search

keycloak / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
Apache License 2.0
648 stars 317 forks source link

Unstable state for keycloak_user attributes (null field) #968

Open guyguy333 opened 5 months ago

guyguy333 commented 5 months ago

Hello,

An attempt to import an existing keycloak_user has been done. However, we ended with a diff on attributes, field we don't use. Plan resulted in something like that:

# keycloak_user. user will be updated in-place
  ~ resource "keycloak_user" "user" {
      ~ attributes       = {
          - "avatarUrl"         = "" -> null
          - "company"           = "" -> null
          - "dateFormat"        = "" -> null
          - "dateTimeFormat"    = "" -> null
          - "decimalSeparator"  = "" -> null
          - "department"        = "" -> null
          - "jobTitle"          = "" -> null
          - "language"          = "" -> null
          - "thousandSeparator" = "" -> null
          - "timezone"          = "" -> null
        }
        id               = "xxxxxxxxxxxxx"
        # (8 unchanged attributes hidden)
    }

Ressource code:

resource "keycloak_user" "user" {
  realm_id         = keycloak_realm.site.id
  username         = "user"
  email            = "user@example.com"
  enabled          = true
  first_name       = "user"
  last_name        = "user"
  required_actions = ["UPDATE_PASSWORD"]

  lifecycle {
    ignore_changes = [
      email_verified,
      required_actions,
      attributes # Fix unstable state
    ]
  }
}

Even with an apply, diff remains.

Temporary fix: Fortunately, we don't use attributes field in our resource. So we "fixed" the issue using a lifecycle ignore changes on attribute field waiting for a proper fix.