-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support role IDs in default role resource #764
base: main
Are you sure you want to change the base?
Conversation
Overall the code LGTM. I don't have a problem with adding this attribute, but I wonder if it would be easier for users of this resource to instead allow you to specify client roles using the format resource "keycloak_default_roles" "default_roles" {
realm_id = keycloak_realm.realm.id
default_roles = ["uma_authorization", "offline_access", "account/view-profile", "account/manage-account" ]
} What do you think about this? |
To be honest this was exactly what I did in my first implementation, with a different separator. :-) I wanted a new attribute to serve as a backdoor that I could supply client roles. Instead of change the behavior of the original The real problem: resource "keycloak_default_roles" "default_roles" {
realm_id = keycloak_realm.realm.id
default_roles = [ keycloak_role.view-profile.id, keycloak_role.manage-account.id ]
} ...as the example showed here. I could switch to Thank you! |
@mrparkers @horus is there something blocking this to move forward? as far as I understand, there is no way to add the account deletion role by default for now? |
Actually, I'm still awaiting the project owner's input on how we should resolve this issue. Please note that I'm responding to a 1-year-old PR, so circumstances may have evolved. |
@horus On my end, I would push |
As I'm also in need to access the default roles, it seems more straightforward to use |
The code has been updated to use |
Note: the name list is empty iff len(composites) == 0
… for consistency with naming conventions
Would love to see this ! |
Thank you for pointing this out. |
🚀 Need this feature for our platform development! Great work, can't wait to see it merged. |
@mrparkers would you be so kind, to review and possibly merge this PR? |
Can this feature be merged? We are looking forward to it as we need it in our platform. Thanks, |
any updates on this? |
Tested on KC 25.0.2 and works as expected. @mrparkers i know you're working on the migration of #964, but this seems like a quick merge |
Edit: nvm, getting this when creating a realm with default_roles: panic: runtime error: invalid memory address or nil pointer dereference |
Currently only the realm roles are allowed to be added, however some of the client roles could be found in a fresh installation, taking this as an example:
The last 2 roles are unmanageable with the following configuration:
This PR, if accepted, will add a new optional attribute called
default_role_ids
which is a list of UUIDs of the specific roles you want to have in your default role:We could obtain the original behavior of the resource when omitted (as if it's an empty list).