keycloak · ZeroWiggliness · Jul 24, 2024 · Jul 25, 2024 · Jul 25, 2024 · Jul 25, 2024
diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml
@@ -13,6 +13,7 @@ jobs:
     strategy:
       matrix:
         keycloak-version:
+          - '21.7.1'
           - '21.0.1'
           - '20.0.5'
           - '19.0.2'

diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,29 @@
+{
+    "configurations": [
+        {
+            "name": "Debug Terraform Provider",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceRoot}",
+            "env": {
+            },
+            "args": [
+                "-plugin-dir",
+                "${workspaceRoot}"
+            ],
+            "cwd": "${workspaceRoot}"
+        },
+        {
+            "name": "Debug Terraform Provider Active",
+            "type": "go",
+            "request": "launch",
+            "mode": "debug",
+            "program": "${workspaceRoot}",
+            "env": {},
+            "args": [
+                "-debug",
+            ]
+        }
+    ]
+}
diff --git a/README.md b/README.md
@@ -40,9 +40,7 @@ This provider will officially support the latest three major versions of Keycloa
 
 The following versions are used when running acceptance tests in CI:
 
-- 21.0.1 (latest)
-- 20.0.5
-- 19.0.2
+- 21.7.1
 
 ## Releases
 
@@ -62,7 +60,7 @@ build you can use the `linux_amd64` build as long as `libc6-compat` is installed
 
 ## Development
 
-This project requires Go 1.19 and Terraform 1.4.1.
+This project requires Go 1.22.5 and Terraform 1.4.1.
 This project uses [Go Modules](https://github.com/golang/go/wiki/Modules) for dependency management, which allows this project to exist outside of an existing GOPATH.
 
 After cloning the repository, you can build the project by running `make build`.

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -17,7 +17,7 @@ services:
     ports:
     - 8389:389
   keycloak:
-    image: quay.io/keycloak/keycloak:21.0.1
+    image: quay.io/keycloak/keycloak:21.7.1
     command: start-dev --features=preview
     depends_on:
     - postgres

diff --git a/docs/resources/keycloak_openid_propertymapper_claim_protocol_mapper.md b/docs/resources/keycloak_openid_propertymapper_claim_protocol_mapper.md
@@ -0,0 +1,183 @@
+---
+page_title: "keycloak_openid_propertymapper_claim_protocol_mapper Resource"
+---
+
+# keycloak\_openid\_propertymapper\_claim\_protocol\_mapper Resource
+
+Allows for creating and managing claim protocol mappers within Keycloak.
+
+The property claim mappers allow you to define a claim with based on dynamic values to support latest keycloak apis.
+
+Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.
+
+## Example Usage (Client)
+
+```hcl
+resource "keycloak_realm" "realm" {
+  realm   = "my-realm"
+  enabled = true
+}
+
+resource "keycloak_openid_client" "openid_client" {
+  realm_id  = keycloak_realm.realm.id
+  client_id = "client"
+
+  name    = "client"
+  enabled = true
+
+  access_type         = "CONFIDENTIAL"
+  valid_redirect_uris = [
+    "http://localhost:8080/openid-callback"
+  ]
+}
+
+resource "keycloak_openid_propertymapper_claim_protocol_mapper" "userattribute_id_claim_mapper" {
+  realm_id    = keycloak_realm.realm.id
+  client_id   = keycloak_openid_client.openid_client.id
+  name        = "property-mapper"
+
+  claim_name  = "property"
+  json_type     = "String"
+
+  protocol = "openid-connect"
+  protocol_mapper = "oidc-usermodel-property-mapper"
+
+  set {
+    name = "user.attribute"
+    value = "id"
+  }
+}
+
+resource "keycloak_openid_propertymapper_claim_protocol_mapper" "clientrole_claim_mapper" {
+  realm_id    = keycloak_realm.realm.id
+  client_id   = keycloak_openid_client.openid_client.id
+  name        = "client-role-mapper"
+
+  claim_name  = "clientrole"
+  json_type     = "String"
+
+  protocol = "openid-connect"
+  protocol_mapper = "oidc-usermodel-client-role-mapper"
+
+  add_to_introspection_token = true
+  add_to_id_token = true
+  add_to_access_token = true
+  add_to_userinfo = true
+  add_to_lightweight_claim = true
+
+  set {
+    name = "multivalued"
+    value = "false"
+  }
+
+  set {
+    name = "usermodel.clientRoleMapping.clientId"
+    value = "admin-cli"
+  }
+
+  set {
+    name = "usermodel.clientRoleMapping.rolePrefix"
+    value = "prefix"
+  }
+}
+```
+
+## Example Usage (Client Scope)
+
+```hcl
+resource "keycloak_realm" "realm" {
+  realm   = "my-realm"
+  enabled = true
+}
+
+resource "keycloak_openid_client_scope" "client_scope" {
+  realm_id = keycloak_realm.realm.id
+  name     = "client-scope"
+}
+
+resource "keycloak_openid_propertymapper_claim_protocol_mapper" "userattribute_id_claim_mapper" {
+  realm_id    = keycloak_realm.realm.id
+  client_scope_id = keycloak_openid_client_scope.client_scope.id
+  name        = "property-mapper"
+
+  claim_name  = "property"
+  json_type     = "String"
+
+  protocol = "openid-connect"
+  protocol_mapper = "oidc-usermodel-property-mapper"
+
+  set {
+    name = "user.attribute"
+    value = "id"
+  }
+}
+
+resource "keycloak_openid_propertymapper_claim_protocol_mapper" "clientrole_claim_mapper" {
+  realm_id    = keycloak_realm.realm.id
+  client_scope_id = keycloak_openid_client_scope.client_scope.id
+  name        = "client-role-mapper"
+
+  claim_name  = "clientrole"
+  json_type     = "String"
+
+  protocol = "openid-connect"
+  protocol_mapper = "oidc-usermodel-client-role-mapper"
+
+  add_to_introspection_token = true
+  add_to_id_token = true
+  add_to_access_token = true
+  add_to_userinfo = true
+  add_to_lightweight_claim = true
+
+  set {
+    name = "multivalued"
+    value = "false"
+  }
+
+  set {
+    name = "usermodel.clientRoleMapping.clientId"
+    value = "admin-cli"
+  }
+
+  set {
+    name = "usermodel.clientRoleMapping.rolePrefix"
+    value = "prefix"
+  }
+}
+```
+
+## Argument Reference
+
+- `realm_id` - (Required) The realm this protocol mapper exists within.
+- `name` - (Required) The display name of this protocol mapper in the GUI.
+- `claim_name` - (Required) The name of the claim to insert into a token.
+- `claim_value` - (Required) The hardcoded value of the claim.
+- `client_id` - (Optional) The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified.
+- `client_scope_id` - (Optional) The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified.
+- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.
+- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.
+- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.
+- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.
+- `add_to_introspection_token` - (Optional) Indicates if the property should be added as a claim to the introspection token. Defaults to `true`.
+- `add_to_lightweight_claim` - (Optional) Indicates if the property should be added as a lightweight claim. Defaults to `false`.
+- `set` - (Block Set) Custom values to be merged with the values. (see below for nested schema)
+
+### Nested Schema for `set`
+
+Required:
+
+- `name` (String)
+- `value` (String)
+
+## Import
+
+Protocol mappers can be imported using one of the following formats:
+- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`
+- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`
+
+Example:
+
+```bash
+$ terraform import keycloak_openid_propertymapper_claim_protocol_mapper.claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4
+$ terraform import keycloak_openid_propertymapper_claim_protocol_mapper.claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4
+```
diff --git a/go.mod b/go.mod
@@ -54,4 +54,4 @@ require (
 	google.golang.org/protobuf v1.30.0 // indirect
 )
 
-go 1.19
+go 1.22.5
diff --git a/keycloak/keycloak_client.go b/keycloak/keycloak_client.go
@@ -7,7 +7,6 @@ import (
 	"crypto/x509"
 	"encoding/json"
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"io/ioutil"
 	"net/http"
 	"net/http/cookiejar"
@@ -17,6 +16,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+
 	"github.com/hashicorp/go-version"
 
 	"golang.org/x/net/publicsuffix"
-Original file line number
+Diff line change
@@ Expand Up / @@ -54,4 +54,4 @@ require ( @@
     	google.golang.org/protobuf v1.30.0 // indirect
     )
-    go 1.19
+    go 1.22.5