Add resource keycloak_user_roles #315
Conversation
elmarx
changed the title
|
This looks great; this is something I was trying to solve. Can we get more eyes on this? |
provider/keycloak_role_helpers.go
Outdated
| if role.ClientRole { | ||
| roles[role.ClientId] = append(roles[role.ClientId], role) | ||
| } else { | ||
| roles["realm"] = append(roles["realm"], role) |
There was a problem hiding this comment.
I see you use "realm" as a keyword in the map of roles. But what if there is a client called "realm"?
Is there a reason for not using the UserRoleMapping struct instead of this map of roles?
I see you moved this method from resource_keycloak_group_roles, so probably that is the way it used there as well...., But the same remark still applies
There was a problem hiding this comment.
Correct, I moved this function to reuse it. And I reused this "pattern" with 'realm' as a special-keywork for clients without challenging it.
But looking at the code, using a dedicated struct might simplify the handling/code, and would avoid the edge-case with clients named "realm".
I will look into this and see if I can change this.
There was a problem hiding this comment.
Yeah feel free to blame me for this one. Using a dedicated struct is probably better, but I won't force you to fix this since it was my decision to do this in the first place.
| Required: true, | ||
| ForceNew: true, | ||
| }, | ||
| "role_ids": { |
There was a problem hiding this comment.
Do I understand correctly that "role_ids" contains both realm role ids and client role ids?
(I guess as they are uuids they can never a duplicate id between client role ids and realm role ids?)
There was a problem hiding this comment.
Yes. That's once again adopted from keycloak_group_roles.
There was a problem hiding this comment.
Yup, Keycloak doesn't actually care if its a realm or client role, so in this sense, the provider doesn't either. So if you have multiple keycloak_role resources, you can add each keycloak_role.*.id to this set without having to worry about whether the roles are attached to realms or clients.
|
I think this can be merged as-is, but I'll give you the opportunity to make the improvement that @tomrutsaert suggested if you're interested. If not, we can merge this as-is. Thanks for the PR! |
|
Thanks for your feedback! Well I played around with the code, and yes, using a dedicated struct is much cleaner and should be simple. I will update this PR in the next few days :) |
elmarx
force-pushed
the
add-resource-user-role
branch
from
ca3cfa4
to
a38e451
Compare
elmarx
force-pushed
the
add-resource-user-role
branch
from
a38e451
to
4f2c456
Compare
|
OK, PR has been updated. Short summary of changes: The map is gone and I replaced it with a dedicated structure This of course means the previous "diff-function" |
|
Awesome, thanks for merging and thanks for adding documentation ;) |
|
Any idea when the documentation will be updated? Would like to try this out but don't know what variables the resource requires. |
|
mrparkers already updated the documentation: https://github.com/mrparkers/terraform-provider-keycloak/blob/master/docs/resources/keycloak_user_roles.md But please be aware that since the merge of this PR no version has been released, yet. So you need to compile the provider on your own. |
|
Ah ok. Thanks! I was reading the documentation from https://mrparkers.github.io/terraform-provider-keycloak and couldn't find it. I did end up compelling and testing it out. Works perfectly! :D |
Hey,
I know there are already two open PRs to add user-role-support, but they both look stale and not ready…
This one is done, it's based heavily upon the
keycloak_group_roles, although in some details the implementation differs, since the group-endpoint returns mapped roles, but the user-endpoint not.On the other hand, explicitly querying the user's role-mapping endpoints returns full roles (opposed to role-names), thus the implementation is simpler, once the role-mapping endpoint has been queried.
I also tested the resource manually, so as far as I know it's done/it works, but I'm looking forward to your feedback.