Revert back "import" property and replace it with native import block. Fixes (#870) (#1267)

Author: Mikhail Putilov

docker-compose.yml

@@ -10,7 +10,7 @@ services:
     volumes:
     - postgres:/var/lib/postgresql
   openldap:
-    image: bitnami/openldap:2.6
+    image: bitnamilegacy/openldap:2.6
     environment:
       LDAP_PORT_NUMBER: 389
   keycloak:

go.mod

@@ -3,6 +3,7 @@ module github.com/keycloak/terraform-provider-keycloak
 require (
 	dario.cat/mergo v1.0.2
 	github.com/golang-jwt/jwt/v5 v5.3.0
+	github.com/google/uuid v1.6.0
 	github.com/hashicorp/errwrap v1.1.0
 	github.com/hashicorp/go-cty v1.5.0
 	github.com/hashicorp/go-retryablehttp v0.7.8

keycloak/openid_client.go

@@ -161,6 +161,28 @@ func (keycloakClient *KeycloakClient) NewOpenidClient(ctx context.Context, clien
 	return nil
 }
 
+func (keycloakClient *KeycloakClient) SearchOpenidClientExact(ctx context.Context, realmId string, clientId string) (*OpenidClient, error) {
+	var clients []*OpenidClient
+
+	err := keycloakClient.get(ctx, fmt.Sprintf("/realms/%s/clients", realmId), &clients, map[string]string{
+		"first":    "0",
+		"max":      "101",
+		"clientId": clientId,
+		"search":   "true",
+	})
+	if err != nil {
+		return nil, err
+	}
+	for _, client := range clients {
+		client.RealmId = realmId
+		if client.ClientId == clientId {
+			return client, nil
+		}
+	}
+
+	return nil, fmt.Errorf("openid clientId %s does not exist in realm %s", clientId, realmId)
+}
+
 func (keycloakClient *KeycloakClient) GetOpenidClients(ctx context.Context, realmId string, withSecrets bool) ([]*OpenidClient, error) {
 	var clients []*OpenidClient
 	var clientSecret OpenidClientSecret

provider/data_source_keycloak_openid_client.go

@@ -110,19 +110,19 @@ func dataSourceKeycloakOpenidClient() *schema.Resource {
 			},
 			"client_offline_session_idle_timeout": {
 				Type:     schema.TypeString,
-				Computed: true,
+				Optional: true,
 			},
 			"client_offline_session_max_lifespan": {
 				Type:     schema.TypeString,
-				Computed: true,
+				Optional: true,
 			},
 			"client_session_idle_timeout": {
 				Type:     schema.TypeString,
-				Computed: true,
+				Optional: true,
 			},
 			"client_session_max_lifespan": {
 				Type:     schema.TypeString,
-				Computed: true,
+				Optional: true,
 			},
 			"exclude_session_state_from_auth_response": {
 				Type:     schema.TypeBool,

provider/provider_test.go

@@ -8,6 +8,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/meta"
@@ -41,6 +42,15 @@ func init() {
 		panic(err)
 	}
 	testAccProvider = KeycloakProvider(keycloakClient)
+
+	testAccProvider.ResourcesMap["keycloak_openid_client"].DeleteContext = func(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics {
+		if data.State().Attributes["client_id"] == "account" {
+			return diag.Diagnostics{}
+		} else {
+			return resourceKeycloakOpenidClientDelete(ctx, data, i)
+		}
+	}
+
 	testAccProviderFactories = map[string]func() (*schema.Provider, error){
 		"keycloak": func() (*schema.Provider, error) {
 			return testAccProvider, nil

provider/resource_keycloak_openid_client.go

@@ -9,7 +9,7 @@ import (
 
 	"github.com/hashicorp/go-cty/cty"
 
-	"dario.cat/mergo"
+	"github.com/google/uuid"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -48,7 +48,6 @@ func resourceKeycloakOpenidClient() *schema.Resource {
 			"name": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"enabled": {
 				Type:     schema.TypeBool,
@@ -58,7 +57,6 @@ func resourceKeycloakOpenidClient() *schema.Resource {
 			"description": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"access_type": {
 				Type:         schema.TypeString,
@@ -106,34 +104,33 @@ func resourceKeycloakOpenidClient() *schema.Resource {
 			"standard_flow_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
+				Default:  false,
 			},
 			"implicit_flow_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
+				Default:  false,
 			},
 			"direct_access_grants_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
+				Default:  false,
 			},
 			"service_accounts_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
+				Default:  false,
 			},
 			"frontchannel_logout_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
+				Default:  false,
 			},
 			"valid_redirect_uris": {
 				Type:     schema.TypeSet,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Set:      schema.HashString,
 				Optional: true,
-				Computed: true,
 			},
 			"valid_post_logout_redirect_uris": {
 				Type:     schema.TypeSet,
@@ -147,22 +144,18 @@ func resourceKeycloakOpenidClient() *schema.Resource {
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Set:      schema.HashString,
 				Optional: true,
-				Computed: true,
 			},
 			"root_url": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"admin_url": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"base_url": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"service_account_user_id": {
 				Type:     schema.TypeString,
@@ -176,27 +169,22 @@ func resourceKeycloakOpenidClient() *schema.Resource {
 			"access_token_lifespan": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"client_offline_session_idle_timeout": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"client_offline_session_max_lifespan": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"client_session_idle_timeout": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"client_session_max_lifespan": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"exclude_session_state_from_auth_response": {
 				Type:     schema.TypeBool,
@@ -250,17 +238,16 @@ func resourceKeycloakOpenidClient() *schema.Resource {
 			"consent_required": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
+				Default:  false,
 			},
 			"display_on_consent_screen": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
+				Default:  false,
 			},
 			"consent_screen_text": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Computed: true,
 			},
 			"authentication_flow_binding_overrides": {
 				Type:     schema.TypeSet,
@@ -342,12 +329,6 @@ func resourceKeycloakOpenidClient() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
-			"import": {
-				Type:     schema.TypeBool,
-				Optional: true,
-				Default:  false,
-				ForceNew: true,
-			},
 		},
 		CustomizeDiff: resourceKeycloakOpenidClientDiff(),
 	}
@@ -603,25 +584,9 @@ func resourceKeycloakOpenidClientCreate(ctx context.Context, data *schema.Resour
 		return diag.FromErr(err)
 	}
 
-	if data.Get("import").(bool) {
-		existingClient, err := keycloakClient.GetOpenidClientByClientId(ctx, client.RealmId, client.ClientId)
-		if err != nil {
-			return diag.FromErr(err)
-		}
-
-		if err = mergo.Merge(client, existingClient); err != nil {
-			return diag.FromErr(err)
-		}
-
-		err = keycloakClient.UpdateOpenidClient(ctx, client)
-		if err != nil {
-			return diag.FromErr(err)
-		}
-	} else {
-		err = keycloakClient.NewOpenidClient(ctx, client)
-		if err != nil {
-			return diag.FromErr(err)
-		}
+	err = keycloakClient.NewOpenidClient(ctx, client)
+	if err != nil {
+		return diag.FromErr(err)
 	}
 
 	err = setOpenidClientData(ctx, keycloakClient, data, client)
@@ -648,10 +613,6 @@ func resourceKeycloakOpenidClientRead(ctx context.Context, data *schema.Resource
 		return diag.FromErr(err)
 	}
 
-	if _, ok := data.GetOk("import"); !ok {
-		data.Set("import", false)
-	}
-
 	return nil
 }
 
@@ -687,9 +648,6 @@ func resourceKeycloakOpenidClientUpdate(ctx context.Context, data *schema.Resour
 }
 
 func resourceKeycloakOpenidClientDelete(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
-	if data.Get("import").(bool) {
-		return nil
-	}
 	keycloakClient := meta.(*keycloak.KeycloakClient)
 
 	realmId := data.Get("realm_id").(string)
@@ -703,18 +661,28 @@ func resourceKeycloakOpenidClientImport(ctx context.Context, d *schema.ResourceD
 
 	parts := strings.Split(d.Id(), "/")
 	if len(parts) != 2 {
-		return nil, fmt.Errorf("Invalid import. Supported import formats: {{realmId}}/{{openidClientId}}")
+		return nil, fmt.Errorf("invalid import. Supported import formats: {{realmId}}/{{openidClientId}} or {{realmId}}/{{clientUuid}}")
 	}
-
-	_, err := keycloakClient.GetOpenidClient(ctx, parts[0], parts[1])
+	if _, err := uuid.Parse(parts[1]); err == nil {
+		// {{realmId}}/{{clientUuid}}
+		_, err := keycloakClient.GetOpenidClient(ctx, parts[0], parts[1])
+		if err != nil {
+			return nil, err
+		}
+		d.SetId(parts[1])
+	} else {
+		// {{realmId}}/{{openidClientId}}
+		c, err := keycloakClient.SearchOpenidClientExact(ctx, parts[0], parts[1])
+		if err != nil {
+			return nil, err
+		}
+		d.SetId(c.Id)
+	}
+	err := d.Set("realm_id", parts[0])
 	if err != nil {
 		return nil, err
 	}
 
-	d.Set("realm_id", parts[0])
-	d.Set("import", false)
-	d.SetId(parts[1])
-
 	diagnostics := resourceKeycloakOpenidClientRead(ctx, d, meta)
 	if diagnostics.HasError() {
 		return nil, errors.New(diagnostics[0].Summary)

provider/resource_keycloak_openid_client_test.go

@@ -761,12 +761,12 @@ func TestAccKeycloakOpenidClient_import(t *testing.T) {
 		CheckDestroy:      testAccCheckKeycloakOpenidClientNotDestroyed(),
 		Steps: []resource.TestStep{
 			{
-				Config:      testKeycloakOpenidClient_import("non-existing-client", true),
-				ExpectError: regexp.MustCompile("Error: openid client with name non-existing-client does not exist"),
-			},
-			{
-				Config: testKeycloakOpenidClient_import("account", true),
-				Check:  testAccCheckKeycloakOpenidClientExistsWithEnabledStatus("keycloak_openid_client.client", true),
+				ResourceName:  "keycloak_openid_client.client",
+				ImportState:   true,
+				ImportStateId: testAccRealm.Realm + "/account",
+
+				Config: testKeycloakOpenidClient_import("account", false),
+				Check:  testAccCheckKeycloakOpenidClientExistsWithEnabledStatus("keycloak_openid_client.client", false),
 			},
 		},
 	})
@@ -2095,14 +2095,12 @@ func testKeycloakOpenidClient_import(clientId string, enabled bool) string {
 data "keycloak_realm" "realm" {
 	realm = "%s"
 }
-
 resource "keycloak_openid_client" "client" {
 	client_id   = "%s"
 	realm_id    = data.keycloak_realm.realm.id
 	access_type = "PUBLIC"
 	root_url    = ""
 	enabled     = %t
-	import      = true
 }
 	`, testAccRealm.Realm, clientId, enabled)
 }