Description

Description:
We observed an issue where empty fields, such as a client's description, cannot be reliably managed via Terraform.

Behavior in current provider version:
When using the Keycloak Terraform provider:

null is treated as “unset” by Terraform, so it is ignored by the provider.

"" (empty string) is passed to the provider, but Keycloak seems to retain the previous value instead of clearing it. This might indicate that either:

The provider is not forwarding empty strings to the Keycloak API, or The Keycloak API ignores empty string values on update.

Problem:
This behavior prevents us from ensuring that fields which were once set manually (e.g., a description) can be cleared again via Terraform. It creates a state drift when values are removed manually in Keycloak or when someone tries to "reset" them via Terraform.

Expected behavior:
There should be a way to explicitly clear/reset attributes like description via Terraform by setting them to an empty string (""). If Keycloak supports this but the provider is not forwarding the values, the provider should be updated. If Keycloak doesn’t support this, a workaround or warning might be necessary.

Steps to reproduce:

Create a client with a non-empty description.
Update the Terraform config to set description = "".

OR

Create a client with a empty description
Update the Terraform config to set description = "".
Change value in Keycloak Admin Console to not empty.

Run terraform apply.

Result:
The description remains unchanged in Keycloak.

Expected result:
The description should be cleared (set to an empty string) in Keycloak.

Exceptions:
Some fields like the theme behave as expected, setting to an empty string actually sets them back to empty when manually changed to non empty.

Terraform provider version:
5.2

Terraform version:
1.12.1

Keycloak version:
26.2.5

Thanks in advance

Discussion

No response

Motivation

No response

Details

No response