Add new attributes to the user wont work all the times, it works randomly

kasir-barati commented 1 year ago

Why I cannot add new attributes to the user with terraform? Something like this:

resource "keycloak_user_attribute" "favorite_quote" {
  name                                = "favorite_quote"
  display_name                        = "Favorite Quote"
  required                            = false
  multivalued                         = false
  attribute_type                      = "string"
  form_input_type                     = "text"
  user_attribute_protocol_mapper_name = "oidc-usermodel-attribute-mapper"
}

You can see all the terraform confs here

Any kind of suggestion would be great, especially if I can do it via Terraform automatically :joy:

kasir-barati commented 1 year ago

I found the answer but the problem is that it is not working all the times, I mean It worked first but now it does not. Even due I can see that terraform plan shows me that it will create the fields but as a matter of fact it does not for me, Here you can see part of my terraform code:

resource "keycloak_realm_user_profile" "you-say-user-profile" {
  realm_id = keycloak_realm.you-say-realm.id

  attribute {
    name               = "name"
    display_name       = "$${name}"
    required_for_roles = var.required-for-anyone
    permissions {
      view = var.permissions-for-anyone
      edit = var.permissions-for-anyone
    }
    validator {
      name   = "person-name-prohibited-characters"
      config = {}
    }
    validator {
      name = "length"
      config = {
        "min" : 2,
        "max" : 255
      }
    }
  }
}

For complete example: https://github.com/kasir-barati/you-say/blob/main/keycloak/user-profile.tf

It is really wired that it works randomly for me. I think it is not applied at all even due the plan says that

kasir-barati commented 1 year ago

Here is what I will receive when I execute terraform -chdir=keycloak state show keycloak_realm_user_profile.you-say-user-profile:

# keycloak_realm_user_profile.you-say-user-profile:
resource "keycloak_realm_user_profile" "you-say-user-profile" {
    id       = "you-say-realm"
    realm_id = "you-say-realm"

    attribute {
        annotations         = {}
        display_name        = "${firstName}"
        enabled_when_scope  = []
        name                = "firstName"
        required_for_roles  = [
            "admin",
            "user",
        ]
        required_for_scopes = []

        permissions {
            edit = [
                "admin",
                "user",
            ]
            view = [
                "admin",
                "user",
            ]
        }

        validator {
            config = {
                "max" = "255"
                "min" = "2"
            }
            name   = "length"
        }
        validator {
            config = {}
            name   = "person-name-prohibited-characters"
        }
    }
    attribute {
        annotations         = {}
        display_name        = "${lastName}"
        enabled_when_scope  = []
        name                = "lastName"
        required_for_roles  = [
            "admin",
            "user",
        ]
        required_for_scopes = []

        permissions {
            edit = [
                "admin",
                "user",
            ]
            view = [
                "admin",
                "user",
            ]
        }

        validator {
            config = {
                "max" = "255"
                "min" = "2"
            }
            name   = "length"
        }
        validator {
            config = {}
            name   = "person-name-prohibited-characters"
        }
    }
    attribute {
        annotations         = {}
        display_name        = "${occupation}"
        enabled_when_scope  = []
        name                = "occupation"
        required_for_roles  = [
            "admin",
            "user",
        ]
        required_for_scopes = []

        permissions {
            edit = [
                "admin",
                "user",
            ]
            view = [
                "admin",
                "user",
            ]
        }

        validator {
            config = {
                "error-message" = "Please use only characters and space between words, And do not start or end your occupation with white space"
                "pattern"       = "^[a-zA-Z0-9_][a-zA-Z0-9_ ]*[a-zA-Z0-9_]$"
            }
            name   = "pattern"
        }
    }
    attribute {
        annotations         = {}
        display_name        = "${location}"
        enabled_when_scope  = []
        name                = "location"
        required_for_roles  = [
            "admin",
            "user",
        ]
        required_for_scopes = []

        permissions {
            edit = [
                "admin",
                "user",
            ]
            view = [
                "admin",
                "user",
            ]
        }

        validator {
            config = {
                "error-message" = "Please enter a valid city name followed by the country name. e.x. Tokyo, Japan"
                "pattern"       = "^[a-zA-Z\u0080-ɏ]+(?:. |-| |')*([1-9a-zA-Z\u0080-ɏ]+(?:. |-| |'))*[a-zA-Z\u0080-ɏ]*$"
            }
            name   = "pattern"
        }
    }
}

But still nothing in the UI. I am really confused, is this your problem dear mrparkers/keycloak provider or it is because this feature is in preview mode or whatever.

kasir-barati commented 1 year ago

Discovery after discovery. Fantastic, Now it won't create roles as well. Is there anything wrong with my OS? It is almost impossible since I am using Docker.

Now when I ran terraform -chdir=keycloak state list in the terminal it prints:

keycloak_generic_role_mapper.you-say-role-mapper["admin"]
keycloak_generic_role_mapper.you-say-role-mapper["user"]
keycloak_openid_client.you-say-backend-client
keycloak_openid_client.you-say-frontend-client
keycloak_realm.you-say-realm
keycloak_realm_user_profile.you-say-user-profile
keycloak_role.you-say-backend-roles["admin"]
keycloak_role.you-say-backend-roles["user"]
keycloak_user.admin-user
keycloak_user.kasir-user
keycloak_user_roles.admin-roles
keycloak_user_roles.kasir-roles

Which means it think it applied the role creation resource successfully. Here is the plan output:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # keycloak_generic_role_mapper.you-say-role-mapper["admin"] will be created
  + resource "keycloak_generic_role_mapper" "you-say-role-mapper" {
      + client_id = (known after apply)
      + id        = (known after apply)
      + realm_id  = (known after apply)
      + role_id   = (known after apply)
    }

  # keycloak_generic_role_mapper.you-say-role-mapper["user"] will be created
  + resource "keycloak_generic_role_mapper" "you-say-role-mapper" {
      + client_id = (known after apply)
      + id        = (known after apply)
      + realm_id  = (known after apply)
      + role_id   = (known after apply)
    }

  # keycloak_openid_client.you-say-backend-client will be created
  + resource "keycloak_openid_client" "you-say-backend-client" {
      + access_token_lifespan                     = (known after apply)
      + access_type                               = "CONFIDENTIAL"
      + admin_url                                 = (known after apply)
      + backchannel_logout_session_required       = true
      + base_url                                  = (known after apply)
      + client_authenticator_type                 = "client-secret"
      + client_id                                 = "you-say-backend-client"
      + client_offline_session_idle_timeout       = (known after apply)
      + client_offline_session_max_lifespan       = (known after apply)
      + client_secret                             = (sensitive value)
      + client_session_idle_timeout               = (known after apply)
      + client_session_max_lifespan               = (known after apply)
      + consent_required                          = false
      + consent_screen_text                       = (known after apply)
      + description                               = (known after apply)
      + direct_access_grants_enabled              = (known after apply)
      + display_on_consent_screen                 = (known after apply)
      + enabled                                   = true
      + exclude_session_state_from_auth_response  = (known after apply)
      + frontchannel_logout_enabled               = (known after apply)
      + full_scope_allowed                        = false
      + id                                        = (known after apply)
      + implicit_flow_enabled                     = (known after apply)
      + import                                    = false
      + name                                      = "you-say backend client"
      + oauth2_device_authorization_grant_enabled = false
      + realm_id                                  = "you-say-realm"
      + resource_server_id                        = (known after apply)
      + root_url                                  = (known after apply)
      + service_account_user_id                   = (known after apply)
      + service_accounts_enabled                  = false
      + standard_flow_enabled                     = true
      + use_refresh_tokens                        = true
      + use_refresh_tokens_client_credentials     = false
      + valid_post_logout_redirect_uris           = (known after apply)
      + valid_redirect_uris                       = [
          + "*",
        ]
      + web_origins                               = [
          + "*",
        ]
    }

  # keycloak_openid_client.you-say-frontend-client will be created
  + resource "keycloak_openid_client" "you-say-frontend-client" {
      + access_token_lifespan                     = (known after apply)
      + access_type                               = "PUBLIC"
      + admin_url                                 = (known after apply)
      + backchannel_logout_session_required       = true
      + base_url                                  = (known after apply)
      + client_authenticator_type                 = "client-secret"
      + client_id                                 = "you-say-frontend-client"
      + client_offline_session_idle_timeout       = (known after apply)
      + client_offline_session_max_lifespan       = (known after apply)
      + client_secret                             = (sensitive value)
      + client_session_idle_timeout               = (known after apply)
      + client_session_max_lifespan               = (known after apply)
      + consent_required                          = (known after apply)
      + consent_screen_text                       = (known after apply)
      + description                               = (known after apply)
      + direct_access_grants_enabled              = (known after apply)
      + display_on_consent_screen                 = (known after apply)
      + enabled                                   = true
      + exclude_session_state_from_auth_response  = (known after apply)
      + frontchannel_logout_enabled               = (known after apply)
      + full_scope_allowed                        = true
      + id                                        = (known after apply)
      + implicit_flow_enabled                     = (known after apply)
      + import                                    = false
      + name                                      = "you-say frontend client"
      + oauth2_device_authorization_grant_enabled = false
      + realm_id                                  = (known after apply)
      + resource_server_id                        = (known after apply)
      + root_url                                  = (known after apply)
      + service_account_user_id                   = (known after apply)
      + service_accounts_enabled                  = (known after apply)
      + standard_flow_enabled                     = true
      + use_refresh_tokens                        = true
      + use_refresh_tokens_client_credentials     = false
      + valid_post_logout_redirect_uris           = [
          + "*",
        ]
      + valid_redirect_uris                       = [
          + "*",
        ]
      + web_origins                               = [
          + "*",
        ]
    }

  # keycloak_realm.you-say-realm will be created
  + resource "keycloak_realm" "you-say-realm" {
      + access_code_lifespan                     = (known after apply)
      + access_code_lifespan_login               = (known after apply)
      + access_code_lifespan_user_action         = (known after apply)
      + access_token_lifespan                    = "13m"
      + access_token_lifespan_for_implicit_flow  = "7m"
      + account_theme                            = "you-say-keycloakify-theme"
      + action_token_generated_by_admin_lifespan = (known after apply)
      + action_token_generated_by_user_lifespan  = (known after apply)
      + attributes                               = {
          + "userProfileEnabled" = "true"
        }
      + browser_flow                             = (known after apply)
      + client_authentication_flow               = (known after apply)
      + client_session_idle_timeout              = (known after apply)
      + client_session_max_lifespan              = (known after apply)
      + direct_grant_flow                        = (known after apply)
      + display_name                             = "You-Say app"
      + display_name_html                        = "you-say"
      + docker_authentication_flow               = (known after apply)
      + duplicate_emails_allowed                 = (known after apply)
      + edit_username_allowed                    = (known after apply)
      + enabled                                  = true
      + id                                       = (known after apply)
      + internal_id                              = (known after apply)
      + login_theme                              = "you-say-keycloakify-theme"
      + login_with_email_allowed                 = true
      + oauth2_device_code_lifespan              = (known after apply)
      + oauth2_device_polling_interval           = (known after apply)
      + offline_session_idle_timeout             = (known after apply)
      + offline_session_max_lifespan             = (known after apply)
      + offline_session_max_lifespan_enabled     = false
      + password_policy                          = "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername"
      + realm                                    = "you-say-realm"
      + refresh_token_max_reuse                  = 0
      + registration_allowed                     = true
      + registration_email_as_username           = true
      + registration_flow                        = (known after apply)
      + remember_me                              = true
      + reset_credentials_flow                   = (known after apply)
      + reset_password_allowed                   = (known after apply)
      + revoke_refresh_token                     = false
      + ssl_required                             = "external"
      + sso_session_idle_timeout                 = "13h"
      + sso_session_idle_timeout_remember_me     = (known after apply)
      + sso_session_max_lifespan                 = "13h"
      + sso_session_max_lifespan_remember_me     = (known after apply)
      + user_managed_access                      = false
      + verify_email                             = (known after apply)

      + security_defenses {
          + brute_force_detection {
              + failure_reset_time_seconds       = 300
              + max_failure_wait_seconds         = 1800
              + max_login_failures               = 5
              + minimum_quick_login_wait_seconds = 60
              + permanent_lockout                = true
              + quick_login_check_milli_seconds  = 1000
              + wait_increment_seconds           = 60
            }
        }
    }

  # keycloak_realm_user_profile.you-say-user-profile will be created
  + resource "keycloak_realm_user_profile" "you-say-user-profile" {
      + id       = (known after apply)
      + realm_id = (known after apply)

      + attribute {
          + display_name       = "${firstName}"
          + name               = "firstName"
          + required_for_roles = [
              + "admin",
              + "user",
            ]

          + permissions {
              + edit = [
                  + "admin",
                  + "user",
                ]
              + view = [
                  + "admin",
                  + "user",
                ]
            }

          + validator {
              + config = {
                  + "max" = "255"
                  + "min" = "2"
                }
              + name   = "length"
            }
          + validator {
              + name = "person-name-prohibited-characters"
            }
        }
      + attribute {
          + display_name       = "${lastName}"
          + name               = "lastName"
          + required_for_roles = [
              + "admin",
              + "user",
            ]

          + permissions {
              + edit = [
                  + "admin",
                  + "user",
                ]
              + view = [
                  + "admin",
                  + "user",
                ]
            }

          + validator {
              + config = {
                  + "max" = "255"
                  + "min" = "2"
                }
              + name   = "length"
            }
          + validator {
              + name = "person-name-prohibited-characters"
            }
        }
      + attribute {
          + display_name       = "${occupation}"
          + name               = "occupation"
          + required_for_roles = [
              + "admin",
              + "user",
            ]

          + permissions {
              + edit = [
                  + "admin",
                  + "user",
                ]
              + view = [
                  + "admin",
                  + "user",
                ]
            }

          + validator {
              + config = {
                  + "error-message" = "Please use only characters and space between words, And do not start or end your occupation with white space"
                  + "pattern"       = "^[a-zA-Z0-9_][a-zA-Z0-9_ ]*[a-zA-Z0-9_]$"
                }
              + name   = "pattern"
            }
        }
      + attribute {
          + display_name       = "${location}"
          + name               = "location"
          + required_for_roles = [
              + "admin",
              + "user",
            ]

          + permissions {
              + edit = [
                  + "admin",
                  + "user",
                ]
              + view = [
                  + "admin",
                  + "user",
                ]
            }

          + validator {
              + config = {
                  + "error-message" = "Please enter a valid city name followed by the country name. e.x. Tokyo, Japan"
                  + "pattern"       = "^[a-zA-Z\u0080-ɏ]+(?:. |-| |')*([1-9a-zA-Z\u0080-ɏ]+(?:. |-| |'))*[a-zA-Z\u0080-ɏ]*$"
                }
              + name   = "pattern"
            }
        }
    }

  # keycloak_role.you-say-backend-roles["admin"] will be created
  + resource "keycloak_role" "you-say-backend-roles" {
      + client_id = (known after apply)
      + id        = (known after apply)
      + name      = "admin"
      + realm_id  = "you-say-realm"
    }

  # keycloak_role.you-say-backend-roles["user"] will be created
  + resource "keycloak_role" "you-say-backend-roles" {
      + client_id = (known after apply)
      + id        = (known after apply)
      + name      = "user"
      + realm_id  = "you-say-realm"
    }

  # keycloak_user.admin-user will be created
  + resource "keycloak_user" "admin-user" {
      + email          = "admin@admin.com"
      + email_verified = false
      + enabled        = true
      + first_name     = "Admin"
      + id             = (known after apply)
      + last_name      = "Admini"
      + realm_id       = (known after apply)
      + username       = "admin"

      + initial_password {
          + temporary = false
          + value     = (sensitive value)
        }
    }

  # keycloak_user.kasir-user will be created
  + resource "keycloak_user" "kasir-user" {
      + email          = "kasir.barati@gmail.com"
      + email_verified = false
      + enabled        = true
      + first_name     = "Kasir"
      + id             = (known after apply)
      + last_name      = "Barati"
      + realm_id       = (known after apply)
      + username       = "kasir"

      + initial_password {
          + temporary = false
          + value     = (sensitive value)
        }
    }

  # keycloak_user_roles.admin-roles will be created
  + resource "keycloak_user_roles" "admin-roles" {
      + exhaustive = true
      + id         = (known after apply)
      + realm_id   = (known after apply)
      + role_ids   = (known after apply)
      + user_id    = (known after apply)
    }

  # keycloak_user_roles.kasir-roles will be created
  + resource "keycloak_user_roles" "kasir-roles" {
      + exhaustive = true
      + id         = (known after apply)
      + realm_id   = (known after apply)
      + role_ids   = (known after apply)
      + user_id    = (known after apply)
    }

Plan: 12 to add, 0 to change, 0 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.

And here is the result of apply:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # keycloak_generic_role_mapper.you-say-role-mapper["admin"] will be created
  + resource "keycloak_generic_role_mapper" "you-say-role-mapper" {
      + client_id = (known after apply)
      + id        = (known after apply)
      + realm_id  = (known after apply)
      + role_id   = (known after apply)
    }

  # keycloak_generic_role_mapper.you-say-role-mapper["user"] will be created
  + resource "keycloak_generic_role_mapper" "you-say-role-mapper" {
      + client_id = (known after apply)
      + id        = (known after apply)
      + realm_id  = (known after apply)
      + role_id   = (known after apply)
    }

  # keycloak_openid_client.you-say-backend-client will be created
  + resource "keycloak_openid_client" "you-say-backend-client" {
      + access_token_lifespan                     = (known after apply)
      + access_type                               = "CONFIDENTIAL"
      + admin_url                                 = (known after apply)
      + backchannel_logout_session_required       = true
      + base_url                                  = (known after apply)
      + client_authenticator_type                 = "client-secret"
      + client_id                                 = "you-say-backend-client"
      + client_offline_session_idle_timeout       = (known after apply)
      + client_offline_session_max_lifespan       = (known after apply)
      + client_secret                             = (sensitive value)
      + client_session_idle_timeout               = (known after apply)
      + client_session_max_lifespan               = (known after apply)
      + consent_required                          = false
      + consent_screen_text                       = (known after apply)
      + description                               = (known after apply)
      + direct_access_grants_enabled              = (known after apply)
      + display_on_consent_screen                 = (known after apply)
      + enabled                                   = true
      + exclude_session_state_from_auth_response  = (known after apply)
      + frontchannel_logout_enabled               = (known after apply)
      + full_scope_allowed                        = false
      + id                                        = (known after apply)
      + implicit_flow_enabled                     = (known after apply)
      + import                                    = false
      + name                                      = "you-say backend client"
      + oauth2_device_authorization_grant_enabled = false
      + realm_id                                  = "you-say-realm"
      + resource_server_id                        = (known after apply)
      + root_url                                  = (known after apply)
      + service_account_user_id                   = (known after apply)
      + service_accounts_enabled                  = false
      + standard_flow_enabled                     = true
      + use_refresh_tokens                        = true
      + use_refresh_tokens_client_credentials     = false
      + valid_post_logout_redirect_uris           = (known after apply)
      + valid_redirect_uris                       = [
          + "*",
        ]
      + web_origins                               = [
          + "*",
        ]
    }

  # keycloak_openid_client.you-say-frontend-client will be created
  + resource "keycloak_openid_client" "you-say-frontend-client" {
      + access_token_lifespan                     = (known after apply)
      + access_type                               = "PUBLIC"
      + admin_url                                 = (known after apply)
      + backchannel_logout_session_required       = true
      + base_url                                  = (known after apply)
      + client_authenticator_type                 = "client-secret"
      + client_id                                 = "you-say-frontend-client"
      + client_offline_session_idle_timeout       = (known after apply)
      + client_offline_session_max_lifespan       = (known after apply)
      + client_secret                             = (sensitive value)
      + client_session_idle_timeout               = (known after apply)
      + client_session_max_lifespan               = (known after apply)
      + consent_required                          = (known after apply)
      + consent_screen_text                       = (known after apply)
      + description                               = (known after apply)
      + direct_access_grants_enabled              = (known after apply)
      + display_on_consent_screen                 = (known after apply)
      + enabled                                   = true
      + exclude_session_state_from_auth_response  = (known after apply)
      + frontchannel_logout_enabled               = (known after apply)
      + full_scope_allowed                        = true
      + id                                        = (known after apply)
      + implicit_flow_enabled                     = (known after apply)
      + import                                    = false
      + name                                      = "you-say frontend client"
      + oauth2_device_authorization_grant_enabled = false
      + realm_id                                  = (known after apply)
      + resource_server_id                        = (known after apply)
      + root_url                                  = (known after apply)
      + service_account_user_id                   = (known after apply)
      + service_accounts_enabled                  = (known after apply)
      + standard_flow_enabled                     = true
      + use_refresh_tokens                        = true
      + use_refresh_tokens_client_credentials     = false
      + valid_post_logout_redirect_uris           = [
          + "*",
        ]
      + valid_redirect_uris                       = [
          + "*",
        ]
      + web_origins                               = [
          + "*",
        ]
    }

  # keycloak_realm.you-say-realm will be created
  + resource "keycloak_realm" "you-say-realm" {
      + access_code_lifespan                     = (known after apply)
      + access_code_lifespan_login               = (known after apply)
      + access_code_lifespan_user_action         = (known after apply)
      + access_token_lifespan                    = "13m"
      + access_token_lifespan_for_implicit_flow  = "7m"
      + account_theme                            = "you-say-keycloakify-theme"
      + action_token_generated_by_admin_lifespan = (known after apply)
      + action_token_generated_by_user_lifespan  = (known after apply)
      + attributes                               = {
          + "userProfileEnabled" = "true"
        }
      + browser_flow                             = (known after apply)
      + client_authentication_flow               = (known after apply)
      + client_session_idle_timeout              = (known after apply)
      + client_session_max_lifespan              = (known after apply)
      + direct_grant_flow                        = (known after apply)
      + display_name                             = "You-Say app"
      + display_name_html                        = "you-say"
      + docker_authentication_flow               = (known after apply)
      + duplicate_emails_allowed                 = (known after apply)
      + edit_username_allowed                    = (known after apply)
      + enabled                                  = true
      + id                                       = (known after apply)
      + internal_id                              = (known after apply)
      + login_theme                              = "you-say-keycloakify-theme"
      + login_with_email_allowed                 = true
      + oauth2_device_code_lifespan              = (known after apply)
      + oauth2_device_polling_interval           = (known after apply)
      + offline_session_idle_timeout             = (known after apply)
      + offline_session_max_lifespan             = (known after apply)
      + offline_session_max_lifespan_enabled     = false
      + password_policy                          = "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername"
      + realm                                    = "you-say-realm"
      + refresh_token_max_reuse                  = 0
      + registration_allowed                     = true
      + registration_email_as_username           = true
      + registration_flow                        = (known after apply)
      + remember_me                              = true
      + reset_credentials_flow                   = (known after apply)
      + reset_password_allowed                   = (known after apply)
      + revoke_refresh_token                     = false
      + ssl_required                             = "external"
      + sso_session_idle_timeout                 = "13h"
      + sso_session_idle_timeout_remember_me     = (known after apply)
      + sso_session_max_lifespan                 = "13h"
      + sso_session_max_lifespan_remember_me     = (known after apply)
      + user_managed_access                      = false
      + verify_email                             = (known after apply)

      + security_defenses {
          + brute_force_detection {
              + failure_reset_time_seconds       = 300
              + max_failure_wait_seconds         = 1800
              + max_login_failures               = 5
              + minimum_quick_login_wait_seconds = 60
              + permanent_lockout                = true
              + quick_login_check_milli_seconds  = 1000
              + wait_increment_seconds           = 60
            }
        }
    }

  # keycloak_realm_user_profile.you-say-user-profile will be created
  + resource "keycloak_realm_user_profile" "you-say-user-profile" {
      + id       = (known after apply)
      + realm_id = (known after apply)

      + attribute {
          + display_name       = "${firstName}"
          + name               = "firstName"
          + required_for_roles = [
              + "admin",
              + "user",
            ]

          + permissions {
              + edit = [
                  + "admin",
                  + "user",
                ]
              + view = [
                  + "admin",
                  + "user",
                ]
            }

          + validator {
              + config = {
                  + "max" = "255"
                  + "min" = "2"
                }
              + name   = "length"
            }
          + validator {
              + name = "person-name-prohibited-characters"
            }
        }
      + attribute {
          + display_name       = "${lastName}"
          + name               = "lastName"
          + required_for_roles = [
              + "admin",
              + "user",
            ]

          + permissions {
              + edit = [
                  + "admin",
                  + "user",
                ]
              + view = [
                  + "admin",
                  + "user",
                ]
            }

          + validator {
              + config = {
                  + "max" = "255"
                  + "min" = "2"
                }
              + name   = "length"
            }
          + validator {
              + name = "person-name-prohibited-characters"
            }
        }
      + attribute {
          + display_name       = "${occupation}"
          + name               = "occupation"
          + required_for_roles = [
              + "admin",
              + "user",
            ]

          + permissions {
              + edit = [
                  + "admin",
                  + "user",
                ]
              + view = [
                  + "admin",
                  + "user",
                ]
            }

          + validator {
              + config = {
                  + "error-message" = "Please use only characters and space between words, And do not start or end your occupation with white space"
                  + "pattern"       = "^[a-zA-Z0-9_][a-zA-Z0-9_ ]*[a-zA-Z0-9_]$"
                }
              + name   = "pattern"
            }
        }
      + attribute {
          + display_name       = "${location}"
          + name               = "location"
          + required_for_roles = [
              + "admin",
              + "user",
            ]

          + permissions {
              + edit = [
                  + "admin",
                  + "user",
                ]
              + view = [
                  + "admin",
                  + "user",
                ]
            }

          + validator {
              + config = {
                  + "error-message" = "Please enter a valid city name followed by the country name. e.x. Tokyo, Japan"
                  + "pattern"       = "^[a-zA-Z\u0080-ɏ]+(?:. |-| |')*([1-9a-zA-Z\u0080-ɏ]+(?:. |-| |'))*[a-zA-Z\u0080-ɏ]*$"
                }
              + name   = "pattern"
            }
        }
    }

  # keycloak_role.you-say-backend-roles["admin"] will be created
  + resource "keycloak_role" "you-say-backend-roles" {
      + client_id = (known after apply)
      + id        = (known after apply)
      + name      = "admin"
      + realm_id  = "you-say-realm"
    }

  # keycloak_role.you-say-backend-roles["user"] will be created
  + resource "keycloak_role" "you-say-backend-roles" {
      + client_id = (known after apply)
      + id        = (known after apply)
      + name      = "user"
      + realm_id  = "you-say-realm"
    }

  # keycloak_user.admin-user will be created
  + resource "keycloak_user" "admin-user" {
      + email          = "admin@admin.com"
      + email_verified = false
      + enabled        = true
      + first_name     = "Admin"
      + id             = (known after apply)
      + last_name      = "Admini"
      + realm_id       = (known after apply)
      + username       = "admin"

      + initial_password {
          + temporary = false
          + value     = (sensitive value)
        }
    }

  # keycloak_user.kasir-user will be created
  + resource "keycloak_user" "kasir-user" {
      + email          = "kasir.barati@gmail.com"
      + email_verified = false
      + enabled        = true
      + first_name     = "Kasir"
      + id             = (known after apply)
      + last_name      = "Barati"
      + realm_id       = (known after apply)
      + username       = "kasir"

      + initial_password {
          + temporary = false
          + value     = (sensitive value)
        }
    }

  # keycloak_user_roles.admin-roles will be created
  + resource "keycloak_user_roles" "admin-roles" {
      + exhaustive = true
      + id         = (known after apply)
      + realm_id   = (known after apply)
      + role_ids   = (known after apply)
      + user_id    = (known after apply)
    }

  # keycloak_user_roles.kasir-roles will be created
  + resource "keycloak_user_roles" "kasir-roles" {
      + exhaustive = true
      + id         = (known after apply)
      + realm_id   = (known after apply)
      + role_ids   = (known after apply)
      + user_id    = (known after apply)
    }

Plan: 12 to add, 0 to change, 0 to destroy.
keycloak_realm.you-say-realm: Creating...
keycloak_realm.you-say-realm: Creation complete after 2s [id=you-say-realm]
keycloak_user.kasir-user: Creating...
keycloak_user.admin-user: Creating...
keycloak_openid_client.you-say-frontend-client: Creating...
keycloak_openid_client.you-say-backend-client: Creating...
keycloak_realm_user_profile.you-say-user-profile: Creating...
keycloak_realm_user_profile.you-say-user-profile: Creation complete after 0s [id=you-say-realm]
keycloak_openid_client.you-say-frontend-client: Creation complete after 1s [id=8ee54295-b47d-4e56-97b3-f80e51792ca0]
keycloak_openid_client.you-say-backend-client: Creation complete after 1s [id=f6a5cd97-3f10-49ba-9765-a9f6e6711e98]
keycloak_role.you-say-backend-roles["admin"]: Creating...
keycloak_role.you-say-backend-roles["user"]: Creating...
keycloak_user.admin-user: Creation complete after 1s [id=7687740a-9b71-497b-a2b1-7fb89eaef527]
keycloak_user.kasir-user: Creation complete after 1s [id=d947ca0d-2d04-4af9-8731-3f517b6d8862]
keycloak_role.you-say-backend-roles["user"]: Creation complete after 0s [id=a2f7d1f4-5e3a-4403-b1b8-a3cf84aa9896]
keycloak_role.you-say-backend-roles["admin"]: Creation complete after 0s [id=c583757a-5cf1-43c3-aff1-77151f08f2f3]
keycloak_user_roles.kasir-roles: Creating...
keycloak_user_roles.admin-roles: Creating...
keycloak_generic_role_mapper.you-say-role-mapper["user"]: Creating...
keycloak_generic_role_mapper.you-say-role-mapper["admin"]: Creating...
keycloak_generic_role_mapper.you-say-role-mapper["user"]: Creation complete after 0s [id=you-say-realm/client/8ee54295-b47d-4e56-97b3-f80e51792ca0/scope-mappings/f6a5cd97-3f10-49ba-9765-a9f6e6711e98/a2f7d1f4-5e3a-4403-b1b8-a3cf84aa9896]
keycloak_generic_role_mapper.you-say-role-mapper["admin"]: Creation complete after 0s [id=you-say-realm/client/8ee54295-b47d-4e56-97b3-f80e51792ca0/scope-mappings/f6a5cd97-3f10-49ba-9765-a9f6e6711e98/c583757a-5cf1-43c3-aff1-77151f08f2f3]
keycloak_user_roles.kasir-roles: Creation complete after 0s [id=you-say-realm/d947ca0d-2d04-4af9-8731-3f517b6d8862]
keycloak_user_roles.admin-roles: Creation complete after 0s [id=you-say-realm/7687740a-9b71-497b-a2b1-7fb89eaef527]

Apply complete! Resources: 12 added, 0 changed, 0 destroyed.

kasir-barati commented 1 year ago

I just accidentally closed the issue, Is there anyone here :sweat_smile:? I mean I opened this issue a week ago and nobody even comment on it. I just feel kinda alone, chatting with myself :joy:. BTW I am gonna try other keycloak versions just in case that it is not related to this provider.

kasir-barati commented 1 year ago

I tried now on two different version:

But no luck, roles are not listed in the "Realm Roles" tab, but this time amazingly when I upgrade the image version it created the user profile attributes :clap:

What's going on underneath? IDK :confused:

mrparkers / terraform-provider-keycloak

Add new attributes to the user wont work all the times, it works randomly #831