FEATURES:
- Fix user & userprofile tests by @denniskniep in #1042
- add support for keycloak version up to current (26.0.7) by @sschum in #1028
- feat:(roles): Importable role by rolename by @denniskniep in #1043
- feat(user): Importable user by username by @denniskniep in #1041
- feat(authFlow): added optional priority by @denniskniep in #1040
- feat: Recognise the 'apple' provider ID in attribute importer mapper by @greed42 in #1036
- Add support for remote debugging by @thomasdarimont in #1048
- unit tests are now working with KC 21 to 26 by @sschum and @markus-qvest-seidl in #1028
- Please check IdP provider sync mode as the default has changed to "LEGACY"
- Keycloak 25: SAML clients have a default 'saml_organization'. If 'saml_organization' isn't specified in the provider configuration, the provider will delete this scope.
IMPROVEMENTS:
- Add attribute_force_default to ldap_user_attribute_mapper by @Vincevrp in #1057
- chore: Ignore local scratch dir by @thomasdarimont in #1063
- Code cleanups by @thomasdarimont in #1050
- Updated dependencies by @sschu in #1051
- Updated example to KC26.0.7 by @sschu in #1046
- update golang.org/x/net and golang.org/x/crypto by @AbrohamLincoln in #1034
- Update index.md: The default client timeout is 15 seconds by @giner in #1018
- Small readme fixed and version updates by @sschu in #1035
- Update expired certificates by @sschu in #1045
- Fixed examples and user-federation-example by @denniskniep in #1039
BUG FIXES:
- Prevent force replacing resources when
import
value in state is nil by @kherock in #1054 - fix: Revise Keycloak environment handling (#1061) by @thomasdarimont in #1062
- fix: Revise Keycloak debugging configuration (#1059) by @thomasdarimont in #1060
Huge thanks to all the individuals who have contributed towards this release:
@AbrohamLincoln @denniskniep @giner @greed42 @markus-qvest-seidl @sschum @kherock @Vincevrp
IMPROVEMENTS:
- various dependency and readme updates (#1014, #1015, #1022, #1024)
- move to the Keycloak organization (#1017)
- update go to 1.22 (#1013)
- update license for project to Apache 2.0 #1002
Huge thanks to everybody supporting the license change to Apache 2.0!
FEATURES:
- new resource:
keycloak_ldap_custom_mapper
(#863)
IMPROVEMENTS:
- add
provider_id
attribute tokeycloak_realm_keystore_rsa
resource (#858) - compute
extra_config
for client data sources (#885) - support updated RedHat SSO version strings (#903)
- add
required_actions
attribute tokeycloak_user
resource (#867) - allow use of custom client authenticator types (#845)
- allow users to set
referrer_policy
header withinsecurity_defenses
forkeycloak_realm
resource (#879)
BUG FIXES:
- set the correct value for
identityProviderMapper
when using keycloak-oidc identity provider (#850)
Huge thanks to all the individuals who have contributed towards this release:
- @NataliaKhodiakova
- @olivierboudet
- @guthypeter
- @kherock
- @smoehrle
- @wombat
- @scheying
- @JackHartley
- @stale-vegait
- @jrpedrianes
BUG FIXES:
- avoid validation errors during plan for missing realm and openid client resources (#841)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- update supported Keycloak versions (#828)
- update to go 1.19 (#848)
- add new
login_hint
attribute forkeycloak_saml_identity_provider
resource (#830)
BUG FIXES:
- avoid inserting authenticator execution configs with empty strings as ID (#840)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- allow the
internal_id
attribute for thekeycloak_realm
resource to be set during apply instead of read-only (#807) - allow for multivalue attributes in
extra_config
attribute forkeycloak_custom_user_federation
resource (#761)
BUG FIXES:
- allow users with backslashes in their name to be assigned to groups via
keycloak_group_memberships
resource (#778) - correctly set
nameIDPolicyFormat
when updating value inextra_config
inkeycloak_saml_identity_provider
resource (#793) - treat empty attributes as nil values when importing
keycloak_ldap_user_federation
resource (#784) - treat empty attributes as nil values when importing
keycloak_custom_user_federation
resource (#809)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- add
IMPORT
mode tokeycloak_ldap_role_mapper
resource (#768) - add
RSA_SHA256_MGF1
andRSA_SHA512_MGF1
signature algorithms tokeycloak_saml_client
resource (#757) - add
valid_post_logout_redirect_uris
attribute tokeycloak_openid_client
resource (#777)
BUG FIXES:
- fix incorrect import ID for
keycloak_openid_client_authorization_*
resources (#763) - fix payload used during deletion of
keycloak_generic_role_mapper
resource to prevent more mappers from unintentionally being removed (#772)
BUG FIXES:
- restored the default value for the
client_authenticator_type
attribute within thekeycloak_openid_client
resource (#755)
BREAKING CHANGES:
- updated the default value of the
base_path
provider attribute, it is now an empty string (#733)- this change was made due to the Quarkus distribution of Keycloak removing the
/auth
context from API urls. if you are currently using the Quarkus version of Keycloak, you no longer need to specify thebase_path
provider attribute as an empty string. if you are currently using the legacy version of Keycloak, you will need to add thebase_path
provider attribute and set it to/auth
.
- this change was made due to the Quarkus distribution of Keycloak removing the
- renamed resources:
keycloak_generic_client_protocol_mapper
has been renamed tokeycloak_generic_protocol_mapper
(#742)keycloak_generic_client_role_mapper
has been renamed tokeycloak_generic_role_mapper
. (#748)- the old versions of these resources will remain functional until the next major release, but they will display a deprecation warning whenever they are used.
- to migrate to these new resources, you can follow these steps:
- use
terraform state rm
to remove each of the old resources from state. - use
terraform import
to import the new resources into state. you can refer to the documentation for each of these resources to see how they should be imported.
- use
FEATURES:
- new resource:
keycloak_ldap_hardcoded_attribute_mapper
(#725) - new data source:
keycloak_openid_client_scope
(#743)
IMPROVEMENTS:
- add
red_hat_sso
provider attribute which can be set totrue
if you're using RedHat SSO. this helps the provider understand which version of Keycloak is being used (#721) - support json encoded validation config for
keycloak_realm_user_profile
resource (#705) - update go version to 1.18, update several dependencies, update supported Keycloak versions to include v19 (#733)
- add
attribute_default_value
andis_binary_attribute
attributes tokeycloak_ldap_user_attribute_mapper
resource (#735) - update
keycloak_ldap_user_federation
resource to add support for deleting default mappers that are normally created by Keycloak (#744) - add
issuer
attribute tokeycloak_oidc_identity_provider
resource (#746) - update
keycloak_openid_client
resource to add support for importing Keycloak-created clients without needing to runterraform import
(#747)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- add authn context attributes for
keycloak_saml_identity_provider
resource (#703) - add
resource_type
attribute forkeycloak_openid_client_authorization_permission
resource (#702)
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- update usage of component API for
keycloak_ldap_user_federation
andkeycloak_custom_user_federation
resources (#707)- this fixes an issue that prevented these resources from being used within the
master
realm.
- this fixes an issue that prevented these resources from being used within the
IMPROVEMENTS:
- improve import error messages for several resources (#691)
- allow usage of environment variable to configure base API path (#695)
BUG FIXES:
- use realm name instead of internal ID for authentication bindings (#687)
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- fix a potential problem with the
keycloak_custom_user_federation
resource incorrectly assuming some Keycloak API fields are numbers.
FEATURES:
- new resource:
keycloak_realm_user_profile
(#658) - new resource:
keycloak_authentication_bindings
(#668)
IMPROVEMENTS:
- support custom provider ID in
keycloak_saml_identity_provider
resource (#656) - support sync settings in
keycloak_custom_user_federation
resource (#663) - support Transient NameID format for
keycloak_saml_identity_provider
resource (#661) - update all resources to use new terraform lifecycles with context support (#675)
- support use-refresh-tokens for client credentials in
keycloak_openid_client
resource (#678) - support
client_session_idle_timeout
andclient_session_max_lifespan
arguments inkeycloak_realm
resource (#653)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- add support for the oauth2 device authorization grant (#578)
- add
client_authenticator_type
attribute tokeycloak_openid_client
resource (#627) - add missing documentation for
keycloak_user_template_importer_identity_provider_mapper
resource (#635) - add attributes for customizing consent screen for
keycloak_openid_client
resource (#646) - upgrade to the latest version of the
terraform-plugin-sdk
(#644) - add attributes for configuring frontchannel logout on
keycloak_openid_client
resource (#644) - bump supported keycloak versions (#650)
BUG FIXES:
- fix keycloak version check for
keycloak_default_roles
resource (#637)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resource:
keycloak_group_permissions
(#617)
BUG FIXES:
xml_sign_key_info_key_name_transformer
attribute forkeycloak_saml_identity_provider
resource used incorrect spelling, causing it to not be set correctly (#614)- when querying protocol mappers from the Keycloak API, treat quoted boolean attributes as
false
when receiving an empty string. this should fix issues when importing protocol mappers that were created by Keycloak (#622)
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- remove
defaultRole
from realm JSON before sending requests to Keycloak to fix compatibility with Keycloak versions older than v13 (#612)
FEATURES:
- new resource:
keycloak_default_roles
(#599) - new resources:
keycloak_realm_keystore_aes_generated
,keycloak_realm_keystore_ecdsa_generated
,keycloak_realm_keystore_hmac_generated
,keycloak_realm_keystore_java_keystore
,keycloak_realm_keystore_rsa
, andkeycloak_realm_keystore_rsa_generated
(#582) - new resource:
keycloak_openid_audience_resolve_protocol_mapper
(#606)
IMPROVEMENTS:
- add
start_tls
anduse_password_modify_extended_op
attributes tokeycloak_ldap_user_federation
resource (#601) keycloak_openid_client_default_scopes
andkeycloak_openid_client_optional_scopes
resources will now completely reconcile assigned scopes on create (#594)- this means that creating these resources will now remove default / optional scopes that are not specified within the resource configuration. see #498 for more context.
BUG FIXES:
- allow all
extra_config
attributes forkeycloak_custom_identity_provider_mapper
resource (#607) backchannel_logout_session_required
andbackchannel_logout_revoke_offline_sessions
attributes forkeycloak_openid_client
resource were swapped (#600)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- add backchannel support for
keycloak_openid_client
resource (#583) - add support for
extra_config
forkeycloak_openid_client
resource (#579) - add support for
extra_config
forkeycloak_saml_client
resource (#589) - add
signature_key_name
attribute tokeycloak_saml_client
resource (#588) - add
login_theme
attribute tokeycloak_saml_client
resource (#590) - new data source:
keycloak_user_realm_roles
(#596) - add OTP policy attributes to
keycloak_realm
resource (#585) - add computed attributes
encryption_certificate_sha1
,signing_certificate_sha1
, andsigning_private_key_sha1
forkeycloak_saml_client
resource (#589)
IMPROVEMENTS:
- the behavior of the
extra_config
attribute among all resources that support it has been standardized (#584) (#589)- validation has been added to ensure that
extra_config
can't be used to override values that are supported by that particular resource's top level schema extra_config
will no longer contain "computed" attributes, meaning that attributes not supplied by the user will not be written back toextra_config
- attributes that have been removed from
extra_config
will be sent back to the Keycloak API as an empty string. this appears to be the only way to "unset" these on the Keycloak server - REMINDER:
extra_config
should only be used to support custom attributes, or attributes that are not yet officially supported by this provider. future releases of this provider could cause breaking changes for users usingextra_config
. please use this attribute carefully, especially when upgrading to newer versions of the provider.
- validation has been added to ensure that
- request / response bodies to / from the Keycloak API will be properly formatted when
TF_LOG
is set toDEBUG
(#589) - the list of officially supported Keycloak versions has been updated to 13.x, 14.x, and 15.x (#589). older versions may still work, but they will no longer be tested against in CI.
- the behavior of the
keycloak_saml_client
attributesencryption_certificate
,signing_certificate
, andsigning_private_key
has been changed.- previously, it was meant to be possible to unset these attributes by setting them to an empty string. this was meant to remove the certs / keys on the Keycloak server. however, this never really worked correctly, so this behavior has been removed.
- these values will now be autogenerated by Keycloak when omitted.
BUG FIXES:
- fix possible crash when using
keycloak_users_permissions
resource (#591)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- add
use_refresh_tokens
attribute tokeycloak_openid_client
resource (#573)
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- re-add previously removed
LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY
role retrieval strategy for thekeycloak_ldap_role_mapper
resource (#560) - perform initial login during version check if needed. this fixes a potential panic within the
keycloak_ldap_group_mapper
resource (#564)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- stopped throwing an error for missing provider credentials when
initial_login
is set tofalse
. this should help with scenarios where Keycloak itself is being created by Terraform (such as with thehelm_release
resource) (#552) - upgrade to go v1.16, bump terraform plugin SDK (#551)
- this enables builds for previously unsupported platforms, such as
darwin_arm64
- this should fix any potential issues with using this provider with Terraform v1.0.1
- this enables builds for previously unsupported platforms, such as
BUG FIXES:
- fix possible panic when creating identity provider mappers (#556)
Huge thanks to all the individuals who have contributed towards this release:
There was an internal problem with the v3.1.0 release, causing a checksum error when running terraform init
. Please use
this release instead.
An internal error during the release process caused this release to fail when running terraform init
. Please use v3.1.1
instead.
FEATURES:
- new resource:
keycloak_custom_identity_provider_mapper
(#515) - new data source:
keycloak_client_description_converter
(#518)
IMPROVEMENTS:
- use pagination for
keycloak_group_memberships
resource (#527)
BUG FIXES:
- handle deleted role when removing role assignment from
keycloak_group_roles
resource (#538)
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- add validation for
extra_config
attribute for identity providers to prevent conflicts with the top-level identity provider schema (#523)- note: this may cause errors with existing provider configuration that uses this attribute. however, any provider configuration that breaks here was most likely not working in the first place.
- fix definition of roles in
keycloak_openid_client_role_policy
resource to use a set instead of a list (#524)
BREAKING CHANGES:
- add a new required
entity_id
attribute forkeycloak_saml_identity_provider
resource (#512) - removed attributes that were deprecated in v2.0.0 (#514)
keycloak_openid_user_session_note_protocol_mapper
resource: removesession_note_label
attributekeycloak_user
data source: removefederated_identities
attributekeycloak_ldap_user_federation
resource: removecache_policy
attribute
FEATURES:
IMPROVEMENTS:
- support multivalue attributes for users, groups and roles (#499)
- add
trust_email
attribute tokeycloak_ldap_user_federation
resource (#267) - add
principal_type
,principal_attribute
,gui_order
, andsync_mode
attributes tokeycloak_saml_identity_provider
resource (#508) - allows non-authoritative usage of
keycloak_group_roles
resource viaexhaustive
attribute (#501) - allows non-authoritative usage of
keycloak_user_roles
resource viaexhaustive
attribute (#513) - add ability to set additional request headers as provider config (#507)
BUG FIXES:
- fixed marshalling of
false
value in Keycloak API attributes that use quoted booleans (#495) - handle group not found for
keycloak_group_roles
resource (#497) - fix
keycloak_attribute_importer_identity_provider_mapper
andkeycloak_user_template_importer_identity_provider_mapper
resources for usage with Facebook/Google (#482)
Huge thanks to all the individuals who have contributed towards this release:
- @alex-hempel
- @lathspell
- @max-rocket-internet
- @Photonios
- @PSanetra
- @sl-benoitoyez
- @StatueFungus
- @vlaurin
- @yesteph
- @Zeldhyr
FEATURES:
- new resource:
keycloak_saml_script_protocol_mapper
(#473)
IMPROVEMENTS:
- support custom attributes in
keycloak_role
resource (#475)
BUG FIXES:
- remove mutex usage in keycloak client, which in some cases resulted in deadlock when retrieving tokens from Keycloak (#489)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- add new
keycloak_realm
attributes for handling default client scopes (#464) - new data source:
keycloak_saml_client
(#468)
IMPROVEMENTS:
- revised the configuration for the custom user federation example (#425)
- increased the default http client timeout to 15 seconds (#469)
BUG FIXES:
- fix panic when using
keycloak_user
data source with invalid username (#460) - fix version handling with RedHat SSO (#462)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resource:
keycloak_openid_client_permissions
(#364) - new resource:
keycloak_users_permissions
(#400) - new resource:
keycloak_openid_client_script_protocol_mapper
(#453)
IMPROVEMENTS:
- add
authorization.decision_strategy
attribute tokeycloak_openid_client
resource (#392) - support
IMPORT
mode forkeycloak_ldap_group_mapper
resource (#397) - add client session length attributes to
keycloak_openid_client
resource (#415) - update to go 1.5 (#445)
- add
groups_path
attribute tokeycloak_ldap_group_mapper
resource (#436) - add
authentication_flow_binding_overrides
attribute tokeycloak_saml_client
resource (#448)
BUG FIXES:
- fix inconsistent plan when enabling service account in
keycloak_openid_client
resource (#437) - fix import for
keycloak_openid_client_service_account_realm_role
resource (#441) - remove unneeded validation checks for registration attributes for
keycloak_realm
resource (#438) - allow commas in
config
attribute forkeycloak_custom_user_federation
resource (#455)
Huge thanks to all the individuals who have contributed towards this release:
- @AdrienFromToulouse
- @hcl31415
- @jermarchand
- @PaulGgithub
- @pths
- @randomswdev
- @spirius
- @toddkazakov
- @xinau
BREAKING CHANGES:
- migrate to v2 of the terraform-plugin-sdk, which drops support for Terraform 0.11 and below (#369)
DEPRECATIONS:
- the
cache_policy
attribute within thekeycloak_ldap_user_federation
resource has been deprecated in favor of a newcache
attribute (#376) - the
federated_identities
computed attribute within thekeycloak_user
data source has been deprecated in favor of a newfederated_identity
computed attribute (1b6284c) - the
session_note_label
attribute within thekeycloak_openid_user_session_note_protocol_mapper
resource has been deprecated in favor of a newsession_note
attribute (#365)
FEATURES:
- this provider can now be installed automatically with Terraform 0.13 via the Terraform registry: https://registry.terraform.io/providers/mrparkers/keycloak/latest
- new data source:
keycloak_user
(#360) - new data source:
keycloak_authentication_execution
(#360)
IMPROVEMENTS:
- add remember me timeout attributes to
keycloak_realm
resource (#374) - add
offline_session_max_lifespan_enabled
attribute tokeycloak_realm
resource (#377) - add
web_authn_policy
andweb_authn_passwordless_policy
attributes tokeycloak_realm
resource (#356)
BUG FIXES:
- fix
keycloak_group
data source to support more than one returned group (#351) - fix import syntax for
keycloak_openid_client_*_policy
resources (#367) - fix
parent_id
attribute not being set when importingkeycloak_group
resource (#372) - automatically register an unregistered required action when using the
keycloak_required_action
resource (#385) - fix
keycloak_openid_user_session_note_protocol_mapper
resource API call to correctly set the session note (#365) - add missing attributes for
keycloak_group
data source (#369) - add missing attributes for
keycloak_openid_client_service_account_user
data source (#369) - add missing attributes for
keycloak_realm
data source (#369) - fix
config
attribute forkeycloak_custom_user_federation
resource (#369) - fix
kerberos
attribute forkeycloak_ldap_user_federation
resource (#369) - add missing
disable_user_info
attribute forkeycloak_oidc_identity_provider
resource (#369) - fix empty
path
sub-attribute undergroups
attribute withinkeycloak_openid_client_authorization_group_policy
resource (#369) - fix
role
attribute forkeycloak_openid_client_authorization_role_policy
resource (#369)
Huge thanks to all the individuals who have contributed towards this release:
- @cgroschupp
- @gansb
- @hcl31415
- @jermarchand
- @klausenbusk
- @paulvollmer
- @pmellati
- @rjmasikome
- @RomanNess
FEATURES:
- new resource:
keycloak_user_roles
(#315) - new resource:
keycloak_identity_provider_token_exchange_scope_permission
(#318) - new resources:
keycloak_saml_client_scope
,keycloak_saml_client_default_scopes
(#320)
IMPROVEMENTS:
- add
default_signature_algorithm
attribute forkeycloak_realm
resource (#282) - add
parent_id
attribute tokeycloak_custom_user_federation
resource (#325) - add
extra_config
attribute to identity provider mapper resources (#316) - add
include_in_token_scope
andgui_order
attributes tokeycloak_openid_client_scope
resource (#320) - add
base_path
provider attribute, improve login error messages (#332) - add encryption attributes to
keycloak_saml_client
resource (#342) - add
signature_algorithm
attribute tokeycloak_saml_client
resource (#345)
BUG FIXES:
- fix import for
keycloak_openid_client_service_account_role
resource (#314) - fix realm role support for
keycloak_generic_client_role_mapper
resource (#316) - fix
keycloak_group
data source to support nested groups (#334) - fix
keycloak_group
data source / resource to support group names with backslash character (#337)
Huge thanks to all the individuals who have contributed towards this release:
- @chanhht
- @dmeyerholt
- @elmarx
- @hcl31415
- @hnnsngl
- @jgrgt
- @lathspell
- @m-v-k
- @tomrutsaert
- @Useurmind
- @wadahiro
FEATURES:
- new resource:
keycloak_openid_user_client_role_protocol_mapper
(#299) - new resource:
keycloak_openid_user_session_note_protocol_mapper
(#309)
IMPROVEMENTS:
- add
login_theme
attribute tokeycloak_openid_client
resource (#278) - add
aggregate_attributes
attribute tokeycloak_openid_user_attribute_protocol_mapper
resource (#272) - add
user_managed_access
attribute tokeycloak_realm
resource (#275) - support deployed JavaScript policies for
keycloak_openid_client_js_policy
resource (#275) - add
internal_id
computed attribute tokeycloak_realm
resource and data source (#270) - surface Keycloak API errors to users during
terraform plan
andterraform apply
(#304) - add
kerberos
configuration forkeycloak_ldap_user_federation
resource (#290) - test all major versions of Keycloak in CI (#294)
- add import support for
keycloak_generic_client_role_mapper
resource (#310) - use terraform-plugin-sdk user agent string in http client (#311)
BUG FIXES:
- fix: mark
group_id
attribute as required forkeycloak_group_roles
resource (#292)
Huge thanks to all the individuals who have contributed towards this release:
- @alevit33
- @arminfelder
- @awilliamsOM1
- @dlechevalier
- @dmeyerholt
- @elmarx
- @hawknewton
- @javefang
- @jgrgt
- @pascal-hofmann
- @tomrutsaert
- @Useurmind
- @wadahiro
FEATURES:
- new resource:
keycloak_ldap_hardcoded_group_mapper
(#264) - new data source:
keycloak_saml_client_installation_provider
(#263) - new resource:
keycloak_ldap_role_mapper
(#265)
IMPROVEMENTS:
- add
tls_insecure_skip_verify
provider attribute (#237) - add
client_scope_id
attribute tokeycloak_generic_client_role_mapper
resource (#253) - add
email_verified
attribute tokeycloak_user
resource (#256) - add
JSON
as a validclaim_value_type
for openid protocol mapper resources (#260) - add
force_name_id_format
attribute tokeycloak_saml_client
resource (#261) - add
consent_required
andauthentication_flow_binding_overrides
attributes forkeycloak_openid_client
resource (#262) - add
root_url
attribute tokeycloak_openid_client
resource (#248) - add federated identity support for
keycloak_user
resource (#274)
BUG FIXES:
- correctly handle manually deleted clients when refreshing a
keycloak_openid_client_default_scopes
resource (#252) - correctly handle manually deleted clients when refreshing a
keycloak_openid_client_optional_scopes
resource
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- fix: allow
defaultScope
andacceptsPromptNoneForwardFromClient
attributes to be set forkeycloak_oidc_identity_provider
. Previously, these attributes could only be set viaextra_config
, which stopped working as of v1.17.0. This release introduces these attributes as top-level attributes for thekeycloak_oidc_identity_provider
resource.
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resources:
keycloak_authentication_flow
,keycloak_authentication_subflow
,keycloak_authentication_execution
(#215) - new resource:
keycloak_authentication_execution_config
(#241) - new resource:
keycloak_oidc_google_identity_provider
(#240) - new resource:
keycloak_ldap_msad_user_account_control_mapper
(#244) - new resources:
keycloak_openid_client_group_policy
,keycloak_openid_client_role_policy
,keycloak_openid_client_aggregate_policy
,keycloak_openid_client_js_policy
,keycloak_openid_client_time_policy
,keycloak_openid_client_user_policy
,keycloak_openid_client_client_policy
(#246) - new resource:
keycloak_generic_client_role_mapper
(#242)
IMPROVEMENTS:
- add
client_scope_id
attribute tokeycloak_generic_client_protocol_mapper
resource (#229) - add
root_ca_certificate
attribute to provider config (#227) - add
scopes
attribute tokeycloak_openid_client_authorization_permission
resource (#220) - add
access_token_lifespan
attribute tokeycloak_openid_client
resource (#233)
Huge thanks to all the individuals who have contributed towards this release:
- @Amad27
- @BernhardBerbuir
- @Guarionex
- @moritz31
- @mukuru-shaun
- @ndrpnt
- @sanderginn
- @tomrutsaert
- @yspotts
FEATURES:
- new resource:
keycloak_realm_events
(#211) - new resource:
resource_keycloak_openid_client_service_account_role
(#202)
IMPROVEMENTS:
- add base_url attribute to
keycloak_openid_client
resource (#201) - allow configuration of the client timeout by an environment variable (#206)
- add consent_required attribute to
keycloak_openid_client
resource (#207) - add admin_url attribute to
keycloak_openid_client
resource (#203) - add display_name_html attribute to
keycloak_realm
resource and data source (#209) - switch to terraform-plugin-sdk (#214)
BUG FIXES:
- URL encode role names to allow for special characters (#213)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resource:
keycloak_ldap_hardcoded_role_mapper
(#195)
IMPROVEMENTS:
- add
full_scope_allowed
attribute tokeycloak_openid_client
resource (#193) - add
exclude_session_state_from_auth_response
attribute tokeycloak_openid_client
resource (#191) - allow empty value for
pkce_code_challenge_method
attribute onkeycloak_openid_client
resource (#198) - support attributes for
keycloak_group
resource (#199)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- add
keycloak_openid_client_service_account_user
data source (#181) - add
keycloak_group
data source (#185)
IMPROVEMENTS:
- support Keycloak v8.0.0 (#183)
- new functionality for
keycloak_realm
: brute_force_detection, ssl_required, and custom attributes (#183) - allow you to prevent refresh token reuse with a new
revoke_refresh_token
attribute for thekeycloak_realm
resource (#183)- note: please refer to the docs for the new configuration values if you currently use
refresh_token_max_reuse
- note: please refer to the docs for the new configuration values if you currently use
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- fix: update Keycloak API call to handle groups with more than 100 members (#179)
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- correctly handle Keycloak role names that contain a forward slash (#175)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- use cookiejar for Keycloak API requests (#173)
Huge thanks to all the individuals who have contributed towards this release:
IMPROVEMENTS:
- add
pkce_code_challenge_method
attribute forkeycloak_openid_client
resource (#170)
BUG FIXES:
- always use valid client secret for
keycloak_oidc_identity_provider
resource (#171) - fix state issues for
keycloak_openid_client_service_account_role
resource (#171)
Huge thanks to all the individuals who have contributed towards this release:
BUG FIXES:
- fix required attribute for
keycloak_realm
data source (#166) - automatically retry role deletion if the first attempt fails (#168)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resource:
keycloak_openid_user_realm_role_protocol_mapper
(#159) - new data source:
keycloak_realm
(#160)
IMPROVEMENTS:
- added
timeout
provider attribute (#155) - always export
serviceAccountId
forkeycloak_openid_client
resource (#162)
BUG FIXES:
- fix default value for
reset_credentials_flow
attribute inkeycloak_realm
resource (#158)
Huge thanks to all the individuals who have contributed towards this release:
note: this release contains a bug in the keycloak_realm
resource that incorrectly sets the default attribute for reset_credentials_flow
to "registration"
. Please ensure that you set this attribute manually to override the incorrect default until a future release fixes this issue.
FEATURES:
- new resource:
keycloak_required_action
(#131) - new resource:
keycloak_default_groups
(#146) - new resources:
keycloak_role
,keycloak_group_roles
,keycloak_openid_hardcoded_role_protocol_mapper
(#143) - new data source:
keycloak_role
(#143)
IMPROVEMENTS:
- add
security_defences
attribute tokeycloak_realm
resource (#130) - support custom config for
keycloak_custom_user_federation
resource (#134) - add
initial_login
provider attribute to optionally avoid requests during provider setup (#136) - support custom config for
keycloak_oidc_identity_provider
resource (#137) - add
password_policy
attribute forkeycloak_realm
resource (#139) - add flow binding attributes for
keycloak_realm
resource (#140)
BUG FIXES:
- fix user attributes to handle attributes longer than 255 characters (#132)
- fix import for
keycloak_oidc_identity_provider
(#142)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- add
full_scope_allowed
attribute tokeycloak_saml_client
resource (#118) - add
internationalization
attribute tokeycloak_realm
resource (#124) - add
smtp_server
attribute tokeycloak_realm
resource (#122)
IMPROVEMENTS:
- allow the provider to use a confidential client with the password grant (#114)
- update Terraform SDK to 0.12.1 (#120)
- bump dependency versions for custom user federation example (#121)
- add static binary to release for use within Alpine Docker iamges (#129)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resources:
keycloak_openid_client_authorization_resource
,keycloak_openid_client_authorization_scope
,keycloak_openid_client_authorization_permission
,keycloak_openid_client_service_account_role
(#104)- note: docs for these resources will be released at a later date. for now, please refer to the source files.
- new data sources: keycloak_openid_client, keycloak_openid_client_authorization_policy (#104)
- note: docs for these data sources will be released at a later date. for now, please refer to the source files.
IMPROVEMENTS:
- chore: update provider SDK to 0.12 (#107)
- chore: support Keycloak v6.0.1 (#106)
- chore: renames provider resource/data files (#105)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resources:
keycloak_identity_provider
and mappers (#92)- note: docs for these resources will be released at a later date. for now, please refer to the source files.
IMPROVEMENTS:
- new attributes added for
keycloak_saml_client
resource (#103)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resource:
keycloak_openid_client_optional_scopes
(#96) - new resource:
keycloak_openid_audience_protocol_mapper
(#97)
FEATURES:
- add support for non-master realms and resource owner password grant for Keycloak authentication (#88)
IMPROVEMENTS:
- support Keycloak v4.8.3.Final and Terraform v0.11.11 (#93)
BUG FIXES:
- handle 404 errors when reading a group for group memberships (#95)
Huge thanks to all the individuals who have contributed towards this release:
FEATURES:
- new resource:
keycloak_saml_user_property_protocol_mapper
(#85)
FEATURES:
- new resource:
keycloak_saml_user_attribute_protocol_mapper
(#84)
FEATURES:
- new resource:
keycloak_saml_client
(#82)
IMPROVEMENTS:
- add validation for usernames to ensure they are always lowercase (#83)
IMPROVEMENTS:
BUG FIXES:
- ldap mappers: don't assume component fields are returned by Keycloak API (#80)
Huge thanks to all the individuals who have contributed towards this release:
Initial Release!
Docs: https://mrparkers.github.io/terraform-provider-keycloak