You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to create a new UserFederation and alter one of the default UserAttributeMappers that gets created. I'm having a tough time figuring out how to do that without making every default mapper with the configuration I want. In particular, I'd like to change the default UserAttributeMapper for firstName to use givenname as the ldapAttribute instead of the default cn.
For example, if I've got a setup like this:
---
apiVersion: ldap.keycloak.crossplane.io/v1alpha1kind: UserAttributeMappermetadata:
name: first-namespec:
forProvider:
alwaysReadValueFromLdap: trueisMandatoryInLdap: true# The `ldapAttribute` defaults to `cn`.# This `UserAttributeMapper` changes that to `givenname`.ldapAttribute: givennameldapUserFederationIdRef:
name: lldapname: first namereadOnly: truerealmIdRef:
name: my-realmuserModelAttribute: firstNameproviderConfigRef:
name: my-provider
---
apiVersion: ldap.keycloak.crossplane.io/v1alpha1kind: UserFederationmetadata:
name: lldapspec:
forProvider:
…providerConfigRef:
name: my-provider
What ends up happening is that it creates an additional UserAttributeMapper with all the right configuration on the newly created UserFederation, instead of updating the UserAttributeMapper with the name first name. That makes sense, because these resources are effectively saying, "I want to add a new UserAttributeMapper." But that's not what I actually want.
One workaround is to use deleteDefaultMappers: true on the UserFederation, and create all of the (default) mappers with the configuration I want. I'm doing this in the short-term so I can have something working. But is there a different way to achieve the same goal of altering one field on a single mapper that doesn't involve recreating everything?
The text was updated successfully, but these errors were encountered:
Seems like it's related to this upstream issue: keycloak/terraform-provider-keycloak#268. So yeah the deleteDefaultMappers: true sounds it's the way to go for now.
I don't know enough about Crossplane (only just found out about it the other day), but is it not possible to solve this by doing something in a Composition? pipeline like:
Make a UserFederation that creates a new external resource in Keycloak.
Find the external name of the created UserAttributeMapper for first name.
Modify the ldapAttribute of the UserAttributeMapper.
Or is that not really how it works? It sounds like there's a ton of stuff you can do to orchestrate these resources, like this section of the Function Patch and Transform guide in the Crossplane docs. But it's a little too confusing for me to know how to use it to solve my problem (or if it even can).
I'd like to create a new
UserFederation
and alter one of the defaultUserAttributeMapper
s that gets created. I'm having a tough time figuring out how to do that without making every default mapper with the configuration I want. In particular, I'd like to change the defaultUserAttributeMapper
forfirstName
to usegivenname
as theldapAttribute
instead of the defaultcn
.For example, if I've got a setup like this:
What ends up happening is that it creates an additional
UserAttributeMapper
with all the right configuration on the newly createdUserFederation
, instead of updating theUserAttributeMapper
with the namefirst name
. That makes sense, because these resources are effectively saying, "I want to add a newUserAttributeMapper
." But that's not what I actually want.One workaround is to use
deleteDefaultMappers: true
on theUserFederation
, and create all of the (default) mappers with the configuration I want. I'm doing this in the short-term so I can have something working. But is there a different way to achieve the same goal of altering one field on a single mapper that doesn't involve recreating everything?The text was updated successfully, but these errors were encountered: