-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: use consistent config / extra_config across identity providers #523
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, This a very good improvement for my personal use-cases
@@ -89,12 +99,72 @@ func resourceKeycloakIdentityProvider() *schema.Resource { | |||
Default: "", | |||
Description: "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.", | |||
}, | |||
// all schema values below this point will be configuration values that are shared among all identity providers | |||
"extra_config": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So basically extra config(and gui_order and sync_mode) was moved to the generic identity provider, 👍
Detail: fmt.Sprintf(`extra_config key "%s" is not allowed, as it conflicts with a top-level schema attribute`, jsonKey), | ||
AttributePath: append(path, cty.IndexStep{ | ||
Key: cty.StringVal(jsonKey), | ||
}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great, This will help people to understand what is going on, even if they did not read the release notes
|
||
extra_config = { | ||
"syncMode" = "IMPORT" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would still give an example of extra config:
extra_config = {
"myCustomConfigKey" = "myValue"
}
gui_order
andsync_mode
are now supported by all identity providers as top-level attributesextra_config
attribute now fails validation if a key is used that conflicts with the existing identity provider config JSON modelThis doesn't really "fix" the root problem, but the extra validation here will prevent potentially bad configuration for an identity provider from reaching a Keycloak instance.
Fixes #520
cc @tomrutsaert @alex-hempel