resource "keycloak_default_roles" doesn't support adding client roles

[christian-schlichtherle]

... but only realm roles instead.

My use case: In a development instance of the Keycloak I want all users in a custom realm to assume the role realm-management/realm-admin, where realm-management is the client and realm-admin is the client-specific role.

I tried to achieve this using the following code:

data "keycloak_openid_client" "apps_realm_management" {
  client_id = "realm-management"
  realm_id  = keycloak_realm.apps.id
}

data "keycloak_role" "apps_realm_management" {
  client_id = data.keycloak_openid_client.apps_realm_management.id
  for_each  = toset(["realm-admin"])
  name      = each.key
  realm_id  = keycloak_realm.apps.id
}

resource "keycloak_default_roles" "apps" {
  realm_id      = keycloak_realm.apps.id
  default_roles = terraform.workspace == "development" ? [
    "offline_access",
    "uma_authorization",
    data.keycloak_role.apps_realm_management["realm-admin"].id
  ] : []
}

This fails with:

╷
│ Error: defaultRoles not found by name
│ 
│   with keycloak_default_roles.apps,
│   on apps-realm.tf line 74, in resource "keycloak_default_roles" "apps":
│   74: resource "keycloak_default_roles" "apps" {
│ 
╵

Of course, it can't work because I'm mixing role names with ids, but I also cannot reference the client specific role using only a name.

Maybe this resource should have another property named default_role_ids which is an array of role ids instead of role names?

[mustafaStakater]

Duplicates https://github.com/mrparkers/terraform-provider-keycloak/issues/930

[mustafaStakater]

I think theres a pull request for this already https://github.com/mrparkers/terraform-provider-keycloak/pull/764