feat: add consent required flag on saml clients (#1130)

Signed-off-by: frpicard <[email protected]>

Author: frpicard

docs/resources/saml_client.md

@@ -69,6 +69,7 @@ resource "keycloak_saml_client" "saml_client" {
     - `browser_id` - (Optional) Browser flow id, (flow needs to exist)
     - `direct_grant_id` - (Optional) Direct grant flow id (flow needs to exist)
 - `always_display_in_console` - (Optional) Always list this client in the Account UI, even if the user does not have an active session.
+- `consent_required` - (Optional) When `true`, users have to consent to client access. Defaults to `false`.
 - `extra_config` - (Optional) A map of key/value pairs to add extra configuration attributes to this client. This can be used for custom attributes, or to add configuration attributes that is not yet supported by this Terraform provider. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates.
 
 ## Attributes Reference

keycloak/saml_client.go

@@ -58,6 +58,7 @@ type SamlClient struct {
 	MasterSamlProcessingUrl string   `json:"adminUrl"`
 
 	FullScopeAllowed bool `json:"fullScopeAllowed"`
+	ConsentRequired  bool `json:"consentRequired"`
 
 	AlwaysDisplayInConsole bool `json:"alwaysDisplayInConsole"`
 

provider/data_source_keycloak_saml_client.go

@@ -61,6 +61,10 @@ func dataSourceKeycloakSamlClient() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"consent_required": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 			"front_channel_logout": {
 				Type:     schema.TypeBool,
 				Computed: true,

provider/resource_keycloak_saml_client.go

@@ -94,6 +94,11 @@ func resourceKeycloakSamlClient() *schema.Resource {
 				Optional: true,
 				Default:  true,
 			},
+			"consent_required": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Computed: true,
+			},
 			"front_channel_logout": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -321,6 +326,7 @@ func mapToSamlClientFromData(data *schema.ResourceData) *keycloak.SamlClient {
 		BaseUrl:                 data.Get("base_url").(string),
 		MasterSamlProcessingUrl: data.Get("master_saml_processing_url").(string),
 		FullScopeAllowed:        data.Get("full_scope_allowed").(bool),
+		ConsentRequired:         data.Get("consent_required").(bool),
 		AlwaysDisplayInConsole:  data.Get("always_display_in_console").(bool),
 		Attributes:              samlAttributes,
 	}
@@ -378,6 +384,7 @@ func mapToDataFromSamlClient(ctx context.Context, data *schema.ResourceData, cli
 	data.Set("logout_service_redirect_binding_url", client.Attributes.LogoutServiceRedirectBindingURL)
 	data.Set("full_scope_allowed", client.FullScopeAllowed)
 	data.Set("login_theme", client.Attributes.LoginTheme)
+	data.Set("consent_required", client.ConsentRequired)
 	data.Set("always_display_in_console", client.AlwaysDisplayInConsole)
 
 	if canonicalizationMethod, ok := mapKeyFromValue(keycloakSamlClientCanonicalizationMethods, client.Attributes.CanonicalizationMethod); ok {