Describe the bug
The keycloak_workflow resource sends restartInProgress as flat JSON fields in the API request body. However, the Keycloak REST API expects these to be nested inside a concurrency object. As a result, Keycloak silently ignores the flat fields and no concurrency settings are applied to the workflow.
Version
26.6.1
Expected behavior
Setting restart_in_progress on a keycloak_workflow resource should result in a concurrency object being sent to the Keycloak API:
{
"concurrency": {
"restart-in-progress": "true"
}
} Actual behavior
The provider sends flat fields that Keycloak ignores:
{
"restartInProgress": "true"
} The workflow is created successfully (HTTP 201), but the concurrency settings are not persisted. A subsequent GET returns the workflow without any concurrency configuration.
How to Reproduce?
- Create a workflow with flat
restartInProgress:
curl -s -X POST "https://<keycloak-url>/admin/realms/<realm>/workflows" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "test-flat-concurrency",
"enabled": true,
"on": "user_authenticated",
"restartInProgress": "true",
"steps": [{"uses": "disable-user", "after": "300000"}]
}'
- Verify — concurrency is missing from response:
curl -s "https://<keycloak-url>/admin/realms/<realm>/workflows" \
-H "Authorization: Bearer $TOKEN"
- Now create with nested concurrency:
curl -s -X POST "https://<keycloak-url>/admin/realms/<realm>/workflows" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "test-nested-concurrency",
"enabled": true,
"on": "user_authenticated",
"concurrency": {"restart-in-progress": "true"},
"steps": [{"uses": "disable-user", "after": "300000"}]
}'
- Verify — concurrency is now present in response:
curl -s "https://<keycloak-url>/admin/realms/<realm>/workflows" \
-H "Authorization: Bearer $TOKEN"
Anything else?
cancel_in_progress is likely affected by the same issue — it is also sent as a flat cancelInProgress field instead of nested concurrency.cancel-in-progress. Not verified,
but the same code path is used (keycloak/workflow.go:24).
Describe the bug
The
keycloak_workflowresource sendsrestartInProgressas flat JSON fields in the API request body. However, the Keycloak REST API expects these to be nested inside aconcurrencyobject. As a result, Keycloak silently ignores the flat fields and no concurrency settings are applied to the workflow.Version
26.6.1
Expected behavior
Setting
restart_in_progresson akeycloak_workflowresource should result in aconcurrencyobject being sent to the Keycloak API:{ "concurrency": { "restart-in-progress": "true" } }Actual behavior
The provider sends flat fields that Keycloak ignores:
{ "restartInProgress": "true" }The workflow is created successfully (HTTP 201), but the concurrency settings are not persisted. A subsequent GET returns the workflow without any concurrency configuration.
How to Reproduce?
restartInProgress:Anything else?
cancel_in_progressis likely affected by the same issue — it is also sent as a flatcancelInProgressfield instead of nestedconcurrency.cancel-in-progress. Not verified,but the same code path is used (
keycloak/workflow.go:24).