Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Existing Role & User are forced for replacement with new introduced import property #1053

Closed
denniskniep opened this issue Jan 3, 2025 · 1 comment · Fixed by #1054
Closed

Existing Role & User are forced for replacement with new introduced import property #1053

denniskniep opened this issue Jan 3, 2025 · 1 comment · Fixed by #1054

Comments

@denniskniep
Copy link
Contributor

denniskniep commented Jan 3, 2025
edited
Loading

Describe the bug

@kherock reported the following issue with keycloak_role resource here

After testing this provider against my stack, my plans are showing hundreds of replacements every roles caused by this new attribute:

  # keycloak_role.admin_console_administrator must be replaced
-/+ resource "keycloak_role" "admin_console_administrator" {
      ~ attributes      = {} -> (known after apply)
      + composite_roles = (known after apply)
      ~ id              = "3af3eb01-7c22-4d30-89e3-77194f4dc445" -> (known after apply)
      + import          = false # forces replacement
        name            = "administrator"
        # (3 unchanged attributes hidden)
    }

Version

nightly

Expected behavior

An already existing role/user should not introduce changes when missing import property

Actual behavior

There are changes for newly introduced import property with "forces replacement"

How to Reproduce?

  • git checkout main
  • make local
  • git checkout v4.5.0
  • make build-example
  • git checkout main
  • cd example
  • terraform init
  • Remove priority Property from resource keycloak_authentication_execution and keycloak_authentication_subflow
  • terraform plan -out tfplan
  • terraform apply tfplan
  • rm -r terraform.d && rm -r .terraform && rm .terraform.lock.hcl
  • cd ..
  • rm terraform-provider-keycloak_v4.5.0
  • make build-example
  • cd example
  • terraform init
  • terraform plan -out tfplan

Example

  # keycloak_role.pet_api_read_pet_details must be replaced
-/+ resource "keycloak_role" "pet_api_read_pet_details" {
      ~ attributes      = {} -> (known after apply)
      + composite_roles = (known after apply)
      ~ id              = "0cf59187-d7d9-4537-af7c-56ea3c97d793" -> (known after apply)
      + import          = false # forces replacement
        name            = "read-pet-with-details"
        # (3 unchanged attributes hidden)
    }
@kherock kherock mentioned this issue Jan 3, 2025
Merged
@kherock
Copy link
Contributor

kherock commented Jan 3, 2025

I managed a fix with the PR above, let me know if it's what you had in mind! thanks for reporting the issue for me

denniskniep added a commit to denniskniep/terraform-provider-keycloak that referenced this issue Jan 3, 2025
@denniskniep
fix(user,role,openid-client): No Default for Import property
c77d294 
Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>

Closes: keycloak#1053
@denniskniep denniskniep mentioned this issue Jan 3, 2025
Closed
denniskniep added a commit to denniskniep/terraform-provider-keycloak that referenced this issue Jan 3, 2025
@denniskniep
fix(user,role,openid-client): No Default for Import property
57b462b 
Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>

Closes: keycloak#1053
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@denniskniep @kherock