terraform-provider-keycloak icon indicating copy to clipboard operation
terraform-provider-keycloak copied to clipboard

Published 20 hours ago verified publisher icon mrparkers

Realm import does not include security defenses headers

Open ghost opened this issue 5 years ago • 9 comments

During i write documentation for the security defenses headers of the keycloak_realm resource (#130), i notice that a terraform import does not write any informations from the headers and brute_force_detection block in the terraform statefile. Its seems all settings of the security_defenses are ignored at a terraform import. Creating and updating a realm with the settings works fine.

I cant fix this by myself, because my go-debugger does not work inside the WSL until the WSL2 release.

ghost avatar Feb 11 '20 21:02 ghost

I saw that as well, i have added those fields in pr #215, should work once that PR is merged. (Thx for the documentation update)

tomrutsaert avatar Feb 11 '20 22:02 tomrutsaert

Ah okey great. Thanks for the update as well 👍 I mark this Issue as closed.

ghost avatar Feb 11 '20 22:02 ghost

Hey @adresan #215 was merged, Can you check if if this now works for you?

tomrutsaert avatar Feb 20 '20 13:02 tomrutsaert

@tomrutsaert

Seems not to work. The security defenses headers are still comple empty in the statefile after a realm import.

"security_defenses": [],

ghost avatar Feb 20 '20 14:02 ghost

Strange. Is any variable in security defenses in your config different from the default?

tomrutsaert avatar Feb 20 '20 14:02 tomrutsaert

Mhh yes, strange. Their should be no connection between a import of a realm and the defined attributes/variables inside the keycloak_realm resource. If you left security_defenses complete from your .tf file, he should still import the security_defenses inside the statefile if their are set in a keycloak realm - like he does with the smtp settings. But even if i define it with the example from the doc., he still not import it.

I tryed it with the release version and also with a build from source. No difference.

ghost avatar Feb 20 '20 15:02 ghost

First of all I have to correct and excuse myself, The change I did #215 Is a change on data_source_keycloak_realm and that has no influence on keycloak realm resource import. Thus, my PR will not have fixed this issue. I was to eager to respond to your issue as it was talking about the exact same fields missing in the data_source_keycloak_realm which I just added a couple minutes before you reported this issue.

Again my excuses for the confusion

tomrutsaert avatar Feb 20 '20 16:02 tomrutsaert

Really no problem. I keep this issue open. If you or somebody else could fix this, i can test it again.

ghost avatar Feb 20 '20 20:02 ghost

I think I had a related issue: I imported the realm, and some time later I changed via Terraform the passwordPolicy. Although the execution plan showed only the passwordPolicy change, after applying, it wiped out all my customizations under Security Defenses (which was not present on the TF file). No drift was shown before that change, but now I can see on the old terraform statefile that the security_defenses is empty.

serginhofernandes avatar Jun 22 '23 20:06 serginhofernandes