backslash in keycloak_user's username

[bolyachevets]

Given a keycloak_user with a backslash in its name:

resource "keycloak_user" "id_abc" {
        realm_id = data.keycloak_realm.my-realm.id
        username = "id\\abc"
        enabled = true
        first_name = "A"
        last_name = "BC"
    }

cannot construct a group membership that includes the above user:

resource "keycloak_group_memberships" "argocdadmins_group_members" {
        realm_id = data.keycloak_realm.my-realm.id
        group_id = keycloak_group.admin.id
         members  = [
                       keycloak_user.id_abc.username,
        ]
    }

Getting:

Error: user with username id\abc does not exist

It looks like the username returned does not have the escaping backslash as in the definition of keycloak_user resulting in the error

[mrparkers]

Thanks for the bug report, this will be fixed in the next release.

[oliverbaehler]

The fixed delivered here breaks the functionality for users interly. Assume you have the following keycloak_user data:

data "keycloak_user" "default_admin_user" {
  realm_id = data.keycloak_realm.master_realm.id
  username = "some-ad\my-user"
}

The username some\user is how the user is actually stored in keycloak and what we are looking for the query ?username=some%5Cuser (%5C is the code for \) . Translating this into a curl this should be the result:

curl -X GET 'http://your-keycloak-server/auth/admin/realms/your-realm/users?username=some%5Cuser' \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json"

With that fix you will always end up with some%5C%5Cuser because the backslash is literally escaped. This breaks the user references entirely for any users having backslashes in their usernames.