Support for updating subflow requirement(["REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL"]) of builtin flow

[drankhil]

Description

Request support for updating the subflow requirement(["REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL"]) of the builtin flow in the keycloak realm using the terraform-provider-keycloak.

Background:

Currently the terraform-provider-keycloak does not support updating the builtin authentication flows in keycloak. It would be great if we can have this feature in the provider. This will help us to update the builtin flows in keycloak using terraform.

Discussion

No response

Motivation

If we need to enforce TOTP for all users, we need to update the builtin flow browser(by setting the subflow Browser - Conditional OTP as Required) in keycloak. This is a setting that can be modified through the GUI, so it should possible to do the same via terraform as well

Though there are different approaches, like the below, to update builtin flows using terraform, but they are not straight forward.

1. Get the flowID of the subflow Browser - Conditional OTP and import it to terraform using keycloak_authentication_subflow resource and then update the changes
2. Create a new authentication flow which is same as the builtin flow browser and use it as the browser flow in the realm

Details

Possible solution:

• Datasource to get the flowId of the built flow, say keycloak_authentication_subflow
• Resource to update the subflow using the flowId, say keycloak_authentication_subflow_settings

[eicki]

#1078 is related and I also need both.