${HTTP_CODE}): ${RESPONSE_BODY}"
                       annotate_secret "keycloak" "$CONFIG_NAME" "keycloak.forteapps.net/sync-status" "error"
                       continue
                     fi
                     CLIENT_UUID="$EXISTING"
                   else
                     echo "  Creating new Keycloak client '${CLIENT_ID}'"
-                    HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" \
+                    RESPONSE=$(curl -s -w "\n%{http_code}" \
                       -H "Authorization: Bearer ${TOKEN}" \
                       -H "Content-Type: application/json" \
                       -X POST -d "$KC_CLIENT" \
-                      "${KEYCLOAK_URL}/admin/realms/${REALM}/clients")
+                      "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" || true)
+                    HTTP_CODE=$(echo "$RESPONSE" | tail -1)
+                    RESPONSE_BODY=$(echo "$RESPONSE" | sed '$d')
                     if [ "$HTTP_CODE" != "201" ]; then
-                      echo "  ERROR: Failed to create client '${CLIENT_ID}' (HTTP ${HTTP_CODE})"
+                      echo "  ERROR: Failed to create client '${CLIENT_ID}' (HTTP ${HTTP_CODE}): ${RESPONSE_BODY}"
                       annotate_secret "keycloak" "$CONFIG_NAME" "keycloak.forteapps.net/sync-status" "error"
                       continue
                     fi
                     # Fetch the newly created client's UUID
-                    CLIENT_UUID=$(curl -sf -H "Authorization: Bearer ${TOKEN}" \
+                    CLIENT_UUID=$(curl -s -H "Authorization: Bearer ${TOKEN}" \
                       "${KEYCLOAK_URL}/admin/realms/${REALM}/clients?clientId=${CLIENT_ID}" \
-                      | jq -r '.[0].id')
+                      | jq -r '.[0].id' || true)
                   fi
 
                   # Sync credentials to target namespace