add custom-identity-provider-mapper

docs/resources/custom_identity_provider_mapper.md

@@ -0,0 +1,65 @@
+---
+page_title: "keycloak_custom_identity_provider_mapper Resource"
+---
+
+# keycloak\_custom\_identity\_provider\_mapper Resource
+
+Allows for creating and managing custom identity provider mapper within Keycloak.
+
+The custom identity provider mapper can be used to define custom mapper type for the imported Keycloak user.
+
+~> If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.
+
+## Example Usage
+
+```hcl
+resource "keycloak_realm" "realm" {
+  realm   = "my-realm"
+  enabled = true
+}
+
+resource "keycloak_oidc_identity_provider" "oidc" {
+  realm             = keycloak_realm.realm.id
+  alias             = "oidc"
+  authorization_url = "https://example.com/auth"
+  token_url         = "https://example.com/token"
+  client_id         = "example_id"
+  client_secret     = "example_token"
+  default_scopes    = "openid random profile"
+}
+
+resource "keycloak_custom_identity_provider_mapper" "oidc" {
+  realm                    = keycloak_realm.realm.id
+  name                     = "email-attribute-importer"
+  identity_provider_alias  = keycloak_oidc_identity_provider.oidc.alias
+  identity_provider_mapper = "%s-user-attribute-idp-mapper"
+
+  # extra_config with syncMode is required in Keycloak 10+
+  extra_config = {
+    syncMode      = "INHERIT"
+    Claim         = "my-email-claim"
+    UserAttribute = "email"
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+- `realm` - (Required) The name of the realm.
+- `name` - (Required) The name of the mapper.
+- `identity_provider_alias` - (Required) The alias of the associated identity provider.
+- `identity_provider_mapper` - (Required) The type of the identity provider mapper.
+- `extra_config` - (Optional) Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.
+
+## Import
+
+Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak
+assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.
+
+Example:
+
+```bash
+$ terraform import keycloak_custom_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b
+```

provider/provider.go

@@ -74,6 +74,7 @@ func KeycloakProvider(client *keycloak.KeycloakClient) *schema.Provider {
 			"keycloak_attribute_importer_identity_provider_mapper":       resourceKeycloakAttributeImporterIdentityProviderMapper(),
 			"keycloak_attribute_to_role_identity_provider_mapper":        resourceKeycloakAttributeToRoleIdentityProviderMapper(),
 			"keycloak_user_template_importer_identity_provider_mapper":   resourceKeycloakUserTemplateImporterIdentityProviderMapper(),
+			"keycloak_custom_identity_provider_mapper":                   resourceKeycloakCustomIdentityProviderMapper(),
 			"keycloak_saml_identity_provider":                            resourceKeycloakSamlIdentityProvider(),
 			"keycloak_oidc_google_identity_provider":                     resourceKeycloakOidcGoogleIdentityProvider(),
 			"keycloak_oidc_identity_provider":                            resourceKeycloakOidcIdentityProvider(),

provider/resource_keycloak_custom_identity_provider_mapper.go

@@ -0,0 +1,60 @@
+package provider
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/mrparkers/terraform-provider-keycloak/keycloak"
+)
+
+func resourceKeycloakCustomIdentityProviderMapper() *schema.Resource {
+	mapperSchema := map[string]*schema.Schema{
+		"identity_provider_mapper": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "IDP Mapper Type",
+		},
+	}
+	genericMapperResource := resourceKeycloakIdentityProviderMapper()
+	genericMapperResource.Schema = mergeSchemas(genericMapperResource.Schema, mapperSchema)
+	genericMapperResource.Create = resourceKeycloakIdentityProviderMapperCreate(getCustomIdentityProviderMapperFromData, setCustomIdentityProviderMapperData)
+	genericMapperResource.Read = resourceKeycloakIdentityProviderMapperRead(setCustomIdentityProviderMapperData)
+	genericMapperResource.Update = resourceKeycloakIdentityProviderMapperUpdate(getCustomIdentityProviderMapperFromData, setCustomIdentityProviderMapperData)
+	return genericMapperResource
+}
+
+func getCustomIdentityProviderMapperFromData(data *schema.ResourceData, meta interface{}) (*keycloak.IdentityProviderMapper, error) {
+	keycloakClient := meta.(*keycloak.KeycloakClient)
+	rec, _ := getIdentityProviderMapperFromData(data)
+	extraConfig := map[string]interface{}{}
+	if v, ok := data.GetOk("extra_config"); ok {
+		for key, value := range v.(map[string]interface{}) {
+			extraConfig[key] = value
+		}
+	}
+	identityProvider, err := keycloakClient.GetIdentityProvider(rec.Realm, rec.IdentityProviderAlias)
+	if err != nil {
+		return nil, handleNotFoundError(err, data)
+	}
+	if identityProviderMapper, ok := data.GetOk("identity_provider_mapper"); !ok {
+		return nil, fmt.Errorf(`provider.keycloak: keycloak_custom_identity_provider_mapper: %s: "identity_provider_mapper": should be set`, data.Get("name").(string))
+	} else {
+		if strings.Contains(identityProviderMapper.(string), "%s") {
+			rec.IdentityProviderMapper = fmt.Sprintf(identityProviderMapper.(string), identityProvider.ProviderId)
+		} else {
+			rec.IdentityProviderMapper = identityProviderMapper.(string)
+		}
+	}
+	rec.Config = &keycloak.IdentityProviderMapperConfig{
+		ExtraConfig: extraConfig,
+	}
+	return rec, nil
+}
+
+func setCustomIdentityProviderMapperData(data *schema.ResourceData, identityProviderMapper *keycloak.IdentityProviderMapper) error {
+	setIdentityProviderMapperData(data, identityProviderMapper)
+	data.Set("identity_provider_mapper", identityProviderMapper.IdentityProviderMapper)
+	data.Set("extra_config", identityProviderMapper.Config.ExtraConfig)
+	return nil
+}