Skip to content

Commit

Permalink
add custom-identity-provider-mapper
Browse files Browse the repository at this point in the history
  • Loading branch information
@bl00mber
bl00mber committed Apr 29, 2021
1 parent 7861ce8 commit 4180cc9
Show file tree
Hide file tree
Showing 4 changed files with 545 additions and 70 deletions.
72 changes: 72 additions & 0 deletions docs/resources/attribute_importer_custom_identity_provider_mapper.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
---
page_title: "keycloak_attribute_importer_custom_identity_provider_mapper Resource"
---

# keycloak\_attribute\_importer\_custom\_identity\_provider\_mapper Resource

Allows for creating and managing an attribute importer custom identity provider mapper within Keycloak.

The attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user:
- For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user.
- For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user.
- For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user.

~> If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.

## Example Usage

```hcl
resource "keycloak_realm" "realm" {
realm = "my-realm"
enabled = true
}
resource "keycloak_oidc_identity_provider" "oidc" {
realm = keycloak_realm.realm.id
alias = "oidc"
authorization_url = "https://example.com/auth"
token_url = "https://example.com/token"
client_id = "example_id"
client_secret = "example_token"
default_scopes = "openid random profile"
}
resource "keycloak_attribute_importer_custom_identity_provider_mapper" "oidc" {
realm = keycloak_realm.realm.id
name = "email-attribute-importer"
claim_name = "my-email-claim"
user_attribute = "email"
identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias
identity_provider_mapper = "%s-user-attribute-idp-mapper"
# extra_config with syncMode is required in Keycloak 10+
extra_config = {
syncMode = "INHERIT"
}
}
```

## Argument Reference

The following arguments are supported:

- `realm` - (Required) The name of the realm.
- `name` - (Required) The name of the mapper.
- `user_attribute` - (Required) The user attribute or property name to store the mapped result.
- `identity_provider_alias` - (Required) The alias of the associated identity provider.
- `identity_provider_mapper` - (Optional) The type of the identity provider mapper.
- `attribute_name` - (Optional) For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with `attribute_friendly_name`.
- `attribute_friendly_name` - (Optional) For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with `attribute_name`.
- `claim_name` - (Optional) For OIDC based providers, this is the name of the claim to use.
- `extra_config` - (Optional) Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.

## Import

Identity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak
assigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.

Example:

```bash
$ terraform import keycloak_attribute_importer_custom_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b
```
141 changes: 71 additions & 70 deletions provider/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,76 +27,77 @@ func KeycloakProvider(client *keycloak.KeycloakClient) *schema.Provider {
"keycloak_authentication_flow": dataSourceKeycloakAuthenticationFlow(),
},
ResourcesMap: map[string]*schema.Resource{
"keycloak_realm": resourceKeycloakRealm(),
"keycloak_realm_events": resourceKeycloakRealmEvents(),
"keycloak_required_action": resourceKeycloakRequiredAction(),
"keycloak_group": resourceKeycloakGroup(),
"keycloak_group_memberships": resourceKeycloakGroupMemberships(),
"keycloak_default_groups": resourceKeycloakDefaultGroups(),
"keycloak_group_roles": resourceKeycloakGroupRoles(),
"keycloak_user": resourceKeycloakUser(),
"keycloak_user_roles": resourceKeycloakUserRoles(),
"keycloak_openid_client": resourceKeycloakOpenidClient(),
"keycloak_openid_client_scope": resourceKeycloakOpenidClientScope(),
"keycloak_ldap_user_federation": resourceKeycloakLdapUserFederation(),
"keycloak_ldap_user_attribute_mapper": resourceKeycloakLdapUserAttributeMapper(),
"keycloak_ldap_group_mapper": resourceKeycloakLdapGroupMapper(),
"keycloak_ldap_role_mapper": resourceKeycloakLdapRoleMapper(),
"keycloak_ldap_hardcoded_role_mapper": resourceKeycloakLdapHardcodedRoleMapper(),
"keycloak_ldap_hardcoded_group_mapper": resourceKeycloakLdapHardcodedGroupMapper(),
"keycloak_ldap_msad_user_account_control_mapper": resourceKeycloakLdapMsadUserAccountControlMapper(),
"keycloak_ldap_msad_lds_user_account_control_mapper": resourceKeycloakLdapMsadLdsUserAccountControlMapper(),
"keycloak_ldap_full_name_mapper": resourceKeycloakLdapFullNameMapper(),
"keycloak_custom_user_federation": resourceKeycloakCustomUserFederation(),
"keycloak_openid_user_attribute_protocol_mapper": resourceKeycloakOpenIdUserAttributeProtocolMapper(),
"keycloak_openid_user_property_protocol_mapper": resourceKeycloakOpenIdUserPropertyProtocolMapper(),
"keycloak_openid_group_membership_protocol_mapper": resourceKeycloakOpenIdGroupMembershipProtocolMapper(),
"keycloak_openid_full_name_protocol_mapper": resourceKeycloakOpenIdFullNameProtocolMapper(),
"keycloak_openid_hardcoded_claim_protocol_mapper": resourceKeycloakOpenIdHardcodedClaimProtocolMapper(),
"keycloak_openid_audience_protocol_mapper": resourceKeycloakOpenIdAudienceProtocolMapper(),
"keycloak_openid_hardcoded_role_protocol_mapper": resourceKeycloakOpenIdHardcodedRoleProtocolMapper(),
"keycloak_openid_user_realm_role_protocol_mapper": resourceKeycloakOpenIdUserRealmRoleProtocolMapper(),
"keycloak_openid_user_client_role_protocol_mapper": resourceKeycloakOpenIdUserClientRoleProtocolMapper(),
"keycloak_openid_user_session_note_protocol_mapper": resourceKeycloakOpenIdUserSessionNoteProtocolMapper(),
"keycloak_openid_script_protocol_mapper": resourceKeycloakOpenIdScriptProtocolMapper(),
"keycloak_openid_client_default_scopes": resourceKeycloakOpenidClientDefaultScopes(),
"keycloak_openid_client_optional_scopes": resourceKeycloakOpenidClientOptionalScopes(),
"keycloak_saml_client": resourceKeycloakSamlClient(),
"keycloak_saml_client_scope": resourceKeycloakSamlClientScope(),
"keycloak_saml_client_default_scopes": resourceKeycloakSamlClientDefaultScopes(),
"keycloak_generic_client_protocol_mapper": resourceKeycloakGenericClientProtocolMapper(),
"keycloak_generic_client_role_mapper": resourceKeycloakGenericClientRoleMapper(),
"keycloak_saml_user_attribute_protocol_mapper": resourceKeycloakSamlUserAttributeProtocolMapper(),
"keycloak_saml_user_property_protocol_mapper": resourceKeycloakSamlUserPropertyProtocolMapper(),
"keycloak_saml_script_protocol_mapper": resourceKeycloakSamlScriptProtocolMapper(),
"keycloak_hardcoded_attribute_identity_provider_mapper": resourceKeycloakHardcodedAttributeIdentityProviderMapper(),
"keycloak_hardcoded_role_identity_provider_mapper": resourceKeycloakHardcodedRoleIdentityProviderMapper(),
"keycloak_attribute_importer_identity_provider_mapper": resourceKeycloakAttributeImporterIdentityProviderMapper(),
"keycloak_attribute_to_role_identity_provider_mapper": resourceKeycloakAttributeToRoleIdentityProviderMapper(),
"keycloak_user_template_importer_identity_provider_mapper": resourceKeycloakUserTemplateImporterIdentityProviderMapper(),
"keycloak_saml_identity_provider": resourceKeycloakSamlIdentityProvider(),
"keycloak_oidc_google_identity_provider": resourceKeycloakOidcGoogleIdentityProvider(),
"keycloak_oidc_identity_provider": resourceKeycloakOidcIdentityProvider(),
"keycloak_openid_client_authorization_resource": resourceKeycloakOpenidClientAuthorizationResource(),
"keycloak_openid_client_group_policy": resourceKeycloakOpenidClientAuthorizationGroupPolicy(),
"keycloak_openid_client_role_policy": resourceKeycloakOpenidClientAuthorizationRolePolicy(),
"keycloak_openid_client_aggregate_policy": resourceKeycloakOpenidClientAuthorizationAggregatePolicy(),
"keycloak_openid_client_js_policy": resourceKeycloakOpenidClientAuthorizationJSPolicy(),
"keycloak_openid_client_time_policy": resourceKeycloakOpenidClientAuthorizationTimePolicy(),
"keycloak_openid_client_user_policy": resourceKeycloakOpenidClientAuthorizationUserPolicy(),
"keycloak_openid_client_client_policy": resourceKeycloakOpenidClientAuthorizationClientPolicy(),
"keycloak_openid_client_authorization_scope": resourceKeycloakOpenidClientAuthorizationScope(),
"keycloak_openid_client_authorization_permission": resourceKeycloakOpenidClientAuthorizationPermission(),
"keycloak_openid_client_service_account_role": resourceKeycloakOpenidClientServiceAccountRole(),
"keycloak_openid_client_service_account_realm_role": resourceKeycloakOpenidClientServiceAccountRealmRole(),
"keycloak_role": resourceKeycloakRole(),
"keycloak_authentication_flow": resourceKeycloakAuthenticationFlow(),
"keycloak_authentication_subflow": resourceKeycloakAuthenticationSubFlow(),
"keycloak_authentication_execution": resourceKeycloakAuthenticationExecution(),
"keycloak_authentication_execution_config": resourceKeycloakAuthenticationExecutionConfig(),
"keycloak_identity_provider_token_exchange_scope_permission": resourceKeycloakIdentityProviderTokenExchangeScopePermission(),
"keycloak_openid_client_permissions": resourceKeycloakOpenidClientPermissions(),
"keycloak_users_permissions": resourceKeycloakUsersPermissions(),
"keycloak_realm": resourceKeycloakRealm(),
"keycloak_realm_events": resourceKeycloakRealmEvents(),
"keycloak_required_action": resourceKeycloakRequiredAction(),
"keycloak_group": resourceKeycloakGroup(),
"keycloak_group_memberships": resourceKeycloakGroupMemberships(),
"keycloak_default_groups": resourceKeycloakDefaultGroups(),
"keycloak_group_roles": resourceKeycloakGroupRoles(),
"keycloak_user": resourceKeycloakUser(),
"keycloak_user_roles": resourceKeycloakUserRoles(),
"keycloak_openid_client": resourceKeycloakOpenidClient(),
"keycloak_openid_client_scope": resourceKeycloakOpenidClientScope(),
"keycloak_ldap_user_federation": resourceKeycloakLdapUserFederation(),
"keycloak_ldap_user_attribute_mapper": resourceKeycloakLdapUserAttributeMapper(),
"keycloak_ldap_group_mapper": resourceKeycloakLdapGroupMapper(),
"keycloak_ldap_role_mapper": resourceKeycloakLdapRoleMapper(),
"keycloak_ldap_hardcoded_role_mapper": resourceKeycloakLdapHardcodedRoleMapper(),
"keycloak_ldap_hardcoded_group_mapper": resourceKeycloakLdapHardcodedGroupMapper(),
"keycloak_ldap_msad_user_account_control_mapper": resourceKeycloakLdapMsadUserAccountControlMapper(),
"keycloak_ldap_msad_lds_user_account_control_mapper": resourceKeycloakLdapMsadLdsUserAccountControlMapper(),
"keycloak_ldap_full_name_mapper": resourceKeycloakLdapFullNameMapper(),
"keycloak_custom_user_federation": resourceKeycloakCustomUserFederation(),
"keycloak_openid_user_attribute_protocol_mapper": resourceKeycloakOpenIdUserAttributeProtocolMapper(),
"keycloak_openid_user_property_protocol_mapper": resourceKeycloakOpenIdUserPropertyProtocolMapper(),
"keycloak_openid_group_membership_protocol_mapper": resourceKeycloakOpenIdGroupMembershipProtocolMapper(),
"keycloak_openid_full_name_protocol_mapper": resourceKeycloakOpenIdFullNameProtocolMapper(),
"keycloak_openid_hardcoded_claim_protocol_mapper": resourceKeycloakOpenIdHardcodedClaimProtocolMapper(),
"keycloak_openid_audience_protocol_mapper": resourceKeycloakOpenIdAudienceProtocolMapper(),
"keycloak_openid_hardcoded_role_protocol_mapper": resourceKeycloakOpenIdHardcodedRoleProtocolMapper(),
"keycloak_openid_user_realm_role_protocol_mapper": resourceKeycloakOpenIdUserRealmRoleProtocolMapper(),
"keycloak_openid_user_client_role_protocol_mapper": resourceKeycloakOpenIdUserClientRoleProtocolMapper(),
"keycloak_openid_user_session_note_protocol_mapper": resourceKeycloakOpenIdUserSessionNoteProtocolMapper(),
"keycloak_openid_script_protocol_mapper": resourceKeycloakOpenIdScriptProtocolMapper(),
"keycloak_openid_client_default_scopes": resourceKeycloakOpenidClientDefaultScopes(),
"keycloak_openid_client_optional_scopes": resourceKeycloakOpenidClientOptionalScopes(),
"keycloak_saml_client": resourceKeycloakSamlClient(),
"keycloak_saml_client_scope": resourceKeycloakSamlClientScope(),
"keycloak_saml_client_default_scopes": resourceKeycloakSamlClientDefaultScopes(),
"keycloak_generic_client_protocol_mapper": resourceKeycloakGenericClientProtocolMapper(),
"keycloak_generic_client_role_mapper": resourceKeycloakGenericClientRoleMapper(),
"keycloak_saml_user_attribute_protocol_mapper": resourceKeycloakSamlUserAttributeProtocolMapper(),
"keycloak_saml_user_property_protocol_mapper": resourceKeycloakSamlUserPropertyProtocolMapper(),
"keycloak_saml_script_protocol_mapper": resourceKeycloakSamlScriptProtocolMapper(),
"keycloak_hardcoded_attribute_identity_provider_mapper": resourceKeycloakHardcodedAttributeIdentityProviderMapper(),
"keycloak_hardcoded_role_identity_provider_mapper": resourceKeycloakHardcodedRoleIdentityProviderMapper(),
"keycloak_attribute_importer_identity_provider_mapper": resourceKeycloakAttributeImporterIdentityProviderMapper(),
"keycloak_attribute_importer_custom_identity_provider_mapper": resourceKeycloakAttributeImporterIdentityProviderMapper(),
"keycloak_attribute_to_role_identity_provider_mapper": resourceKeycloakAttributeToRoleIdentityProviderMapper(),
"keycloak_user_template_importer_identity_provider_mapper": resourceKeycloakUserTemplateImporterIdentityProviderMapper(),
"keycloak_saml_identity_provider": resourceKeycloakSamlIdentityProvider(),
"keycloak_oidc_google_identity_provider": resourceKeycloakOidcGoogleIdentityProvider(),
"keycloak_oidc_identity_provider": resourceKeycloakOidcIdentityProvider(),
"keycloak_openid_client_authorization_resource": resourceKeycloakOpenidClientAuthorizationResource(),
"keycloak_openid_client_group_policy": resourceKeycloakOpenidClientAuthorizationGroupPolicy(),
"keycloak_openid_client_role_policy": resourceKeycloakOpenidClientAuthorizationRolePolicy(),
"keycloak_openid_client_aggregate_policy": resourceKeycloakOpenidClientAuthorizationAggregatePolicy(),
"keycloak_openid_client_js_policy": resourceKeycloakOpenidClientAuthorizationJSPolicy(),
"keycloak_openid_client_time_policy": resourceKeycloakOpenidClientAuthorizationTimePolicy(),
"keycloak_openid_client_user_policy": resourceKeycloakOpenidClientAuthorizationUserPolicy(),
"keycloak_openid_client_client_policy": resourceKeycloakOpenidClientAuthorizationClientPolicy(),
"keycloak_openid_client_authorization_scope": resourceKeycloakOpenidClientAuthorizationScope(),
"keycloak_openid_client_authorization_permission": resourceKeycloakOpenidClientAuthorizationPermission(),
"keycloak_openid_client_service_account_role": resourceKeycloakOpenidClientServiceAccountRole(),
"keycloak_openid_client_service_account_realm_role": resourceKeycloakOpenidClientServiceAccountRealmRole(),
"keycloak_role": resourceKeycloakRole(),
"keycloak_authentication_flow": resourceKeycloakAuthenticationFlow(),
"keycloak_authentication_subflow": resourceKeycloakAuthenticationSubFlow(),
"keycloak_authentication_execution": resourceKeycloakAuthenticationExecution(),
"keycloak_authentication_execution_config": resourceKeycloakAuthenticationExecutionConfig(),
"keycloak_identity_provider_token_exchange_scope_permission": resourceKeycloakIdentityProviderTokenExchangeScopePermission(),
"keycloak_openid_client_permissions": resourceKeycloakOpenidClientPermissions(),
"keycloak_users_permissions": resourceKeycloakUsersPermissions(),
},
Schema: map[string]*schema.Schema{
"client_id": {
Expand Down
Loading

0 comments on commit 4180cc9

Please sign in to comment.