Merge branch 'main' into master

Author: chrismilson

.github/workflows/test.yml

@@ -34,20 +34,6 @@ jobs:
           make vet
           make fmtcheck
 
-      # we only want to run tests if any code changes (not for README or docs changes)
-      - name: Check Changed Files
-        id: files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            .github
-            go.mod
-            go.sum
-            main.go
-            keycloak
-            provider
-            scripts
-
     outputs:
       code-files-changed: steps.files.outputs.any_changed
 

docs/resources/openid_client_authorization_client_scope_policy.md

@@ -0,0 +1,105 @@
+---
+page_title: "keycloak_openid_client_authorization_client_scope_policy Resource"
+---
+
+# keycloak\_openid\_client\_authorization\_client\_scope\_policy Resource
+
+Allows you to manage openid Client Authorization Client Scope type Policies.
+
+## Example Usage
+
+```hcl
+resource "keycloak_realm" "realm" {
+  realm   = "my-realm"
+  enabled = true
+}
+
+resource "keycloak_openid_client" "test" {
+  client_id                = "client_id"
+  realm_id                 = keycloak_realm.realm.id
+  access_type              = "CONFIDENTIAL"
+  service_accounts_enabled = true
+  authorization {
+    policy_enforcement_mode = "ENFORCING"
+  }
+}
+
+resource "keycloak_openid_client_scope" "test1" {
+    realm_id    = keycloak_realm.realm.id
+    name        = "test1"
+    description = "test1"
+}
+
+resource "keycloak_openid_client_scope" "test2" {
+    realm_id    = keycloak_realm.realm.id
+    name        = "test2"
+    description = "test2"
+}
+
+resource "keycloak_openid_client_authorization_client_scope_policy" "test" {
+    resource_server_id = keycloak_openid_client.test.resource_server_id
+    realm_id           = keycloak_realm.realm.id
+    name               = "test_policy_single"
+    description        = "test"
+    decision_strategy  = "AFFIRMATIVE"
+    logic              = "POSITIVE"
+
+    scope {
+      id       = keycloak_openid_client_scope.test1.id
+      required = false
+    }
+}
+
+resource "keycloak_openid_client_authorization_client_scope_policy" "test_multiple" {
+    resource_server_id = keycloak_openid_client.test.resource_server_id
+    realm_id           = keycloak_realm.realm.id
+    name               = "test_policy_multiple"
+    description        = "test"
+    decision_strategy  = "AFFIRMATIVE"
+    logic              = "POSITIVE"
+
+    scope {
+      id       = keycloak_openid_client_scope.test1.id
+      required = false
+    }
+
+    scope {
+      id       = keycloak_openid_client_scope.test2.id
+      required = true
+    }
+}
+
+```
+
+### Argument Reference
+
+The following arguments are supported:
+
+- `realm_id` - (Required) The realm this group exists in.
+- `resource_server_id` - (Required) The ID of the resource server.
+- `name` - (Required) The name of the policy.
+- `description` - (Optional) A description for the authorization policy.
+- `decision_strategy` - (Optional) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`. Defaults to `UNANIMOUS`.
+- `logic` - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.
+- `scope` - An client scope to add [client scope](#scope-arguments). At least one should be defined.
+
+### Scope Arguments
+
+- `id` - (Required) Id of client scope.
+- `required` - (Optional) When `true`, then this client scope will be set as required. Defaults to `false`.
+
+### Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+- `id` - Policy ID representing the policy.
+
+## Import
+
+Client authorization policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.
+
+Example:
+
+```bash
+$ terraform import keycloak_openid_client_authorization_client_scope_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9
+```

docs/resources/realm_translation.md

@@ -0,0 +1,38 @@
+---
+page_title: "keycloak_realm_localization Resource"
+---
+
+# keycloak_realm_localization Resource
+
+Allows for managing Realm Localization Text overrides within Keycloak.
+
+A localization resource defines a schema for representing a locale with a map of key/value pairs and how they are managed within a realm.
+
+Note: whilst you can provide localization texts for unsupported locales, they will not take effect until they are defined within the realm resource.
+
+## Example Usage
+
+```hcl
+resource "keycloak_realm" "realm" {
+  realm = "my-realm"
+}
+
+resource "keycloak_realm_localization" "german_texts" {
+  realm_id = keycloak_realm.my_realm.id
+  locale = "de"
+  texts = {
+    "Hello" : "Hallo"
+  }
+}
+```
+
+## Argument Reference
+
+- `realm_id` - (Required) The ID of the realm the user profile applies to.
+- `locale` - (Required) The locale (language code) the texts apply to.
+- `texts` - (Optional) A map of translation keys to values.
+
+
+## Import
+
+This resource does not currently support importing.

example/main.tf

@@ -101,6 +101,14 @@ resource "keycloak_realm" "test" {
   }
 }
 
+resource "keycloak_realm_localization" "test_translation" {
+  realm_id = keycloak_realm.test.id
+  locale   = "en"
+  texts = {
+    "test" : "translation"
+  }
+}
+
 resource "keycloak_required_action" "custom-terms-and-conditions" {
   realm_id       = keycloak_realm.test.realm
   alias          = "TERMS_AND_CONDITIONS"
@@ -116,7 +124,7 @@ resource "keycloak_required_action" "update-password" {
   enabled        = true
   name           = "Update Password"
 
-  config {
+  config = {
     max_auth_age = "600"
   }
 }
@@ -439,25 +447,25 @@ resource "keycloak_ldap_full_name_mapper" "full_name_mapper" {
 }
 
 resource "keycloak_ldap_custom_mapper" "custom_mapper" {
-	name                    = "custom-mapper"
-	realm_id                = keycloak_ldap_user_federation.openldap.realm_id
-	ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id
+  name                    = "custom-mapper"
+  realm_id                = keycloak_ldap_user_federation.openldap.realm_id
+  ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id
 
-	provider_id        		= "msad-user-account-control-mapper"
-	provider_type           = "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+  provider_id   = "msad-user-account-control-mapper"
+  provider_type = "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
 }
 
 resource "keycloak_ldap_custom_mapper" "custom_mapper_with_config" {
-	name                    = "custom-mapper-with-config"
-	realm_id                = keycloak_ldap_user_federation.openldap.realm_id
-	ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id
-
-	provider_id             = "user-attribute-ldap-mapper"
-	provider_type           = "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
-	config                  = {
-		"user.model.attribute" = "username"
-		"ldap.attribute"       = "cn"
-	}
+  name                    = "custom-mapper-with-config"
+  realm_id                = keycloak_ldap_user_federation.openldap.realm_id
+  ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id
+
+  provider_id   = "user-attribute-ldap-mapper"
+  provider_type = "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+  config = {
+    "user.model.attribute" = "username"
+    "ldap.attribute"       = "cn"
+  }
 }
 
 

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/hashicorp/go-version v1.7.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.35.0
-	golang.org/x/net v0.33.0
+	golang.org/x/net v0.36.0
 )
 
 require (
@@ -46,11 +46,11 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/zclconf/go-cty v1.15.0 // indirect
-	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
 	golang.org/x/mod v0.21.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
@@ -59,3 +59,4 @@ require (
 )
 
 go 1.22.0
+toolchain go1.23.7

go.sum

@@ -147,22 +147,22 @@ github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6
 github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
 golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -175,19 +175,19 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=

keycloak/keycloak_client.go

@@ -7,7 +7,6 @@ import (
 	"crypto/x509"
 	"encoding/json"
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"io"
 	"net/http"
 	"net/http/cookiejar"
@@ -18,6 +17,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/go-version"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
 
 	"golang.org/x/net/publicsuffix"
 
@@ -293,7 +293,7 @@ func (keycloakClient *KeycloakClient) addRequestHeaders(request *http.Request) {
 		request.Header.Set("User-Agent", keycloakClient.userAgent)
 	}
 
-	if request.Method == http.MethodPost || request.Method == http.MethodPut || request.Method == http.MethodDelete {
+	if request.Header.Get("Content-type") == "" && (request.Method == http.MethodPost || request.Method == http.MethodPut || request.Method == http.MethodDelete) {
 		request.Header.Set("Content-type", "application/json")
 	}
 }