Closed vladimirblahoz closed 4 months ago
v0.19.0 should fix that, please test that: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v0.19.0
Works like a charm. Considering I have spent almost 2 days trying to figure out a workaround and the fix was released in less than 3 hours, that's impressive. 🙇♂️
Since I've got you here I don't want to open other issues for what may be only my misunderstanging - I would have a couple of questions:
Thanks a bunch for the fix and for the potential answers
Q: "Is there a way to assign a role directly to a user or can that be achieved only through groups at the moment?" A: There is https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/resources/user_roles which is currently not in this provider but it would be no problem to add this. (opened an issue #97 to track that)
Q: If I create a ClientScope, can I assign it to a Client anyhow? A: Either we implement https://registry.terraform.io/providers/edflex-tech/keycloak/latest/docs/resources/openid_client_default_scopes and https://registry.terraform.io/providers/edflex-tech/keycloak/latest/docs/resources/saml_client_default_scopes - it does not look like that there is mapper that would allow us to use a ProtocolMapper https://github.com/keycloak/keycloak/tree/cd2451d58b5c6e167415117dc2a72a7f28878588/services/src/main/java/org/keycloak/protocol/oidc/mappers
default scopes are already available: oidc: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v0.20.0/resources/openidclient.keycloak.crossplane.io/ClientDefaultScopes/v1alpha1 saml: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v0.20.0/resources/samlclient.keycloak.crossplane.io/ClientDefaultScopes/v1alpha1
ProtocolMapper resource can be quite easily bound to a Client using clientIdRef or clientIdSelector. We are in a need of binding protocol mappers to client scopes and in this case the only way of referencing the client scope is by its Keycloak ID which is unknown at the time the mappers are created.
I was unfortunately unable to workaround this not even using composite resource and creating both clientScope and protolMappers in different steps of the same XRD pipeline or by using
function-extra-resources
.