fix string pointer for rooturl

keycloak/openid_client.go

@@ -45,7 +45,7 @@ type OpenidClient struct {
 	WebOrigins                   []string                           `json:"webOrigins"`
 	AdminUrl                     string                             `json:"adminUrl"`
 	BaseUrl                      string                             `json:"baseUrl"`
-	RootUrl                      *string                            `json:"rootUrl"`
+	RootUrl                      *string                            `json:"rootUrl,omitempty"`
 	FullScopeAllowed             bool                               `json:"fullScopeAllowed"`
 	Attributes                   OpenidClientAttributes             `json:"attributes"`
 	AuthorizationSettings        *OpenidClientAuthorizationSettings `json:"authorizationSettings,omitempty"`

provider/resource_keycloak_openid_client.go

@@ -167,23 +167,35 @@ func getOpenidClientFromData(data *schema.ResourceData) (*keycloak.OpenidClient,
 	validRedirectUris := make([]string, 0)
 	webOrigins := make([]string, 0)
 
-	if v, ok := data.GetOk("valid_redirect_uris"); ok {
-		for _, validRedirectUri := range v.(*schema.Set).List() {
+	rootUrlData, rootUrlOk := data.GetOkExists("root_url")
+	validRedirectUrisData, validRedirectUrisOk := data.GetOk("valid_redirect_uris")
+	webOriginsData, webOriginsOk := data.GetOk("web_origins")
+
+	rootUrlString := rootUrlData.(string)
+
+	if validRedirectUrisOk {
+		for _, validRedirectUri := range validRedirectUrisData.(*schema.Set).List() {
 			validRedirectUris = append(validRedirectUris, validRedirectUri.(string))
 		}
 	}
 
-	if v, ok := data.GetOk("web_origins"); ok {
-		for _, webOrigin := range v.(*schema.Set).List() {
+	if webOriginsOk {
+		for _, webOrigin := range webOriginsData.(*schema.Set).List() {
 			webOrigins = append(webOrigins, webOrigin.(string))
 		}
 	}
 
-	rootUrlData, rootUrlOk := data.GetOkExists("root_url")
-	rootUrl := new(string)
-	if rootUrlOk {
-		temp := rootUrlData.(string)
-		rootUrl = &temp
+	// Keycloak uses the root URL for web origins if not specified otherwise
+	if rootUrlOk && rootUrlString != "" {
+		if !validRedirectUrisOk {
+			return nil, errors.New("valid_redirect_uris is required when root_url is given1")
+		}
+		if !webOriginsOk {
+			return nil, errors.New("web_origins is required when root_url is given")
+		}
+		if _, adminOk := data.GetOk("admin_url"); !adminOk {
+			return nil, errors.New("admin_url is required when root_url is given")
+		}
 	}
 
 	openidClient := &keycloak.OpenidClient{
@@ -208,10 +220,13 @@ func getOpenidClientFromData(data *schema.ResourceData) (*keycloak.OpenidClient,
 		WebOrigins:        webOrigins,
 		AdminUrl:          data.Get("admin_url").(string),
 		BaseUrl:           data.Get("base_url").(string),
-		RootUrl:           rootUrl,
 		ConsentRequired:   data.Get("consent_required").(bool),
 	}
 
+	if rootUrlOk {
+		openidClient.RootUrl = &rootUrlString
+	}
+
 	if !openidClient.ImplicitFlowEnabled && !openidClient.StandardFlowEnabled {
 		if _, ok := data.GetOk("valid_redirect_uris"); ok {
 			return nil, errors.New("valid_redirect_uris cannot be set when standard or implicit flow is not enabled")
@@ -270,9 +285,7 @@ func setOpenidClientData(keycloakClient *keycloak.KeycloakClient, data *schema.R
 	data.Set("web_origins", client.WebOrigins)
 	data.Set("admin_url", client.AdminUrl)
 	data.Set("base_url", client.BaseUrl)
-	if client.RootUrl != nil {
-		data.Set("root_url", client.RootUrl)
-	}
+	data.Set("root_url", &client.RootUrl)
 	data.Set("authorization_services_enabled", client.AuthorizationServicesEnabled)
 	data.Set("full_scope_allowed", client.FullScopeAllowed)
 	data.Set("consent_required", client.ConsentRequired)

provider/resource_keycloak_openid_client_test.go

@@ -182,12 +182,12 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) {
 	implicitFlowEnabled := randomBool()
 	directAccessGrantsEnabled := randomBool()
 	serviceAccountsEnabled := randomBool()
-	rootUrl := acctest.RandString(20)
 
 	if !standardFlowEnabled {
 		implicitFlowEnabled = !standardFlowEnabled
 	}
 
+	rootUrlBefore := acctest.RandString(20)
 	openidClientBefore := &keycloak.OpenidClient{
 		RealmId:                   realm,
 		ClientId:                  clientId,
@@ -203,12 +203,12 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) {
 		WebOrigins:                []string{acctest.RandString(10), acctest.RandString(10), acctest.RandString(10)},
 		AdminUrl:                  acctest.RandString(20),
 		BaseUrl:                   acctest.RandString(20),
-		RootUrl:                   &rootUrl,
+		RootUrl:                   &rootUrlBefore,
 	}
 
 	standardFlowEnabled, implicitFlowEnabled = implicitFlowEnabled, standardFlowEnabled
-	rootUrl = acctest.RandString(20)
 
+	rootUrlAfter := acctest.RandString(20)
 	openidClientAfter := &keycloak.OpenidClient{
 		RealmId:                   realm,
 		ClientId:                  clientId,
@@ -224,7 +224,7 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) {
 		WebOrigins:                []string{acctest.RandString(10), acctest.RandString(10), acctest.RandString(10), acctest.RandString(10), acctest.RandString(10)},
 		AdminUrl:                  acctest.RandString(20),
 		BaseUrl:                   acctest.RandString(20),
-		RootUrl:                   &rootUrl,
+		RootUrl:                   &rootUrlAfter,
 	}
 
 	resource.Test(t, resource.TestCase{