Merge branch 'master' into auth-flow-executor-priority

.github/workflows/codeql-analysis.yml

@@ -38,17 +38,17 @@ jobs:
 
     steps:
     - name: Checkout Code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v5
       with:
         go-version-file: 'go.mod'
         cache: true
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/dependency-submission.yml

@@ -12,15 +12,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true
 
       - name: Run snapshot action
-        uses: actions/go-dependency-submission@v1
+        uses: actions/go-dependency-submission@v2
         with:
           go-mod-path: go.mod

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - name: Wait for acceptance tests
         id: wait
-        uses: "WyriHaximus/github-action-wait-for-status@v1.4.0"
+        uses: "WyriHaximus/github-action-wait-for-status@v1.8.0"
         with:
           ignoreActions: Wait for acceptance tests
           checkInterval: 30
@@ -22,25 +22,26 @@ jobs:
       status: steps.wait.outputs.status
 
   release:
+    permissions: write-all
     needs:
       - wait
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true
 
       - name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v2
-        env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
 
       - name: Get tag name
         id: get_tag_name
@@ -52,15 +53,14 @@ jobs:
           releaseDate=$(date '+%B-%-d-%Y' | tr '[:upper:]' '[:lower:]')
           releaseVersion=$(echo ${{ steps.get_tag_name.outputs.TAG }} | tr -d '.')
           tmp=$(mktemp -d)
-          echo "[Release Notes](https://github.com/mrparkers/terraform-provider-keycloak/blob/master/CHANGELOG.md#${releaseVersion}-${releaseDate})" > ${tmp}/release-notes.md
+          echo "[Release Notes](https://github.com/keycloak/terraform-provider-keycloak/blob/master/CHANGELOG.md#${releaseVersion}-${releaseDate})" > ${tmp}/release-notes.md
           cat ${tmp}/release-notes.md
           echo ::set-output name=NOTES::${tmp}/release-notes.md
 
       - name: GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v6
         with:
-          version: v0.179.0
-          args: release --rm-dist --release-notes=${{ steps.build-release-notes.outputs.NOTES }}
+          args: release --clean --release-notes=${{ steps.build-release-notes.outputs.NOTES }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

.github/workflows/test.yml

@@ -12,12 +12,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 2 # we want the HEAD commit and the previous commit to compare changed files
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true
@@ -31,7 +31,7 @@ jobs:
       # we only want to run tests if any code changes (not for README or docs changes)
       - name: Check Changed Files
         id: files
-        uses: tj-actions/changed-files@v41.0.0
+        uses: tj-actions/changed-files@v45
         with:
           files: |
             .github
@@ -69,19 +69,19 @@ jobs:
       cancel-in-progress: true
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v1
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_wrapper: false
-          terraform_version: 1.9.5
+          terraform_version: 1.9.8
 
       - name: Start Keycloak Container
         run: |
@@ -99,7 +99,7 @@ jobs:
         run: ./scripts/wait-for-local-keycloak.sh && ./scripts/create-terraform-client.sh
 
       - name: Get Keycloak Version
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: keycloak-version
         env:
           KEYCLOAK_VERSION: ${{ matrix.keycloak-version }}

CHANGELOG.md

@@ -1,3 +1,14 @@
+## 4.5.0 (December 6, 2024)
+
+IMPROVEMENTS:
+
+- various dependency and readme updates ([#1014](https://github.com/keycloak/terraform-provider-keycloak/pull/1014), [#1015](https://github.com/keycloak/terraform-provider-keycloak/pull/1015), [#1022](https://github.com/keycloak/terraform-provider-keycloak/pull/1022), [#1024](https://github.com/keycloak/terraform-provider-keycloak/pull/1024))
+- move to the Keycloak organization ([#1017](https://github.com/keycloak/terraform-provider-keycloak/pull/1017))
+- update go to 1.22 ([#1013](https://github.com/keycloak/terraform-provider-keycloak/pull/1013))
+- update license for project to Apache 2.0 [#1002](https://github.com/keycloak/terraform-provider-keycloak/pull/1002)
+
+Huge thanks to everybody supporting the license change to Apache 2.0!
+
 ## 4.4.0 (January 8, 2024)
 
 FEATURES:

README.md

@@ -4,9 +4,17 @@ Terraform provider for [Keycloak](https://www.keycloak.org/).
 > [!NOTE]
 > Please note that this is currently work-in-progress, please be patient while we are preparing for the first release in the new organization.
 
+## Migration to the new provider
+
+To migrate from `mrparkers/keycloak` to the `keycloak/keycloak` Terraform provider, you can use the `terraform state replace-provider` command:
+```
+terraform state replace-provider mrparkers/keycloak keycloak/keycloak
+```
+You can find the documentation for this command [here](https://developer.hashicorp.com/terraform/cli/commands/state/replace-provider).
+
 ## Docs
 
-All documentation for this provider can now be found on the Terraform Registry: https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
+All documentation for this provider can now be found on the Terraform Registry: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs
 
 ## Installation
 
@@ -16,7 +24,7 @@ This provider can be installed automatically using Terraform >=0.13 by using the
 terraform {
   required_providers {
     keycloak = {
-      source = "mrparkers/keycloak"
+      source = "keycloak/keycloak"
       version = ">= 4.0.0"
     }
   }
@@ -50,14 +58,14 @@ The following versions are used when running acceptance tests in CI:
 ## Releases
 
 This provider uses [GoReleaser](https://goreleaser.com/) to build and publish releases. Each release published to GitHub
-contains binary files for Linux, macOS (darwin), and Windows, as configured within the [`.goreleaser.yml`](https://github.com/mrparkers/terraform-provider-keycloak/blob/master/.goreleaser.yml)
+contains binary files for Linux, macOS (darwin), and Windows, as configured within the [`.goreleaser.yml`](https://github.com/keycloak/terraform-provider-keycloak/blob/master/.goreleaser.yml)
 file.
 
 Each release also contains a `terraform-provider-keycloak_${RELEASE_VERSION}_SHA256SUMS` file, accompanied by a signature
 created by a PGP key with the fingerprint `C508 6791 5E11 6CD2`. This key can be found on my Keybase account at https://keybase.io/mrparkers.
 
-You can find the list of releases [here](https://github.com/mrparkers/terraform-provider-keycloak/releases).
-You can find the changelog for each version [here](https://github.com/mrparkers/terraform-provider-keycloak/blob/master/CHANGELOG.md).
+You can find the list of releases [here](https://github.com/keycloak/terraform-provider-keycloak/releases).
+You can find the changelog for each version [here](https://github.com/keycloak/terraform-provider-keycloak/blob/master/CHANGELOG.md).
 
 Note: Prior to v2.0.0, a statically linked build for use within Alpine linux was included with each release. This is no longer
 done due to [GoReleaser not supporting CGO](https://goreleaser.com/limitations/cgo/). Instead of using a statically linked,

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomEventListenerProvider.kt → custom-user-federation-example/src/main/kotlin/com/github/keycloak/CustomEventListenerProvider.kt

@@ -1,4 +1,4 @@
-package com.github.mrparkers.keycloak
+package com.github.keycloak
 
 import org.keycloak.events.Event
 import org.keycloak.events.EventListenerProvider

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomEventListenerProviderFactory.kt → custom-user-federation-example/src/main/kotlin/com/github/keycloak/CustomEventListenerProviderFactory.kt

@@ -1,4 +1,4 @@
-package com.github.mrparkers.keycloak
+package com.github.keycloak
 
 import org.keycloak.Config
 import org.keycloak.events.EventListenerProvider

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomIdentityProvider.kt → custom-user-federation-example/src/main/kotlin/com/github/keycloak/CustomIdentityProvider.kt

@@ -1,4 +1,4 @@
-package com.github.mrparkers.keycloak
+package com.github.keycloak
 
 import org.keycloak.broker.oidc.OIDCIdentityProvider
 import org.keycloak.models.KeycloakSession

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomIdentityProviderConfig.kt → custom-user-federation-example/src/main/kotlin/com/github/keycloak/CustomIdentityProviderConfig.kt

@@ -1,4 +1,4 @@
-package com.github.mrparkers.keycloak
+package com.github.keycloak
 
 import org.keycloak.broker.oidc.OIDCIdentityProviderConfig
 import org.keycloak.models.IdentityProviderModel

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomIdentityProviderFactory.kt → custom-user-federation-example/src/main/kotlin/com/github/keycloak/CustomIdentityProviderFactory.kt

@@ -1,4 +1,4 @@
-package com.github.mrparkers.keycloak
+package com.github.keycloak
 
 import org.keycloak.broker.oidc.OIDCIdentityProviderConfig
 import org.keycloak.broker.provider.AbstractIdentityProviderFactory

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomUserStorageProvider.kt → custom-user-federation-example/src/main/kotlin/com/github/keycloak/CustomUserStorageProvider.kt

@@ -1,4 +1,4 @@
-package com.github.mrparkers.keycloak
+package com.github.keycloak
 
 import org.keycloak.component.ComponentModel
 import org.keycloak.credential.CredentialInput

custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomUserStorageProviderFactory.kt → custom-user-federation-example/src/main/kotlin/com/github/keycloak/CustomUserStorageProviderFactory.kt

@@ -1,4 +1,4 @@
-package com.github.mrparkers.keycloak
+package com.github.keycloak
 
 import org.keycloak.component.ComponentModel
 import org.keycloak.models.KeycloakSession

custom-user-federation-example/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory

@@ -1 +1 @@
-com.github.mrparkers.keycloak.CustomIdentityProviderFactory
+com.github.keycloak.CustomIdentityProviderFactory

custom-user-federation-example/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory

@@ -1 +1 @@
-com.github.mrparkers.keycloak.CustomEventListenerProviderFactory
+com.github.keycloak.CustomEventListenerProviderFactory

custom-user-federation-example/src/main/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory

@@ -1 +1 @@
-com.github.mrparkers.keycloak.CustomUserStorageProviderFactory
+com.github.keycloak.CustomUserStorageProviderFactory

docker-compose.yml

@@ -7,14 +7,12 @@ services:
     - POSTGRES_USER=keycloak
     - POSTGRES_PASSWORD=password
     image: postgres:16
-    ports:
-    - 5432:5432
     volumes:
     - postgres:/var/lib/postgresql
   openldap:
     image: bitnami/openldap:2.6
-    ports:
-    - 8389:389
+    environment:
+      LDAP_PORT_NUMBER: 389
   keycloak:
     image: quay.io/keycloak/keycloak:21.0.1
     command: --verbose start-dev --features=preview

docs/data-sources/client_description_converter.md

@@ -65,6 +65,6 @@ The exported attributes for this data source are a combination of the attributes
 and [`keycloak_saml_client`][3] resources. You can also refer to the [ClientRepresentation][4] Javadocs for more details.
 
 [1]: https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html
-[2]: providers/mrparkers/keycloak/latest/docs/resources/openid_client
-[3]: providers/mrparkers/keycloak/latest/docs/resources/saml_client
+[2]: providers/keycloak/keycloak/latest/docs/resources/openid_client
+[3]: providers/keycloak/keycloak/latest/docs/resources/saml_client
 [4]: https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html

docs/data-sources/realm.md

@@ -29,4 +29,4 @@ resource "keycloak_role" "group" {
 
 ## Attributes Reference
 
-See the docs for the [`keycloak_realm` resource](https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/resources/realm) for details on the exported attributes.
+See the docs for the [`keycloak_realm` resource](https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/realm) for details on the exported attributes.

docs/resources/custom_user_federation.md

@@ -7,7 +7,7 @@ page_title: "keycloak_custom_user_federation Resource"
 Allows for creating and managing custom user federation providers within Keycloak.
 
 A custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi).
-An example of this implementation can be found [here](https://github.com/mrparkers/terraform-provider-keycloak/tree/master/custom-user-federation-example).
+An example of this implementation can be found [here](https://github.com/keycloak/terraform-provider-keycloak/tree/master/custom-user-federation-example).
 
 ## Example Usage
 

docs/resources/group_memberships.md

@@ -59,4 +59,4 @@ resource "keycloak_group_memberships" "group_members" {
 This resource does not support import. Instead of importing, feel free to create this resource
 as if it did not already exist on the server.
 
-[1]: providers/mrparkers/keycloak/latest/docs/resources/group_memberships
+[1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships

docs/resources/group_permissions.md

@@ -8,7 +8,7 @@ Allows you to manage all group Scope Based Permissions https://www.keycloak.org/
 
 This is part of a preview Keycloak feature: `admin_fine_grained_authz` (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).
 This feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the
-example [`docker-compose.yml`](https://github.com/mrparkers/terraform-provider-keycloak/blob/898094df6b3e01c3404981ce7ca268142d6ff0e5/docker-compose.yml#L21) file for an example.
+example [`docker-compose.yml`](https://github.com/keycloak/terraform-provider-keycloak/blob/898094df6b3e01c3404981ce7ca268142d6ff0e5/docker-compose.yml#L21) file for an example.
 
 When enabling Roles Permissions, Keycloak does several things automatically:
 1. Enable Authorization on built-in `realm-management` client (if not already enabled).

docs/resources/user.md

@@ -62,8 +62,8 @@ resource "keycloak_user" "user_with_initial_password" {
 - `first_name` - (Optional) The user's first name.
 - `last_name` - (Optional) The user's last name.
 - `attributes` - (Optional) A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars
-- `required_actions` - (Optional) A list of required user actions. 
-- `federated_identity` - (Optional) When specified, the user will be linked to a federated identity provider. Refer to the [federated user example](https://github.com/mrparkers/terraform-provider-keycloak/blob/master/example/federated_user_example.tf) for more details.
+- `required_actions` - (Optional) A list of required user actions.
+- `federated_identity` - (Optional) When specified, the user will be linked to a federated identity provider. Refer to the [federated user example](https://github.com/keycloak/terraform-provider-keycloak/blob/master/example/federated_user_example.tf) for more details.
   - `identity_provider` - (Required) The name of the identity provider
   - `user_id` - (Required) The ID of the user defined in the identity provider
   - `user_name` - (Required) The user name of the user defined in the identity provider

docs/resources/users_permissions.md

@@ -8,7 +8,7 @@ Allows you to manage fine-grained permissions for all users in a realm: https://
 
 This is part of a preview Keycloak feature: `admin_fine_grained_authz` (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).
 This feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the
-example [`docker-compose.yml`](https://github.com/mrparkers/terraform-provider-keycloak/blob/898094df6b3e01c3404981ce7ca268142d6ff0e5/docker-compose.yml#L21) file for an example.
+example [`docker-compose.yml`](https://github.com/keycloak/terraform-provider-keycloak/blob/898094df6b3e01c3404981ce7ca268142d6ff0e5/docker-compose.yml#L21) file for an example.
 
 When enabling fine-grained permissions for users, Keycloak does several things automatically:
 1. Enable Authorization on built-in `realm-management` client (if not already enabled).

example/client_authorization_policys.tf

@@ -191,4 +191,8 @@ resource "keycloak_openid_client_permissions" "my_permission" {
     description       = "my description"
     decision_strategy = "UNANIMOUS"
   }
+  //needed because otherwise there is a conflict/race condition with the other permission
+  depends_on = [
+    keycloak_users_permissions.my_permission
+  ]
 }