search

keycloak / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
Apache License 2.0
648 stars 317 forks source link

Issue with keycloak_openid_user_client_role_protocol_mapper resource #1016

Open BenjaminDecreusefond opened 3 days ago

BenjaminDecreusefond commented 3 days ago

Describe the bug

Hi !

I've been trying to manage roles with this resource by setting it as follow

resource "keycloak_openid_user_client_role_protocol_mapper" "client_roles_as_groups_mapper" {
  realm_id                    = data.keycloak_realm.accounts.id
  client_id                   = keycloak_openid_client.client.id
  client_id_for_role_mappings = keycloak_openid_client.client.id
  name                        = "client-roles-as-groups-mapper"
  claim_name                  = "groups"
  add_to_id_token             = true
  add_to_access_token         = true
  add_to_userinfo             = true
}

(don't pay attention to the claim name it is intended)

The issue is that the parameter client_id_for_role_mappings as its name would suggest and as the documentation would suggest is expecting an ID. Or after investigation in the UI it turns out that it is actually expecting a the Name of the keycloak client and does not return any errors when I set the id as a value.

In that effect, I think the documentation is very misleading and that the keycloak provider should throw an error when an ID is set ?

Kind regards ! Benjamin

Version

4.4.0

Expected behavior

Should create the resource properly and throw error when the wrong value is given :)

Actual behavior

Act as if the resource was properly deployed.

How to Reproduce?

No response

Anything else?

No response