If a group is manually deleted, terraform shows error instead of recreating the group

[max-rocket-internet]

In my experience with the AWS and other providers, if a resource is manually deleted in the console and then terraform is rerun, then the resources is recreated by terraform. But in my test here with a keycloak_group I get errors like this:

Error: error sending GET request to /auth/admin/realms/aws/groups/9391b1ee-8c9c-47d0-b075-fe0d19a17e04/role-mappings: 404 Not Found. Response body: {"error":"Could not find group by id"}

Error: error sending GET request to /auth/admin/realms/aws/groups/69339eb0-2fb0-4f63-837d-1077549f58b5/role-mappings: 404 Not Found. Response body: {"error":"Could not find group by id"}

Error: error sending GET request to /auth/admin/realms/aws/groups/0ab31344-6c0c-4b66-a65b-e3c5a5817975/role-mappings: 404 Not Found. Response body: {"error":"Could not find group by id"}

Error: error sending GET request to /auth/admin/realms/aws/groups/fd269a6a-f611-46fe-bfc2-c757c793a969/role-mappings: 404 Not Found. Response body: {"error":"Could not find group by id"}

Is this by design?

[mrparkers]

Looks like you're running into an issue with the keycloak_group_roles resource rather than the keycloak_group resource. The keycloak_group resources does handle manually deleted groups by removing them from state, but it looks like keycloak_group_roles does not.

I think it makes sense for the keycloak_group_roles resource to remove itself from state when the group they're tied to is deleted. I opened #497 to fix this.

[max-rocket-internet]

Looks like you're running into an issue with the keycloak_group_roles resource rather than the keycloak_group resource.

Could be! It's not clear what the error is in this output the terraform returns.

. I opened #497 to fix this

OK awesome 🎉

[mrparkers]

It's not clear what the error is in this output the terraform returns.

That's fair, the logging here could definitely be improved. The /role-mappings is what gave it away for me.