diff --git a/docs/resources/realm.md b/docs/resources/realm.md index 8fbaad1dd..4c49691de 100644 --- a/docs/resources/realm.md +++ b/docs/resources/realm.md @@ -86,6 +86,7 @@ resource "keycloak_realm" "realm" { - `organizations_enabled` - (Optional) When `true`, organization support is enabled. Defaults to `false`. - `attributes` - (Optional) A map of custom attributes to add to the realm. - `internal_id` - (Optional) When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name. +- `deletion_protection` - (Optional) When set to true, the realm cannot be deleted. Defaults to false. ### Login Settings diff --git a/provider/resource_keycloak_realm.go b/provider/resource_keycloak_realm.go index 226e75b02..d2e2b2e35 100644 --- a/provider/resource_keycloak_realm.go +++ b/provider/resource_keycloak_realm.go @@ -193,6 +193,11 @@ func resourceKeycloakRealm() *schema.Resource { Optional: true, Default: false, }, + "deletion_protection": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, // Login Config "registration_allowed": { @@ -1513,6 +1518,10 @@ func resourceKeycloakRealmRead(ctx context.Context, data *schema.ResourceData, m realm.SmtpServer.Password = smtpPassword } + if _, ok := data.GetOk("deletion_protection"); !ok { + data.Set("deletion_protection", false) + } + setRealmData(data, realm, keycloakVersion) return nil @@ -1546,6 +1555,9 @@ func resourceKeycloakRealmUpdate(ctx context.Context, data *schema.ResourceData, } func resourceKeycloakRealmDelete(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics { + if data.Get("deletion_protection").(bool) { + return diag.Errorf("Deletion protection is enabled for keycloak_realm resource with realm %s (ID: %s). To delete this resource, first set `deletion_protection` to `false`.", data.Id(), data.Get("internal_id").(string)) + } keycloakClient := meta.(*keycloak.KeycloakClient) return diag.FromErr(keycloakClient.DeleteRealm(ctx, data.Id()))