From 3226b8fc310045990fb020768e4779789715a8f6 Mon Sep 17 00:00:00 2001 From: Damien Le Chevalier Date: Mon, 15 Jun 2020 17:42:20 +0200 Subject: [PATCH] Add realm-role, client-role and session note mappers --- README.md | 11 +++++++---- providers/keycloak/openid_client.go | 28 ++++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 5a017d3e59..c2e4d8b9b7 100644 --- a/README.md +++ b/README.md @@ -206,7 +206,7 @@ Links to download Terraform Providers: * Datadog provider >2.1.0 - [here](https://releases.hashicorp.com/terraform-provider-datadog/) * New Relic provider >1.5.0 - [here](https://releases.hashicorp.com/terraform-provider-newrelic/) * Community - * Keycloak provider >=1.12.0 - [here](https://github.com/mrparkers/terraform-provider-keycloak/) + * Keycloak provider >=1.19.0 - [here](https://github.com/mrparkers/terraform-provider-keycloak/) * Logz.io provider >=1.1.1 - [here](https://github.com/jonboydell/logzio_terraform_provider/) * Commercetools provider >= 0.21.0 - [here](https://github.com/labd/terraform-provider-commercetools) * Mikrotik provider >= 0.2.2 - [here](https://github.com/labd/terraform-provider-commercetools) @@ -1247,7 +1247,7 @@ Example: terraformer import keycloak --resources=realms --targets realmA,realmB ``` -Here is the list of resources which are currently supported by Keycloak provider v.1.17.1: +Here is the list of resources which are currently supported by Keycloak provider v.1.19.0: - `realms` - `keycloak_default_groups` @@ -1272,14 +1272,17 @@ Here is the list of resources which are currently supported by Keycloak provider - `keycloak_openid_group_membership_protocol_mapper` - `keycloak_openid_hardcoded_claim_protocol_mapper` - `keycloak_openid_hardcoded_group_protocol_mapper` - - `keycloak_openid_hardcoded_role_protocol_mapper` + - `keycloak_openid_hardcoded_role_protocol_mapper` (only for client roles) - `keycloak_openid_user_attribute_protocol_mapper` - `keycloak_openid_user_property_protocol_mapper` + - `keycloak_openid_user_realm_role_protocol_mapper` + - `keycloak_openid_user_client_role_protocol_mapper` + - `keycloak_openid_user_session_note_protocol_mapper` - `keycloak_realm` - `keycloak_required_action` - `keycloak_role` - `keycloak_user` - + ### Use with Logz.io Example: diff --git a/providers/keycloak/openid_client.go b/providers/keycloak/openid_client.go index 97ef568659..87c7190731 100644 --- a/providers/keycloak/openid_client.go +++ b/providers/keycloak/openid_client.go @@ -100,17 +100,37 @@ func (g RealmGenerator) createOpenIDProtocolMapperResources(clientID string, ope case "oidc-hardcoded-group-mapper": resources = append(resources, g.createOpenIDGenericProtocolMapperResource("hardcoded_group", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) case "oidc-hardcoded-role-mapper": - // Not supported for the moment // Only works with client roles - //resources = append(resources, g.createOpenIDGenericProtocolMapperResource("hardcoded_role", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientId)) - continue + resources = append(resources, g.createOpenIDGenericProtocolMapperResource("hardcoded_role", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) case "oidc-usermodel-attribute-mapper": resources = append(resources, g.createOpenIDGenericProtocolMapperResource("user_attribute", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) case "oidc-usermodel-property-mapper": resources = append(resources, g.createOpenIDGenericProtocolMapperResource("user_property", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) case "oidc-usermodel-realm-role-mapper": + resources = append(resources, g.createOpenIDGenericProtocolMapperResource("user_realm_role", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) + case "oidc-usermodel-client-role-mapper": + resources = append(resources, g.createOpenIDGenericProtocolMapperResource("user_client_role", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) + case "oidc-usersessionmodel-note-mapper": + resources = append(resources, g.createOpenIDGenericProtocolMapperResource("user_session_note", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) + case "oidc-address-mapper": + // Not supported for the moment + //resources = append(resources, g.createOpenIDGenericProtocolMapperResource("address", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) + continue + case "oidc-role-name-mapper": + // Not supported for the moment + //resources = append(resources, g.createOpenIDGenericProtocolMapperResource("role_name", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) + continue + case "oidc-sha256-pairwise-sub-mapper": + // Not supported for the moment + //resources = append(resources, g.createOpenIDGenericProtocolMapperResource("pairwise_subject_identifier", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) + continue + case "oidc-allowed-origins-mapper": + // Not supported for the moment + //resources = append(resources, g.createOpenIDGenericProtocolMapperResource("allowed_web_origins", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) + continue + case "oidc-audience-resolve-mapper": // Not supported for the moment - //resources = append(resources, g.createOpenIDGenericProtocolMapperResource("user_realm_role", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientId)) + //resources = append(resources, g.createOpenIDGenericProtocolMapperResource("audience_resolve", protocolMapper.Id, protocolMapper.Name, openidClient.RealmId, openidClient.ClientId, clientID)) continue } }