search

mrparkers / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
MIT License
598 stars 292 forks source link

keycloak_openid_client_scope does not let me configure the scope type #881

Open thesse1 opened 9 months ago

thesse1 commented 9 months ago

When I create a new scope in Keycloak using keycloak_openid_client_scope, the new scope will always have the assigned type "None", cf. screenshot:

image

I would like to create a scope of type "Default", like this:

image

I know that I can assign scopes to clients as optional or default using keycloak_openid_client_optional_scopes and keycloak_openid_client_default_scopes, but in my use case, I need to create the scope itself as "Default". Is there any way I can do that using this provider?

Thanks a lot!

Best regards, Thomas

Redestros commented 9 months ago

Setting the scope type as optional or default by the current resource is not supported. In fact, what Keycloak's admin UI do behind the scenes when we change for example the type from default to optional is deleting the scope from client scopes and recreate it as optional by setting the database default_scope column to false.

Screenshot 2023-10-09 at 7 55 26 PM
thesse1 commented 9 months ago

Hi @Redestros, thanks a lot for your quick response with the clarification. Does it make sense to hope for a change that will add this functionality? Or is it simply not possible through the API in Keycloak?

Maybe you could also have a look at https://github.com/mrparkers/terraform-provider-keycloak/issues/882. This is the only open point for me right now. Thanks!

Best regards, Thomas

Redestros commented 9 months ago

@thesse1 the issue here is that changing scope type is not about modifying a single resource but deleting an existing one and creating another one. Type itself is not an argument of the scope resource so adding support to it contradicts with what managing resource is, I guess.

thesse1 commented 9 months ago

Hmm, but in Terraform, I often see that a provider needs to re-create resources when certain vital property changes. Anyway, this is not an issue for me anymore. I found another solution for my use case without explicitly setting the scope type.

But this one is still open: https://github.com/mrparkers/terraform-provider-keycloak/issues/882. Maybe you like to have a look at it? ;-) Thanks!

Redestros commented 9 months ago

Sorry I didn't find time to check the other issue. I will take a look today

missedone commented 3 months ago

I have the same issue, is there dev plan to support type?

missedone commented 3 months ago

link to issue https://github.com/mrparkers/terraform-provider-keycloak/issues/776