Added issuer and sync_mode attributes to r/keycloak_oidc_identity_provider

docs/resources/oidc_identity_provider.md

@@ -37,7 +37,9 @@ resource "keycloak_oidc_identity_provider" "realm_identity_provider" {
 - `authorization_url` - (Required) The Authorization Url.
 - `client_id` - (Required) The client or client identifier registered within the identity provider.
 - `client_secret` - (Required) The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
+- `sync_mode` - (Optional) Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. Defaults to `LEGACY`.
 - `token_url` - (Required) The Token URL.
+- `issuer` - (Optional) The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
 - `display_name` - (Optional) Display name for the identity provider in the GUI.
 - `enabled` - (Optional) When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
 - `store_token` - (Optional) When `true`, tokens will be stored after authenticating users. Defaults to `true`.

keycloak/identity_provider.go

@@ -36,6 +36,8 @@ type IdentityProviderConfig struct {
 	ValidateSignature                KeycloakBoolQuoted     `json:"validateSignature,omitempty"`
 	AuthorizationUrl                 string                 `json:"authorizationUrl,omitempty"`
 	TokenUrl                         string                 `json:"tokenUrl,omitempty"`
+	Issuer                           string                 `json:"issuer,omitempty"`
+	SyncMode                         string                 `json:"syncMode,omitempty"`
 	LoginHint                        string                 `json:"loginHint,omitempty"`
 	UILocales                        KeycloakBoolQuoted     `json:"uiLocales,omitempty"`
 	LogoutUrl                        string                 `json:"logoutUrl,omitempty"`

provider/resource_keycloak_oidc_identity_provider.go

@@ -62,6 +62,17 @@ func resourceKeycloakOidcIdentityProvider() *schema.Resource {
 			Required:    true,
 			Description: "Token URL.",
 		},
+		"issuer": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "Issuer Identifier",
+		},
+		"sync_mode": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "Sync Mode",
+			Default:     "LEGACY",
+		},
 		"logout_url": {
 			Type:        schema.TypeString,
 			Optional:    true,
@@ -129,6 +140,8 @@ func getOidcIdentityProviderFromData(data *schema.ResourceData) (*keycloak.Ident
 		ClientSecret:                data.Get("client_secret").(string),
 		HideOnLoginPage:             keycloak.KeycloakBoolQuoted(data.Get("hide_on_login_page").(bool)),
 		TokenUrl:                    data.Get("token_url").(string),
+		Issuer:                      data.Get("issuer").(string),
+		SyncMode:                    data.Get("sync_mode").(string),
 		LogoutUrl:                   data.Get("logout_url").(string),
 		UILocales:                   keycloak.KeycloakBoolQuoted(data.Get("ui_locales").(bool)),
 		LoginHint:                   data.Get("login_hint").(string),

provider/resource_keycloak_oidc_identity_provider_test.go

@@ -337,6 +337,7 @@ resource "keycloak_oidc_identity_provider" "oidc" {
 	token_url         = "https://example.com/token"
 	client_id         = "example_id"
 	client_secret     = "example_token"
+	sync_mode         = "IMPORT"
 	extra_config      = {
 		dummyConfig = "%s"
 	}
@@ -358,6 +359,7 @@ resource "keycloak_oidc_identity_provider" "oidc" {
 	token_url         = "https://example.com/token"
 	client_id         = "example_id"
 	client_secret     = "example_token"
+	sync_mode         = "IMPORT"
 	default_scopes    = "%s"
 }
 	`, realm, alias, value)
@@ -377,6 +379,7 @@ resource "keycloak_oidc_identity_provider" "oidc" {
 	token_url         = "%s"
 	client_id         = "%s"
 	client_secret     = "%s"
+	sync_mode         = "IMPORT"
 }
 	`, oidc.Realm, oidc.Alias, oidc.Enabled, oidc.Config.AuthorizationUrl, oidc.Config.TokenUrl, oidc.Config.ClientId, oidc.Config.ClientSecret)
 }