terraform-provider-keycloak
terraform-provider-keycloak copied to clipboard
mrparkers
Add support for client policy and client profile on realms
This PR fixes #888 and adds support for client_policy and client_profile settings on a realm resource.
It uses json for the configuration because that field can contain booleans, integers and strings and terraform does not like the unpredictability of that.
Example code:
resource "keycloak_realm" "realm" {
realm = "my-realm"
enabled = true
display_name = "my realm"
display_name_html = "<b>my realm</b>"
client_profile {
name = "test profile"
description = "testing"
executor {
name = "secure-ciba-signed-authn-req"
configuration = jsonencode({
available-period = "3600"
})
}
executor {
name = "secure-ciba-signed-authn-req"
configuration = jsonencode({
available-period = "3600"
})
}
}
client_policy {
name = "test policy"
description = "description"
profiles = ["test profile"]
enabled = false
condition {
name = "any-client"
configuration = jsonencode({
is-negative-logic = false
})
}
}
}
We're looking forward for this to get merged. Is the failing test the only blocker right now?
The failing test is not related to the change. This PR is waiting on the maintainer to have a look.
Hey @yaron , awesome work !!! Maybe it is a better idea, to have ClientPolicy and ClientProfile as a seperate resource ?
For example: keycloak_realm_client_policy and keycloak_realm_client_profile and accorodingly for conditions and executors
Hey @robson90 , the issue with that is that on the api call to create or update a realm, you need to provide the policies and profiles or they will be reset (see the issue that this solves). So if you have seperate resources it might break stuff if you update a realm, but nothing changes on the profile or policy.