search

mrparkers / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
MIT License
607 stars 295 forks source link

Cannot specify the values for the user profile when `userProfileEnabled = true` #835

Open kasir-barati opened 1 year ago

kasir-barati commented 1 year ago

Hi dear reader

I like to have my custom user profile attributes and I can do it thanks to this lovely provider with this terraform scripts:

variable "backend-roles" {
  type    = list(string)
  default = ["admin", "user"]
}

variable "required-for-anyone" {
  type    = list(string)
  default = ["admin", "user"]
}

variable "permissions-for-anyone" {
  type    = list(string)
  default = ["admin", "user"]
}

provider "keycloak" {
  client_id = "admin-cli"
  url       = "http://localhost:8080/"
  username  = "admin"
  password  = "admin"
}

terraform {
  required_version = ">= 1.4, <= 1.4.2"

  required_providers {
    keycloak = {
      source  = "mrparkers/keycloak"
      version = "4.2.0"
    }
  }
}

resource "keycloak_realm" "you-say-realm" {
  realm             = "you-say-realm"
  display_name      = "You-Say app"
  display_name_html = "you-say"
  enabled           = true

  registration_allowed           = true
  registration_email_as_username = true
  password_policy                = "length(20) and forceExpiredPasswordChange(365) and notUsername"
  attributes = {
    userProfileEnabled = true
  }
}

resource "keycloak_realm_user_profile" "you-say-user-profile" {
  realm_id = keycloak_realm.you-say-realm.id

  attribute {
    name               = "email"
    display_name       = "$${email}"
    required_for_roles = var.required-for-anyone
    permissions {
      view = var.permissions-for-anyone
      edit = var.permissions-for-anyone
    }
    validator {
      name   = "email"
      config = {}
    }
    validator {
      name = "length"
      config = {
        "min" : 4
        "max" : 320
        "trim-disabled" : false
      }
    }
  }

  attribute {
    name               = "password"
    display_name       = "$${password}"
    required_for_roles = var.required-for-anyone
    permissions {
      view = var.permissions-for-anyone
      edit = var.permissions-for-anyone
    }
    validator {
      name = "length"
      config = {
        "min" : 20
        "trim-disabled" : false
      }
    }
  }

  attribute {
    name               = "firstName"
    display_name       = "$${firstName}"
    required_for_roles = var.required-for-anyone
    permissions {
      view = var.permissions-for-anyone
      edit = var.permissions-for-anyone
    }
    validator {
      name   = "person-name-prohibited-characters"
      config = {}
    }
    validator {
      name = "length"
      config = {
        "min" : 2,
        "max" : 255
        "trim-disabled" : false
      }
    }
  }

  attribute {
    name               = "lastName"
    display_name       = "$${lastName}"
    required_for_roles = var.required-for-anyone
    permissions {
      view = var.permissions-for-anyone
      edit = var.permissions-for-anyone
    }
    validator {
      name   = "person-name-prohibited-characters"
      config = {}
    }
    validator {
      name = "length"
      config = {
        "min" : 2,
        "max" : 255
        "trim-disabled" : false
      }
    }
  }

  attribute {
    name               = "occupation"
    display_name       = "$${occupation}"
    required_for_roles = var.required-for-anyone
    permissions {
      view = var.permissions-for-anyone
      edit = var.permissions-for-anyone
    }
    validator {
      name = "pattern"
      config = {
        pattern       = "^[a-zA-Z0-9_][a-zA-Z0-9_ ]*[a-zA-Z0-9_]$"
        error-message = "Please use only characters and space between words, And do not start or end your occupation with white space"
      }
    }
  }

  attribute {
    name               = "location"
    display_name       = "$${location}"
    required_for_roles = var.required-for-anyone
    permissions {
      view = var.permissions-for-anyone
      edit = var.permissions-for-anyone
    }
    validator {
      name = "pattern"
      config = {
        pattern       = "^[a-zA-Z\u0080-\u024F]+(?:. |-| |')*([1-9a-zA-Z\u0080-\u024F]+(?:. |-| |'))*[a-zA-Z\u0080-\u024F]*$"
        error-message = "Please enter a valid city name followed by the country name. e.x. Tokyo, Japan"
      }
    }
  }
}

resource "keycloak_user" "kasir-user" {
  username   = "kasir.barati@gmail.com"
  enabled    = true
  realm_id   = keycloak_realm.you-say-realm.id
  email      = "kasir.barati@gmail.com"
  first_name = "Kasir"
  last_name  = "Barati"
  initial_password {
    value = "Kasir123"
  }
  # How can I specify the value for occupation and location?
}

I thought that attributes is what should do the trick but it was not the case.

Any help appreciated.