From deab785af5f03c70b7ee62c12e2acca83e924ae4 Mon Sep 17 00:00:00 2001 From: Dennis Kniep Date: Sat, 21 Dec 2024 23:09:07 +0100 Subject: [PATCH 1/3] chore(local): updated federation-example and docker-compse Signed-off-by: Dennis Kniep --- custom-user-federation-example/build.gradle | 4 ++-- docker-compose.yml | 9 +++++++-- makefile | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/custom-user-federation-example/build.gradle b/custom-user-federation-example/build.gradle index 4c32d943b..bab5ea1f0 100644 --- a/custom-user-federation-example/build.gradle +++ b/custom-user-federation-example/build.gradle @@ -5,7 +5,7 @@ plugins { } ext { - keycloakVersion = '21.0.1' + keycloakVersion = '25.0.3' } dependencies { @@ -18,5 +18,5 @@ repositories { } kotlin { - jvmToolchain(11) + jvmToolchain(21) } diff --git a/docker-compose.yml b/docker-compose.yml index cb5043966..2dcadc6cb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,8 +20,8 @@ services: - postgres - openldap environment: - - KEYCLOAK_ADMIN=keycloak - - KEYCLOAK_ADMIN_PASSWORD=password + - KC_BOOTSTRAP_ADMIN_USERNAME=keycloak + - KC_BOOTSTRAP_ADMIN_PASSWORD=password - KC_LOG_LEVEL=INFO - KC_DB=postgres - KC_DB_URL_HOST=postgres @@ -29,6 +29,11 @@ services: - KC_DB_URL_DATABASE=keycloak - KC_DB_USERNAME=keycloak - KC_DB_PASSWORD=password + - KC_LOG_LEVEL=INFO + - KC_LOG_CONSOLE_COLOR=true + - KC_FEATURES=preview + - QUARKUS_HTTP_ACCESS_LOG_ENABLED=true + - QUARKUS_HTTP_RECORD_REQUEST_START_TIME=true # Enable for remote java debugging # - PREPEND_JAVA_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8787 ports: diff --git a/makefile b/makefile index d185efdbe..0137b9807 100644 --- a/makefile +++ b/makefile @@ -15,7 +15,7 @@ build-example: build cp terraform-provider-keycloak_* example/.terraform/plugins/terraform.local/keycloak/keycloak/4.5.0/$(GOOS)_$(GOARCH)/ cp terraform-provider-keycloak_* example/terraform.d/plugins/terraform.local/keycloak/keycloak/4.5.0/$(GOOS)_$(GOARCH)/ -local: deps +local: deps user-federation-example docker compose up --build -d ./scripts/wait-for-local-keycloak.sh ./scripts/create-terraform-client.sh From 13b152533747f90e6b3d90ff5a03e77a66136a38 Mon Sep 17 00:00:00 2001 From: Dennis Kniep Date: Sun, 22 Dec 2024 00:02:15 +0100 Subject: [PATCH 2/3] ci: set ubuntu to fixed version Signed-off-by: Dennis Kniep --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/dependency-submission.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c515c3598..913461ce3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,7 +23,7 @@ on: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: actions: read contents: read diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml index bc016b0fa..6b49bf2ef 100644 --- a/.github/workflows/dependency-submission.yml +++ b/.github/workflows/dependency-submission.yml @@ -9,7 +9,7 @@ permissions: jobs: go-dependency-submission: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout Code uses: actions/checkout@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8f4737870..673a914fd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ on: jobs: wait: if: startsWith(github.ref, 'refs/tags/v') - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 name: Wait for acceptance tests steps: - name: Wait for acceptance tests @@ -25,7 +25,7 @@ jobs: permissions: write-all needs: - wait - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout Code uses: actions/checkout@v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6d75c7156..515be8ff3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ on: jobs: verify: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout Code uses: actions/checkout@v4 @@ -56,7 +56,7 @@ jobs: (needs.verify.outputs.code-files-changed || startsWith(github.ref, 'refs/tags/v')) needs: - verify - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: matrix: keycloak-version: From bb28ebf4af7c4ed284c04c128f9e06d26c7ae76a Mon Sep 17 00:00:00 2001 From: Dennis Kniep Date: Sun, 22 Dec 2024 00:09:25 +0100 Subject: [PATCH 3/3] chore: fixed examples * userprofile attribute username and mail are required * generic_client_role_mapper replaced with generic_role_mapper, because they are deprecated * added how to run examples to readme Signed-off-by: Dennis Kniep --- README.md | 14 ++++++++++++++ example/main.tf | 8 ++++++++ example/roles.tf | 20 ++++++++++---------- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 8e3c4fbec..073613677 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,20 @@ KEYCLOAK_URL="http://localhost:8080" \ make testacc ``` +### Run examples + +You can run examples against a Keycloak instance. +Follow the commands for running examples against a local environment that was created via `make local`: + +``` +make build-example +cd example +terraform init +terraform plan -out tfplan +terraform apply tfplan +rm tfplan +``` + ## Acknowledgments The Keycloak Terraform Provider was originally created by [Michael Parker](https://github.com/mrparkers). Many thanks for the hard work and dedication in building the foundation for this project. diff --git a/example/main.tf b/example/main.tf index 3aa2ae8a3..9abbe39ff 100644 --- a/example/main.tf +++ b/example/main.tf @@ -1095,6 +1095,14 @@ resource "keycloak_openid_client" "client" { resource "keycloak_realm_user_profile" "userprofile" { realm_id = keycloak_realm.test.id + attribute { + name = "username" + } + + attribute { + name = "email" + } + attribute { name = "field1" display_name = "Field 1" diff --git a/example/roles.tf b/example/roles.tf index fffb1abcb..ccc47c46f 100644 --- a/example/roles.tf +++ b/example/roles.tf @@ -58,7 +58,7 @@ resource "keycloak_role" "pet_api_read_pet_details" { } // Map a role from the "pet_api" api client to the "extended_pet_details" client scope -resource "keycloak_generic_client_role_mapper" "pet_api_read_pet_details_role_mapping" { +resource "keycloak_generic_role_mapper" "pet_api_read_pet_details_role_mapping" { realm_id = keycloak_realm.roles_example.id client_scope_id = keycloak_openid_client_scope.extended_pet_details.id role_id = keycloak_role.pet_api_read_pet_details.id @@ -98,7 +98,7 @@ resource "keycloak_openid_client" "pet_app" { "http://localhost:5555/openid-callback", ] - // disable full scope, roles are assigned via keycloak_generic_client_role_mapper + // disable full scope, roles are assigned via keycloak_generic_role_mapper full_scope_allowed = false } @@ -130,31 +130,31 @@ resource "keycloak_openid_hardcoded_role_protocol_mapper" "pet_app_pet_api_read_ } // Map all roles from the "pet_api" api client to the "pet_app" consumer client, read_pet_details comes via client scope -resource "keycloak_generic_client_role_mapper" "pet_app_pet_api_read_role_mapping" { +resource "keycloak_generic_role_mapper" "pet_app_pet_api_read_role_mapping" { realm_id = keycloak_realm.roles_example.id client_id = keycloak_openid_client.pet_app.id role_id = keycloak_role.pet_api_read_pet.id } -resource "keycloak_generic_client_role_mapper" "pet_app_pet_api_delete_role_mapping" { +resource "keycloak_generic_role_mapper" "pet_app_pet_api_delete_role_mapping" { realm_id = keycloak_realm.roles_example.id client_id = keycloak_openid_client.pet_app.id role_id = keycloak_role.pet_api_delete_pet.id } -resource "keycloak_generic_client_role_mapper" "pet_app_pet_api_create_role_mapping" { +resource "keycloak_generic_role_mapper" "pet_app_pet_api_create_role_mapping" { realm_id = keycloak_realm.roles_example.id client_id = keycloak_openid_client.pet_app.id role_id = keycloak_role.pet_api_create_pet.id } -resource "keycloak_generic_client_role_mapper" "pet_app_pet_api_update_role_mapping" { +resource "keycloak_generic_role_mapper" "pet_app_pet_api_update_role_mapping" { realm_id = keycloak_realm.roles_example.id client_id = keycloak_openid_client.pet_app.id role_id = keycloak_role.pet_api_update_pet.id } -resource "keycloak_generic_client_role_mapper" "pet_app_pet_api_admin_role_mapping" { +resource "keycloak_generic_role_mapper" "pet_app_pet_api_admin_role_mapping" { realm_id = keycloak_realm.roles_example.id client_id = keycloak_openid_client.pet_app.id role_id = keycloak_role.pet_api_admin.id @@ -162,7 +162,7 @@ resource "keycloak_generic_client_role_mapper" "pet_app_pet_api_admin_role_mappi // Realm roles -resource "keycloak_role" "realm_reader" { +resource "keycloak_role" "realm_reader" { realm_id = keycloak_realm.roles_example.id name = "realm_reader" description = "Reader realm role" @@ -184,7 +184,7 @@ resource "keycloak_role" "realm_admin" { ] } -// Client scope for realm roles mapping +// Client scope for realm roles mapping resource "keycloak_openid_client_scope" "petstore_api_access_scope" { realm_id = keycloak_realm.roles_example.id @@ -192,7 +192,7 @@ resource "keycloak_openid_client_scope" "petstore_api_access_scope" { description = "Optional scope offering additional information for petstore api access" } -resource "keycloak_generic_client_role_mapper" "petstore_api_access_scope_admin" { +resource "keycloak_generic_role_mapper" "petstore_api_access_scope_admin" { realm_id = keycloak_realm.roles_example.id client_scope_id = keycloak_openid_client_scope.petstore_api_access_scope.id role_id = keycloak_role.realm_admin.id