科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Keycloak with Terraform - config parameter of keycloak_authentication_execution_config doesn't worl - Stack Overflow

    Keycloak with Terraform - config parameter of keycloak_authentication_execution_config doesn't worl - Stack Overflow

    programmeradmin1浏览0评论

    I am using keycloak v. 22.01 and terraform provider mrparkers/keycloak 4.3.1

    So my problem is: I want to create a authentication flow in keycloak to check if a user belongs to the role 'user' and if so, send them via mail an OTP. For that I created a subflow with a condition - user role (set in GUI the role to 'user') and afterwards the Email OTP.

    Flow in GUI

    That works fine so far. Next I want to do the same thing, but with terraform. Also that works fine, but the condition user role don't get the role 'user' assigned.

    The field that is not filled

    I got the following terraform code

    resource "keycloak_authentication_subflow" "sub_otp_flow" {
  realm_id          = var.MY_REALM_ID
  alias             = "sub-otp-flow"
  parent_flow_alias = keycloak_authentication_flow.email_otp_flow.alias
  provider_id       = "basic-flow"
  requirement       = "REQUIRED"
}

    resource "keycloak_authentication_execution" "role_condition_otp" {
  realm_id          = var.MYL_REALM_ID
  parent_flow_alias = keycloak_authentication_subflow.sub_otp_flow.alias
  authenticator     = "conditional-user-role"
  requirement       = "REQUIRED"
}

    resource "keycloak_authentication_execution_config" "role_condition_otp_config" {
  realm_id     = var.MY_REALM_ID
  execution_id = keycloak_authentication_execution.role_condition_otp.id
  alias        = "role_condition_otp"
  config = {
    roles = "my_client.my_rolename"
  }
}

    resource "keycloak_authentication_execution" "email_otp" {
  realm_id          = var.MY_REALM
  parent_flow_alias = keycloak_authentication_subflow.sub_otp_flow.alias
  authenticator     = "ext-email-otp"
  requirement       = "REQUIRED"

  depends_on = [
    keycloak_authentication_execution.username_password,
    keycloak_authentication_execution_config.role_condition_otp_config
  ]

}

    I searched a lot in internet, docs, chatGPT, claude but couldn't find the mistake. I already tried in Condition conf:

    config = {
    "roles" = "my_client.my_rolename"
}

    and to refrence terraform resources as well. I do got the feeling that the "config" parameter is somehow wrong, but I don't find the proper syntax.

    I expected to have in authentication section -> flows -> email otp flow the demanded resources and in the conditional config an assigned user like this:

    expected result

    Actual result:

    Hope someone knows some hints for me.

    Thanks in advance!

    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论