Set manually realm ID

[jitbasemartin]

Hi !

I would like to set manually the realm ID, like:

resource "keycloak_realm" "realm_1" {
  id                = "b2c07820-16de-4350-94d6-54d9f0796d2b"
  realm             = "realm-1"
  enabled           = true
  ...
}

But I got

| Error: Invalid or unknown key
│ 
│   with keycloak_realm.realm_1,
│   on main.tf line 37, in resource "keycloak_realm" "realm_1":
│   37:   id                = "b2c07820-16de-4350-94d6-54d9f0796d2b"

Is it possible to do that ?

Thanks

[cpesch]

Hi @jitbasemartin,

I'd like to achieve the same. Did you find a solution?

[jitbasemartin]

Unfortunately I didn’t found any workaround I use the realm ID with - and I manage it in my app

[cpesch]

Actually, in Keycloak 15 the Keycloak API accepts an ID that is passed. Just the terraform plugin insists on

Error: Invalid or unknown key

[cpesch]

@mrparkers Hi Michael, I've tested that the Keycloak API accepts the ID that is passed. About three years ago, Keycloaks ID of the realm was introduced as internal_id and I wanted to ask if this could be changed so that the ID may be optionally set like suggested by @jitbasemartin ?

[dmeyerholt]

Hi, as I was involved in that original PR I'm willing to take a look at that. Originally the "internal_id" attribute was introduced in order to account for realms created outside the tf provider or admin-ui created realms eg by admin rest api. Then a randomized technical id would be generated by keycloak which lead to clashes when handling eg tf-provider managed user federation providers relying on that technical id instead of the realm's name. The "id"-attribute itself is just used by the tf-provider itself to manage references afaik so the way to go would be to support setting the internal_id attribute when creating a new realm. While importing existing realms, the "internal_id" could always be referenced for resources needing it. To be sure: what exact use cases to you want to cover here @jitbasemartin @cpesch ?

[cpesch]

Hi @jitbasemartin, I'm in to process of setting up a bunch of Keycloak clusters for a 4 digit number of realms – all setup and provisioned by terraform from a central configuration database. And I want to allow the usage of all realm names that are currently not used on any of the clusters. Due to Keycloaks "feature" to use the realm names for the ID, I'd additionally need to deny the usage of all realm names that were used at creation time and I'd like to avoid that.

Since I'm distributing the creation of new realms via events to downstream systems, I cannot create the realms with a UUID as their name and then switch to the desired name since that would produce two events. So I'd like to create a UUID in the configuration database and use it in the keycloak_realm resource and in the create/update/delete events for the downstream.

Does this sound reasonable?

[cpesch]

Hi @dmeyerholt, did you find time to take a look at the "set external ID for realm creation" issue?