[Issue-1111] Add independant Realm Attributes Resource

this will help decouple the realms attributes and allow reuse in modules
 without relying on the entire realm configuration.  use is mutually
 exclusive between this resource and the realm attributes

Signed-off-by: Ryan H <[email protected]>

Author: rhigdon

docs/resources/realm.md

@@ -84,7 +84,7 @@ resource "keycloak_realm" "realm" {
 - `display_name_html` - (Optional) The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
 - `user_managed_access` - (Optional) When `true`, users are allowed to manage their own resources. Defaults to `false`.
 - `organizations_enabled` - (Optional) When `true`, organization support is enabled. Defaults to `false`.
-- `attributes` - (Optional) A map of custom attributes to add to the realm.
+- `attributes` - (Optional) A map of custom attributes to add to the realm. [Also available as mutually exlusive resource](./realm_attributes.md)
 - `internal_id` - (Optional) When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
 
 ### Login Settings

docs/resources/realm_attributes.md

@@ -0,0 +1,24 @@
+---
+page_title: "keycloak_realm_attributes Resource"
+---
+
+# keycloak\_realm_attributes Resource
+
+Allows for creating and managing Realm attributes within Keycloak.  `attributes` must not be tracked by the `realm` resource if this is used.
+
+## Example Usage
+
+```hcl
+resource "keycloak_realm" "realm_example" {
+  realm             = "realm-example"
+  enabled           = true
+}
+
+resource "keycloak_realm_attributes" "realm_attributes" {
+    realm_id = keycloak_realm.realm_example.id
+    attributes = {
+        baz = "bat"
+        qux = "quux"
+    }
+}
+```

example/main.tf

@@ -77,11 +77,6 @@ resource "keycloak_realm" "test" {
   ssl_required    = "external"
   password_policy = "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername"
 
-  attributes = {
-    mycustomAttribute  = "myCustomValue"
-    userProfileEnabled = true
-  }
-
   web_authn_policy {
     relying_party_entity_name = "Example"
     relying_party_id          = "keycloak.example.com"
@@ -101,6 +96,15 @@ resource "keycloak_realm" "test" {
   }
 }
 
+resource "keycloak_realm_attributes" "test_attributes" {
+  realm_id = keycloak_realm.test.id
+
+  attributes = {
+    mycustomAttribute  = "myCustomValue"
+    userProfileEnabled = true
+  }
+} 
+
 resource "keycloak_realm_localization" "test_translation" {
   realm_id = keycloak_realm.test.id
   locale   = "en"

keycloak/realm_attributes.go

@@ -0,0 +1,27 @@
+package keycloak
+
+import (
+	"context"
+	"fmt"
+)
+
+type RealmAttributes struct {
+	RealmId    string                 `json:"-"`
+	Attributes map[string]interface{} `json:"attributes"`
+}
+
+func (keycloakClient *KeycloakClient) GetRealmAttributes(ctx context.Context, realmId string) (*RealmAttributes, error) {
+	realm, err := keycloakClient.GetRealm(ctx, realmId)
+	if err != nil {
+		return nil, err
+	}
+
+	return &RealmAttributes{
+		RealmId:    realmId,
+		Attributes: realm.Attributes,
+	}, nil
+}
+
+func (keycloakClient *KeycloakClient) UpdateRealmAttributes(ctx context.Context, realmId string, attributes *RealmAttributes) error {
+	return keycloakClient.put(ctx, fmt.Sprintf("/realms/%s", realmId), attributes)
+}

provider/provider.go

@@ -32,6 +32,7 @@ func KeycloakProvider(client *keycloak.KeycloakClient) *schema.Provider {
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"keycloak_realm":                                             resourceKeycloakRealm(),
+			"keycloak_realm_attributes":                                  resourceKeycloakRealmAttributes(),
 			"keycloak_realm_events":                                      resourceKeycloakRealmEvents(),
 			"keycloak_realm_default_client_scopes":                       resourceKeycloakRealmDefaultClientScopes(),
 			"keycloak_realm_optional_client_scopes":                      resourceKeycloakRealmOptionalClientScopes(),

provider/resource_keycloak_realm_attributes.go

@@ -0,0 +1,109 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/keycloak/terraform-provider-keycloak/keycloak"
+)
+
+func resourceKeycloakRealmAttributes() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceKeycloakRealmAttributesCreate,
+		ReadContext:   resourceKeycloakRealmAttributesRead,
+		UpdateContext: resourceKeycloakRealmAttributesUpdate,
+		DeleteContext: resourceKeycloakRealmAttributesDelete,
+		Schema: map[string]*schema.Schema{
+			"realm_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"attributes": {
+				Type:        schema.TypeMap,
+				Required:    true,
+				Description: "A map of attributes for the realm",
+			},
+		},
+	}
+}
+func resourceKeycloakRealmAttributesCreate(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	keycloakClient := meta.(*keycloak.KeycloakClient)
+	realmId := data.Get("realm_id").(string)
+	attributes := mapFromDataToRealmAttributes(data)
+
+	err := keycloakClient.UpdateRealmAttributes(ctx, realmId, attributes)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	data.SetId(realmId)
+
+	return resourceKeycloakRealmAttributesRead(ctx, data, meta)
+}
+
+func resourceKeycloakRealmAttributesRead(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	keycloakClient := meta.(*keycloak.KeycloakClient)
+	realmId := data.Get("realm_id").(string)
+	attributes, err := keycloakClient.GetRealmAttributes(ctx, realmId)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	if attributes == nil {
+		return nil
+	}
+
+	mapFromRealmAttributesToData(attributes, data)
+
+	return nil
+}
+
+func resourceKeycloakRealmAttributesUpdate(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	keycloakClient := meta.(*keycloak.KeycloakClient)
+	realmId := data.Get("realm_id").(string)
+	attributes := mapFromDataToRealmAttributes(data)
+
+	err := keycloakClient.UpdateRealmAttributes(ctx, realmId, attributes)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	return resourceKeycloakRealmAttributesRead(ctx, data, meta)
+}
+
+func resourceKeycloakRealmAttributesDelete(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	keycloakClient := meta.(*keycloak.KeycloakClient)
+	realmId := data.Get("realm_id").(string)
+	attributes := &keycloak.RealmAttributes{
+		Attributes: map[string]interface{}{},
+	}
+
+	err := keycloakClient.UpdateRealmAttributes(ctx, realmId, attributes)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	data.SetId("")
+
+	return nil
+}
+
+func mapFromDataToRealmAttributes(data *schema.ResourceData) *keycloak.RealmAttributes {
+	return &keycloak.RealmAttributes{
+		RealmId:    data.Get("realm_id").(string),
+		Attributes: data.Get("attributes").(map[string]interface{}),
+	}
+}
+
+func mapFromRealmAttributesToData(attributes *keycloak.RealmAttributes, data *schema.ResourceData) {
+	_attributes := map[string]interface{}{}
+	if v, ok := data.GetOk("attributes"); ok {
+		for key := range v.(map[string]interface{}) {
+			_attributes[key] = attributes.Attributes[key]
+		}
+	}
+	if err := data.Set("attributes", _attributes); err != nil {
+		panic(fmt.Sprintf("Failed to set attributes: %v", err))
+	}
+}

provider/resource_keycloak_realm_attributes_test.go

@@ -0,0 +1,51 @@
+package provider
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestAccKeycloakRealmAttributes(t *testing.T) {
+	realmName := acctest.RandomWithPrefix("tf-acc")
+
+	resource.Test(t, resource.TestCase{
+		ProviderFactories: testAccProviderFactories,
+		PreCheck:          func() { testAccPreCheck(t) },
+		Steps: []resource.TestStep{
+			{
+				Config: testKeycloakRealmAttributes_basic(realmName, "foo", "bar"),
+				Check:  testAccCheckKeycloakRealmAttributesExists(realmName),
+			},
+		},
+	})
+}
+
+func testKeycloakRealmAttributes_basic(realm string, name string, description string) string {
+	return fmt.Sprintf(`
+resource "keycloak_realm" "realm" {
+	realm = "%s"
+}
+
+resource "keycloak_realm_attributes" "attributes" {
+	realm_id = keycloak_realm.realm.id
+	attributes = {
+		name        = "%s"
+		description = "%s"
+	}
+}`, realm, name, description)
+}
+
+func testAccCheckKeycloakRealmAttributesExists(realm string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		_, err := keycloakClient.GetRealmAttributes(testCtx, realm)
+		if err != nil {
+			return fmt.Errorf("Realm attributes not found: %s", realm)
+		}
+
+		return nil
+	}
+}

provider/resource_keycloak_realm_test.go

@@ -2,12 +2,13 @@ package provider
 
 import (
 	"fmt"
+	"regexp"
+	"testing"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 	"github.com/keycloak/terraform-provider-keycloak/keycloak"
-	"regexp"
-	"testing"
 )
 
 func TestAccKeycloakRealm_basic(t *testing.T) {

provider/resource_keycloak_user_test.go

@@ -2,17 +2,18 @@ package provider
 
 import (
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
-	"github.com/keycloak/terraform-provider-keycloak/keycloak"
 	"io"
 	"net/http"
 	"net/url"
 	"os"
 	"regexp"
 	"strings"
 	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/keycloak/terraform-provider-keycloak/keycloak"
 )
 
 func TestAccKeycloakUser_basic_wo_attribute(t *testing.T) {