search

mrparkers / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
Apache License 2.0
636 stars 312 forks source link

Add support for social identity providers attribute import #471

Open maxlegault opened 3 years ago

maxlegault commented 3 years ago

I'm trying to replicate an Identity Provider Mapper configuration I have where I import the avatar_url field from my github idp, but it seems like only saml and oidc are currently supported as provider ids for attribute imports. It would be very useful for me to be able to configure attribute importers for the non-oidc social providers.

Here's the resource I'm trying to create:

resource "keycloak_oidc_identity_provider" "github" {
  realm = keycloak_realm.my-realm.realm
  alias = "github"
  provider_id = "github"
  // ... other config elements
}

resource "keycloak_attribute_importer_identity_provider_mapper" "github_avatar_url" {
  realm = keycloak_realm.test-realm.realm
  name = "Avatar URL"
  claim_name = "avatar_url"
  user_attribute = "avatar_url"
  identity_provider_alias = keycloak_oidc_identity_provider.github.alias
  extra_config = {
    syncMode = "FORCE"
  }
}

The plan outputs the expected info:

  # keycloak_attribute_importer_identity_provider_mapper.github_avatar_url will be created
  + resource "keycloak_attribute_importer_identity_provider_mapper" "github_avatar_url" {
      + claim_name              = "avatar_url"
      + extra_config            = {
          + "syncMode" = "FORCE"
        }
      + id                      = (known after apply)
      + identity_provider_alias = "github"
      + name                    = "Avatar URL"
      + realm                   = "test"
      + user_attribute          = "avatar_url"
    }

But then when applying, I get this error message:

Error: provider.keycloak: keycloak_attribute_importer_identity_provider_mapper: Avatar URL: "github" identity provider is not supported yet
maxlegault commented 3 years ago

I'd be glad to make a contribution, from what I see we'd need to check not only for "oidc" but also "github" on this line here to get the claim https://github.com/mrparkers/terraform-provider-keycloak/blob/18bdbd60144feeea0c1637560743d3c0347f8027/provider/resource_keycloak_attribute_importer_identity_provider_mapper.go#L69

I'm guessing we'd probably want to add support for all other social providers that are using OIDC behind the scenes, though I'm not sure if it's all the social identity providers that should be using this mechanism.

mrparkers commented 3 years ago

I think checking for "github" there is fine for now. I usually add support for this on a case by case basis since it's hard to test some of these without having a bit more knowledge about the provider itself. I should be able to test the GitHub one just fine though.

I'd be willing to merge a PR that makes this change if you're willing to submit it 🚀

maxlegault commented 3 years ago

@mrparkers I just created PR #472 to address this issue.