terraform-provider-keycloak icon indicating copy to clipboard operation
terraform-provider-keycloak copied to clipboard

Published 20 hours ago verified publisher icon mrparkers

keycloak_openid_client_scope does not let me configure the scope type

Open thesse1 opened this issue 1 year ago • 7 comments

When I create a new scope in Keycloak using keycloak_openid_client_scope, the new scope will always have the assigned type "None", cf. screenshot:

image

I would like to create a scope of type "Default", like this:

image

I know that I can assign scopes to clients as optional or default using keycloak_openid_client_optional_scopes and keycloak_openid_client_default_scopes, but in my use case, I need to create the scope itself as "Default". Is there any way I can do that using this provider?

Thanks a lot!

Best regards, Thomas

thesse1 avatar Oct 09 '23 10:10 thesse1

Setting the scope type as optional or default by the current resource is not supported. In fact, what Keycloak's admin UI do behind the scenes when we change for example the type from default to optional is deleting the scope from client scopes and recreate it as optional by setting the database default_scope column to false.

Screenshot 2023-10-09 at 7 55 26 PM

Redestros avatar Oct 09 '23 18:10 Redestros

Hi @Redestros, thanks a lot for your quick response with the clarification. Does it make sense to hope for a change that will add this functionality? Or is it simply not possible through the API in Keycloak?

Maybe you could also have a look at https://github.com/mrparkers/terraform-provider-keycloak/issues/882. This is the only open point for me right now. Thanks!

Best regards, Thomas

thesse1 avatar Oct 10 '23 09:10 thesse1

@thesse1 the issue here is that changing scope type is not about modifying a single resource but deleting an existing one and creating another one. Type itself is not an argument of the scope resource so adding support to it contradicts with what managing resource is, I guess.

Redestros avatar Oct 10 '23 09:10 Redestros

Hmm, but in Terraform, I often see that a provider needs to re-create resources when certain vital property changes. Anyway, this is not an issue for me anymore. I found another solution for my use case without explicitly setting the scope type.

But this one is still open: https://github.com/mrparkers/terraform-provider-keycloak/issues/882. Maybe you like to have a look at it? ;-) Thanks!

thesse1 avatar Oct 11 '23 10:10 thesse1

Sorry I didn't find time to check the other issue. I will take a look today

Redestros avatar Oct 11 '23 15:10 Redestros

I have the same issue, is there dev plan to support type?

missedone avatar Mar 26 '24 00:03 missedone

link to issue https://github.com/mrparkers/terraform-provider-keycloak/issues/776

missedone avatar Mar 26 '24 01:03 missedone