add identity-provider-mapper

docs/resources/attribute_importer_identity_provider_mapper.md

@@ -32,11 +32,12 @@ resource "keycloak_oidc_identity_provider" "oidc" {
 }
 
 resource "keycloak_attribute_importer_identity_provider_mapper" "oidc" {
-  realm                   = keycloak_realm.realm.id
-  name                    = "email-attribute-importer"
-  claim_name              = "my-email-claim"
-  identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias
-  user_attribute          = "email"
+  realm                    = keycloak_realm.realm.id
+  name                     = "email-attribute-importer"
+  claim_name               = "my-email-claim"
+  user_attribute           = "email"
+  identity_provider_alias  = keycloak_oidc_identity_provider.oidc.alias
+  identity_provider_mapper = "%s-user-attribute-idp-mapper"
 
   # extra_config with syncMode is required in Keycloak 10+
   extra_config = {
@@ -51,8 +52,9 @@ The following arguments are supported:
 
 - `realm` - (Required) The name of the realm.
 - `name` - (Required) The name of the mapper.
-- `identity_provider_alias` - (Required) The alias of the associated identity provider.
 - `user_attribute` - (Required) The user attribute or property name to store the mapped result.
+- `identity_provider_alias` - (Required) The alias of the associated identity provider.
+- `identity_provider_mapper` - (Optional) The type of the identity provider mapper.
 - `attribute_name` - (Optional) For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`.
 - `attribute_friendly_name` - (Optional) For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`.
 - `claim_name` - (Optional) For OIDC based providers, this is the name of the claim to use.

provider/generic_keycloak_identity_provider_mapper.go

@@ -36,6 +36,11 @@ func resourceKeycloakIdentityProviderMapper() *schema.Resource {
 				ForceNew:    true,
 				Description: "IDP Alias",
 			},
+			"identity_provider_mapper": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "IDP Mapper Type",
+			},
 			"extra_config": {
 				Type:     schema.TypeMap,
 				Optional: true,
@@ -51,6 +56,10 @@ func getIdentityProviderMapperFromData(data *schema.ResourceData) (*keycloak.Ide
 		Name:                  data.Get("name").(string),
 		IdentityProviderAlias: data.Get("identity_provider_alias").(string),
 	}
+
+	if _, ok := data.GetOk("identity_provider_mapper"); !ok {
+		rec.IdentityProviderMapper = data.Get("identity_provider_mapper").(string)
+	}
 	return rec, nil
 }
 
@@ -59,6 +68,10 @@ func setIdentityProviderMapperData(data *schema.ResourceData, identityProviderMa
 	data.Set("realm", identityProviderMapper.Realm)
 	data.Set("name", identityProviderMapper.Name)
 	data.Set("identity_provider_alias", identityProviderMapper.IdentityProviderAlias)
+
+	if _, ok := data.GetOk("identity_provider_mapper"); !ok {
+		data.Set("identity_provider_mapper", identityProviderMapper.IdentityProviderMapper)
+	}
 	return nil
 }
 

provider/resource_keycloak_attribute_importer_identity_provider_mapper.go

@@ -2,6 +2,7 @@ package provider
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/mrparkers/terraform-provider-keycloak/keycloak"
@@ -53,7 +54,13 @@ func getAttributeImporterIdentityProviderMapperFromData(data *schema.ResourceDat
 	if err != nil {
 		return nil, handleNotFoundError(err, data)
 	}
-	rec.IdentityProviderMapper = fmt.Sprintf("%s-user-attribute-idp-mapper", identityProvider.ProviderId)
+	if _, ok := data.GetOk("identity_provider_mapper"); !ok {
+		rec.IdentityProviderMapper = fmt.Sprintf("%s-user-attribute-idp-mapper", identityProvider.ProviderId)
+	} else {
+		if strings.Contains(rec.IdentityProviderMapper, "%s") {
+			rec.IdentityProviderMapper = fmt.Sprintf(rec.IdentityProviderMapper, identityProvider.ProviderId)
+		}
+	}
 	rec.Config = &keycloak.IdentityProviderMapperConfig{
 		UserAttribute: data.Get("user_attribute").(string),
 		ExtraConfig:   extraConfig,

provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go

@@ -33,6 +33,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_basic(t *testing.T)
 func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(t *testing.T) {
 	t.Parallel()
 	mapperName := acctest.RandomWithPrefix("tf-acc")
+	mapperType := "oidc-user-attribute-idp-mapper"
 	alias := acctest.RandomWithPrefix("tf-acc")
 	userAttribute := acctest.RandomWithPrefix("tf-acc")
 	claimName := acctest.RandomWithPrefix("tf-acc")
@@ -44,7 +45,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(t *t
 		CheckDestroy:      testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy(),
 		Steps: []resource.TestStep{
 			{
-				Config: testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, mapperName, userAttribute, claimName, syncMode),
+				Config: testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, mapperName, mapperType, userAttribute, claimName, syncMode),
 				Check:  testAccCheckKeycloakAttributeImporterIdentityProviderMapperExists("keycloak_attribute_importer_identity_provider_mapper.oidc"),
 			},
 		},
@@ -88,6 +89,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig_crea
 	var mapper = &keycloak.IdentityProviderMapper{}
 
 	mapperName := acctest.RandomWithPrefix("tf-acc")
+	mapperType := "oidc-user-attribute-idp-mapper"
 	alias := acctest.RandomWithPrefix("tf-acc")
 	userAttribute := acctest.RandomWithPrefix("tf-acc")
 	claimName := acctest.RandomWithPrefix("tf-acc")
@@ -99,7 +101,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig_crea
 		CheckDestroy:      testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy(),
 		Steps: []resource.TestStep{
 			{
-				Config: testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, mapperName, userAttribute, claimName, syncMode),
+				Config: testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, mapperName, userAttribute, mapperType, claimName, syncMode),
 				Check:  testAccCheckKeycloakAttributeImporterIdentityProviderMapperFetch("keycloak_attribute_importer_identity_provider_mapper.oidc", mapper),
 			},
 			{
@@ -247,7 +249,7 @@ resource keycloak_attribute_importer_identity_provider_mapper oidc {
 	`, testAccRealm.Realm, alias, name, userAttribute, claimName)
 }
 
-func testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, name, userAttribute, claimName, syncMode string) string {
+func testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, name, mapper, userAttribute, claimName, syncMode string) string {
 	return fmt.Sprintf(`
 data "keycloak_realm" "realm" {
 	realm = "%s"
@@ -263,16 +265,17 @@ resource "keycloak_oidc_identity_provider" "oidc" {
 }
 
 resource keycloak_attribute_importer_identity_provider_mapper oidc {
-	realm                   = data.keycloak_realm.realm.id
-	name                    = "%s"
-	identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias
-	user_attribute          = "%s"
-	claim_name              = "%s"
+	realm                    = data.keycloak_realm.realm.id
+	name                     = "%s"
+	identity_provider_alias  = keycloak_oidc_identity_provider.oidc.alias
+	identity_provider_mapper = "%s"
+	user_attribute           = "%s"
+	claim_name               = "%s"
 	extra_config 			= {
 		syncMode = "%s"
 	}
 }
-	`, testAccRealm.Realm, alias, name, userAttribute, claimName, syncMode)
+	`, testAccRealm.Realm, alias, name, mapper, userAttribute, claimName, syncMode)
 }
 
 func testKeycloakAttributeImporterIdentityProviderMapper_basicFromInterface(mapper *keycloak.IdentityProviderMapper) string {