Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keycloak_realm_user_profile error sending PUT request #1052

Open
poumix opened this issue Jan 3, 2025 · 1 comment
Open

keycloak_realm_user_profile error sending PUT request #1052

poumix opened this issue Jan 3, 2025 · 1 comment

Comments

@poumix
Copy link

poumix commented Jan 3, 2025

Describe the bug

When attempting to add new user profile attributes using the keycloak_realm_user_profile resource in Terraform, the provider attempts to update or remove default attributes (username, email, etc.), which causes a 400 Bad Request error from Keycloak.

Error: error sending PUT request to /admin/realms/XXX/users/profile: 400 Bad Request. Response body: {"errorMessage":"[The attribute 'username' can not be removed, The attribute 'email' can not be removed]"}

Version

26.0.7 Keycloak & 4.5 terraform provider

Expected behavior

The provider should only add or update the attributes explicitly mentioned in the Terraform configuration, without attempting to modify or remove default attributes (username, email, etc.) that are pre-defined in Keycloak.

Actual behavior

The provider replaces the entire set of user profile attributes during a PUT operation, leading to a 400 error when default attributes are unintentionally removed.

How to Reproduce?

  1. Use a Keycloak instance with default user profile attributes (e.g., username, email, firstName, lastName).
  2. Define a keycloak_realm_user_profile resource in Terraform with additional attributes but without mentioning the default ones.
  3. Apply the Terraform configuration.
  4. Observe the 400 error.

resource "keycloak_realm" "realm" {
realm = "my-realm"

attributes = {
userProfileEnabled = true
}
}

resource "keycloak_realm_user_profile" "userprofile" {
realm_id = keycloak_realm.my_realm.id

attribute {
name = "field1"
display_name = "Field 1"
group = "group1"

enabled_when_scope = ["offline_access"]

required_for_roles  = ["user"]
required_for_scopes = ["offline_access"]

permissions {
  view = ["admin", "user"]
  edit = ["admin", "user"]
}

validator {
  name = "person-name-prohibited-characters"
}

validator {
  name   = "pattern"
  config = {
    pattern       = "^[a-z]+$"
    error-message = "Nope"
  }
}

annotations = {
  foo = "bar"
}

}

attribute {
name = "field2"

validator {
  name   = "options"
  config = {
    options = jsonencode ( [ "opt1" ])
  }
}

annotations = {
  foo = jsonencode ( {"key": "val" } )
}

}

group {
name = "group1"
display_header = "Group 1"
display_description = "A first group"

annotations = {
  foo = "bar"
  foo2 = jsonencode ( { "key": "val" } )
}

}

group {
name = "group2"
}
}

Anything else?

No response
@sschu
Copy link
Contributor

sschu commented Jan 3, 2025

@poumix This should already work in main. Can you try to build the provider locally to check?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sschu @poumix