feat: add valid_post_logout_redirect_uris attribute to keycloak_openid_client resource (#777)

Author: mrparkers

.gitignore

@@ -5,6 +5,7 @@
 *.so
 *.dylib
 terraform-provider-keycloak
+terraform-provider-keycloak_*
 
 # Test binary, build with `go test -c`
 *.test

docs/resources/openid_client.md

@@ -67,6 +67,7 @@ resource "keycloak_openid_client" "openid_client" {
 - `valid_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple
 wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled`
 is set to `true`.
+- `valid_post_logout_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful logout.
 - `web_origins` - (Optional) A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`."
 - `root_url` - (Optional) When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required.
 - `admin_url` - (Optional) URL to the admin interface of the client.

example/main.tf

@@ -209,6 +209,10 @@ resource "keycloak_openid_client" "test_client" {
   valid_redirect_uris = [
     "http://localhost:5555/callback",
   ]
+  valid_post_logout_redirect_uris = [
+    "http://localhost:5555/post-logout",
+    "http://localhost:5555/post-logout3",
+  ]
 
   client_secret = "secret"
 

keycloak/extra_config.go

@@ -2,6 +2,7 @@ package keycloak
 
 import (
 	"encoding/json"
+	"github.com/mrparkers/terraform-provider-keycloak/keycloak/types"
 	"reflect"
 	"strconv"
 	"strings"
@@ -26,17 +27,18 @@ func unmarshalExtraConfig(data []byte, reflectValue reflect.Value, extraConfig *
 					} else if field.Kind() == reflect.Bool {
 						boolVal, err := strconv.ParseBool(configValue.(string))
 						if err == nil {
-							field.Set(reflect.ValueOf(KeycloakBoolQuoted(boolVal)))
+							field.Set(reflect.ValueOf(types.KeycloakBoolQuoted(boolVal)))
 						}
 					} else if field.Kind() == reflect.TypeOf([]string{}).Kind() {
-						var s KeycloakSliceQuoted
-
-						err = json.Unmarshal([]byte(configValue.(string)), &s)
-						if err != nil {
+						var sliceQuoted types.KeycloakSliceQuoted
+						var sliceHashDelimited types.KeycloakSliceHashDelimited
 
+						if err = json.Unmarshal([]byte(configValue.(string)), &sliceQuoted); err == nil {
+							field.Set(reflect.ValueOf(sliceQuoted))
+						} else if err = sliceHashDelimited.UnmarshalJSON([]byte(configValue.(string))); err == nil {
+							field.Set(reflect.ValueOf(sliceHashDelimited))
 						}
 
-						field.Set(reflect.ValueOf(s))
 					}
 
 					delete(*extraConfig, jsonKey)
@@ -63,10 +65,13 @@ func marshalExtraConfig(reflectValue reflect.Value, extraConfig map[string]inter
 				if field.Kind() == reflect.String {
 					out[jsonKey] = field.String()
 				} else if field.Kind() == reflect.Bool {
-					out[jsonKey] = KeycloakBoolQuoted(field.Bool())
+					out[jsonKey] = types.KeycloakBoolQuoted(field.Bool())
 				} else if field.Kind() == reflect.TypeOf([]string{}).Kind() {
-					s := field.Interface().(KeycloakSliceQuoted)
-					out[jsonKey] = s
+					if s, ok := field.Interface().(types.KeycloakSliceQuoted); ok {
+						out[jsonKey] = s
+					} else if s, ok := field.Interface().(types.KeycloakSliceHashDelimited); ok {
+						out[jsonKey] = s
+					}
 				}
 			}
 		}

keycloak/identity_provider.go

@@ -3,54 +3,55 @@ package keycloak
 import (
 	"context"
 	"fmt"
+	"github.com/mrparkers/terraform-provider-keycloak/keycloak/types"
 	"reflect"
 )
 
 type IdentityProviderConfig struct {
-	Key                             string                 `json:"key,omitempty"`
-	HostIp                          string                 `json:"hostIp,omitempty"`
-	UseJwksUrl                      KeycloakBoolQuoted     `json:"useJwksUrl,omitempty"`
-	JwksUrl                         string                 `json:"jwksUrl,omitempty"`
-	ClientId                        string                 `json:"clientId,omitempty"`
-	ClientSecret                    string                 `json:"clientSecret,omitempty"`
-	DisableUserInfo                 KeycloakBoolQuoted     `json:"disableUserInfo"`
-	UserInfoUrl                     string                 `json:"userInfoUrl,omitempty"`
-	HideOnLoginPage                 KeycloakBoolQuoted     `json:"hideOnLoginPage"`
-	NameIDPolicyFormat              string                 `json:"nameIDPolicyFormat,omitempty"`
-	EntityId                        string                 `json:"entityId,omitempty"`
-	SingleLogoutServiceUrl          string                 `json:"singleLogoutServiceUrl,omitempty"`
-	SingleSignOnServiceUrl          string                 `json:"singleSignOnServiceUrl,omitempty"`
-	SigningCertificate              string                 `json:"signingCertificate,omitempty"`
-	SignatureAlgorithm              string                 `json:"signatureAlgorithm,omitempty"`
-	XmlSigKeyInfoKeyNameTransformer string                 `json:"xmlSigKeyInfoKeyNameTransformer,omitempty"`
-	PostBindingAuthnRequest         KeycloakBoolQuoted     `json:"postBindingAuthnRequest,omitempty"`
-	PostBindingResponse             KeycloakBoolQuoted     `json:"postBindingResponse,omitempty"`
-	PostBindingLogout               KeycloakBoolQuoted     `json:"postBindingLogout,omitempty"`
-	ForceAuthn                      KeycloakBoolQuoted     `json:"forceAuthn,omitempty"`
-	WantAuthnRequestsSigned         KeycloakBoolQuoted     `json:"wantAuthnRequestsSigned,omitempty"`
-	WantAssertionsSigned            KeycloakBoolQuoted     `json:"wantAssertionsSigned,omitempty"`
-	WantAssertionsEncrypted         KeycloakBoolQuoted     `json:"wantAssertionsEncrypted,omitempty"`
-	BackchannelSupported            KeycloakBoolQuoted     `json:"backchannelSupported,omitempty"`
-	ValidateSignature               KeycloakBoolQuoted     `json:"validateSignature,omitempty"`
-	AuthorizationUrl                string                 `json:"authorizationUrl,omitempty"`
-	TokenUrl                        string                 `json:"tokenUrl,omitempty"`
-	LoginHint                       string                 `json:"loginHint,omitempty"`
-	UILocales                       KeycloakBoolQuoted     `json:"uiLocales,omitempty"`
-	LogoutUrl                       string                 `json:"logoutUrl,omitempty"`
-	DefaultScope                    string                 `json:"defaultScope,omitempty"`
-	AcceptsPromptNoneForwFrmClt     KeycloakBoolQuoted     `json:"acceptsPromptNoneForwardFromClient,omitempty"`
-	HostedDomain                    string                 `json:"hostedDomain,omitempty"`
-	UserIp                          KeycloakBoolQuoted     `json:"userIp,omitempty"`
-	OfflineAccess                   KeycloakBoolQuoted     `json:"offlineAccess,omitempty"`
-	PrincipalType                   string                 `json:"principalType,omitempty"`
-	PrincipalAttribute              string                 `json:"principalAttribute,omitempty"`
-	GuiOrder                        string                 `json:"guiOrder,omitempty"`
-	SyncMode                        string                 `json:"syncMode,omitempty"`
-	ExtraConfig                     map[string]interface{} `json:"-"`
-	AuthnContextClassRefs           KeycloakSliceQuoted    `json:"authnContextClassRefs,omitempty"`
-	AuthnContextComparisonType      string                 `json:"authnContextComparisonType,omitempty"`
-	AuthnContextDeclRefs            KeycloakSliceQuoted    `json:"authnContextDeclRefs,omitempty"`
-	Issuer                          string                 `json:"issuer,omitempty"`
+	Key                             string                    `json:"key,omitempty"`
+	HostIp                          string                    `json:"hostIp,omitempty"`
+	UseJwksUrl                      types.KeycloakBoolQuoted  `json:"useJwksUrl,omitempty"`
+	JwksUrl                         string                    `json:"jwksUrl,omitempty"`
+	ClientId                        string                    `json:"clientId,omitempty"`
+	ClientSecret                    string                    `json:"clientSecret,omitempty"`
+	DisableUserInfo                 types.KeycloakBoolQuoted  `json:"disableUserInfo"`
+	UserInfoUrl                     string                    `json:"userInfoUrl,omitempty"`
+	HideOnLoginPage                 types.KeycloakBoolQuoted  `json:"hideOnLoginPage"`
+	NameIDPolicyFormat              string                    `json:"nameIDPolicyFormat,omitempty"`
+	EntityId                        string                    `json:"entityId,omitempty"`
+	SingleLogoutServiceUrl          string                    `json:"singleLogoutServiceUrl,omitempty"`
+	SingleSignOnServiceUrl          string                    `json:"singleSignOnServiceUrl,omitempty"`
+	SigningCertificate              string                    `json:"signingCertificate,omitempty"`
+	SignatureAlgorithm              string                    `json:"signatureAlgorithm,omitempty"`
+	XmlSigKeyInfoKeyNameTransformer string                    `json:"xmlSigKeyInfoKeyNameTransformer,omitempty"`
+	PostBindingAuthnRequest         types.KeycloakBoolQuoted  `json:"postBindingAuthnRequest,omitempty"`
+	PostBindingResponse             types.KeycloakBoolQuoted  `json:"postBindingResponse,omitempty"`
+	PostBindingLogout               types.KeycloakBoolQuoted  `json:"postBindingLogout,omitempty"`
+	ForceAuthn                      types.KeycloakBoolQuoted  `json:"forceAuthn,omitempty"`
+	WantAuthnRequestsSigned         types.KeycloakBoolQuoted  `json:"wantAuthnRequestsSigned,omitempty"`
+	WantAssertionsSigned            types.KeycloakBoolQuoted  `json:"wantAssertionsSigned,omitempty"`
+	WantAssertionsEncrypted         types.KeycloakBoolQuoted  `json:"wantAssertionsEncrypted,omitempty"`
+	BackchannelSupported            types.KeycloakBoolQuoted  `json:"backchannelSupported,omitempty"`
+	ValidateSignature               types.KeycloakBoolQuoted  `json:"validateSignature,omitempty"`
+	AuthorizationUrl                string                    `json:"authorizationUrl,omitempty"`
+	TokenUrl                        string                    `json:"tokenUrl,omitempty"`
+	LoginHint                       string                    `json:"loginHint,omitempty"`
+	UILocales                       types.KeycloakBoolQuoted  `json:"uiLocales,omitempty"`
+	LogoutUrl                       string                    `json:"logoutUrl,omitempty"`
+	DefaultScope                    string                    `json:"defaultScope,omitempty"`
+	AcceptsPromptNoneForwFrmClt     types.KeycloakBoolQuoted  `json:"acceptsPromptNoneForwardFromClient,omitempty"`
+	HostedDomain                    string                    `json:"hostedDomain,omitempty"`
+	UserIp                          types.KeycloakBoolQuoted  `json:"userIp,omitempty"`
+	OfflineAccess                   types.KeycloakBoolQuoted  `json:"offlineAccess,omitempty"`
+	PrincipalType                   string                    `json:"principalType,omitempty"`
+	PrincipalAttribute              string                    `json:"principalAttribute,omitempty"`
+	GuiOrder                        string                    `json:"guiOrder,omitempty"`
+	SyncMode                        string                    `json:"syncMode,omitempty"`
+	ExtraConfig                     map[string]interface{}    `json:"-"`
+	AuthnContextClassRefs           types.KeycloakSliceQuoted `json:"authnContextClassRefs,omitempty"`
+	AuthnContextComparisonType      string                    `json:"authnContextComparisonType,omitempty"`
+	AuthnContextDeclRefs            types.KeycloakSliceQuoted `json:"authnContextDeclRefs,omitempty"`
+	Issuer                          string                    `json:"issuer,omitempty"`
 }
 
 type IdentityProvider struct {

keycloak/openid_client.go

@@ -3,6 +3,7 @@ package keycloak
 import (
 	"context"
 	"fmt"
+	"github.com/mrparkers/terraform-provider-keycloak/keycloak/types"
 	"reflect"
 )
 
@@ -58,26 +59,27 @@ type OpenidClient struct {
 }
 
 type OpenidClientAttributes struct {
-	PkceCodeChallengeMethod               string                 `json:"pkce.code.challenge.method"`
-	ExcludeSessionStateFromAuthResponse   KeycloakBoolQuoted     `json:"exclude.session.state.from.auth.response"`
-	AccessTokenLifespan                   string                 `json:"access.token.lifespan"`
-	LoginTheme                            string                 `json:"login_theme"`
-	ClientOfflineSessionIdleTimeout       string                 `json:"client.offline.session.idle.timeout,omitempty"`
-	DisplayOnConsentScreen                KeycloakBoolQuoted     `json:"display.on.consent.screen"`
-	ConsentScreenText                     string                 `json:"consent.screen.text"`
-	ClientOfflineSessionMaxLifespan       string                 `json:"client.offline.session.max.lifespan,omitempty"`
-	ClientSessionIdleTimeout              string                 `json:"client.session.idle.timeout,omitempty"`
-	ClientSessionMaxLifespan              string                 `json:"client.session.max.lifespan,omitempty"`
-	UseRefreshTokens                      KeycloakBoolQuoted     `json:"use.refresh.tokens"`
-	UseRefreshTokensClientCredentials     KeycloakBoolQuoted     `json:"client_credentials.use_refresh_token"`
-	BackchannelLogoutUrl                  string                 `json:"backchannel.logout.url"`
-	FrontchannelLogoutUrl                 string                 `json:"frontchannel.logout.url"`
-	BackchannelLogoutRevokeOfflineTokens  KeycloakBoolQuoted     `json:"backchannel.logout.revoke.offline.tokens"`
-	BackchannelLogoutSessionRequired      KeycloakBoolQuoted     `json:"backchannel.logout.session.required"`
-	ExtraConfig                           map[string]interface{} `json:"-"`
-	Oauth2DeviceAuthorizationGrantEnabled KeycloakBoolQuoted     `json:"oauth2.device.authorization.grant.enabled"`
-	Oauth2DeviceCodeLifespan              string                 `json:"oauth2.device.code.lifespan,omitempty"`
-	Oauth2DevicePollingInterval           string                 `json:"oauth2.device.polling.interval,omitempty"`
+	PkceCodeChallengeMethod               string                           `json:"pkce.code.challenge.method"`
+	ExcludeSessionStateFromAuthResponse   types.KeycloakBoolQuoted         `json:"exclude.session.state.from.auth.response"`
+	AccessTokenLifespan                   string                           `json:"access.token.lifespan"`
+	LoginTheme                            string                           `json:"login_theme"`
+	ClientOfflineSessionIdleTimeout       string                           `json:"client.offline.session.idle.timeout,omitempty"`
+	DisplayOnConsentScreen                types.KeycloakBoolQuoted         `json:"display.on.consent.screen"`
+	ConsentScreenText                     string                           `json:"consent.screen.text"`
+	ClientOfflineSessionMaxLifespan       string                           `json:"client.offline.session.max.lifespan,omitempty"`
+	ClientSessionIdleTimeout              string                           `json:"client.session.idle.timeout,omitempty"`
+	ClientSessionMaxLifespan              string                           `json:"client.session.max.lifespan,omitempty"`
+	UseRefreshTokens                      types.KeycloakBoolQuoted         `json:"use.refresh.tokens"`
+	UseRefreshTokensClientCredentials     types.KeycloakBoolQuoted         `json:"client_credentials.use_refresh_token"`
+	BackchannelLogoutUrl                  string                           `json:"backchannel.logout.url"`
+	FrontchannelLogoutUrl                 string                           `json:"frontchannel.logout.url"`
+	BackchannelLogoutRevokeOfflineTokens  types.KeycloakBoolQuoted         `json:"backchannel.logout.revoke.offline.tokens"`
+	BackchannelLogoutSessionRequired      types.KeycloakBoolQuoted         `json:"backchannel.logout.session.required"`
+	ExtraConfig                           map[string]interface{}           `json:"-"`
+	Oauth2DeviceAuthorizationGrantEnabled types.KeycloakBoolQuoted         `json:"oauth2.device.authorization.grant.enabled"`
+	Oauth2DeviceCodeLifespan              string                           `json:"oauth2.device.code.lifespan,omitempty"`
+	Oauth2DevicePollingInterval           string                           `json:"oauth2.device.polling.interval,omitempty"`
+	PostLogoutRedirectUris                types.KeycloakSliceHashDelimited `json:"post.logout.redirect.uris,omitempty"`
 }
 
 type OpenidAuthenticationFlowBindingOverrides struct {

keycloak/openid_client_scope.go

@@ -3,6 +3,7 @@ package keycloak
 import (
 	"context"
 	"fmt"
+	"github.com/mrparkers/terraform-provider-keycloak/keycloak/types"
 )
 
 type OpenidClientScope struct {
@@ -12,10 +13,10 @@ type OpenidClientScope struct {
 	Description string `json:"description"`
 	Protocol    string `json:"protocol"`
 	Attributes  struct {
-		DisplayOnConsentScreen KeycloakBoolQuoted `json:"display.on.consent.screen"` // boolean in string form
-		ConsentScreenText      string             `json:"consent.screen.text"`
-		GuiOrder               string             `json:"gui.order"`
-		IncludeInTokenScope    KeycloakBoolQuoted `json:"include.in.token.scope"` // boolean in string form
+		DisplayOnConsentScreen types.KeycloakBoolQuoted `json:"display.on.consent.screen"` // boolean in string form
+		ConsentScreenText      string                   `json:"consent.screen.text"`
+		GuiOrder               string                   `json:"gui.order"`
+		IncludeInTokenScope    types.KeycloakBoolQuoted `json:"include.in.token.scope"` // boolean in string form
 	} `json:"attributes"`
 }
 

keycloak/realm.go

@@ -3,6 +3,7 @@ package keycloak
 import (
 	"context"
 	"fmt"
+	"github.com/mrparkers/terraform-provider-keycloak/keycloak/types"
 	"strings"
 )
 
@@ -152,18 +153,18 @@ type BrowserSecurityHeaders struct {
 }
 
 type SmtpServer struct {
-	StartTls           KeycloakBoolQuoted `json:"starttls,omitempty"`
-	Auth               KeycloakBoolQuoted `json:"auth,omitempty"`
-	Port               string             `json:"port,omitempty"`
-	Host               string             `json:"host,omitempty"`
-	ReplyTo            string             `json:"replyTo,omitempty"`
-	ReplyToDisplayName string             `json:"replyToDisplayName,omitempty"`
-	From               string             `json:"from,omitempty"`
-	FromDisplayName    string             `json:"fromDisplayName,omitempty"`
-	EnvelopeFrom       string             `json:"envelopeFrom,omitempty"`
-	Ssl                KeycloakBoolQuoted `json:"ssl,omitempty"`
-	User               string             `json:"user,omitempty"`
-	Password           string             `json:"password,omitempty"`
+	StartTls           types.KeycloakBoolQuoted `json:"starttls,omitempty"`
+	Auth               types.KeycloakBoolQuoted `json:"auth,omitempty"`
+	Port               string                   `json:"port,omitempty"`
+	Host               string                   `json:"host,omitempty"`
+	ReplyTo            string                   `json:"replyTo,omitempty"`
+	ReplyToDisplayName string                   `json:"replyToDisplayName,omitempty"`
+	From               string                   `json:"from,omitempty"`
+	FromDisplayName    string                   `json:"fromDisplayName,omitempty"`
+	EnvelopeFrom       string                   `json:"envelopeFrom,omitempty"`
+	Ssl                types.KeycloakBoolQuoted `json:"ssl,omitempty"`
+	User               string                   `json:"user,omitempty"`
+	Password           string                   `json:"password,omitempty"`
 }
 
 func (keycloakClient *KeycloakClient) NewRealm(ctx context.Context, realm *Realm) error {