search

mrparkers / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
MIT License
592 stars 291 forks source link

Add support to add `protocolMapper` to realm client scope #940

Closed missedone closed 3 months ago

missedone commented 3 months ago

we have a custom protocol mapper and would like to add the protocolMapper to the realm client scop

similar to keycloak_generic_client_protocol_mapper https://registry.terraform.io/providers/edflex-tech/keycloak/latest/docs/resources/generic_client_protocol_mapper

i'd like to be able to add protocol mapper to client scope, the tf code could looks like below: 

resource "keycloak_generic_client_scope_protocol_mapper" "attribute_mapper" {
  realm_id        = keycloak_realm.realm.id
  client_scope_id       = keycloak_openid_client_scope. openid_client_scope.id
  name            = "test-mapper"
  protocol        = "openid-connect"
  protocol_mapper = "oidc-role-based-mapper"
  config = {
    "attribute.name"       = "name"
    "attribute.nameformat" = "Basic"
    "attribute.value"      = "value"
    "friendly.name"        = "display name"
  }
}
missedone commented 3 months ago

ah, looks like the client_scope_id is supported per the PR https://github.com/mrparkers/terraform-provider-keycloak/pull/253, let me try out

nevermind, the PR was for keycloak_generic_client_role_mapper but not keycloak_generic_client_protocol_mapper, but may follow the similar idea that to make keycloak_generic_client_protocol_mapper support client_scope_id

missedone commented 3 months ago

after digging into the code, it turned out that the feature has been supported https://github.com/mrparkers/terraform-provider-keycloak/blob/master/provider/resource_keycloak_generic_protocol_mapper.go#L45

however, i didn't see the doc https://registry.terraform.io/providers/edflex-tech/keycloak/latest/docs/resources/generic_client_protocol_mapper