Closed bolyachevets closed 1 year ago
Thanks for the bug report, this will be fixed in the next release.
The fixed delivered here breaks the functionality for users interly. Assume you have the following keycloak_user data:
data "keycloak_user" "default_admin_user" {
realm_id = data.keycloak_realm.master_realm.id
username = "some-ad\my-user"
}
The username some\user
is how the user is actually stored in keycloak and what we are looking for the query ?username=some%5Cuser
(%5C
is the code for \
) . Translating this into a curl this should be the result:
curl -X GET 'http://your-keycloak-server/auth/admin/realms/your-realm/users?username=some%5Cuser' \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json"
With that fix you will always end up with some%5C%5Cuser
because the backslash is literally escaped. This breaks the user references entirely for any users having backslashes in their usernames.
Given a keycloak_user with a backslash in its name:
cannot construct a group membership that includes the above user:
Getting:
Error: user with username id\abc does not exist
It looks like the username returned does not have the escaping backslash as in the definition of keycloak_user resulting in the error