-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keycloak_realm_user_profile: should support 'unmanagedAttributePolicy' #946
Comments
This is something we also hope gets added. Since upgrading to Keycloak 24, we have to manually enable Unmanaged Attributes. However, every time we run the terraform plan, it gets set back to null. |
@ericwalterb Were you able to apply the keycloak_realm_user_profile resource at all? I get a failure that username can't be removed.. I am not trying to remove it.. seems the state thinks it is creating the profile for the first time and it does not support import. Did you sort out how to set unmanaged attributes? |
@ericwalterb Interesting! We have the option manually set to "Only administrators can write" and a Terraform run does not seem to touch/change the option. Are you sure you're seeing changes to the option after applying the Terraform plan? I'm really worried that this gets reset without us noticing which would cause a lot of headaches for us. |
We also had to manually enable the option. First, we left the option to the default value. We have a number of users that we import through this provider and stored a number of custom user attributes (now called unmanaged user attributes) on these users. Having the default keycloak completely ignores these user attributes and doesn't even store them. Currently, we have to enable this option manually after each installation of the keycloak. This is very tideous work as we switch between both instances of the cluster after each deployment and those instances are set-up from scratch. I really appreaciate the option to have managed and unmanaged user attributes as it would give us a better handling of user attributes in general. However, having neither the possibility to enable the option nor the possibility to really define all managed attributes via keycloak_realm_user_profile is a challenging problem. There are two discussions open targeting the problem on a broader level: The only work-around, we are discussing, is using a restful provider such as magodo/restful:
But this solution is far from ideal |
Hi, is it possible to add unmanagedAttributePolicy as a custom attribute to Keycloak_realm resource ?? I followed this documentation https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/resources/realm#attributes and did something like:
On applying the terraform state changes to our dev instance, the changes were not applied to the realm. Could some one help me on this issue. Thank you !! |
Is there anything new on this subject? We encounter the same problem |
Any update on this please? We are also encountering the same issue |
No, it's part of the user profile configuration. Would also be nice to set the unmanagedAttributePolicy while keeping the default user profile. |
The
unmanagedAttributePolicy
attribute has been added to the User Profile Config definition as of Keycloak version 24. This is exposed in the Admin UI as the Unmanaged Attributes realm setting.Allowed values are:
ENABLED
- EnabledADMIN_VIEW
- Only administrators can viewADMIN_EDIT
- Only administrators can writeThe provider should allow this new attribute to be set in the
keycloak_realm_user_profile
resource.The text was updated successfully, but these errors were encountered: