Error sending delete request to admin realm

[PiyushRaj02]

Keycloak Version - 20.0.3 Keycloak Provider Version - 4.2.0

module.keycloak.keycloak_authentication_flow.reset_credentials_otp_required will be destroyed

• resource "keycloak_authentication_flow" "reset_credentials_otp_required" {

  • alias = "reset-credentials-otp-required" -> null
  • id = "96763815-8b93-4706-9dc7-fc57539483fc" -> null
  • provider_id = "basic-flow" -> null
  • realm_id = "987730" -> null }

  module.keycloak.keycloak_realm.tenant-realm will be destroyed

• resource "keycloak_realm" "tenant-realm" {

    - attestation_conveyance_preference = "not specified" -> null
    - authenticator_attachment          = "not specified" -> null
    - avoid_same_authenticator_register = false -> null
    - create_timeout                    = 0 -> null
    - relying_party_entity_name         = "keycloak" -> null
    - require_resident_key              = "not specified" -> null
    - signature_algorithms              = [
        - "ES256",
      ] -> null
    - user_verification_requirement     = "not specified" -> null
  }

  }

Plan: 0 to add, 0 to change, 2 to destroy. module.keycloak.keycloak_authentication_flow.reset_credentials_otp_required: Destroying... [id=96763815-8b93-4706-9dc7-fc57539483fc]

Error: error sending DELETE request to /admin/realms/987730/authentication/flows/96763815-8b93-4706-9dc7-fc57539483fc: 500 Internal Server Error. Response body: {"error":"unknown_error"}

[jerryguowei]

We have same issues. Generally we have the same keycloak_authentication_flow :reset_credentials_otp_required.

Keycloak Version - 20.0.3 Keycloak Provider Version - 4.2.0

resource "keycloak_authentication_flow" "reset_credentials_otp_required" {
  realm_id = keycloak_realm.tenant-realm.id
  alias    = "reset-credentials-otp-required"
}

and the bindings:

resource "keycloak_authentication_bindings" "browser_authentication_binding" {
  depends_on = [
    keycloak_authentication_flow.reset_credentials_otp_required
  ]
  realm_id               = keycloak_realm.tenant-realm.id
  reset_credentials_flow = keycloak_authentication_flow.reset_credentials_otp_required.alias
}

We have set the depends_on correctly, but it seems the keycloak terrafrom doesn't remove the bindings before remove keycloak_authentication_flow.

That's why we see the error message in log:

Uncaught server error: org.keycloak.models.ModelException: Cannot remove authentication flow, it is currently in use

[PiyushRaj02]

Do we have any update on this issue?

[PiyushRaj02]

Is anyone looking into this issue?