maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(ops/keycloak): ignore delete_default_mappers field

Browse source 
Without this, terraform wants to recreate the resource, just because we
do /not/ want to delete the default mappers:

```
  # keycloak_ldap_user_federation.tvl_ldap must be replaced
-/+ resource "keycloak_ldap_user_federation" "tvl_ldap" {
      + delete_default_mappers          = false # forces replacement
      ~ id                              = "4e68e9f0-7aba-4465-8357-f2af6a55fd0e" -> (known after apply)
        name                            = "tvl-ldap"
      ~ use_truststore_spi              = "ALWAYS" -> "ONLY_FOR_LDAPS"
        # (27 unchanged attributes hidden)
    }
```

Keycloak lists the a few mappers. which are likely the default ones,
but in any case, we don't want to recreate this resource.

Change-Id: I170a91a44b2efa426fae268cf7fc97a7f28a5760
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12412
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
This commit is contained in:
Florian Klink 2024-09-01 15:35:00 +03:00 committed by clbot
parent e74378a324
commit ebf4647976
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
ops/keycloak/user_sources.tf
View file

@ -22,6 +22,13 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" {
"inetOrgPerson",
"organizationalPerson",
]
lifecycle {
# Without this, terraform wants to recreate the resource.
ignore_changes = [
delete_default_mappers
]
}
}
# keycloak_oidc_identity_provider.github will be destroyed