From 3513f6b8bde82b8bf69221122e68c3f394edf4a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johannes=20Sj=C3=B8lander=20Ernstsen?= <jsje@ramboll.com>
Date: Wed, 7 Feb 2024 13:38:19 +0100
Subject: [PATCH] Fix for issue #802 for realm_keystore implementations

Created simple backwards-compatible fix for issue #802 in realm_keystore implementations

By allowing to set realm_internal_id explicitly it allows for imported realms to have the UUID set by keycloak, while not breaking legacy usage of this provider, as they will have realm_id == realm_internal_id.

Also added documentation for internal_realm_id arguments
---
 docs/resources/realm_keystore_aes_generated.md   |  1 +
 docs/resources/realm_keystore_ecdsa_generated.md |  1 +
 docs/resources/realm_keystore_hmac_generated.md  |  1 +
 docs/resources/realm_keystore_java_keystore.md   |  1 +
 docs/resources/realm_keystore_rsa.md             |  1 +
 docs/resources/realm_keystore_rsa_generated.md   |  1 +
 keycloak/realm_keystore_aes_generated.go         | 16 ++++++++++++----
 keycloak/realm_keystore_ecdsa_generated.go       | 16 ++++++++++++----
 keycloak/realm_keystore_hmac_generated.go        | 16 ++++++++++++----
 keycloak/realm_keystore_java_keystore.go         | 16 ++++++++++++----
 keycloak/realm_keystore_rsa.go                   | 16 ++++++++++++----
 keycloak/realm_keystore_rsa_generated.go         | 16 ++++++++++++----
 ...urce_keycloak_realm_keystore_aes_generated.go |  6 ++++++
 ...ce_keycloak_realm_keystore_ecdsa_generated.go |  6 ++++++
 ...rce_keycloak_realm_keystore_hmac_generated.go |  6 ++++++
 ...urce_keycloak_realm_keystore_java_keystore.go |  6 ++++++
 provider/resource_keycloak_realm_keystore_rsa.go | 13 ++++++++++---
 ...urce_keycloak_realm_keystore_rsa_generated.go |  6 ++++++
 18 files changed, 118 insertions(+), 27 deletions(-)

diff --git a/docs/resources/realm_keystore_aes_generated.md b/docs/resources/realm_keystore_aes_generated.md
index e0515422c..277c5f0c1 100644
--- a/docs/resources/realm_keystore_aes_generated.md
+++ b/docs/resources/realm_keystore_aes_generated.md
@@ -31,6 +31,7 @@ resource "keycloak_realm_keystore_aes_generated" "keystore_aes_generated" {
 
 - `name` - (Required) Display name of provider when linked in admin console.
 - `realm_id` - (Required) The realm this keystore exists in.
+- `internal_realm_id` - (Optional) The internal id for the realm, if the realm is imported into Terraform. This is not relevant for realms created through Terraform.
 - `enabled` - (Optional) When `false`, key is not accessible in this realm. Defaults to `true`.
 - `active` - (Optional) When `false`, key in not used for signing. Defaults to `true`.
 - `priority` - (Optional) Priority for the provider. Defaults to `0`
diff --git a/docs/resources/realm_keystore_ecdsa_generated.md b/docs/resources/realm_keystore_ecdsa_generated.md
index 77c058386..dd866a1ee 100644
--- a/docs/resources/realm_keystore_ecdsa_generated.md
+++ b/docs/resources/realm_keystore_ecdsa_generated.md
@@ -31,6 +31,7 @@ resource "keycloak_realm_keystore_ecdsa_generated" "keystore_ecdsa_generated" {
 
 - `name` - (Required) Display name of provider when linked in admin console.
 - `realm_id` - (Required) The realm this keystore exists in.
+- `internal_realm_id` - (Optional) The internal id for the realm, if the realm is imported into Terraform. This is not relevant for realms created through Terraform.
 - `enabled` - (Optional) When `false`, key is not accessible in this realm. Defaults to `true`.
 - `active` - (Optional) When `false`, key in not used for signing. Defaults to `true`.
 - `priority` - (Optional) Priority for the provider. Defaults to `0`
diff --git a/docs/resources/realm_keystore_hmac_generated.md b/docs/resources/realm_keystore_hmac_generated.md
index da6659f8f..3f4d140ee 100644
--- a/docs/resources/realm_keystore_hmac_generated.md
+++ b/docs/resources/realm_keystore_hmac_generated.md
@@ -32,6 +32,7 @@ resource "keycloak_realm_keystore_hmac_generated" "keystore_hmac_generated" {
 
 - `name` - (Required) Display name of provider when linked in admin console.
 - `realm_id` - (Required) The realm this keystore exists in.
+- `internal_realm_id` - (Optional) The internal id for the realm, if the realm is imported into Terraform. This is not relevant for realms created through Terraform.
 - `enabled` - (Optional) When `false`, key is not accessible in this realm. Defaults to `true`.
 - `active` - (Optional) When `false`, key in not used for signing. Defaults to `true`.
 - `priority` - (Optional) Priority for the provider. Defaults to `0`
diff --git a/docs/resources/realm_keystore_java_keystore.md b/docs/resources/realm_keystore_java_keystore.md
index d422aa3c4..f5e5eeca9 100644
--- a/docs/resources/realm_keystore_java_keystore.md
+++ b/docs/resources/realm_keystore_java_keystore.md
@@ -36,6 +36,7 @@ resource "keycloak_realm_keystore_java_keystore" "java_keystore" {
 
 - `name` - (Required) Display name of provider when linked in admin console.
 - `realm_id` - (Required) The realm this keystore exists in.
+- `internal_realm_id` - (Optional) The internal id for the realm, if the realm is imported into Terraform. This is not relevant for realms created through Terraform.
 - `keystore` - (Required) Path to keys file on keycloak instance.
 - `keystore_password` - (Required) Password for the keys.
 - `key_alias` - (Required) Alias for the private key.
diff --git a/docs/resources/realm_keystore_rsa.md b/docs/resources/realm_keystore_rsa.md
index 6ebe229e6..3656d5b61 100644
--- a/docs/resources/realm_keystore_rsa.md
+++ b/docs/resources/realm_keystore_rsa.md
@@ -36,6 +36,7 @@ resource "keycloak_realm_keystore_rsa" "keystore_rsa" {
 
 - `name` - (Required) Display name of provider when linked in admin console.
 - `realm_id` - (Required) The realm this keystore exists in.
+- `internal_realm_id` - (Optional) The internal id for the realm, if the realm is imported into Terraform. This is not relevant for realms created through Terraform.
 - `private_key` - (Required) Private RSA Key encoded in PEM format.
 - `certificate` - (Required) X509 Certificate encoded in PEM format.
 - `enabled` - (Optional) When `false`, key is not accessible in this realm. Defaults to `true`.
diff --git a/docs/resources/realm_keystore_rsa_generated.md b/docs/resources/realm_keystore_rsa_generated.md
index ed8e7571f..d99191d86 100644
--- a/docs/resources/realm_keystore_rsa_generated.md
+++ b/docs/resources/realm_keystore_rsa_generated.md
@@ -32,6 +32,7 @@ resource "keycloak_realm_keystore_rsa_generated" "keystore_rsa_generated" {
 
 - `name` - (Required) Display name of provider when linked in admin console.
 - `realm_id` - (Required) The realm this keystore exists in.
+- `internal_realm_id` - (Optional) The internal id for the realm, if the realm is imported into Terraform. This is not relevant for realms created through Terraform.
 - `enabled` - (Optional) When `false`, key is not accessible in this realm. Defaults to `true`.
 - `active` - (Optional) When `false`, key in not used for signing. Defaults to `true`.
 - `priority` - (Optional) Priority for the provider. Defaults to `0`
diff --git a/keycloak/realm_keystore_aes_generated.go b/keycloak/realm_keystore_aes_generated.go
index ad14c3960..aec15924e 100644
--- a/keycloak/realm_keystore_aes_generated.go
+++ b/keycloak/realm_keystore_aes_generated.go
@@ -7,9 +7,10 @@ import (
 )
 
 type RealmKeystoreAesGenerated struct {
-	Id      string
-	Name    string
-	RealmId string
+	Id              string
+	Name            string
+	RealmId         string
+	InternalRealmId string
 
 	Active     bool
 	Enabled    bool
@@ -33,10 +34,17 @@ func convertFromRealmKeystoreAesGeneratedToComponent(realmKey *RealmKeystoreAesG
 		},
 	}
 
+	var parentId string
+	if realmKey.InternalRealmId != "" {
+		parentId = realmKey.InternalRealmId
+	} else {
+		parentId = realmKey.RealmId
+	}
+
 	return &component{
 		Id:           realmKey.Id,
 		Name:         realmKey.Name,
-		ParentId:     realmKey.RealmId,
+		ParentId:     parentId,
 		ProviderId:   "aes-generated",
 		ProviderType: "org.keycloak.keys.KeyProvider",
 		Config:       componentConfig,
diff --git a/keycloak/realm_keystore_ecdsa_generated.go b/keycloak/realm_keystore_ecdsa_generated.go
index fb6396ceb..5481c0a79 100644
--- a/keycloak/realm_keystore_ecdsa_generated.go
+++ b/keycloak/realm_keystore_ecdsa_generated.go
@@ -7,9 +7,10 @@ import (
 )
 
 type RealmKeystoreEcdsaGenerated struct {
-	Id      string
-	Name    string
-	RealmId string
+	Id              string
+	Name            string
+	RealmId         string
+	InternalRealmId string
 
 	Active        bool
 	Enabled       bool
@@ -33,10 +34,17 @@ func convertFromRealmKeystoreEcdsaGeneratedToComponent(realmKey *RealmKeystoreEc
 		},
 	}
 
+	var parentId string
+	if realmKey.InternalRealmId != "" {
+		parentId = realmKey.InternalRealmId
+	} else {
+		parentId = realmKey.RealmId
+	}
+
 	return &component{
 		Id:           realmKey.Id,
 		Name:         realmKey.Name,
-		ParentId:     realmKey.RealmId,
+		ParentId:     parentId,
 		ProviderId:   "ecdsa-generated",
 		ProviderType: "org.keycloak.keys.KeyProvider",
 		Config:       componentConfig,
diff --git a/keycloak/realm_keystore_hmac_generated.go b/keycloak/realm_keystore_hmac_generated.go
index e1f05a5a8..e0d8ea1dd 100644
--- a/keycloak/realm_keystore_hmac_generated.go
+++ b/keycloak/realm_keystore_hmac_generated.go
@@ -7,9 +7,10 @@ import (
 )
 
 type RealmKeystoreHmacGenerated struct {
-	Id      string
-	Name    string
-	RealmId string
+	Id              string
+	Name            string
+	RealmId         string
+	InternalRealmId string
 
 	Active     bool
 	Enabled    bool
@@ -37,10 +38,17 @@ func convertFromRealmKeystoreHmacGeneratedToComponent(realmKey *RealmKeystoreHma
 		},
 	}
 
+	var parentId string
+	if realmKey.InternalRealmId != "" {
+		parentId = realmKey.InternalRealmId
+	} else {
+		parentId = realmKey.RealmId
+	}
+
 	return &component{
 		Id:           realmKey.Id,
 		Name:         realmKey.Name,
-		ParentId:     realmKey.RealmId,
+		ParentId:     parentId,
 		ProviderId:   "hmac-generated",
 		ProviderType: "org.keycloak.keys.KeyProvider",
 		Config:       componentConfig,
diff --git a/keycloak/realm_keystore_java_keystore.go b/keycloak/realm_keystore_java_keystore.go
index a280a705e..4f730e1a1 100644
--- a/keycloak/realm_keystore_java_keystore.go
+++ b/keycloak/realm_keystore_java_keystore.go
@@ -7,9 +7,10 @@ import (
 )
 
 type RealmKeystoreJavaKeystore struct {
-	Id      string
-	Name    string
-	RealmId string
+	Id              string
+	Name            string
+	RealmId         string
+	InternalRealmId string
 
 	Active    bool
 	Enabled   bool
@@ -50,10 +51,17 @@ func convertFromRealmKeystoreJavaKeystoreToComponent(realmKey *RealmKeystoreJava
 		},
 	}
 
+	var parentId string
+	if realmKey.InternalRealmId != "" {
+		parentId = realmKey.InternalRealmId
+	} else {
+		parentId = realmKey.RealmId
+	}
+
 	return &component{
 		Id:           realmKey.Id,
 		Name:         realmKey.Name,
-		ParentId:     realmKey.RealmId,
+		ParentId:     parentId,
 		ProviderId:   "java-keystore",
 		ProviderType: "org.keycloak.keys.KeyProvider",
 		Config:       componentConfig,
diff --git a/keycloak/realm_keystore_rsa.go b/keycloak/realm_keystore_rsa.go
index 6ffadeca7..ac868bd78 100644
--- a/keycloak/realm_keystore_rsa.go
+++ b/keycloak/realm_keystore_rsa.go
@@ -7,9 +7,10 @@ import (
 )
 
 type RealmKeystoreRsa struct {
-	Id      string
-	Name    string
-	RealmId string
+	Id              string
+	Name            string
+	RealmId         string
+	InternalRealmId string
 
 	Active    bool
 	Enabled   bool
@@ -43,10 +44,17 @@ func convertFromRealmKeystoreRsaToComponent(realmKey *RealmKeystoreRsa) *compone
 		},
 	}
 
+	var parentId string
+	if realmKey.InternalRealmId != "" {
+		parentId = realmKey.InternalRealmId
+	} else {
+		parentId = realmKey.RealmId
+	}
+
 	return &component{
 		Id:           realmKey.Id,
 		Name:         realmKey.Name,
-		ParentId:     realmKey.RealmId,
+		ParentId:     parentId,
 		ProviderId:   realmKey.ProviderId,
 		ProviderType: "org.keycloak.keys.KeyProvider",
 		Config:       componentConfig,
diff --git a/keycloak/realm_keystore_rsa_generated.go b/keycloak/realm_keystore_rsa_generated.go
index 849d198d3..db291069e 100644
--- a/keycloak/realm_keystore_rsa_generated.go
+++ b/keycloak/realm_keystore_rsa_generated.go
@@ -7,9 +7,10 @@ import (
 )
 
 type RealmKeystoreRsaGenerated struct {
-	Id      string
-	Name    string
-	RealmId string
+	Id              string
+	Name            string
+	RealmId         string
+	InternalRealmId string
 
 	Active    bool
 	Enabled   bool
@@ -40,10 +41,17 @@ func convertFromRealmKeystoreRsaGeneratedToComponent(realmKey *RealmKeystoreRsaG
 		},
 	}
 
+	var parentId string
+	if realmKey.InternalRealmId != "" {
+		parentId = realmKey.InternalRealmId
+	} else {
+		parentId = realmKey.RealmId
+	}
+
 	return &component{
 		Id:           realmKey.Id,
 		Name:         realmKey.Name,
-		ParentId:     realmKey.RealmId,
+		ParentId:     parentId,
 		ProviderId:   "rsa-generated",
 		ProviderType: "org.keycloak.keys.KeyProvider",
 		Config:       componentConfig,
diff --git a/provider/resource_keycloak_realm_keystore_aes_generated.go b/provider/resource_keycloak_realm_keystore_aes_generated.go
index 2adc6b5cf..02244f571 100644
--- a/provider/resource_keycloak_realm_keystore_aes_generated.go
+++ b/provider/resource_keycloak_realm_keystore_aes_generated.go
@@ -32,6 +32,12 @@ func resourceKeycloakRealmKeystoreAesGenerated() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"internal_realm_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "Internal realm id, if it differs from 'realm_id'",
+			},
 			"active": {
 				Type:        schema.TypeBool,
 				Optional:    true,
diff --git a/provider/resource_keycloak_realm_keystore_ecdsa_generated.go b/provider/resource_keycloak_realm_keystore_ecdsa_generated.go
index 1ee3022a1..d5bd53973 100644
--- a/provider/resource_keycloak_realm_keystore_ecdsa_generated.go
+++ b/provider/resource_keycloak_realm_keystore_ecdsa_generated.go
@@ -32,6 +32,12 @@ func resourceKeycloakRealmKeystoreEcdsaGenerated() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"internal_realm_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "Internal realm id, if it differs from 'realm_id'",
+			},
 			"active": {
 				Type:        schema.TypeBool,
 				Optional:    true,
diff --git a/provider/resource_keycloak_realm_keystore_hmac_generated.go b/provider/resource_keycloak_realm_keystore_hmac_generated.go
index 607095b67..2d8cbb995 100644
--- a/provider/resource_keycloak_realm_keystore_hmac_generated.go
+++ b/provider/resource_keycloak_realm_keystore_hmac_generated.go
@@ -33,6 +33,12 @@ func resourceKeycloakRealmKeystoreHmacGenerated() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"internal_realm_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "Internal realm id, if it differs from 'realm_id'",
+			},
 			"active": {
 				Type:        schema.TypeBool,
 				Optional:    true,
diff --git a/provider/resource_keycloak_realm_keystore_java_keystore.go b/provider/resource_keycloak_realm_keystore_java_keystore.go
index 9fb37b882..86eda7fae 100644
--- a/provider/resource_keycloak_realm_keystore_java_keystore.go
+++ b/provider/resource_keycloak_realm_keystore_java_keystore.go
@@ -32,6 +32,12 @@ func resourceKeycloakRealmKeystoreJavaKeystore() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"internal_realm_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "Internal realm id, if it differs from 'realm_id'",
+			},
 			"active": {
 				Type:        schema.TypeBool,
 				Optional:    true,
diff --git a/provider/resource_keycloak_realm_keystore_rsa.go b/provider/resource_keycloak_realm_keystore_rsa.go
index 5c1e5f803..c597ee8e6 100644
--- a/provider/resource_keycloak_realm_keystore_rsa.go
+++ b/provider/resource_keycloak_realm_keystore_rsa.go
@@ -32,6 +32,12 @@ func resourceKeycloakRealmKeystoreRsa() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"internal_realm_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "Internal realm id, if it differs from 'realm_id'",
+			},
 			"active": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -80,9 +86,10 @@ func resourceKeycloakRealmKeystoreRsa() *schema.Resource {
 
 func getRealmKeystoreRsaFromData(data *schema.ResourceData) *keycloak.RealmKeystoreRsa {
 	mapper := &keycloak.RealmKeystoreRsa{
-		Id:      data.Id(),
-		Name:    data.Get("name").(string),
-		RealmId: data.Get("realm_id").(string),
+		Id:              data.Id(),
+		Name:            data.Get("name").(string),
+		RealmId:         data.Get("realm_id").(string),
+		InternalRealmId: data.Get("internal_realm_id").(string),
 
 		Active:      data.Get("active").(bool),
 		Enabled:     data.Get("enabled").(bool),
diff --git a/provider/resource_keycloak_realm_keystore_rsa_generated.go b/provider/resource_keycloak_realm_keystore_rsa_generated.go
index 0b230d4ea..51affd085 100644
--- a/provider/resource_keycloak_realm_keystore_rsa_generated.go
+++ b/provider/resource_keycloak_realm_keystore_rsa_generated.go
@@ -33,6 +33,12 @@ func resourceKeycloakRealmKeystoreRsaGenerated() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"internal_realm_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "Internal realm id, if it differs from 'realm_id'",
+			},
 			"active": {
 				Type:        schema.TypeBool,
 				Optional:    true,