Merge pull request #11 from lucdew/v5.2.0

keycloak terraform provider v5.2.0 support

Author: lucdew

.github/dependabot.yml

@@ -0,0 +1,31 @@
+version: 2
+updates:
+  # Go-Module Updates
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "go"
+
+  # GitHub Actions Updates
+  - package-ecosystem: "github-actions"
+    directory: "/.github/workflows/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "github-actions"
+
+  # Gradle (Java) Updates
+  - package-ecosystem: "gradle"
+    directory: "/custom-user-federation-example/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "java"

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - name: Wait for acceptance tests
         id: wait
-        uses: "WyriHaximus/[email protected]"
+        uses: "WyriHaximus/github-action-wait-for-status@a0d59308face45c8229ad5aef809d6df5a0c7620" # version v1.8.0
         with:
           ignoreActions: Wait for acceptance tests
           checkInterval: 30
@@ -38,7 +38,7 @@ jobs:
 
       - name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # version v6.3.0
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
@@ -58,7 +58,7 @@ jobs:
           echo "name=NOTES::${tmp}/release-notes.md" >> $GITHUB_OUTPUT
 
       - name: GoReleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # version v6.3.0
         with:
           args: release --clean --release-notes=${{ steps.build-release-notes.outputs.NOTES }}
         env:

.github/workflows/test.yml

@@ -34,20 +34,6 @@ jobs:
           make vet
           make fmtcheck
 
-      # we only want to run tests if any code changes (not for README or docs changes)
-      - name: Check Changed Files
-        id: files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            .github
-            go.mod
-            go.sum
-            main.go
-            keycloak
-            provider
-            scripts
-
     outputs:
       code-files-changed: steps.files.outputs.any_changed
 
@@ -66,6 +52,7 @@ jobs:
     strategy:
       matrix:
         keycloak-version:
+          - '26.1.4'
           - '26.0.8'
           - '25.0.6'
           - '24.0.5'
@@ -86,13 +73,23 @@ jobs:
           cache: true
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # version v3.1.2
         with:
           terraform_wrapper: false
-          terraform_version: 1.9.8
+          terraform_version: 1.11.1
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # version v4.3.1
+      - name: Build user-federation-example with Gradle
+        run:  make user-federation-example
 
       - name: Start Keycloak Container
         run: |
+          MOUNT_FEDERATION_EXAMPLE_VOLUME=""
+          if [[ "${{ matrix.keycloak-version }}" == "26.1.4" ]]; then
+            MOUNT_FEDERATION_EXAMPLE_VOLUME="-v $PWD/custom-user-federation-example/build/libs/custom-user-federation-example-all.jar:/opt/keycloak/providers/custom-user-federation-example-all.jar:z"
+          fi
+
           docker run -d --name keycloak \
           -p 8080:8080 \
           -e KC_DB=dev-mem \
@@ -101,6 +98,7 @@ jobs:
           -e KEYCLOAK_ADMIN_PASSWORD=password \
           -e KC_FEATURES=preview \
           -v $PWD/provider/misc:/opt/keycloak/misc:z \
+          $MOUNT_FEDERATION_EXAMPLE_VOLUME \
           quay.io/keycloak/keycloak:${{ matrix.keycloak-version }} start-dev
 
       - name: Initialize Keycloak

.gitignore

@@ -14,6 +14,7 @@ terraform-provider-keycloak_*
 *.out
 
 .idea/
+.vscode/
 .terraform/
 terraform.d/
 .terraform.lock.hcl

CHANGELOG.md

@@ -1,13 +1,67 @@
-## 5.1.1 (January 31, 2025)
+## 5.2.0 (April 14, 2025)
+
+FEATURES:
+
+* Feature/423 add hardcoded attribute mapper by @angeloxx in https://github.com/keycloak/terraform-provider-keycloak/pull/950
+* feat: Add option to configure always_display_in_console for clients by @mchittka in https://github.com/keycloak/terraform-provider-keycloak/pull/1114
+* Feature/keycloak_required_action config values by @laureat-natzka in https://github.com/keycloak/terraform-provider-keycloak/pull/996
+* feat: add all supported alogithms for rsa-enc keystore by @tboerger in https://github.com/keycloak/terraform-provider-keycloak/pull/1092
+* feat: add consent required flag on saml clients by @frpicard in https://github.com/keycloak/terraform-provider-keycloak/pull/1130
+* 1093 added support for KC26.1.0 by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1094
+* feat: add openid_client_authorization_client_scope_policy resource by @fitbeard in https://github.com/keycloak/terraform-provider-keycloak/pull/1128
+* feat: add realm translation resource by @jonathandavies-CS in https://github.com/keycloak/terraform-provider-keycloak/pull/1123
+* 1149 update to KC26.1.4 by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1150
+* Add tests for saml aggregate attributes by @robson90 in https://github.com/keycloak/terraform-provider-keycloak/pull/1171
+* Allow the alias of Google IdP to be set by @irby in https://github.com/keycloak/terraform-provider-keycloak/pull/1177
+* feat: add identity provider hardcoded group mapper by @gkfabs in https://github.com/keycloak/terraform-provider-keycloak/pull/886
+* feat: Support extra_origins in web_authn_policy and web_authn_passwordless_policy by @thomasdarimont in https://github.com/keycloak/terraform-provider-keycloak/pull/1173
 
 IMPROVEMENTS:
 
-* 1100 run ci on release branches ([#1102](https://github.com/keycloak/terraform-provider-keycloak/pull/1102))
+* 1100 run ci on release branches by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1101
+* Adds support for the ExcludeIssuerFromAuthResponse option on OpenIdClient by @sebght in https://github.com/keycloak/terraform-provider-keycloak/pull/934
+* chore(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1145
+* Fixed SHA commit values for non-GH GH actions by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1151
+* Create dependabot.yml by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1152
+* chore(deps): bump com.gradleup.shadow from 8.3.0 to 8.3.6 in /custom-user-federation-example by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1157
+* Feature/update go 1.23 by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1158
+* chore(deps): bump org.jetbrains.kotlin.jvm from 2.0.20 to 2.1.10 in /custom-user-federation-example by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1156
+* chore(deps): bump org.jetbrains.kotlin.jvm from 2.1.10 to 2.1.20 in /custom-user-federation-example by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1160
+* fix: reuse TCP Connection by @Filirom1 in https://github.com/keycloak/terraform-provider-keycloak/pull/1163
+* Retry on timeout, when server doesn't respond by @Filirom1 in https://github.com/keycloak/terraform-provider-keycloak/pull/1161
+* chore(deps): bump crazy-max/ghaction-import-gpg from 6.2.0 to 6.3.0 in /.github/workflows by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1168
+* chore(deps): bump gradle/actions from 4.3.0 to 4.3.1 in /.github/workflows by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1167
+* chore(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1165
+* chore(deps): bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 in /.github/workflows by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1166
+* Increase MaxIdleConnsPerHost in http.Transport by @Filirom1 in https://github.com/keycloak/terraform-provider-keycloak/pull/1169
+* chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 by @dependabot in https://github.com/keycloak/terraform-provider-keycloak/pull/1183
 
 BUG FIXES:
 
-* 1091 fixed provider crash with initial_login set to false ([#1103](https://github.com/keycloak/terraform-provider-keycloak/pull/1103))
-* 1099 fix multi-valued user attributes cannot be enabled by ([#1107](https://github.com/keycloak/terraform-provider-keycloak/pull/1107))
+* 1091 fixed provider crash with initial_login set to false by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1097
+* 1099 fix multi-valued user attributes cannot be enabled by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1106
+* doc: fix token exchange doc urls by @emouty in https://github.com/keycloak/terraform-provider-keycloak/pull/1105
+* fix: fix the wrong error return value by @drawdrop in https://github.com/keycloak/terraform-provider-keycloak/pull/1134
+* fix: Render json `null` to indicate an empty value of type KeycloakSliceHashDelimited (#1142). by @thomasdarimont in https://github.com/keycloak/terraform-provider-keycloak/pull/1144
+* 1146 removed vulnerable github action tj-actions/changed-files by @sschu in https://github.com/keycloak/terraform-provider-keycloak/pull/1147
+* fix: Typo in realm_keys.md by @simonregn in https://github.com/keycloak/terraform-provider-keycloak/pull/1174
+
+Huge thanks to all the individuals who have contributed towards this release:
+
+- [@angeloxx](https://github.com/angeloxx)
+- [@mchittka](https://github.com/mchittka)
+- [@laureat-natzka](https://github.com/laureat-natzka)
+- [@tboerger](https://github.com/tboerger)
+- [@frpicard](https://github.com/frpicard)
+- [@fitbeard](https://github.com/fitbeard)
+- [@jonathandavies-CS](https://github.com/jonathandavies-CS)
+- [@robson90](https://github.com/robson90)
+- [@irby](https://github.com/irby)
+- [@gkfabs](https://github.com/gkfabs)
+- [@Filirom1](https://github.com/Filirom1)
+- [@emouty](https://github.com/emouty)
+- [@drawdrop](https://github.com/drawdrop)
+- [@simonregn](https://github.com/simonregn)
 
 ## 5.1.0 (January 24, 2025)
 

README.md

@@ -55,7 +55,8 @@ This provider will officially support the latest three major versions of Keycloa
 
 The following versions are used when running acceptance tests in CI:
 
-- 26.0.8 (latest)
+- 26.1.4 (latest)
+- 26.0.8
 - 25.0.6
 - 24.0.5
 - 23.0.7
@@ -78,7 +79,7 @@ build you can use the `linux_amd64` build as long as `libc6-compat` is installed
 
 ## Development
 
-This project requires Go 1.22 and Terraform 1.4.1.
+This project requires Go 1.22 and Terraform 1.11.1.
 This project uses [Go Modules](https://github.com/golang/go/wiki/Modules) for dependency management, which allows this project to exist outside an existing GOPATH.
 
 After cloning the repository, you can build the project by running `make build`.

custom-user-federation-example/build.gradle

@@ -1,11 +1,11 @@
 plugins {
-	id 'org.jetbrains.kotlin.jvm' version '2.0.20'
-	id 'com.gradleup.shadow' version '8.3.0'
+	id 'org.jetbrains.kotlin.jvm' version '2.1.20'
+	id 'com.gradleup.shadow' version '8.3.6'
 	id 'java-library'
 }
 
 ext {
-	keycloakVersion = '26.0.8'
+	keycloakVersion = '26.1.4'
 }
 
 dependencies {

docker-compose.yml

@@ -14,22 +14,21 @@ services:
     environment:
       LDAP_PORT_NUMBER: 389
   keycloak:
-    image: quay.io/keycloak/keycloak:26.0.8
+    image: quay.io/keycloak/keycloak:26.1.4
     command: --verbose start-dev --features=preview
     depends_on:
     - postgres
     - openldap
     environment:
     - KC_BOOTSTRAP_ADMIN_USERNAME=keycloak
     - KC_BOOTSTRAP_ADMIN_PASSWORD=password
-    - KC_LOG_LEVEL=INFO
+    - KC_LOG_LEVEL=INFO,org.keycloak:debug
     - KC_DB=postgres
     - KC_DB_URL_HOST=postgres
     - KC_DB_URL_PORT=5432
     - KC_DB_URL_DATABASE=keycloak
     - KC_DB_USERNAME=keycloak
     - KC_DB_PASSWORD=password
-    - KC_LOG_LEVEL=INFO
     - KC_LOG_CONSOLE_COLOR=true
     - KC_FEATURES=preview
     - QUARKUS_HTTP_ACCESS_LOG_ENABLED=true

docs/data-sources/realm_keys.md

@@ -21,7 +21,7 @@ resource "keycloak_realm" "realm" {
 }
 
 data "keycloak_realm_keys" "realm_keys" {
-  realm_id   = keycloak_realm.realm
+  realm_id   = keycloak_realm.realm.id
   algorithms = ["AES", "RS256"]
   status     = ["ACTIVE", "PASSIVE"]
 }

docs/resources/hardcoded_attribute_mapper.md

@@ -0,0 +1,66 @@
+---
+page_title: "keycloak_hardcoded_attribute_mapper Resource"
+---
+
+# keycloak_hardcoded_attribute_mapper Resource
+
+Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP.
+
+The user model hardcoded attribute mapper will set the specified value to the attribute.
+
+
+## Example Usage
+
+```hcl
+resource "keycloak_realm" "realm" {
+  realm   = "my-realm"
+  enabled = true
+}
+
+resource "keycloak_ldap_user_federation" "ldap_user_federation" {
+  name     = "openldap"
+  realm_id = keycloak_realm.realm.id
+
+  username_ldap_attribute = "cn"
+  rdn_ldap_attribute      = "cn"
+  uuid_ldap_attribute     = "entryDN"
+  user_object_classes     = [
+    "simpleSecurityObject",
+    "organizationalRole"
+  ]
+
+  connection_url  = "ldap://openldap"
+  users_dn        = "dc=example,dc=org"
+  bind_dn         = "cn=admin,dc=example,dc=org"
+  bind_credential = "admin"
+
+  sync_registrations = true
+}
+
+resource "keycloak_hardcoded_attribute_mapper" "email_verified" {
+  realm_id                = keycloak_realm.realm.id
+  ldap_user_federation_id = keycloak_ldap_user_federation.ldap_user_federation.id
+  name                    = "email_verified"
+  attribute_name          = "email_verified"
+  attribute_value         = "true"
+}
+```
+
+## Argument Reference
+
+-   `realm_id` - (Required) The realm that this LDAP mapper will exist in.
+-   `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.
+-   `name` - (Required) Display name of this mapper when displayed in the console.
+-   `attribute_name` - (Required) The name of the user model attribute to set.
+-   `attribute_value` - (Required) The value to set to model attribute. You can hardcode any value like 'foo'.
+
+## Import
+
+LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{attribute__mapper_id}}`.
+The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.
+
+Example:
+
+```bash
+$ terraform import keycloak_hardcoded_attribute_mapper.email_verified my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
+```