add support for unmanaged attributes field in realm user profile sett…

…ings
mrparkers · Jul 1, 2024 · 790f7a1 · 790f7a1
1 parent 3f6b75b
commit 790f7a1
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/keycloak/realm_user_profile.go b/keycloak/realm_user_profile.go
@@ -43,6 +43,7 @@ type RealmUserProfileGroup struct {
 type RealmUserProfile struct {
 	Attributes []*RealmUserProfileAttribute `json:"attributes"`
 	Groups     []*RealmUserProfileGroup     `json:"groups,omitempty"`
+	UnmanagedAttributePolicy string `json:"unmanagedAttributePolicy,omitempty"`
 }
 
 func (keycloakClient *KeycloakClient) UpdateRealmUserProfile(ctx context.Context, realmId string, realmUserProfile *RealmUserProfile) error {

diff --git a/provider/resource_keycloak_realm_user_profile.go b/provider/resource_keycloak_realm_user_profile.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/mrparkers/terraform-provider-keycloak/keycloak"
 )
 
@@ -125,6 +126,11 @@ func resourceKeycloakRealmUserProfile() *schema.Resource {
 					},
 				},
 			},
+			"unmanagedattributepolicy" : {
+				Type: schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{"DISABLED", "ENABLED", "ADMIN_VIEW", "ADMIN_EDIT"}, false),
+			},
 		},
 	}
 }
@@ -292,6 +298,13 @@ func getRealmUserProfileFromData(data *schema.ResourceData) *keycloak.RealmUserP
 
 	realmUserProfile.Attributes = getRealmUserProfileAttributesFromData(data.Get("attribute").([]interface{}))
 	realmUserProfile.Groups = getRealmUserProfileGroupsFromData(data.Get("group").(*schema.Set).List())
+	if v, ok := data.Get("unmanagedattributepolicy").(string); ok {
+		if v == "DISABLED" {
+			realmUserProfile.UnmanagedAttributePolicy = ""
+		} else {
+		realmUserProfile.UnmanagedAttributePolicy = v
+		}
+	}
 
 	return realmUserProfile
 }
@@ -400,6 +413,13 @@ func setRealmUserProfileData(data *schema.ResourceData, realmUserProfile *keyclo
 		groups = append(groups, getRealmUserProfileGroupData(group))
 	}
 	data.Set("group", groups)
+
+	// api route /admin/realms/{realm}/users/profile expects null object if unmanagedAttributePolicy is disabled
+	if realmUserProfile.UnmanagedAttributePolicy == "DISABLED" {
+		data.Set("unmanaged_attribute_policy", nil)
+	} else {
+		data.Set("unmanaged_attribute_policy", realmUserProfile.UnmanagedAttributePolicy)
+	}
 }
 
 func resourceKeycloakRealmUserProfileCreate(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
@@ -437,8 +457,9 @@ func resourceKeycloakRealmUserProfileDelete(ctx context.Context, data *schema.Re
 	realmId := data.Get("realm_id").(string)
 
 	// The realm user profile cannot be deleted, so instead we set it back to its "zero" values.
+	// email and username attributes are mandatory since Keycloak 24.0.0
 	realmUserProfile := &keycloak.RealmUserProfile{
-		Attributes: []*keycloak.RealmUserProfileAttribute{},
+		Attributes: getRealmUserProfileMandatoryAttributes(),
 		Groups:     []*keycloak.RealmUserProfileGroup{},
 	}
 
@@ -450,6 +471,22 @@ func resourceKeycloakRealmUserProfileDelete(ctx context.Context, data *schema.Re
 	return nil
 }
 
+func getRealmUserProfileMandatoryAttributes() []*keycloak.RealmUserProfileAttribute {
+	usernameAttribute := &keycloak.RealmUserProfileAttribute{
+			Name:        "username",
+	}
+
+	emailAttribute := &keycloak.RealmUserProfileAttribute{
+			Name:        "email",
+	}
+
+	return []*keycloak.RealmUserProfileAttribute{
+			usernameAttribute,
+			emailAttribute,
+	}
+}
+
+
 func resourceKeycloakRealmUserProfileUpdate(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	keycloakClient := meta.(*keycloak.KeycloakClient)