search

keycloak / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
Apache License 2.0
648 stars 317 forks source link

Inconsistency in Group Sorting in keycloak_openid_client_group_policy Causes Random Drift in Terraform Provider #952

Closed marcportabellaclotet-mt closed 7 months ago

marcportabellaclotet-mt commented 7 months ago

When utilizing keycloak_openid_client_group_policy in Terraform and specifying multiple groups, the Terraform provider detects drift randomly. This issue stems from the lack of consistent group sorting in the API response from Keycloak. Please refer to the related issue for further context.

As a consequence, every Terraform plan execution results in a discrepancy between the Terraform state groups and those returned by the Keycloak API, leading to drift detection.

Could we potentially address this by implementing sorting for the groups returned by Keycloak, thus preventing Terraform from detecting drift?

To reproduce:


resource "keycloak_openid_client_group_policy" "group_policy" {

  realm_id           = keycloak_realm.realm.id
  resource_server_id = data.keycloak_openid_client.realm_management.id
  name               = "group_policy_sample"
  groups {
    id              = "3544ce6e-5dc1-498e-ba42-9ccb64a1b74d"
    path            = "/Membership managers/Infrastructure"
    extend_children = false
  }
  groups {
    id              = "20e378ce-d343-421d-a91e-6de52bebae19"
    path            = "/Membership managers/Data"
    extend_children = false
  }
``
marcportabellaclotet-mt commented 7 months ago

Closing the issue, as keycloak developers solved the sorting issue.