SIGSEGV when using keycloak_default_roles

[mknapik]

I had troubles setting up default roles for my realms.

terraform version

Terraform v1.1.2
on linux_amd64
...
+ provider registry.terraform.io/mrparkers/keycloak v3.6.0
...

terraform code

resource "keycloak_default_roles" "default" {
  for_each = var.tenants

  realm_id = keycloak_realm.realm[each.key].id
  default_roles = [
    keycloak_role.reading[each.key].name,
  ]
}

terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # keycloak_default_roles.default["test"] will be created
  + resource "keycloak_default_roles" "default" {
      + default_roles = [
          + "READING",
        ]
      + id            = (known after apply)
      + realm_id      = "realm_name"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

terraform apply

Acquiring state lock. This may take a few moments...
keycloak_default_roles.default["test"]: Creating...
╷
│ Error: Plugin did not respond
│
│   with keycloak_default_roles.default["test"],
│   on onelogin.keycloak.role.tf line 1, in resource "keycloak_default_roles" "default":
│    1: resource "keycloak_default_roles" "default" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more
│ details.
╵
Releasing state lock. This may take a few moments...

Stack trace from the terraform-provider-keycloak_v3.6.0 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xdc6ee1]

goroutine 82 [running]:
github.com/mrparkers/terraform-provider-keycloak/provider.resourceKeycloakDefaultRolesReconcile(0xc00044a400, 0x10546c0, 0xc000138840, 0x0, 0xffffffffffffffff)
	github.com/mrparkers/terraform-provider-keycloak/provider/resource_keycloak_default_roles.go:101 +0x101
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0xc00025f180, 0x11fe308, 0xc00041cbc0, 0xc00044a400, 0x10546c0, 0xc000138840, 0x0, 0x0, 0x0)
	github.com/hashicorp/terraform-plugin-sdk/v2@v2.7.0/helper/schema/resource.go:318 +0x1ee
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc00025f180, 0x11fe308, 0xc00041cbc0, 0xc00019f9d0, 0xc000093260, 0x10546c0, 0xc000138840, 0x0, 0x0, 0x0, ...)
	github.com/hashicorp/terraform-plugin-sdk/v2@v2.7.0/helper/schema/resource.go:456 +0x67b
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc00012e318, 0x11fe308, 0xc00041cbc0, 0xc0007c54a0, 0xc00041cbc0, 0x100c080, 0xc0009fec00)
	github.com/hashicorp/terraform-plugin-sdk/v2@v2.7.0/helper/schema/grpc_provider.go:955 +0x8ef
github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(*server).ApplyResourceChange(0xc0001aaec0, 0x11fe3b0, 0xc00041cbc0, 0xc00019f7a0, 0xc0001aaec0, 0xc0009fec00, 0xc000616ba0)
	github.com/hashicorp/terraform-plugin-go@v0.3.0/tfprotov5/server/server.go:332 +0xb5
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x100c080, 0xc0001aaec0, 0x11fe3b0, 0xc0009fec00, 0xc00041af60, 0x0, 0x11fe3b0, 0xc0009fec00, 0xc000184210, 0xa6)
	github.com/hashicorp/terraform-plugin-go@v0.3.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:380 +0x214
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000bbc00, 0x1206b38, 0xc000103e00, 0xc0000ee500, 0xc000787c20, 0x178a400, 0x0, 0x0, 0x0)
	google.golang.org/grpc@v1.32.0/server.go:1194 +0x52b
google.golang.org/grpc.(*Server).handleStream(0xc0000bbc00, 0x1206b38, 0xc000103e00, 0xc0000ee500, 0x0)
	google.golang.org/grpc@v1.32.0/server.go:1517 +0xd0c
google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc0001822d0, 0xc0000bbc00, 0x1206b38, 0xc000103e00, 0xc0000ee500)
	google.golang.org/grpc@v1.32.0/server.go:859 +0xab
created by google.golang.org/grpc.(*Server).serveStreams.func1
	google.golang.org/grpc@v1.32.0/server.go:857 +0x1fd

Error: The terraform-provider-keycloak_v3.6.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

[mknapik]

Is there any more details I could provide to help with resolving the issue?

[acolombier]

I had a similar issue after a drift - are your sure your Terraform state file is in sync?

[mrparkers]

Hi @mknapik, sorry for the delay on this issue. I believe that this is happening because you're using a version of Keycloak that's older than v13, which is when support for default roles via a realm composite role was added.

There's a check in this resource that is supposed to throw an error if you're running a version of Keycloak that isn't compatible, but it wasn't working properly, resulting in this nil pointer exception. Sorry about that!

If you upgrade your Keycloak instance, this should work as expected. I opened #637 to fix the broken check.

I'm going to close this, but feel free to re-open it if you're still having issues after upgrading.

[mknapik]

Thanks for investigating this! You're onto something, as indeed we're using v12. I'll report if it works with more recent versions of Keycloak.

[mknapik]

I can confirm that upgrading Keycloak to v15 solved the issue. @mrparkers Thanks!