Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for client policy and client profile on realms #910

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add support for client policy and client profile on realms #910

wants to merge 5 commits into from

Conversation

yaron
Copy link

@yaron yaron commented Dec 28, 2023
edited

This PR fixes #888 and adds support for client_policy and client_profile settings on a realm resource.

It uses json for the configuration because that field can contain booleans, integers and strings and terraform does not like the unpredictability of that.

Example code:

resource "keycloak_realm" "realm" {
  realm             = "my-realm"
  enabled           = true
  display_name      = "my realm"
  display_name_html = "<b>my realm</b>"

  client_profile {
    name        = "test profile"
    description = "testing"

    executor {
      name = "secure-ciba-signed-authn-req"
      configuration = jsonencode({
        available-period = "3600"
      })
    }
    executor {
      name = "secure-ciba-signed-authn-req"
      configuration = jsonencode({
        available-period = "3600"
      })
    }
  }

  client_policy {
    name        = "test policy"
    description = "description"
    profiles    = ["test profile"]
    enabled     = false

    condition {
      name = "any-client"
      configuration = jsonencode({
        is-negative-logic = false
      })
    }
  }
}

@yaron yaron marked this pull request as ready for review January 15, 2024 11:30
@gim-
Copy link

gim- commented Feb 19, 2024

We're looking forward for this to get merged. Is the failing test the only blocker right now?

@yaron
Copy link
Author

yaron commented Feb 19, 2024

The failing test is not related to the change. This PR is waiting on the maintainer to have a look.

@robson90
Copy link

robson90 commented Mar 6, 2024

Hey @yaron , awesome work !!! Maybe it is a better idea, to have ClientPolicy and ClientProfile as a seperate resource ?

For example:
keycloak_realm_client_policy
and
keycloak_realm_client_profile
and accorodingly for conditions and executors

@yaron
Copy link
Author

yaron commented Mar 15, 2024

Hey @robson90 , the issue with that is that on the api call to create or update a realm, you need to provide the policies and profiles or they will be reset (see the issue that this solves). So if you have seperate resources it might break stuff if you update a realm, but nothing changes on the profile or policy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for client profiles and policies
3 participants
@yaron @gim- @robson90