Add support for default groups about terraform-provider-keycloak HOT 4 CLOSED

Hi @fharding1, thanks for the issue! You're right that the provider does not currently support this, I'd be happy to accept a PR that adds this functionality.

I think the HCL you posted makes sense and is the best approach. I agree that adding default groups on the keycloak_realm resource does not make sense, mostly because there would be no way to apply your entire configuration with a single run of terraform apply, like you mentioned. Also, that resource has too many attributes on it already 😄

Feel free to let me know if you have any questions or run into issues while working on this.

from terraform-provider-keycloak.

Something else I just thought of - it may be a good idea to do some extra validation against using the keycloak_group_memberships resource on a default group, or at least document the pitfalls of using both of these resources on the same group.

from terraform-provider-keycloak.

Because of:

Note that this resource attempts to be an authoritative source over group members.

Do you think it makes sense to just not allow a default group to be used alongside keycloak_group_memberships? Is that even doable?

from terraform-provider-keycloak.

So I'm actually thinking it might make sense to have one keycloak_default_groups resource per realm which looks like this:

resource "keycloak_default_group" "example_group" {
  realm_id = "${keycloak_realm.realm.id}"
  group_ids = ["${keycloak_group.example_group.id}", "${keycloak_group.example_group_2.id}"]
}

This would be similar to how the keycloak_group_memberships resource works. It makes PUT/DELETE a bit weirder, but the GET endpoint makes a lot more sense.

from terraform-provider-keycloak.