-
Notifications
You must be signed in to change notification settings - Fork 307
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
438 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
--- | ||
page_title: "keycloak_custom_identity_provider_mapper Resource" | ||
--- | ||
|
||
# keycloak\_custom\_identity\_provider\_mapper Resource | ||
|
||
Allows for creating and managing custom identity provider mapper within Keycloak. | ||
|
||
The custom identity provider mapper can be used to define custom mapper type for the imported Keycloak user. | ||
|
||
~> If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
resource "keycloak_realm" "realm" { | ||
realm = "my-realm" | ||
enabled = true | ||
} | ||
resource "keycloak_oidc_identity_provider" "oidc" { | ||
realm = keycloak_realm.realm.id | ||
alias = "oidc" | ||
authorization_url = "https://example.com/auth" | ||
token_url = "https://example.com/token" | ||
client_id = "example_id" | ||
client_secret = "example_token" | ||
default_scopes = "openid random profile" | ||
} | ||
resource "keycloak_custom_identity_provider_mapper" "oidc" { | ||
realm = keycloak_realm.realm.id | ||
name = "email-attribute-importer" | ||
identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias | ||
identity_provider_mapper = "%s-user-attribute-idp-mapper" | ||
# extra_config with syncMode is required in Keycloak 10+ | ||
extra_config = { | ||
syncMode = "INHERIT" | ||
Claim = "my-email-claim" | ||
UserAttribute = "email" | ||
} | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
- `realm` - (Required) The name of the realm. | ||
- `name` - (Required) The name of the mapper. | ||
- `identity_provider_alias` - (Required) The alias of the associated identity provider. | ||
- `identity_provider_mapper` - (Required) The type of the identity provider mapper. | ||
- `extra_config` - (Optional) Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features. | ||
|
||
## Import | ||
|
||
Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak | ||
assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID. | ||
|
||
Example: | ||
|
||
```bash | ||
$ terraform import keycloak_custom_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
60 changes: 60 additions & 0 deletions
60
provider/resource_keycloak_custom_identity_provider_mapper.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
package provider | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/mrparkers/terraform-provider-keycloak/keycloak" | ||
) | ||
|
||
func resourceKeycloakCustomIdentityProviderMapper() *schema.Resource { | ||
mapperSchema := map[string]*schema.Schema{ | ||
"identity_provider_mapper": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "IDP Mapper Type", | ||
}, | ||
} | ||
genericMapperResource := resourceKeycloakIdentityProviderMapper() | ||
genericMapperResource.Schema = mergeSchemas(genericMapperResource.Schema, mapperSchema) | ||
genericMapperResource.Create = resourceKeycloakIdentityProviderMapperCreate(getCustomIdentityProviderMapperFromData, setCustomIdentityProviderMapperData) | ||
genericMapperResource.Read = resourceKeycloakIdentityProviderMapperRead(setCustomIdentityProviderMapperData) | ||
genericMapperResource.Update = resourceKeycloakIdentityProviderMapperUpdate(getCustomIdentityProviderMapperFromData, setCustomIdentityProviderMapperData) | ||
return genericMapperResource | ||
} | ||
|
||
func getCustomIdentityProviderMapperFromData(data *schema.ResourceData, meta interface{}) (*keycloak.IdentityProviderMapper, error) { | ||
keycloakClient := meta.(*keycloak.KeycloakClient) | ||
rec, _ := getIdentityProviderMapperFromData(data) | ||
extraConfig := map[string]interface{}{} | ||
if v, ok := data.GetOk("extra_config"); ok { | ||
for key, value := range v.(map[string]interface{}) { | ||
extraConfig[key] = value | ||
} | ||
} | ||
identityProvider, err := keycloakClient.GetIdentityProvider(rec.Realm, rec.IdentityProviderAlias) | ||
if err != nil { | ||
return nil, handleNotFoundError(err, data) | ||
} | ||
if identityProviderMapper, ok := data.GetOk("identity_provider_mapper"); !ok { | ||
return nil, fmt.Errorf(`provider.keycloak: keycloak_custom_identity_provider_mapper: %s: "identity_provider_mapper": should be set`, data.Get("name").(string)) | ||
} else { | ||
if strings.Contains(identityProviderMapper.(string), "%s") { | ||
rec.IdentityProviderMapper = fmt.Sprintf(identityProviderMapper.(string), identityProvider.ProviderId) | ||
} else { | ||
rec.IdentityProviderMapper = identityProviderMapper.(string) | ||
} | ||
} | ||
rec.Config = &keycloak.IdentityProviderMapperConfig{ | ||
ExtraConfig: extraConfig, | ||
} | ||
return rec, nil | ||
} | ||
|
||
func setCustomIdentityProviderMapperData(data *schema.ResourceData, identityProviderMapper *keycloak.IdentityProviderMapper) error { | ||
setIdentityProviderMapperData(data, identityProviderMapper) | ||
data.Set("identity_provider_mapper", identityProviderMapper.IdentityProviderMapper) | ||
data.Set("extra_config", identityProviderMapper.Config.ExtraConfig) | ||
return nil | ||
} |
Oops, something went wrong.