terraform-provider-keycloak
Terraform provider for Keycloak.
Features
This project is a work in progress with a short term goal of supporting all of the Keycloak features that I need to manage at my place of employment.
Long term, I'd like to support as much as I can while I tinker with Keycloak in my spare time.
Supported Resources
keycloak_realm
keycloak_user
keycloak_group
keycloak_group_memberships
keycloak_openid_client
keycloak_openid_client_scope
keycloak_openid_client_default_scopes
keycloak_ldap_user_federation
keycloak_ldap_user_attribute_mapper
keycloak_ldap_group_mapper
keycloak_ldap_full_name_mapper
keycloak_ldap_msad_user_account_control_mapper
keycloak_custom_user_federation
keycloak_openid_user_attribute_protocol_mapper
keycloak_openid_user_property_protocol_mapper
keycloak_openid_group_membership_protocol_mapper
keycloak_openid_full_name_protocol_mapper
keycloak_openid_hardcoded_claim_protocol_mapper
I will write some docs for each resource once more are supported. For now, please refer to the linked source files.
Building
This project uses Go Modules which requires Go 1.11. I personally test the provider with version 0.11.8 of Terraform, and version 4.2.1.Final of Keycloak. Other versions may also work.
GO111MODULE=on go mod download && make build
Tests
Every resource supported by this provider will have a reasonable amount of acceptance test coverage.
For local development, you can spin up a local instance of Keycloak, backed by Postgres and OpenLDAP using make local
.
Once the environment is ready, you can run the acceptance tests after setting the required environment variables:
KEYCLOAK_CLIENT_ID=terraform \
KEYCLOAK_CLIENT_SECRET=884e0f95-0f42-4a63-9b1f-94274655669e \
KEYCLOAK_URL="http://localhost:8080" \
make testacc
These tests will also run in CI when opening a PR and on master.