diff --git a/CHANGELOG.md b/CHANGELOG.md
index b82dd2f..908d406 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,878 +1,886 @@
# Change log
All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
+## [v7.12.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.12.0) (2021-11-24)
+
+[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.11.1...v7.12.0)
+
+### Added
+
+- Add Realm properties and allow custom properties [\#228](https://github.com/treydock/puppet-module-keycloak/pull/228) ([treydock](https://github.com/treydock))
+
## [v7.11.1](https://github.com/treydock/puppet-module-keycloak/tree/v7.11.1) (2021-11-24)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.11.0...v7.11.1)
### Fixed
- Further fix to set description on keycloak\_flow when not top\_level flow [\#227](https://github.com/treydock/puppet-module-keycloak/pull/227) ([treydock](https://github.com/treydock))
- Fix to set description on keycloak\_flow when not top\_level flow [\#226](https://github.com/treydock/puppet-module-keycloak/pull/226) ([treydock](https://github.com/treydock))
## [v7.11.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.11.0) (2021-11-05)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.10.0...v7.11.0)
### Added
- Replace CentOS 8 support with Rocky 8 [\#221](https://github.com/treydock/puppet-module-keycloak/pull/221) ([treydock](https://github.com/treydock))
- Support stdlib 8.x, mysql 12.x and use puppet/systemd [\#220](https://github.com/treydock/puppet-module-keycloak/pull/220) ([treydock](https://github.com/treydock))
- Add id parameter to keycloak::freeipa\_user\_provider [\#219](https://github.com/treydock/puppet-module-keycloak/pull/219) ([treydock](https://github.com/treydock))
## [v7.10.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.10.0) (2021-09-22)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.9.1...v7.10.0)
### Added
- Add feature `user_managed_access_allowed` property [\#211](https://github.com/treydock/puppet-module-keycloak/pull/211) ([rdcuzins](https://github.com/rdcuzins))
### Fixed
- Fix and tune mangement interface definitions for both master and slave [\#217](https://github.com/treydock/puppet-module-keycloak/pull/217) ([kibahop](https://github.com/kibahop))
## [v7.9.1](https://github.com/treydock/puppet-module-keycloak/tree/v7.9.1) (2021-09-16)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.9.0...v7.9.1)
### Fixed
- set keycloak\_server in keycloak\_conn\_validator from 'localhost' to $service\_bind\_address [\#216](https://github.com/treydock/puppet-module-keycloak/pull/216) ([hugendudel](https://github.com/hugendudel))
## [v7.9.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.9.0) (2021-09-08)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.8.0...v7.9.0)
### Added
- Remove Scientific Linux from metadata.json, still supported [\#213](https://github.com/treydock/puppet-module-keycloak/pull/213) ([treydock](https://github.com/treydock))
- add saml-user-attribute-mapper support [\#212](https://github.com/treydock/puppet-module-keycloak/pull/212) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
### Fixed
- Fix centos/7 in Vagrant failing [\#210](https://github.com/treydock/puppet-module-keycloak/pull/210) ([rdcuzins](https://github.com/rdcuzins))
- Fix invalid module dependency versions [\#209](https://github.com/treydock/puppet-module-keycloak/pull/209) ([rdcuzins](https://github.com/rdcuzins))
## [v7.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.8.0) (2021-09-01)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.7.1...v7.8.0)
### Added
- Added support for bearer-only configuration of keycloak\_client [\#207](https://github.com/treydock/puppet-module-keycloak/pull/207) ([verrydtj](https://github.com/verrydtj))
## [v7.7.1](https://github.com/treydock/puppet-module-keycloak/tree/v7.7.1) (2021-08-23)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.7.0...v7.7.1)
### Fixed
- Fix assigning management interfaces to logical interfaces in domain mode [\#206](https://github.com/treydock/puppet-module-keycloak/pull/206) ([kibahop](https://github.com/kibahop))
## [v7.7.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.7.0) (2021-08-16)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.6.0...v7.7.0)
### Added
- Support Keycloak 15.x [\#204](https://github.com/treydock/puppet-module-keycloak/pull/204) ([treydock](https://github.com/treydock))
## [v7.6.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.6.0) (2021-08-13)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.5.1...v7.6.0)
### Added
- Add extra configurations to keycloak realm [\#203](https://github.com/treydock/puppet-module-keycloak/pull/203) ([qboileau](https://github.com/qboileau))
## [v7.5.1](https://github.com/treydock/puppet-module-keycloak/tree/v7.5.1) (2021-08-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.5.0...v7.5.1)
### Fixed
- Ensure flow execution will add config if not added on create [\#201](https://github.com/treydock/puppet-module-keycloak/pull/201) ([treydock](https://github.com/treydock))
## [v7.5.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.5.0) (2021-07-12)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.4.1...v7.5.0)
### Added
- Update dependency version ranges [\#200](https://github.com/treydock/puppet-module-keycloak/pull/200) ([treydock](https://github.com/treydock))
- Support Keycloak 14 [\#199](https://github.com/treydock/puppet-module-keycloak/pull/199) ([treydock](https://github.com/treydock))
- Fix Ubuntu acceptance tests [\#198](https://github.com/treydock/puppet-module-keycloak/pull/198) ([treydock](https://github.com/treydock))
## [v7.4.1](https://github.com/treydock/puppet-module-keycloak/tree/v7.4.1) (2021-07-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.4.0...v7.4.1)
### Fixed
- Remove prefixes from socket-binding-groups [\#197](https://github.com/treydock/puppet-module-keycloak/pull/197) ([kibahop](https://github.com/kibahop))
## [v7.4.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.4.0) (2021-06-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.3.0...v7.4.0)
### Added
- Allow flows and flow executions to depend on SPI deployments [\#196](https://github.com/treydock/puppet-module-keycloak/pull/196) ([treydock](https://github.com/treydock))
## [v7.3.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.3.0) (2021-06-02)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.2.2...v7.3.0)
### Added
- Support Keycloak 13.x [\#195](https://github.com/treydock/puppet-module-keycloak/pull/195) ([treydock](https://github.com/treydock))
- Vagrant: install puppetlabs-postgresql [\#193](https://github.com/treydock/puppet-module-keycloak/pull/193) ([mattock](https://github.com/mattock))
## [v7.2.2](https://github.com/treydock/puppet-module-keycloak/tree/v7.2.2) (2021-04-23)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.2.1...v7.2.2)
### Fixed
- Domain mode sockets [\#192](https://github.com/treydock/puppet-module-keycloak/pull/192) ([kibahop](https://github.com/kibahop))
## [v7.2.1](https://github.com/treydock/puppet-module-keycloak/tree/v7.2.1) (2021-04-17)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.2.0...v7.2.1)
### Fixed
- Fix keycloak\_client to be able to update the secret [\#191](https://github.com/treydock/puppet-module-keycloak/pull/191) ([treydock](https://github.com/treydock))
## [v7.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.2.0) (2021-03-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.1.0...v7.2.0)
### Added
- Add support for logging to syslog [\#190](https://github.com/treydock/puppet-module-keycloak/pull/190) ([kibahop](https://github.com/kibahop))
## [v7.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.1.0) (2021-03-25)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.0.0...v7.1.0)
### Added
- FreeIPA/LDAP provider related regression fixes [\#189](https://github.com/treydock/puppet-module-keycloak/pull/189) ([mattock](https://github.com/mattock))
## [v7.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.0.0) (2021-03-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.26.0...v7.0.0)
### Changed
- Change default Keycloak version to 12.0.4 [\#188](https://github.com/treydock/puppet-module-keycloak/pull/188) ([treydock](https://github.com/treydock))
- Drop Puppet 5, support Puppet 7 [\#184](https://github.com/treydock/puppet-module-keycloak/pull/184) ([treydock](https://github.com/treydock))
### Added
- Split config.cli templates into smaller files, use epp templates [\#187](https://github.com/treydock/puppet-module-keycloak/pull/187) ([treydock](https://github.com/treydock))
- Support Ubuntu 20.04, bump dependency requirements [\#186](https://github.com/treydock/puppet-module-keycloak/pull/186) ([treydock](https://github.com/treydock))
## [v6.26.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.26.0) (2021-03-06)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.25.2...v6.26.0)
### Added
- Domain mode support [\#180](https://github.com/treydock/puppet-module-keycloak/pull/180) ([mattock](https://github.com/mattock))
### Fixed
- Avoid unnecessary config.cli changes [\#185](https://github.com/treydock/puppet-module-keycloak/pull/185) ([treydock](https://github.com/treydock))
## [v6.25.2](https://github.com/treydock/puppet-module-keycloak/tree/v6.25.2) (2021-02-09)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.25.1...v6.25.2)
### Fixed
- Fix missing IntegerProperty when keycloak\_ldap\_user\_provider [\#182](https://github.com/treydock/puppet-module-keycloak/pull/182) ([ZloeSabo](https://github.com/ZloeSabo))
## [v6.25.1](https://github.com/treydock/puppet-module-keycloak/tree/v6.25.1) (2021-01-07)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.25.0...v6.25.1)
### Fixed
- Ensure systemd logging for Keycloak uses more meaningful syslog identifier [\#179](https://github.com/treydock/puppet-module-keycloak/pull/179) ([treydock](https://github.com/treydock))
- Fix keycloak\_client to not warn when theme is not set [\#178](https://github.com/treydock/puppet-module-keycloak/pull/178) ([treydock](https://github.com/treydock))
## [v6.25.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.25.0) (2020-12-30)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.24.0...v6.25.0)
### Added
- Add client\_protocol\_mappers parameter [\#177](https://github.com/treydock/puppet-module-keycloak/pull/177) ([treydock](https://github.com/treydock))
## [v6.24.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.24.0) (2020-12-22)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.23.0...v6.24.0)
### Added
- Support Keycloak 12 [\#176](https://github.com/treydock/puppet-module-keycloak/pull/176) ([treydock](https://github.com/treydock))
## [v6.23.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.23.0) (2020-12-08)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.22.0...v6.23.0)
### Added
- Support saml-group-membership-mapper [\#171](https://github.com/treydock/puppet-module-keycloak/pull/171) ([mattock](https://github.com/mattock))
- Add convenience define for setting up FreeIPA LDAP mappers [\#170](https://github.com/treydock/puppet-module-keycloak/pull/170) ([mattock](https://github.com/mattock))
- PDK Update - Use Github Actions [\#169](https://github.com/treydock/puppet-module-keycloak/pull/169) ([treydock](https://github.com/treydock))
- Add convenience wrapper for setting up FreeIPA ldap user providers [\#135](https://github.com/treydock/puppet-module-keycloak/pull/135) ([mattock](https://github.com/mattock))
### Fixed
- Fix puppet-lint warning [\#172](https://github.com/treydock/puppet-module-keycloak/pull/172) ([mattock](https://github.com/mattock))
## [v6.22.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.22.0) (2020-11-23)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.21.0...v6.22.0)
### Added
- Support realm remember\_me parameters [\#168](https://github.com/treydock/puppet-module-keycloak/pull/168) ([mattock](https://github.com/mattock))
### Fixed
- Vagrant: install puppetlabs-concat during provisioning [\#167](https://github.com/treydock/puppet-module-keycloak/pull/167) ([mattock](https://github.com/mattock))
## [v6.21.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.21.0) (2020-10-30)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.20.0...v6.21.0)
### Added
- Fixing wrong filename in module.xml for datasource oracle [\#153](https://github.com/treydock/puppet-module-keycloak/pull/153) ([zaeh](https://github.com/zaeh))
## [v6.20.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.20.0) (2020-10-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.19.0...v6.20.0)
### Added
- add oidc-usermodel-attribute-mapper [\#166](https://github.com/treydock/puppet-module-keycloak/pull/166) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
- Support oidc-usermodel-client-role-mapper type in client protocol mapper [\#165](https://github.com/treydock/puppet-module-keycloak/pull/165) ([mattock](https://github.com/mattock))
## [v6.19.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.19.0) (2020-10-07)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.18.0...v6.19.0)
### Added
- Enable roles management at realm and client level [\#164](https://github.com/treydock/puppet-module-keycloak/pull/164) ([anlambert](https://github.com/anlambert))
- Add more realm login related properties [\#163](https://github.com/treydock/puppet-module-keycloak/pull/163) ([anlambert](https://github.com/anlambert))
## [v6.18.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.18.0) (2020-09-25)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.17.0...v6.18.0)
### Added
- Support flow overrides on clients [\#161](https://github.com/treydock/puppet-module-keycloak/pull/161) ([treydock](https://github.com/treydock))
- Add registration\_allowed to keycloak\_realm [\#160](https://github.com/treydock/puppet-module-keycloak/pull/160) ([anlambert](https://github.com/anlambert))
- Have realms and identity providers auto require their configured flows [\#159](https://github.com/treydock/puppet-module-keycloak/pull/159) ([treydock](https://github.com/treydock))
### Fixed
- Realm can not depend on flow that depends on realm [\#162](https://github.com/treydock/puppet-module-keycloak/pull/162) ([treydock](https://github.com/treydock))
## [v6.17.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.17.0) (2020-09-24)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.16.0...v6.17.0)
### Added
- Improved unit and acceptance tests for recent changes [\#158](https://github.com/treydock/puppet-module-keycloak/pull/158) ([treydock](https://github.com/treydock))
- add bruteForceProtected [\#157](https://github.com/treydock/puppet-module-keycloak/pull/157) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
- add trustEmail [\#156](https://github.com/treydock/puppet-module-keycloak/pull/156) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
- add keycloak-oidc providerid and other new parameters [\#155](https://github.com/treydock/puppet-module-keycloak/pull/155) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
## [v6.16.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.16.0) (2020-08-21)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.15.0...v6.16.0)
### Added
- Added a parameter to control if the managed user is a system user [\#152](https://github.com/treydock/puppet-module-keycloak/pull/152) ([ZloeSabo](https://github.com/ZloeSabo))
## [v6.15.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.15.0) (2020-08-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.14.0...v6.15.0)
### Added
- add resources [\#151](https://github.com/treydock/puppet-module-keycloak/pull/151) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
## [v6.14.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.14.0) (2020-08-11)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.13.1...v6.14.0)
### Added
- add proxy-address-forwarding for https-listener [\#149](https://github.com/treydock/puppet-module-keycloak/pull/149) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
- Add support for required actions [\#148](https://github.com/treydock/puppet-module-keycloak/pull/148) ([ZloeSabo](https://github.com/ZloeSabo))
## [v6.13.1](https://github.com/treydock/puppet-module-keycloak/tree/v6.13.1) (2020-08-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.13.0...v6.13.1)
### Fixed
- Explicitly specifies what user to use with the admin generation script [\#146](https://github.com/treydock/puppet-module-keycloak/pull/146) ([ZloeSabo](https://github.com/ZloeSabo))
## [v6.13.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.13.0) (2020-07-07)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.12.0...v6.13.0)
### Added
- Concat custom code fragment to config.cli [\#145](https://github.com/treydock/puppet-module-keycloak/pull/145) ([danifr](https://github.com/danifr))
- Update usage of deprecated function postgresql\_password [\#143](https://github.com/treydock/puppet-module-keycloak/pull/143) ([Karlinde](https://github.com/Karlinde))
## [v6.12.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.12.0) (2020-07-02)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.11.0...v6.12.0)
### Added
- Emit warning if configured theme does not exist [\#140](https://github.com/treydock/puppet-module-keycloak/pull/140) ([treydock](https://github.com/treydock))
- Add support for JGroups JDBC\_PING mode in clustered mode [\#139](https://github.com/treydock/puppet-module-keycloak/pull/139) ([danifr](https://github.com/danifr))
### UNCATEGORIZED PRS; GO LABEL THEM
- Remove outdated line in class documentation [\#137](https://github.com/treydock/puppet-module-keycloak/pull/137) ([danifr](https://github.com/danifr))
## [v6.11.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.11.0) (2020-05-22)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.10.0...v6.11.0)
### Added
- PDK update and test Keycloak 10.0.1 [\#133](https://github.com/treydock/puppet-module-keycloak/pull/133) ([treydock](https://github.com/treydock))
### UNCATEGORIZED PRS; GO LABEL THEM
- Add support for defining smtpServer from realms [\#131](https://github.com/treydock/puppet-module-keycloak/pull/131) ([mattock](https://github.com/mattock))
- Allow enabling/disabling client authorization services [\#127](https://github.com/treydock/puppet-module-keycloak/pull/127) ([mattock](https://github.com/mattock))
## [v6.10.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.10.0) (2020-03-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.9.0...v6.10.0)
### Added
- Add support and tests for Keycloak 9.0.0 [\#128](https://github.com/treydock/puppet-module-keycloak/pull/128) ([treydock](https://github.com/treydock))
## [v6.9.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.9.0) (2020-02-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.8.0...v6.9.0)
### Added
- Add access\_token\_lifespan to keycloak\_realm [\#126](https://github.com/treydock/puppet-module-keycloak/pull/126) ([treydock](https://github.com/treydock))
## [v6.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.8.0) (2020-02-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.7.0...v6.8.0)
### Added
- Add access\_code\_lifespan to keycloak\_realm [\#125](https://github.com/treydock/puppet-module-keycloak/pull/125) ([treydock](https://github.com/treydock))
## [v6.7.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.7.0) (2020-02-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.6.0...v6.7.0)
### Added
- Add sso\_session\_idle\_timeout and sso\_session\_max\_lifespan to keycloak\_realm [\#124](https://github.com/treydock/puppet-module-keycloak/pull/124) ([treydock](https://github.com/treydock))
## [v6.6.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.6.0) (2020-02-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.5.0...v6.6.0)
### Added
- Support oidc-audience-mapper protocol mapper [\#122](https://github.com/treydock/puppet-module-keycloak/pull/122) ([treydock](https://github.com/treydock))
## [v6.5.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.5.0) (2020-02-07)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.4.1...v6.5.0)
### Added
- Add root\_url and base\_url properties to keycloak\_client [\#121](https://github.com/treydock/puppet-module-keycloak/pull/121) ([treydock](https://github.com/treydock))
- Allow enabling/disabling realm internationalization [\#119](https://github.com/treydock/puppet-module-keycloak/pull/119) ([mattock](https://github.com/mattock))
## [v6.4.1](https://github.com/treydock/puppet-module-keycloak/tree/v6.4.1) (2020-02-06)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.4.0...v6.4.1)
### Fixed
- type/keycloak\_api: Set install\_dir default on /opt/keycloak [\#120](https://github.com/treydock/puppet-module-keycloak/pull/120) ([tcassaert](https://github.com/tcassaert))
## [v6.4.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.4.0) (2020-02-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.3.0...v6.4.0)
### Added
- Support oidc-group-membership-mapper protocol mapper type [\#118](https://github.com/treydock/puppet-module-keycloak/pull/118) ([treydock](https://github.com/treydock))
## [v6.3.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.3.0) (2020-01-16)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.2.0...v6.3.0)
### Added
- Add client\_auth\_method property to keycloak\_identity\_provider [\#117](https://github.com/treydock/puppet-module-keycloak/pull/117) ([treydock](https://github.com/treydock))
## [v6.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.2.0) (2020-01-09)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.1.0...v6.2.0)
### Added
- Support managing authentication flows [\#115](https://github.com/treydock/puppet-module-keycloak/pull/115) ([treydock](https://github.com/treydock))
- Support disabling the user cache [\#114](https://github.com/treydock/puppet-module-keycloak/pull/114) ([treydock](https://github.com/treydock))
- Support Keycloak SPI deployments [\#113](https://github.com/treydock/puppet-module-keycloak/pull/113) ([treydock](https://github.com/treydock))
- Add content\_security\_policy to keycloak\_realm [\#112](https://github.com/treydock/puppet-module-keycloak/pull/112) ([treydock](https://github.com/treydock))
- Improve handling of realm flow assignment to avoid errors [\#111](https://github.com/treydock/puppet-module-keycloak/pull/111) ([treydock](https://github.com/treydock))
- Support managing realm flow properties [\#110](https://github.com/treydock/puppet-module-keycloak/pull/110) ([treydock](https://github.com/treydock))
### Fixed
- Fix bug in flow parsing [\#116](https://github.com/treydock/puppet-module-keycloak/pull/116) ([treydock](https://github.com/treydock))
## [v6.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.1.0) (2019-12-31)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.0.0...v6.1.0)
### Added
- Add support for access.token.lifespan client attribute [\#109](https://github.com/treydock/puppet-module-keycloak/pull/109) ([mattock](https://github.com/mattock))
- Add two new realm properties [\#108](https://github.com/treydock/puppet-module-keycloak/pull/108) ([mattock](https://github.com/mattock))
## [v6.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.0.0) (2019-12-18)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.10.0...v6.0.0)
### Changed
- Change default Keycloak version to 8.0.1 [\#106](https://github.com/treydock/puppet-module-keycloak/pull/106) ([treydock](https://github.com/treydock))
- Change JAVA\_OPTS behavior for Keycloak [\#105](https://github.com/treydock/puppet-module-keycloak/pull/105) ([treydock](https://github.com/treydock))
- Change how install\_dir is defined, default behavior remains the same [\#90](https://github.com/treydock/puppet-module-keycloak/pull/90) ([treydock](https://github.com/treydock))
## [v5.10.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.10.0) (2019-12-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.9.0...v5.10.0)
### Added
- Allow defining supported locales for the realm [\#103](https://github.com/treydock/puppet-module-keycloak/pull/103) ([mattock](https://github.com/mattock))
## [v5.9.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.9.0) (2019-12-09)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.8.0...v5.9.0)
### Added
- Support Debian 10 [\#102](https://github.com/treydock/puppet-module-keycloak/pull/102) ([treydock](https://github.com/treydock))
## [v5.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.8.0) (2019-12-06)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.7.0...v5.8.0)
### Added
- Test against Keycloak 8.0.1 [\#100](https://github.com/treydock/puppet-module-keycloak/pull/100) ([treydock](https://github.com/treydock))
- Add option to enable tech preview features [\#99](https://github.com/treydock/puppet-module-keycloak/pull/99) ([treydock](https://github.com/treydock))
- Add login\_theme property to keycloak\_client [\#98](https://github.com/treydock/puppet-module-keycloak/pull/98) ([treydock](https://github.com/treydock))
- Add support for more client switches [\#96](https://github.com/treydock/puppet-module-keycloak/pull/96) ([mattock](https://github.com/mattock))
- Add option to enable tech preview features [\#95](https://github.com/treydock/puppet-module-keycloak/pull/95) ([danifr](https://github.com/danifr))
### Fixed
- Fix config.cli to be able to change datasource values [\#101](https://github.com/treydock/puppet-module-keycloak/pull/101) ([treydock](https://github.com/treydock))
## [v5.7.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.7.0) (2019-10-29)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.6.0...v5.7.0)
### Added
- Make JDBC xa-datasource-class name configurable [\#93](https://github.com/treydock/puppet-module-keycloak/pull/93) ([danifr](https://github.com/danifr))
## [v5.6.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.6.0) (2019-10-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.5.0...v5.6.0)
### Added
- Support EL8 [\#91](https://github.com/treydock/puppet-module-keycloak/pull/91) ([treydock](https://github.com/treydock))
## [v5.5.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.5.0) (2019-09-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.4.0...v5.5.0)
### Added
- Allow managing Keycloak installation from outside this module [\#87](https://github.com/treydock/puppet-module-keycloak/pull/87) ([mattock](https://github.com/mattock))
- Enable passing extra options to Keycloak in the systemd unit file [\#86](https://github.com/treydock/puppet-module-keycloak/pull/86) ([mattock](https://github.com/mattock))
- Enable defining bind address for the Keycloak systemd service [\#85](https://github.com/treydock/puppet-module-keycloak/pull/85) ([mattock](https://github.com/mattock))
## [v5.4.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.4.0) (2019-09-05)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.2...v5.4.0)
### Added
- Support Ubuntu 18.04 [\#84](https://github.com/treydock/puppet-module-keycloak/pull/84) ([treydock](https://github.com/treydock))
- Vagrant: add Ubuntu 1804 box [\#83](https://github.com/treydock/puppet-module-keycloak/pull/83) ([mattock](https://github.com/mattock))
## [v5.3.2](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.2) (2019-09-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.1...v5.3.2)
### Fixed
- Fix acceptance tests for SAML attribute name format [\#82](https://github.com/treydock/puppet-module-keycloak/pull/82) ([treydock](https://github.com/treydock))
## [v5.3.1](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.1) (2019-09-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.0...v5.3.1)
### Fixed
- Fix URI mapping for protocol mappers [\#81](https://github.com/treydock/puppet-module-keycloak/pull/81) ([treydock](https://github.com/treydock))
## [v5.3.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.0) (2019-08-30)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.2.0...v5.3.0)
### Added
- Fix \#78. Add clustered mode support [\#79](https://github.com/treydock/puppet-module-keycloak/pull/79) ([danifr](https://github.com/danifr))
## [v5.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.2.0) (2019-08-29)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.1.0...v5.2.0)
### Added
- Test against Keycloak 7.0.0 [\#77](https://github.com/treydock/puppet-module-keycloak/pull/77) ([treydock](https://github.com/treydock))
## [v5.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.1.0) (2019-08-28)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.0.1...v5.1.0)
### Added
- Support merging Hiera defined resources [\#75](https://github.com/treydock/puppet-module-keycloak/pull/75) ([treydock](https://github.com/treydock))
## [v5.0.1](https://github.com/treydock/puppet-module-keycloak/tree/v5.0.1) (2019-08-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.0.0...v5.0.1)
### Fixed
- Should be no default for keycloak\_client\_scope consent\_screen\_text property [\#74](https://github.com/treydock/puppet-module-keycloak/pull/74) ([treydock](https://github.com/treydock))
## [v5.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.0.0) (2019-08-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.2.0...v5.0.0)
### Changed
- Remove keycloak::client\_template [\#71](https://github.com/treydock/puppet-module-keycloak/pull/71) ([treydock](https://github.com/treydock))
## [v4.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.2.0) (2019-08-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.1.1...v4.2.0)
### Added
- Support group-ldap-mapper and role-ldap-mapper [\#73](https://github.com/treydock/puppet-module-keycloak/pull/73) ([treydock](https://github.com/treydock))
- Support saml-javascript-mapper for keycloak\_client\_protocol\_mapper [\#72](https://github.com/treydock/puppet-module-keycloak/pull/72) ([treydock](https://github.com/treydock))
## [v4.1.1](https://github.com/treydock/puppet-module-keycloak/tree/v4.1.1) (2019-08-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.1.0...v4.1.1)
### Fixed
- Fix default for keycloak\_identity\_provider prompt [\#70](https://github.com/treydock/puppet-module-keycloak/pull/70) ([treydock](https://github.com/treydock))
## [v4.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.1.0) (2019-08-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.0.0...v4.1.0)
### Added
- Add clients parameter [\#69](https://github.com/treydock/puppet-module-keycloak/pull/69) ([treydock](https://github.com/treydock))
- Simplify how keycloak\_client\_protocol\_mapper and keycloak\_protcol\_mapper are queried during prefetch [\#68](https://github.com/treydock/puppet-module-keycloak/pull/68) ([treydock](https://github.com/treydock))
- Support managing protocl mapper saml-javascript-mapper [\#67](https://github.com/treydock/puppet-module-keycloak/pull/67) ([treydock](https://github.com/treydock))
- Update module dependency version requirements [\#66](https://github.com/treydock/puppet-module-keycloak/pull/66) ([treydock](https://github.com/treydock))
- Use iteration and added parameters to define resources [\#65](https://github.com/treydock/puppet-module-keycloak/pull/65) ([treydock](https://github.com/treydock))
- Add keycloak\_identity\_provider type [\#64](https://github.com/treydock/puppet-module-keycloak/pull/64) ([treydock](https://github.com/treydock))
## [v4.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.0.0) (2019-06-12)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v3.8.0...v4.0.0)
### Changed
- Simplify and consolidate datasource parameters [\#63](https://github.com/treydock/puppet-module-keycloak/pull/63) ([treydock](https://github.com/treydock))
- Set default Keycloak version to 6.0.1 [\#61](https://github.com/treydock/puppet-module-keycloak/pull/61) ([treydock](https://github.com/treydock))
### Added
- Use hiera v5 module data [\#62](https://github.com/treydock/puppet-module-keycloak/pull/62) ([treydock](https://github.com/treydock))
## [v3.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v3.8.0) (2019-05-23)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.7.0...v3.8.0)
### Added
- Expand postgresql support to behave more like mysql support, simplified a bit [\#60](https://github.com/treydock/puppet-module-keycloak/pull/60) ([treydock](https://github.com/treydock))
- Use PDK [\#58](https://github.com/treydock/puppet-module-keycloak/pull/58) ([treydock](https://github.com/treydock))
## [3.7.0](https://github.com/treydock/puppet-module-keycloak/tree/3.7.0) (2019-05-20)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.6.1...3.7.0)
### Added
- Postgresql support [\#59](https://github.com/treydock/puppet-module-keycloak/pull/59) ([verrydtj](https://github.com/verrydtj))
## [3.6.1](https://github.com/treydock/puppet-module-keycloak/tree/3.6.1) (2019-05-13)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.6.0...3.6.1)
### Fixed
- Fix handling of events config during updates [\#56](https://github.com/treydock/puppet-module-keycloak/pull/56) ([treydock](https://github.com/treydock))
## [3.6.0](https://github.com/treydock/puppet-module-keycloak/tree/3.6.0) (2019-05-06)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.5.0...3.6.0)
### Added
- Support managing realm's events config [\#55](https://github.com/treydock/puppet-module-keycloak/pull/55) ([treydock](https://github.com/treydock))
- Test against Keycloak 6 [\#54](https://github.com/treydock/puppet-module-keycloak/pull/54) ([treydock](https://github.com/treydock))
## [3.5.0](https://github.com/treydock/puppet-module-keycloak/tree/3.5.0) (2019-04-09)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.4.0...3.5.0)
### Added
- manage user support [\#53](https://github.com/treydock/puppet-module-keycloak/pull/53) ([cborisa](https://github.com/cborisa))
## [3.4.0](https://github.com/treydock/puppet-module-keycloak/tree/3.4.0) (2019-02-25)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.3.0...3.4.0)
### Added
- JAVA\_OPTS via systemd unit Environment variable [\#51](https://github.com/treydock/puppet-module-keycloak/pull/51) ([danifr](https://github.com/danifr))
- Add option for service environment file [\#50](https://github.com/treydock/puppet-module-keycloak/pull/50) ([asieraguado](https://github.com/asieraguado))
## [3.3.0](https://github.com/treydock/puppet-module-keycloak/tree/3.3.0) (2019-01-28)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.2.0...3.3.0)
### Added
- Better ID handling [\#47](https://github.com/treydock/puppet-module-keycloak/pull/47) ([treydock](https://github.com/treydock))
- Test against Keycloak 4.8.1.Final and document version handling and upgrade [\#43](https://github.com/treydock/puppet-module-keycloak/pull/43) ([treydock](https://github.com/treydock))
### Fixed
- Fix keycloak\_ldap\_mapper id handling and write\_only property [\#46](https://github.com/treydock/puppet-module-keycloak/pull/46) ([treydock](https://github.com/treydock))
- Fix PuppetX usage for keycloak\_ldap\_mapper [\#45](https://github.com/treydock/puppet-module-keycloak/pull/45) ([treydock](https://github.com/treydock))
## [3.2.0](https://github.com/treydock/puppet-module-keycloak/tree/3.2.0) (2018-12-21)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.1.0...3.2.0)
### Added
- Support SSSD User Provider [\#42](https://github.com/treydock/puppet-module-keycloak/pull/42) ([treydock](https://github.com/treydock))
- Add enabled property to keycloak\_ldap\_user\_provider [\#41](https://github.com/treydock/puppet-module-keycloak/pull/41) ([treydock](https://github.com/treydock))
## [3.1.0](https://github.com/treydock/puppet-module-keycloak/tree/3.1.0) (2018-12-13)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.0.0...3.1.0)
### Added
- Bump dependency ranges for stdlib and mysql [\#40](https://github.com/treydock/puppet-module-keycloak/pull/40) ([treydock](https://github.com/treydock))
- Support Puppet 6 and drop support for Puppet 4 [\#39](https://github.com/treydock/puppet-module-keycloak/pull/39) ([treydock](https://github.com/treydock))
- Use beaker 4.x [\#37](https://github.com/treydock/puppet-module-keycloak/pull/37) ([treydock](https://github.com/treydock))
### Fixed
- Fix keycloak\_ldap\_user\_provider bind\_credential property to be idempotent [\#38](https://github.com/treydock/puppet-module-keycloak/pull/38) ([treydock](https://github.com/treydock))
## [3.0.0](https://github.com/treydock/puppet-module-keycloak/tree/3.0.0) (2018-08-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.7.1...3.0.0)
### Added
- Update module dependency version ranges [\#35](https://github.com/treydock/puppet-module-keycloak/pull/35) ([treydock](https://github.com/treydock))
## [2.7.1](https://github.com/treydock/puppet-module-keycloak/tree/2.7.1) (2018-08-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.7.0...2.7.1)
### Fixed
- Update reference [\#36](https://github.com/treydock/puppet-module-keycloak/pull/36) ([treydock](https://github.com/treydock))
## [2.7.0](https://github.com/treydock/puppet-module-keycloak/tree/2.7.0) (2018-08-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.6.0...2.7.0)
### Added
- Oracle support [\#33](https://github.com/treydock/puppet-module-keycloak/pull/33) ([cborisa](https://github.com/cborisa))
## [2.6.0](https://github.com/treydock/puppet-module-keycloak/tree/2.6.0) (2018-07-20)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.5.0...2.6.0)
### Added
- Use puppet-strings for documentation [\#30](https://github.com/treydock/puppet-module-keycloak/pull/30) ([treydock](https://github.com/treydock))
- Add search\_scope and custom\_user\_search\_filter properties to keycloak\_ldap\_user\_provider type [\#29](https://github.com/treydock/puppet-module-keycloak/pull/29) ([treydock](https://github.com/treydock))
- Explicitly define all type properties [\#27](https://github.com/treydock/puppet-module-keycloak/pull/27) ([treydock](https://github.com/treydock))
- Improve acceptance tests [\#26](https://github.com/treydock/puppet-module-keycloak/pull/26) ([treydock](https://github.com/treydock))
### Fixed
- Fix for keycloak\_protocol\_mapper type property and type unit test improvements [\#28](https://github.com/treydock/puppet-module-keycloak/pull/28) ([treydock](https://github.com/treydock))
## [2.5.0](https://github.com/treydock/puppet-module-keycloak/tree/2.5.0) (2018-07-18)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.4.0...2.5.0)
### Added
- Support setting auth\_type=simple related properties for keycloak\_ldap\_user\_provider type [\#24](https://github.com/treydock/puppet-module-keycloak/pull/24) ([treydock](https://github.com/treydock))
## [2.4.0](https://github.com/treydock/puppet-module-keycloak/tree/2.4.0) (2018-06-04)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.3.1...2.4.0)
### Added
- Add keycloak\_api configuration type [\#22](https://github.com/treydock/puppet-module-keycloak/pull/22) ([treydock](https://github.com/treydock))
## [2.3.1](https://github.com/treydock/puppet-module-keycloak/tree/2.3.1) (2018-03-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.3.0...2.3.1)
### Fixed
- Fix title patterns that use procs are not supported [\#21](https://github.com/treydock/puppet-module-keycloak/pull/21) ([alexjfisher](https://github.com/alexjfisher))
## [2.3.0](https://github.com/treydock/puppet-module-keycloak/tree/2.3.0) (2018-03-08)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.2.1...2.3.0)
### Added
- Allow keycloak\_protocol\_mapper attribute\_nameformat to be simpler values [\#18](https://github.com/treydock/puppet-module-keycloak/pull/18) ([treydock](https://github.com/treydock))
- Add SAML username protocol mapper to keycloak::client\_template [\#17](https://github.com/treydock/puppet-module-keycloak/pull/17) ([treydock](https://github.com/treydock))
- Support SAML role list protocol mapper [\#16](https://github.com/treydock/puppet-module-keycloak/pull/16) ([treydock](https://github.com/treydock))
- Add SAML support to keycloak\_protocol\_mapper and keycloak::client\_template [\#15](https://github.com/treydock/puppet-module-keycloak/pull/15) ([treydock](https://github.com/treydock))
### Fixed
- Fix SAML username protocol mapper to match keycloak code [\#19](https://github.com/treydock/puppet-module-keycloak/pull/19) ([treydock](https://github.com/treydock))
## [2.2.1](https://github.com/treydock/puppet-module-keycloak/tree/2.2.1) (2018-02-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.2.0...2.2.1)
### Fixed
- Do not show diff of files that may contain passwords [\#14](https://github.com/treydock/puppet-module-keycloak/pull/14) ([treydock](https://github.com/treydock))
## [2.2.0](https://github.com/treydock/puppet-module-keycloak/tree/2.2.0) (2018-02-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.1.0...2.2.0)
### Added
- Make management of the MySQL database optional [\#13](https://github.com/treydock/puppet-module-keycloak/pull/13) ([treydock](https://github.com/treydock))
## [2.1.0](https://github.com/treydock/puppet-module-keycloak/tree/2.1.0) (2018-02-22)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.0.1...2.1.0)
### Added
- Increase minimum java dependency to 2.2.0 to to support Debian 9. Update unit tests to test all supported OSes [\#12](https://github.com/treydock/puppet-module-keycloak/pull/12) ([treydock](https://github.com/treydock))
- Symlink instead of copy mysql connector. puppetlabs/mysql 5 compatibility [\#11](https://github.com/treydock/puppet-module-keycloak/pull/11) ([NITEMAN](https://github.com/NITEMAN))
- Add support for http port configuration [\#9](https://github.com/treydock/puppet-module-keycloak/pull/9) ([NITEMAN](https://github.com/NITEMAN))
- Add Debian 9 support [\#8](https://github.com/treydock/puppet-module-keycloak/pull/8) ([NITEMAN](https://github.com/NITEMAN))
### Fixed
- Fix ownership of install dir [\#10](https://github.com/treydock/puppet-module-keycloak/pull/10) ([NITEMAN](https://github.com/NITEMAN))
## [2.0.1](https://github.com/treydock/puppet-module-keycloak/tree/2.0.1) (2017-12-18)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.0.0...2.0.1)
### Fixed
- Fix configuration order when proxy\_https is true [\#7](https://github.com/treydock/puppet-module-keycloak/pull/7) ([treydock](https://github.com/treydock))
## [2.0.0](https://github.com/treydock/puppet-module-keycloak/tree/2.0.0) (2017-12-11)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/1.0.0...2.0.0)
### Changed
- BREAKING: Remove deprecated defined types [\#6](https://github.com/treydock/puppet-module-keycloak/pull/6) ([treydock](https://github.com/treydock))
- BREAKING: Set default version to 3.4.1.Final [\#4](https://github.com/treydock/puppet-module-keycloak/pull/4) ([treydock](https://github.com/treydock))
- BREAKING: Drop Puppet 3 support [\#3](https://github.com/treydock/puppet-module-keycloak/pull/3) ([treydock](https://github.com/treydock))
### Added
- Add always\_read\_value\_from\_ldap property to keycloak\_ldap\_mapper [\#5](https://github.com/treydock/puppet-module-keycloak/pull/5) ([treydock](https://github.com/treydock))
## [1.0.0](https://github.com/treydock/puppet-module-keycloak/tree/1.0.0) (2017-09-05)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/0.0.1...1.0.0)
### Added
- New types [\#1](https://github.com/treydock/puppet-module-keycloak/pull/1) ([treydock](https://github.com/treydock))
## [0.0.1](https://github.com/treydock/puppet-module-keycloak/tree/0.0.1) (2017-08-11)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/7af5fcb032534265eac261fc7a723cb7b27007f4...0.0.1)
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/REFERENCE.md b/REFERENCE.md
index 0977c6c..c3bd53c 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -1,3774 +1,3794 @@
# Reference
## Table of Contents
### Classes
#### Public Classes
* [`keycloak`](#keycloak): Manage Keycloak
* [`keycloak::config`](#keycloakconfig): Private class.
* [`keycloak::datasource::h2`](#keycloakdatasourceh2): Private class.
* [`keycloak::install`](#keycloakinstall): Private class.
* [`keycloak::service`](#keycloakservice): Private class.
* [`keycloak::sssd`](#keycloaksssd): Private class.
#### Private Classes
* `keycloak::datasource::mysql`: Manage MySQL datasource
* `keycloak::datasource::oracle`: Manage Oracle datasource
* `keycloak::datasource::postgresql`: Manage postgresql datasource
* `keycloak::resources`: Define Keycloak resources
### Defined types
* [`keycloak::client_scope::oidc`](#keycloakclient_scopeoidc): Manage Keycloak OpenID Connect client scope using built-in mappers
* [`keycloak::client_scope::saml`](#keycloakclient_scopesaml): Manage Keycloak SAML client scope using built-in mappers
* [`keycloak::freeipa_ldap_mappers`](#keycloakfreeipa_ldap_mappers): setup FreeIPA LDAP mappers for Keycloak
* [`keycloak::freeipa_user_provider`](#keycloakfreeipa_user_provider): setup IPA as an LDAP user provider for Keycloak
* [`keycloak::spi_deployment`](#keycloakspi_deployment): Manage Keycloak SPI deployment
* [`keycloak::truststore::host`](#keycloaktruststorehost): Add host to Keycloak truststore
### Resource types
* [`keycloak_api`](#keycloak_api): Type that configures API connection parameters for other keycloak types that use the Keycloak API.
* [`keycloak_client`](#keycloak_client): Manage Keycloak clients
* [`keycloak_client_protocol_mapper`](#keycloak_client_protocol_mapper): Manage Keycloak protocol mappers
* [`keycloak_client_scope`](#keycloak_client_scope): Manage Keycloak client scopes
* [`keycloak_conn_validator`](#keycloak_conn_validator): Verify that a connection can be successfully established between a node and the keycloak server. Its primary use is as a precondition to pre
* [`keycloak_flow`](#keycloak_flow): Manage a Keycloak flow **Autorequires** * `keycloak_realm` defined for `realm` parameter * `keycloak_flow` of `flow_alias` if `top_level=fals
* [`keycloak_flow_execution`](#keycloak_flow_execution): Manage a Keycloak flow **Autorequires** * `keycloak_realm` defined for `realm` parameter * `keycloak_flow` of value defined for `flow_alias`
* [`keycloak_identity_provider`](#keycloak_identity_provider): Manage Keycloak identity providers
* [`keycloak_ldap_mapper`](#keycloak_ldap_mapper): Manage Keycloak LDAP attribute mappers
* [`keycloak_ldap_user_provider`](#keycloak_ldap_user_provider): Manage Keycloak LDAP user providers
* [`keycloak_protocol_mapper`](#keycloak_protocol_mapper): Manage Keycloak client scope protocol mappers
* [`keycloak_realm`](#keycloak_realm): Manage Keycloak realms
* [`keycloak_required_action`](#keycloak_required_action): Manage Keycloak required actions
* [`keycloak_resource_validator`](#keycloak_resource_validator): Verify that a specific Keycloak resource is available
* [`keycloak_sssd_user_provider`](#keycloak_sssd_user_provider): Manage Keycloak SSSD user providers
## Classes
### `keycloak`
Manage Keycloak
#### Examples
#####
```puppet
include ::keycloak
```
#### Parameters
The following parameters are available in the `keycloak` class:
* [`manage_install`](#manage_install)
* [`version`](#version)
* [`package_url`](#package_url)
* [`install_dir`](#install_dir)
* [`service_name`](#service_name)
* [`service_ensure`](#service_ensure)
* [`service_enable`](#service_enable)
* [`service_hasstatus`](#service_hasstatus)
* [`service_hasrestart`](#service_hasrestart)
* [`service_bind_address`](#service_bind_address)
* [`management_bind_address`](#management_bind_address)
* [`java_opts`](#java_opts)
* [`java_opts_append`](#java_opts_append)
* [`service_extra_opts`](#service_extra_opts)
* [`manage_user`](#manage_user)
* [`user`](#user)
* [`user_shell`](#user_shell)
* [`group`](#group)
* [`user_uid`](#user_uid)
* [`group_gid`](#group_gid)
* [`system_user`](#system_user)
* [`admin_user`](#admin_user)
* [`admin_user_password`](#admin_user_password)
* [`wildfly_user`](#wildfly_user)
* [`wildfly_user_password`](#wildfly_user_password)
* [`manage_datasource`](#manage_datasource)
* [`datasource_driver`](#datasource_driver)
* [`datasource_host`](#datasource_host)
* [`datasource_port`](#datasource_port)
* [`datasource_url`](#datasource_url)
* [`datasource_dbname`](#datasource_dbname)
* [`datasource_username`](#datasource_username)
* [`datasource_password`](#datasource_password)
* [`datasource_package`](#datasource_package)
* [`datasource_jar_source`](#datasource_jar_source)
* [`datasource_jar_filename`](#datasource_jar_filename)
* [`datasource_module_source`](#datasource_module_source)
* [`datasource_xa_class`](#datasource_xa_class)
* [`mysql_database_charset`](#mysql_database_charset)
* [`proxy_https`](#proxy_https)
* [`truststore`](#truststore)
* [`truststore_hosts`](#truststore_hosts)
* [`truststore_password`](#truststore_password)
* [`truststore_hostname_verification_policy`](#truststore_hostname_verification_policy)
* [`http_port`](#http_port)
* [`theme_static_max_age`](#theme_static_max_age)
* [`theme_cache_themes`](#theme_cache_themes)
* [`theme_cache_templates`](#theme_cache_templates)
* [`realms`](#realms)
* [`realms_merge`](#realms_merge)
* [`oidc_client_scopes`](#oidc_client_scopes)
* [`oidc_client_scopes_merge`](#oidc_client_scopes_merge)
* [`saml_client_scopes`](#saml_client_scopes)
* [`saml_client_scopes_merge`](#saml_client_scopes_merge)
* [`identity_providers`](#identity_providers)
* [`identity_providers_merge`](#identity_providers_merge)
* [`client_protocol_mappers`](#client_protocol_mappers)
* [`client_scopes`](#client_scopes)
* [`client_scopes_merge`](#client_scopes_merge)
* [`protocol_mappers`](#protocol_mappers)
* [`protocol_mappers_merge`](#protocol_mappers_merge)
* [`clients`](#clients)
* [`clients_merge`](#clients_merge)
* [`flows`](#flows)
* [`flows_merge`](#flows_merge)
* [`flow_executions`](#flow_executions)
* [`flow_executions_merge`](#flow_executions_merge)
* [`required_actions`](#required_actions)
* [`required_actions_merge`](#required_actions_merge)
* [`ldap_mappers`](#ldap_mappers)
* [`ldap_mappers_merge`](#ldap_mappers_merge)
* [`ldap_user_providers`](#ldap_user_providers)
* [`ldap_user_providers_merge`](#ldap_user_providers_merge)
* [`with_sssd_support`](#with_sssd_support)
* [`libunix_dbus_java_source`](#libunix_dbus_java_source)
* [`install_libunix_dbus_java_build_dependencies`](#install_libunix_dbus_java_build_dependencies)
* [`libunix_dbus_java_build_dependencies`](#libunix_dbus_java_build_dependencies)
* [`libunix_dbus_java_libdir`](#libunix_dbus_java_libdir)
* [`jna_package_name`](#jna_package_name)
* [`manage_sssd_config`](#manage_sssd_config)
* [`sssd_ifp_user_attributes`](#sssd_ifp_user_attributes)
* [`restart_sssd`](#restart_sssd)
* [`service_environment_file`](#service_environment_file)
* [`operating_mode`](#operating_mode)
* [`enable_jdbc_ping`](#enable_jdbc_ping)
* [`jboss_bind_public_address`](#jboss_bind_public_address)
* [`jboss_bind_private_address`](#jboss_bind_private_address)
* [`role`](#role)
* [`user_cache`](#user_cache)
* [`tech_preview_features`](#tech_preview_features)
* [`auto_deploy_exploded`](#auto_deploy_exploded)
* [`auto_deploy_zipped`](#auto_deploy_zipped)
* [`spi_deployments`](#spi_deployments)
* [`custom_config_content`](#custom_config_content)
* [`custom_config_source`](#custom_config_source)
* [`master_address`](#master_address)
* [`server_name`](#server_name)
* [`syslog`](#syslog)
* [`syslog_app_name`](#syslog_app_name)
* [`syslog_facility`](#syslog_facility)
* [`syslog_hostname`](#syslog_hostname)
* [`syslog_level`](#syslog_level)
* [`syslog_port`](#syslog_port)
* [`syslog_server_address`](#syslog_server_address)
* [`syslog_format`](#syslog_format)
##### `manage_install`
Data type: `Boolean`
Install Keycloak from upstream Keycloak tarball.
Set to false to manage installation of Keycloak outside
this module and set $install_dir to match.
Defaults to true.
Default value: ``true``
##### `version`
Data type: `String`
Version of Keycloak to install and manage.
Default value: `'12.0.4'`
##### `package_url`
Data type: `Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]]`
URL of the Keycloak download.
Default is based on version.
Default value: ``undef``
##### `install_dir`
Data type: `Optional[Stdlib::Absolutepath]`
The directory of where to install Keycloak.
Default is `/opt/keycloak-${version}`.
Default value: ``undef``
##### `service_name`
Data type: `String`
Keycloak service name.
Default is `keycloak`.
Default value: `'keycloak'`
##### `service_ensure`
Data type: `String`
Keycloak service ensure property.
Default is `running`.
Default value: `'running'`
##### `service_enable`
Data type: `Boolean`
Keycloak service enable property.
Default is `true`.
Default value: ``true``
##### `service_hasstatus`
Data type: `Boolean`
Keycloak service hasstatus parameter.
Default is `true`.
Default value: ``true``
##### `service_hasrestart`
Data type: `Boolean`
Keycloak service hasrestart parameter.
Default is `true`.
Default value: ``true``
##### `service_bind_address`
Data type: `Stdlib::IP::Address`
Bind address for Keycloak service.
Default is '0.0.0.0'.
Default value: `'0.0.0.0'`
##### `management_bind_address`
Data type: `Stdlib::IP::Address`
Bind address for Keycloak management.
Default is '0.0.0.0'.
Default value: `'0.0.0.0'`
##### `java_opts`
Data type: `Optional[Variant[String, Array]]`
Sets additional options to Java virtual machine environment variable.
Default value: ``undef``
##### `java_opts_append`
Data type: `Boolean`
Determine if $JAVA_OPTS should be appended to when setting `java_opts` parameter
Default value: ``true``
##### `service_extra_opts`
Data type: `Optional[String]`
Additional options added to the end of the service command-line.
Default value: ``undef``
##### `manage_user`
Data type: `Boolean`
Defines if the module should manage the Linux user for Keycloak installation
Default value: ``true``
##### `user`
Data type: `String`
Keycloak user name.
Default is `keycloak`.
Default value: `'keycloak'`
##### `user_shell`
Data type: `Stdlib::Absolutepath`
Keycloak user shell.
Default value: `'/sbin/nologin'`
##### `group`
Data type: `String`
Keycloak user group name.
Default is `keycloak`.
Default value: `'keycloak'`
##### `user_uid`
Data type: `Optional[Integer]`
Keycloak user UID.
Default is `undef`.
Default value: ``undef``
##### `group_gid`
Data type: `Optional[Integer]`
Keycloak user group GID.
Default is `undef`.
Default value: ``undef``
##### `system_user`
Data type: `Boolean`
If keycloak user should be a system user with lower uid and gid.
Default is `true`
Default value: ``true``
##### `admin_user`
Data type: `String`
Keycloak administrative username.
Default is `admin`.
Default value: `'admin'`
##### `admin_user_password`
Data type: `String`
Keycloak administrative user password.
Default is `changeme`.
Default value: `'changeme'`
##### `wildfly_user`
Data type: `Optional[String]`
Wildfly user. Required for domain mode.
Default value: ``undef``
##### `wildfly_user_password`
Data type: `Optional[String]`
Wildfly user password. Required for domain mode.
Default value: ``undef``
##### `manage_datasource`
Data type: `Boolean`
Boolean that determines if configured datasource will be managed.
Default is `true`.
Default value: ``true``
##### `datasource_driver`
Data type: `Enum['h2', 'mysql', 'oracle', 'postgresql']`
Datasource driver to use for Keycloak.
Valid values are `h2`, `mysql`, 'oracle' and 'postgresql'
Default is `h2`.
Default value: `'h2'`
##### `datasource_host`
Data type: `Optional[String]`
Datasource host.
Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql'
Default is `localhost` for MySQL.
Default value: ``undef``
##### `datasource_port`
Data type: `Optional[Integer]`
Datasource port.
Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql'
Default is `3306` for MySQL.
Default value: ``undef``
##### `datasource_url`
Data type: `Optional[String]`
Datasource url.
Default datasource URLs are defined in init class.
Default value: ``undef``
##### `datasource_dbname`
Data type: `String`
Datasource database name.
Default is `keycloak`.
Default value: `'keycloak'`
##### `datasource_username`
Data type: `String`
Datasource user name.
Default is `sa`.
Default value: `'sa'`
##### `datasource_password`
Data type: `String`
Datasource user password.
Default is `sa`.
Default value: `'sa'`
##### `datasource_package`
Data type: `Optional[String]`
Package to add specified datasource support
Default value: ``undef``
##### `datasource_jar_source`
Data type: `Optional[String]`
Source for datasource JDBC driver - could be puppet link or local file on the node.
Default is dependent on value for `datasource_driver`.
This parameter is required if `datasource_driver` is `oracle`.
Default value: ``undef``
##### `datasource_jar_filename`
Data type: `Optional[String]`
Specify the filename of the destination datasource jar in the module dir of keycloak.
This parameter is only working at the moment if `datasource_driver` is `oracle`.
Default value: ``undef``
##### `datasource_module_source`
Data type: `Optional[String]`
Source for datasource module.xml. Default depends on `datasource_driver`.
Default value: ``undef``
##### `datasource_xa_class`
Data type: `Optional[String]`
MySQL Connector/J JDBC driver xa-datasource class name
Default value: ``undef``
##### `mysql_database_charset`
Data type: `String`
MySQL database charset
Default value: `'utf8'`
##### `proxy_https`
Data type: `Boolean`
Boolean that sets if HTTPS proxy should be enabled.
Set to `true` if proxying traffic through Apache.
Default is `false`.
Default value: ``false``
##### `truststore`
Data type: `Boolean`
Boolean that sets if truststore should be used.
Default is `false`.
Default value: ``false``
##### `truststore_hosts`
Data type: `Hash`
Hash that is used to define `keycloak::turststore::host` resources.
Default is `{}`.
Default value: `{}`
##### `truststore_password`
Data type: `String`
Truststore password.
Default is `keycloak`.
Default value: `'keycloak'`
##### `truststore_hostname_verification_policy`
Data type: `Enum['WILDCARD', 'STRICT', 'ANY']`
Valid values are `WILDCARD`, `STRICT`, and `ANY`.
Default is `WILDCARD`.
Default value: `'WILDCARD'`
##### `http_port`
Data type: `Integer`
HTTP port used by Keycloak.
Default is `8080`.
Default value: `8080`
##### `theme_static_max_age`
Data type: `Integer`
Max cache age in seconds of static content.
Default is `2592000`.
Default value: `2592000`
##### `theme_cache_themes`
Data type: `Boolean`
Boolean that sets if themes should be cached.
Default is `true`.
Default value: ``true``
##### `theme_cache_templates`
Data type: `Boolean`
Boolean that sets if templates should be cached.
Default is `true`.
Default value: ``true``
##### `realms`
Data type: `Hash`
Hash that is used to define keycloak_realm resources.
Default is `{}`.
Default value: `{}`
##### `realms_merge`
Data type: `Boolean`
Boolean that sets if `realms` should be merged from Hiera.
Default value: ``false``
##### `oidc_client_scopes`
Data type: `Hash`
Hash that is used to define keycloak::client_scope::oidc resources.
Default is `{}`.
Default value: `{}`
##### `oidc_client_scopes_merge`
Data type: `Boolean`
Boolean that sets if `oidc_client_scopes` should be merged from Hiera.
Default value: ``false``
##### `saml_client_scopes`
Data type: `Hash`
Hash that is used to define keycloak::client_scope::saml resources.
Default is `{}`.
Default value: `{}`
##### `saml_client_scopes_merge`
Data type: `Boolean`
Boolean that sets if `saml_client_scopes` should be merged from Hiera.
Default value: ``false``
##### `identity_providers`
Data type: `Hash`
Hash that is used to define keycloak_identity_provider resources.
Default value: `{}`
##### `identity_providers_merge`
Data type: `Boolean`
Boolean that sets if `identity_providers` should be merged from Hiera.
Default value: ``false``
##### `client_protocol_mappers`
Data type: `Hash`
Hash that is used to define keycloak_client_protocol_mapper resources.
Default value: `{}`
##### `client_scopes`
Data type: `Hash`
Hash that is used to define keycloak_client_scope resources.
Default value: `{}`
##### `client_scopes_merge`
Data type: `Boolean`
Boolean that sets if `client_scopes` should be merged from Hiera.
Default value: ``false``
##### `protocol_mappers`
Data type: `Hash`
Hash that is used to define keycloak_protocol_mapper resources.
Default value: `{}`
##### `protocol_mappers_merge`
Data type: `Boolean`
Boolean that sets if `protocol_mappers` should be merged from Hiera.
Default value: ``false``
##### `clients`
Data type: `Hash`
Hash that is used to define keycloak_client resources.
Default value: `{}`
##### `clients_merge`
Data type: `Boolean`
Boolean that sets if `clients` should be merged from Hiera.
Default value: ``false``
##### `flows`
Data type: `Hash`
Hash taht is used to define keycloak_flow resources.
Default value: `{}`
##### `flows_merge`
Data type: `Boolean`
Boolean that sets if `flows` should be merged from Hiera.
Default value: ``false``
##### `flow_executions`
Data type: `Hash`
Hash taht is used to define keycloak_flow resources.
Default value: `{}`
##### `flow_executions_merge`
Data type: `Boolean`
Boolean that sets if `flows` should be merged from Hiera.
Default value: ``false``
##### `required_actions`
Data type: `Hash`
Hash that is used to define keycloak_required_action resources.
Default value: `{}`
##### `required_actions_merge`
Data type: `Boolean`
Boolean that sets if `required_actions` should be merged from Hiera.
Default value: ``false``
##### `ldap_mappers`
Data type: `Hash`
Hash that is used to define keycloak_ldap_mapper resources.
Default value: `{}`
##### `ldap_mappers_merge`
Data type: `Boolean`
Boolean that sets if `ldap_mappers` should be merged from Hiera.
Default value: ``false``
##### `ldap_user_providers`
Data type: `Hash`
Hash that is used to define keycloak_ldap_user_provider resources.
Default value: `{}`
##### `ldap_user_providers_merge`
Data type: `Boolean`
Boolean that sets if `ldap_user_providers` should be merged from Hiera.
Default value: ``false``
##### `with_sssd_support`
Data type: `Boolean`
Boolean that determines if SSSD user provider support should be available
Default value: ``false``
##### `libunix_dbus_java_source`
Data type: `Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]`
Source URL of libunix-dbus-java
Default value: `'https://github.com/keycloak/libunix-dbus-java/archive/libunix-dbus-java-0.8.0.tar.gz'`
##### `install_libunix_dbus_java_build_dependencies`
Data type: `Boolean`
Boolean that determines of libunix-dbus-java build dependencies are managed by this module
Default value: ``true``
##### `libunix_dbus_java_build_dependencies`
Data type: `Array`
Packages needed to build libunix-dbus-java
Default value: `[]`
##### `libunix_dbus_java_libdir`
Data type: `Stdlib::Absolutepath`
Path to directory to install libunix-dbus-java libraries
Default value: `'/usr/lib64'`
##### `jna_package_name`
Data type: `String`
Package name for jna
Default value: `'jna'`
##### `manage_sssd_config`
Data type: `Boolean`
Boolean that determines if SSSD ifp config for Keycloak is managed
Default value: ``true``
##### `sssd_ifp_user_attributes`
Data type: `Array`
user_attributes to define for SSSD ifp service
Default value: `[]`
##### `restart_sssd`
Data type: `Boolean`
Boolean that determines if SSSD should be restarted
Default value: ``true``
##### `service_environment_file`
Data type: `Optional[Stdlib::Absolutepath]`
Path to the file with environment variables for the systemd service
Default value: ``undef``
##### `operating_mode`
Data type: `Enum['standalone', 'clustered', 'domain']`
Keycloak operating mode deployment
Default value: `'standalone'`
##### `enable_jdbc_ping`
Data type: `Boolean`
Use JDBC_PING to discover the nodes and manage the replication of data
More info: http://jgroups.org/manual/#_jdbc_ping
Only applies when `operating_mode` is either `clustered` or `domain`
JDBC_PING uses port 7600 to ensure cluster members are discoverable by each other
This module does not manage firewall changes
Default value: ``false``
##### `jboss_bind_public_address`
Data type: `Stdlib::IP::Address`
JBoss bind public IP address
Default value: `$facts['networking']['ip']`
##### `jboss_bind_private_address`
Data type: `Stdlib::IP::Address`
JBoss bind private IP address
Default value: `$facts['networking']['ip']`
##### `role`
Data type: `Optional[Enum['master', 'slave']]`
Role when operating mode is domain.
Default value: ``undef``
##### `user_cache`
Data type: `Boolean`
Boolean that determines if userCache is enabled
Default value: ``true``
##### `tech_preview_features`
Data type: `Array`
List of technology Preview features to enable
Default value: `[]`
##### `auto_deploy_exploded`
Data type: `Boolean`
Set if exploded deployements will be auto deployed
Default value: ``false``
##### `auto_deploy_zipped`
Data type: `Boolean`
Set if zipped deployments will be auto deployed
Default value: ``true``
##### `spi_deployments`
Data type: `Hash`
Hash used to define keycloak::spi_deployment resources
Default value: `{}`
##### `custom_config_content`
Data type: `Optional[String]`
Custom configuration content to be added to config.cli
Default value: ``undef``
##### `custom_config_source`
Data type: `Optional[Variant[String, Array]]`
Custom configuration source file to be added to config.cli
Default value: ``undef``
##### `master_address`
Data type: `Optional[Stdlib::Host]`
IP address of the master in domain mode
Default value: ``undef``
##### `server_name`
Data type: `String`
Server name in domain mode. Defaults to hostname.
Default value: `$facts['hostname']`
##### `syslog`
Data type: `Boolean`
Enable syslog. Default false.
Default value: ``false``
##### `syslog_app_name`
Data type: `String`
Syslog app name. Default 'keycloak'.
Default value: `'keycloak'`
##### `syslog_facility`
Data type: `String`
Syslog facility. Default 'user-level'. See https://docs.jboss.org/author/display/AS72/Logging%20Configuration.html
Default value: `'user-level'`
##### `syslog_hostname`
Data type: `Stdlib::Host`
Syslog hostname of the server. Default $facts['fqdn'].
Default value: `$facts['fqdn']`
##### `syslog_level`
Data type: `String`
Syslog level. Default 'INFO'. See https://docs.jboss.org/author/display/AS72/Logging%20Configuration.html
Default value: `'INFO'`
##### `syslog_port`
Data type: `Stdlib::Port`
The port the syslog server is listening on. Default '514'.
Default value: `514`
##### `syslog_server_address`
Data type: `Stdlib::Host`
The address of the syslog server. Default 'localhost'.
Default value: `'localhost'`
##### `syslog_format`
Data type: `Enum['RFC3164', 'RFC5424']`
Syslog format. Either 'RFC3164' or 'RFC5424' Default 'RFC3164'.
Default value: `'RFC3164'`
### `keycloak::config`
Private class.
### `keycloak::datasource::h2`
Private class.
### `keycloak::install`
Private class.
### `keycloak::service`
Private class.
### `keycloak::sssd`
Private class.
## Defined types
### `keycloak::client_scope::oidc`
Manage Keycloak OpenID Connect client scope using built-in mappers
#### Examples
#####
```puppet
keycloak::client_scope::oidc { 'oidc-clients':
realm => 'test',
}
```
#### Parameters
The following parameters are available in the `keycloak::client_scope::oidc` defined type:
* [`realm`](#realm)
* [`resource_name`](#resource_name)
##### `realm`
Data type: `String`
Realm of the client scope.
##### `resource_name`
Data type: `String`
Name of the client scope resource
Default value: `$name`
### `keycloak::client_scope::saml`
Manage Keycloak SAML client scope using built-in mappers
#### Examples
#####
```puppet
keycloak::client_scope::saml { 'saml-clients':
realm => 'test',
}
```
#### Parameters
The following parameters are available in the `keycloak::client_scope::saml` defined type:
* [`realm`](#realm)
* [`resource_name`](#resource_name)
##### `realm`
Data type: `String`
Realm of the client scope.
##### `resource_name`
Data type: `String`
Name of the client scope resource
Default value: `$name`
### `keycloak::freeipa_ldap_mappers`
setup FreeIPA LDAP mappers for Keycloak
#### Examples
#####
```puppet
keycloak::freeipa_ldap_mappers { 'ipa.example.org':
realm => 'EXAMPLE.ORG',
groups_dn => 'cn=groups,cn=accounts,dc=example,dc=org',
roles_dn => 'cn=groups,cn=accounts,dc=example,dc=org'
}
```
#### Parameters
The following parameters are available in the `keycloak::freeipa_ldap_mappers` defined type:
* [`realm`](#realm)
* [`groups_dn`](#groups_dn)
* [`roles_dn`](#roles_dn)
* [`parent_id`](#parent_id)
##### `realm`
Data type: `String`
Keycloak realm
##### `groups_dn`
Data type: `String`
Groups DN
##### `roles_dn`
Data type: `String`
Roles DN
##### `parent_id`
Data type: `Optional[String]`
Identifier (parentId) for the LDAP provider to add this mapper to.
Will be passed to the $ldap parameter in keycloak_ldap_mapper.
Default value: ``undef``
### `keycloak::freeipa_user_provider`
setup IPA as an LDAP user provider for Keycloak
#### Examples
##### Add FreeIPA as a user provider
```puppet
keycloak::freeipa_user_provider { 'ipa.example.org':
ensure => 'present',
realm => 'EXAMPLE.ORG',
bind_dn => 'uid=ldapproxy,cn=sysaccounts,cn=etc,dc=example,dc=org',
bind_credential => 'secret',
users_dn => 'cn=users,cn=accounts,dc=example,dc=org',
priority => 10,
}
```
#### Parameters
The following parameters are available in the `keycloak::freeipa_user_provider` defined type:
* [`ensure`](#ensure)
* [`id`](#id)
* [`ipa_host`](#ipa_host)
* [`realm`](#realm)
* [`bind_dn`](#bind_dn)
* [`bind_credential`](#bind_credential)
* [`users_dn`](#users_dn)
* [`priority`](#priority)
* [`ldaps`](#ldaps)
* [`full_sync_period`](#full_sync_period)
* [`changed_sync_period`](#changed_sync_period)
##### `ensure`
Data type: `Enum['present', 'absent']`
LDAP user provider status
Default value: `'present'`
##### `id`
Data type: `Optional[String]`
ID to use for user provider
Default value: ``undef``
##### `ipa_host`
Data type: `Stdlib::Host`
Hostname of the FreeIPA server (e.g. ipa.example.org)
Default value: `$title`
##### `realm`
Data type: `String`
Keycloak realm
##### `bind_dn`
Data type: `String`
LDAP bind dn
##### `bind_credential`
Data type: `String`
LDAP bind password
##### `users_dn`
Data type: `String`
The DN for user search
##### `priority`
Data type: `Integer`
Priority for this user provider
Default value: `10`
##### `ldaps`
Data type: `Boolean`
Use LDAPS protocol instead of LDAP
Default value: ``false``
##### `full_sync_period`
Data type: `Optional[Integer]`
Synchronize all users this often (fullSyncPeriod)
Default value: ``undef``
##### `changed_sync_period`
Data type: `Optional[Integer]`
Synchronize changed users this often (changedSyncPeriod)
Default value: ``undef``
### `keycloak::spi_deployment`
}
#### Examples
##### Add Duo SPI
```puppet
keycloak::spi_deployment { 'duo-spi':
ensure => 'present',
deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar',
source => 'file:///path/to/source/keycloak-duo-spi-jar-with-dependencies.jar',
}
```
##### Add Duo SPI and check API for existance of resources before going onto dependenct resources
```puppet
keycloak::spi_deployment { 'duo-spi':
deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar',
source => 'file:///path/to/source/keycloak-duo-spi-jar-with-dependencies.jar',
test_url => 'authentication/authenticator-providers',
test_key => 'id',
test_value => 'duo-mfa-authenticator',
test_realm => 'test',
before => Keycloak_flow_execution['duo-mfa-authenticator under form-browser-with-duo on test'],
```
#### Parameters
The following parameters are available in the `keycloak::spi_deployment` defined type:
* [`ensure`](#ensure)
* [`deployed_name`](#deployed_name)
* [`source`](#source)
* [`test_url`](#test_url)
* [`test_key`](#test_key)
* [`test_value`](#test_value)
* [`test_realm`](#test_realm)
* [`test_before`](#test_before)
##### `ensure`
Data type: `Enum['present', 'absent']`
State of the deployment
Default value: `'present'`
##### `deployed_name`
Data type: `String[1]`
Name of the file to be deployed. Defaults to `$name`.
Default value: `$name`
##### `source`
Data type: `Variant[Stdlib::Filesource, Stdlib::HTTPSUrl]`
Source of the deployment, supports 'file://', 'puppet://', 'https://' or 'http://'
##### `test_url`
Data type: `Optional[String]`
URL to test for existance of resources created by this SPI
Default value: ``undef``
##### `test_key`
Data type: `Optional[String]`
Key of resource when testing for resource created by this SPI
Default value: ``undef``
##### `test_value`
Data type: `Optional[String]`
Value of the `test_key` when testing for resources created by this SPI
Default value: ``undef``
##### `test_realm`
Data type: `Optional[String]`
Realm to query when looking for resources created by this SPI
Default value: ``undef``
##### `test_before`
Data type: `Optional[Array]`
Setup autorequires for validator dependent resources
Default value: ``undef``
### `keycloak::truststore::host`
Add host to Keycloak truststore
#### Examples
#####
```puppet
keycloak::truststore::host { 'ldap1.example.com':
certificate => '/etc/openldap/certs/0a00000.0',
}
```
#### Parameters
The following parameters are available in the `keycloak::truststore::host` defined type:
* [`certificate`](#certificate)
* [`ensure`](#ensure)
##### `certificate`
Data type: `String`
Path to host certificate
##### `ensure`
Data type: `Enum['latest', 'present', 'absent']`
Host ensure value passed to `java_ks` resource.
Default value: `'latest'`
## Resource types
### `keycloak_api`
Type that configures API connection parameters for other keycloak types that use the Keycloak API.
#### Examples
##### Define API access
```puppet
keycloak_api { 'keycloak'
install_dir => '/opt/keycloak',
server => 'http://localhost:8080/auth',
realm => 'master',
user => 'admin',
password => 'changeme',
}
```
#### Parameters
The following parameters are available in the `keycloak_api` type.
* [`install_dir`](#install_dir)
* [`name`](#name)
* [`password`](#password)
* [`realm`](#realm)
* [`server`](#server)
* [`use_wrapper`](#use_wrapper)
* [`user`](#user)
##### `install_dir`
Install location of Keycloak
Default value: `/opt/keycloak`
##### `name`
namevar
Keycloak API config
##### `password`
Password for authentication
Default value: `changeme`
##### `realm`
Realm for authentication
Default value: `master`
##### `server`
Auth URL for Keycloak server
Default value: `http://localhost:8080/auth`
##### `use_wrapper`
Valid values: ``true``, ``false``
Boolean that determines if kcadm_wrapper.sh should be used
Default value: ``false``
##### `user`
User for authentication
Default value: `admin`
### `keycloak_client`
Manage Keycloak clients
#### Examples
##### Add a OpenID Connect client
```puppet
keycloak_client { 'www.example.com':
ensure => 'present',
realm => 'test',
redirect_uris => [
"https://www.example.com/oidc",
"https://www.example.com",
],
default_client_scopes => ['profile','email'],
secret => 'supersecret',
}
```
#### Properties
The following properties are available in the `keycloak_client` type.
##### `access_token_lifespan`
access.token.lifespan
##### `authorization_services_enabled`
Valid values: ``true``, ``false``
authorizationServicesEnabled
Default value: `false`
##### `base_url`
baseUrl
##### `bearer_only`
Valid values: ``true``, ``false``
bearerOnly
Default value: `false`
##### `browser_flow`
authenticationFlowBindingOverrides.browser (Use flow alias, not ID)
Default value: `absent`
##### `client_authenticator_type`
clientAuthenticatorType
Default value: `client-secret`
##### `default_client_scopes`
defaultClientScopes
Default value: `[]`
##### `direct_access_grants_enabled`
Valid values: ``true``, ``false``
enabled
Default value: `true`
##### `direct_grant_flow`
authenticationFlowBindingOverrides.direct_grant (Use flow alias, not ID)
Default value: `absent`
##### `enabled`
Valid values: ``true``, ``false``
enabled
Default value: `true`
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `full_scope_allowed`
Valid values: ``true``, ``false``
fullScopeAllowed
Default value: `true`
##### `implicit_flow_enabled`
Valid values: ``true``, ``false``
implicitFlowEnabled
Default value: `false`
##### `login_theme`
login_theme
Default value: `absent`
##### `optional_client_scopes`
optionalClientScopes
Default value: `[]`
##### `protocol`
Valid values: `openid-connect`, `saml`
protocol
Default value: `openid-connect`
##### `public_client`
Valid values: ``true``, ``false``
enabled
Default value: `false`
##### `redirect_uris`
redirectUris
Default value: `[]`
##### `roles`
roles
Default value: `[]`
##### `root_url`
rootUrl
##### `secret`
secret
##### `service_accounts_enabled`
Valid values: ``true``, ``false``
serviceAccountsEnabled
Default value: `false`
##### `standard_flow_enabled`
Valid values: ``true``, ``false``
standardFlowEnabled
Default value: `true`
##### `web_origins`
webOrigins
Default value: `[]`
#### Parameters
The following parameters are available in the `keycloak_client` type.
* [`client_id`](#client_id)
* [`id`](#id)
* [`name`](#name)
* [`provider`](#provider)
* [`realm`](#realm)
##### `client_id`
clientId. Defaults to `name`.
##### `id`
Id. Defaults to `client_id`
##### `name`
namevar
The client name
##### `provider`
The specific backend to use for this `keycloak_client` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
##### `realm`
realm
### `keycloak_client_protocol_mapper`
Manage Keycloak protocol mappers
#### Examples
##### Add email protocol mapper to test.example.com client in realm test
```puppet
keycloak_client_protocol_mapper { "email for test.example.com on test":
claim_name => 'email',
user_attribute => 'email',
}
```
#### Properties
The following properties are available in the `keycloak_client_protocol_mapper` type.
##### `access_token_claim`
Valid values: ``true``, ``false``
access.token.claim. Default to `true` for `protocol` `openid-connect`.
##### `attribute_name`
attribute.name Default to `resource_name` for `type` `saml-user-property-mapper`.
##### `attribute_nameformat`
attribute.nameformat
##### `claim_name`
claim.name
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `friendly_name`
friendly.name. Default to `resource_name` for `type` `saml-user-property-mapper`.
##### `full_path`
Valid values: ``true``, ``false``
full.path. Default to `false` for `type` `oidc-group-membership-mapper`.
##### `id_token_claim`
Valid values: ``true``, ``false``
id.token.claim. Default to `true` for `protocol` `openid-connect`.
##### `included_client_audience`
included.client.audience Required for `type` of `oidc-audience-mapper`
##### `json_type_label`
json.type.label. Default to `String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`.
##### `protocol`
Valid values: `openid-connect`, `saml`
protocol
Default value: `openid-connect`
##### `script`
Script, only valid for `type` of `saml-javascript-mapper`'
Array values will be joined with newlines. Strings will be kept unchanged.
##### `single`
Valid values: ``true``, ``false``
single. Default to `false` for `type` `saml-role-list-mapper`.
##### `user_attribute`
user.attribute. Default to `resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper`
##### `userinfo_token_claim`
Valid values: ``true``, ``false``
userinfo.token.claim. Default to `true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`.
#### Parameters
The following parameters are available in the `keycloak_client_protocol_mapper` type.
* [`client`](#client)
* [`id`](#id)
* [`name`](#name)
* [`provider`](#provider)
* [`realm`](#realm)
* [`resource_name`](#resource_name)
* [`type`](#type)
##### `client`
client
##### `id`
Id.
##### `name`
namevar
The protocol mapper name
##### `provider`
The specific backend to use for this `keycloak_client_protocol_mapper` resource. You will seldom need to specify this
--- Puppet will usually discover the appropriate provider for your platform.
##### `realm`
realm
##### `resource_name`
The protocol mapper name. Defaults to `name`.
##### `type`
Valid values: `oidc-usermodel-client-role-mapper`, `oidc-usermodel-property-mapper`, `oidc-full-name-mapper`, `oidc-group-membership-mapper`, `oidc-audience-mapper`, `saml-user-property-mapper`, `saml-role-list-mapper`
protocolMapper.
Default is `oidc-usermodel-property-mapper` for `protocol` `openid-connect` and
`saml-user-property-mapper` for `protocol` `saml`.
### `keycloak_client_scope`
Manage Keycloak client scopes
#### Examples
##### Define a OpenID Connect client scope in the test realm
```puppet
keycloak_client_scope { 'email on test':
protocol => 'openid-connect',
}
```
#### Properties
The following properties are available in the `keycloak_client_scope` type.
##### `consent_screen_text`
consent.screen.text
##### `display_on_consent_screen`
Valid values: ``true``, ``false``
display.on.consent.screen
Default value: `true`
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `protocol`
Valid values: `openid-connect`, `saml`
protocol
Default value: `openid-connect`
#### Parameters
The following parameters are available in the `keycloak_client_scope` type.
* [`id`](#id)
* [`name`](#name)
* [`provider`](#provider)
* [`realm`](#realm)
* [`resource_name`](#resource_name)
##### `id`
Id. Defaults to `resource_name`.
##### `name`
namevar
The client scope name
##### `provider`
The specific backend to use for this `keycloak_client_scope` resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
##### `realm`
realm
##### `resource_name`
The client scope name. Defaults to `name`.
### `keycloak_conn_validator`
Verify that a connection can be successfully established between a node
and the keycloak server. Its primary use is as a precondition to
prevent configuration changes from being applied if the keycloak
server cannot be reached, but it could potentially be used for other
purposes such as monitoring.
#### Properties
The following properties are available in the `keycloak_conn_validator` type.
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
#### Parameters
The following parameters are available in the `keycloak_conn_validator` type.
* [`keycloak_port`](#keycloak_port)
* [`keycloak_server`](#keycloak_server)
* [`name`](#name)
* [`provider`](#provider)
* [`test_url`](#test_url)
* [`timeout`](#timeout)
* [`use_ssl`](#use_ssl)
##### `keycloak_port`
The port that the keycloak server should be listening on.
Default value: `8080`
##### `keycloak_server`
The DNS name or IP address of the server where keycloak should be running.
Default value: `localhost`
##### `name`
namevar
An arbitrary name used as the identity of the resource.
##### `provider`
The specific backend to use for this `keycloak_conn_validator` resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
##### `test_url`
URL to use for testing if the Keycloak database is up
Default value: `/auth/admin/serverinfo`
##### `timeout`
The max number of seconds that the validator should wait before giving up and deciding that keycloak is not running;
defaults to 15 seconds.
Default value: `30`
##### `use_ssl`
Whether the connection will be attemped using https
Default value: ``false``
### `keycloak_flow`
Manage a Keycloak flow
**Autorequires**
* `keycloak_realm` defined for `realm` parameter
* `keycloak_flow` of `flow_alias` if `top_level=false`
* `keycloak_flow` of `flow_alias` if other `index` is lower and if `top_level=false`
* `keycloak_flow_execution` if `flow_alias` is the same and other `index` is lower and if `top_level=false`
#### Examples
##### Add custom flow
```puppet
keycloak_flow { 'browser-with-duo':
ensure => 'present',
realm => 'test',
}
```
##### Add a flow execution to existing browser-with-duo flow
```puppet
keycloak_flow { 'form-browser-with-duo under browser-with-duo on test':
ensure => 'present',
index => 2,
requirement => 'ALTERNATIVE',
top_level => false,
}
```
#### Properties
The following properties are available in the `keycloak_flow` type.
##### `description`
description
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `index`
execution index, only applied to top_level=false, required for top_level=false
##### `requirement`
Valid values: `DISABLED`, `ALTERNATIVE`, `REQUIRED`, `CONDITIONAL`, `disabled`, `alternative`, `required`, `conditional`
requirement, only applied to top_level=false and defaults to DISABLED
#### Parameters
The following parameters are available in the `keycloak_flow` type.
* [`alias`](#alias)
* [`flow_alias`](#flow_alias)
* [`id`](#id)
* [`name`](#name)
* [`provider`](#provider)
* [`provider_id`](#provider_id)
* [`realm`](#realm)
* [`top_level`](#top_level)
* [`type`](#type)
##### `alias`
Alias. Default to `name`.
##### `flow_alias`
flowAlias, required for top_level=false
##### `id`
Id. Default to `$alias-$realm` when top_level is true. Only applies to top_level=true
##### `name`
namevar
The flow name
##### `provider`
The specific backend to use for this `keycloak_flow` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
##### `provider_id`
Valid values: `basic-flow`, `form-flow`
providerId
Default value: `basic-flow`
##### `realm`
realm
##### `top_level`
Valid values: ``true``, ``false``
topLevel
Default value: ``true``
##### `type`
sub-flow execution provider, default to `registration-page-form` for top_level=false and does not apply to
top_level=true
### `keycloak_flow_execution`
Manage a Keycloak flow
**Autorequires**
* `keycloak_realm` defined for `realm` parameter
* `keycloak_flow` of value defined for `flow_alias`
* `keycloak_flow` if they share same `flow_alias` value and the other resource `index` is lower
* `keycloak_flow_execution` if `flow_alias` is the same and other `index` is lower
#### Examples
##### Add an execution to a flow
```puppet
keycloak_flow_execution { 'auth-cookie under browser-with-duo on test':
ensure => 'present',
configurable => false,
display_name => 'Cookie',
index => 0,
requirement => 'ALTERNATIVE',
}
```
##### Add an execution to a execution flow that is one level deeper than top level
```puppet
keycloak_flow_execution { 'auth-username-password-form under form-browser-with-duo on test':
ensure => 'present',
configurable => false,
display_name => 'Username Password Form',
index => 0,
requirement => 'REQUIRED',
}
```
##### Add an execution with a configuration
```puppet
keycloak_flow_execution { 'duo-mfa-authenticator under form-browser-with-duo on test':
ensure => 'present',
configurable => true,
display_name => 'Duo MFA',
alias => 'Duo',
config => {
"duomfa.akey" => "foo-akey",
"duomfa.apihost" => "api-foo.duosecurity.com",
"duomfa.skey" => "secret",
"duomfa.ikey" => "foo-ikey",
"duomfa.groups" => "duo"
},
requirement => 'REQUIRED',
index => 1,
}
```
#### Properties
The following properties are available in the `keycloak_flow_execution` type.
##### `config`
execution config
##### `configurable`
Valid values: ``true``, ``false``
configurable
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `index`
execution index
##### `requirement`
Valid values: `DISABLED`, `ALTERNATIVE`, `REQUIRED`, `CONDITIONAL`, `disabled`, `alternative`, `required`, `conditional`
requirement
Default value: `DISABLED`
#### Parameters
The following parameters are available in the `keycloak_flow_execution` type.
* [`alias`](#alias)
* [`config_id`](#config_id)
* [`display_name`](#display_name)
* [`flow_alias`](#flow_alias)
* [`id`](#id)
* [`name`](#name)
* [`provider`](#provider)
* [`provider_id`](#provider_id)
* [`realm`](#realm)
##### `alias`
alias
##### `config_id`
read-only config ID
##### `display_name`
displayName
##### `flow_alias`
flowAlias
##### `id`
read-only Id
##### `name`
namevar
The flow execution name
##### `provider`
The specific backend to use for this `keycloak_flow_execution` resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
##### `provider_id`
provider
##### `realm`
realm
### `keycloak_identity_provider`
Manage Keycloak identity providers
#### Examples
##### Add CILogon identity provider to test realm
```puppet
keycloak_identity_provider { 'cilogon on test':
ensure => 'present',
display_name => 'CILogon',
provider_id => 'oidc',
first_broker_login_flow_alias => 'browser',
client_id => 'cilogon:/client_id/foobar',
client_secret => 'supersecret',
user_info_url => 'https://cilogon.org/oauth2/userinfo',
token_url => 'https://cilogon.org/oauth2/token',
authorization_url => 'https://cilogon.org/authorize',
}
```
#### Properties
The following properties are available in the `keycloak_identity_provider` type.
##### `add_read_token_role_on_create`
Valid values: ``true``, ``false``
addReadTokenRoleOnCreate
Default value: `false`
##### `allowed_clock_skew`
allowedClockSkew
##### `authenticate_by_default`
Valid values: ``true``, ``false``
authenticateByDefault
Default value: `false`
##### `authorization_url`
authorizationUrl
##### `backchannel_supported`
Valid values: ``true``, ``false``
backchannelSupported
Default value: `false`
##### `client_auth_method`
Valid values: `client_secret_post`, `client_secret_basic`, `client_secret_jwt`, `private_key_jwt`
clientAuthMethod
Default value: `client_secret_post`
##### `client_id`
clientId
##### `client_secret`
clientSecret
##### `default_scope`
default_scope
##### `disable_user_info`
Valid values: ``true``, ``false``
disableUserInfo
Default value: `false`
##### `display_name`
displayName
##### `enabled`
Valid values: ``true``, ``false``
enabled
Default value: `true`
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `first_broker_login_flow_alias`
firstBrokerLoginFlowAlias
Default value: `first broker login`
##### `forward_parameters`
forwardParameters
##### `gui_order`
guiOrder
##### `hide_on_login_page`
Valid values: ``true``, ``false``
hideOnLoginPage
Default value: `false`
##### `issuer`
issuer
##### `jwks_url`
jwksUrl
##### `link_only`
Valid values: ``true``, ``false``
linkOnly
Default value: `false`
##### `login_hint`
Valid values: ``true``, ``false``
loginHint
Default value: `false`
##### `logout_url`
logoutUrl
##### `post_broker_login_flow_alias`
postBrokerLoginFlowAlias
##### `prompt`
Valid values: `none`, `consent`, `login`, `select_account`
prompt
##### `store_token`
Valid values: ``true``, ``false``
storeToken
Default value: `false`
##### `sync_mode`
Valid values: `IMPORT`, `LEGACY`, `FORCE`
syncMode
Default value: `IMPORT`
##### `token_url`
tokenUrl
##### `trust_email`
Valid values: ``true``, ``false``
trustEmail
Default value: `false`
##### `ui_locales`
Valid values: ``true``, ``false``
uiLocales
Default value: `false`
##### `update_profile_first_login_mode`
Valid values: `on`, `off`
updateProfileFirstLoginMode
Default value: `on`
##### `use_jwks_url`
Valid values: ``true``, ``false``
useJwksUrl
Default value: `true`
##### `user_info_url`
userInfoUrl
##### `validate_signature`
Valid values: ``true``, ``false``
validateSignature
Default value: `false`
#### Parameters
The following parameters are available in the `keycloak_identity_provider` type.
* [`alias`](#alias)
* [`internal_id`](#internal_id)
* [`name`](#name)
* [`provider`](#provider)
* [`provider_id`](#provider_id)
* [`realm`](#realm)
##### `alias`
The identity provider name. Defaults to `name`.
##### `internal_id`
internalId. Defaults to "`alias`-`realm`"
##### `name`
namevar
The identity provider name
##### `provider`
The specific backend to use for this `keycloak_identity_provider` resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
##### `provider_id`
Valid values: `oidc`, `keycloak-oidc`
providerId
Default value: `oidc`
##### `realm`
realm
### `keycloak_ldap_mapper`
Manage Keycloak LDAP attribute mappers
#### Examples
##### Add full name attribute mapping
```puppet
keycloak_ldap_mapper { 'full name for LDAP-test on test:
ensure => 'present',
type => 'full-name-ldap-mapper',
ldap_attribute => 'gecos',
}
```
#### Properties
The following properties are available in the `keycloak_ldap_mapper` type.
##### `always_read_value_from_ldap`
Valid values: ``true``, ``false``
always.read.value.from.ldap. Defaults to `true` if `type` is `user-attribute-ldap-mapper`.
##### `client_id`
client.id, only for `type` of `role-ldap-mapper`
##### `drop_non_existing_groups_during_sync`
Valid values: ``true``, ``false``
drop.non.existing.groups.during.sync, only for `type` of `group-ldap-mapper`
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `group_name_ldap_attribute`
group.name.ldap.attribute, only for `type` of `group-ldap-mapper`
##### `group_object_classes`
group.object.classes, only for `type` of `group-ldap-mapper`
##### `groups_dn`
groups.dn, only for `type` of `group-ldap-mapper`
##### `groups_ldap_filter`
groups.ldap.filter, only for `type` of `group-ldap-mapper`
##### `ignore_missing_groups`
Valid values: ``true``, ``false``
ignore.missing.groups, only for `type` of `group-ldap-mapper`
##### `is_mandatory_in_ldap`
is.mandatory.in.ldap. Defaults to `false` unless `type` is `full-name-ldap-mapper`.
##### `ldap_attribute`
ldap.attribute
##### `mapped_group_attributes`
mapped.group.attributes, only for `type` of `group-ldap-mapper`
##### `memberof_ldap_attribute`
memberof.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `membership_attribute_type`
Valid values: `DN`, `UID`
membership.attribute.type, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `membership_ldap_attribute`
membership.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `membership_user_ldap_attribute`
membership.user.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `mode`
Valid values: `READ_ONLY`, `LDAP_ONLY`
mode, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `preserve_group_inheritance`
Valid values: ``true``, ``false``
preserve.group.inheritance, only for `type` of `group-ldap-mapper`
##### `read_only`
Valid values: ``true``, ``false``
read.only
##### `role_name_ldap_attribute`
role.name.ldap.attribute, only for `type` of `role-ldap-mapper`
##### `role_object_classes`
role.object.classes, only for `type` of `role-ldap-mapper`
##### `roles_dn`
roles.dn, only for `type` of `role-ldap-mapper`
##### `roles_ldap_filter`
roles.ldap.filter, only for `type` of `role-ldap-mapper`
##### `use_realm_roles_mapping`
Valid values: ``true``, ``false``
use.realm.roles.mapping, only for `type` of `role-ldap-mapper`
##### `user_model_attribute`
user.model.attribute
##### `user_roles_retrieve_strategy`
Valid values: `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`, `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`
user.roles.retrieve.strategy, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `write_only`
Valid values: ``true``, ``false``
write.only. Defaults to `false` if `type` is `full-name-ldap-mapper`.
#### Parameters
The following parameters are available in the `keycloak_ldap_mapper` type.
* [`id`](#id)
* [`ldap`](#ldap)
* [`name`](#name)
* [`provider`](#provider)
* [`realm`](#realm)
* [`resource_name`](#resource_name)
* [`type`](#type)
##### `id`
Id.
##### `ldap`
parentId
##### `name`
namevar
The LDAP mapper name
##### `provider`
The specific backend to use for this `keycloak_ldap_mapper` resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
##### `realm`
realm
##### `resource_name`
The LDAP mapper name. Defaults to `name`
##### `type`
Valid values: `user-attribute-ldap-mapper`, `full-name-ldap-mapper`, `group-ldap-mapper`, `role-ldap-mapper`
providerId
Default value: `user-attribute-ldap-mapper`
### `keycloak_ldap_user_provider`
Manage Keycloak LDAP user providers
#### Examples
##### Add LDAP user provider to test realm
```puppet
keycloak_ldap_user_provider { 'LDAP on test':
ensure => 'present',
users_dn => 'ou=People,dc=example,dc=com',
connection_url => 'ldaps://ldap1.example.com:636 ldaps://ldap2.example.com:636',
import_enabled => false,
use_truststore_spi => 'never',
}
```
#### Properties
The following properties are available in the `keycloak_ldap_user_provider` type.
##### `auth_type`
Valid values: `none`, `simple`
authType
Default value: `none`
##### `batch_size_for_sync`
batchSizeForSync
Default value: `1000`
##### `bind_credential`
bindCredential
##### `bind_dn`
bindDn
##### `changed_sync_period`
changedSyncPeriod
Default value: `-1`
##### `connection_url`
connectionUrl
##### `custom_user_search_filter`
Valid values: `%r{.*}`, `absent`
customUserSearchFilter
Default value: `absent`
##### `edit_mode`
Valid values: `READ_ONLY`, `WRITABLE`, `UNSYNCED`
editMode
Default value: `READ_ONLY`
##### `enabled`
Valid values: ``true``, ``false``
enabled
Default value: `true`
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `full_sync_period`
fullSyncPeriod
Default value: `-1`
##### `import_enabled`
Valid values: ``true``, ``false``
importEnabled
Default value: `true`
##### `priority`
priority
Default value: `0`
##### `rdn_ldap_attribute`
rdnLdapAttribute
Default value: `uid`
##### `search_scope`
Valid values: `one`, `one_level`, `subtree`, `1`, `2`, `1`, `2`
searchScope
##### `trust_email`
Valid values: ``true``, ``false``
trustEmail
Default value: `false`
##### `use_kerberos_for_password_authentication`
Valid values: ``true``, ``false``
useKerberosForPasswordAuthentication
##### `use_truststore_spi`
Valid values: `always`, `ldapsOnly`, `never`
useTruststoreSpi
Default value: `ldapsOnly`
##### `user_object_classes`
userObjectClasses
Default value: `['inetOrgPerson', 'organizationalPerson']`
##### `username_ldap_attribute`
usernameLdapAttribute
Default value: `uid`
##### `users_dn`
usersDn
##### `uuid_ldap_attribute`
uuidLdapAttribute
Default value: `entryUUID`
##### `vendor`
Valid values: `ad`, `rhds`, `tivoli`, `eDirectory`, `other`
vendor
Default value: `other`
#### Parameters
The following parameters are available in the `keycloak_ldap_user_provider` type.
* [`id`](#id)
* [`name`](#name)
* [`provider`](#provider)
* [`realm`](#realm)
* [`resource_name`](#resource_name)
##### `id`
Id. Defaults to "`resource_name`-`realm`"
##### `name`
namevar
The LDAP user provider name
##### `provider`
The specific backend to use for this `keycloak_ldap_user_provider` resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
##### `realm`
parentId
##### `resource_name`
The LDAP user provider name. Defaults to `name`.
### `keycloak_protocol_mapper`
Manage Keycloak client scope protocol mappers
#### Examples
##### Add email protocol mapper to oidc-client client scope in realm test
```puppet
keycloak_protocol_mapper { "email for oidc-clients on test":
claim_name => 'email',
user_attribute => 'email',
}
```
#### Properties
The following properties are available in the `keycloak_protocol_mapper` type.
##### `access_token_claim`
Valid values: ``true``, ``false``
access.token.claim. Default to `true` for `protocol` `openid-connect`.
##### `attribute_name`
attribute.name Default to `resource_name` for `type` `saml-user-property-mapper`.
##### `attribute_nameformat`
attribute.nameformat
##### `claim_name`
claim.name
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `friendly_name`
friendly.name. Default to `resource_name` for `type` `saml-user-property-mapper`.
##### `full_path`
Valid values: ``true``, ``false``
full.path. Default to `false` for `type` `oidc-group-membership-mapper`.
##### `id_token_claim`
Valid values: ``true``, ``false``
id.token.claim. Default to `true` for `protocol` `openid-connect`.
##### `included_client_audience`
included.client.audience Required for `type` of `oidc-audience-mapper`
##### `json_type_label`
json.type.label. Default to `String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`.
##### `protocol`
Valid values: `openid-connect`, `saml`
protocol
Default value: `openid-connect`
##### `script`
Script, only valid for `type` of `saml-javascript-mapper`'
Array values will be joined with newlines. Strings will be kept unchanged.
##### `single`
Valid values: ``true``, ``false``
single. Default to `false` for `type` `saml-role-list-mapper` or `saml-javascript-mapper`.
##### `user_attribute`
user.attribute. Default to `resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper`
##### `userinfo_token_claim`
Valid values: ``true``, ``false``
userinfo.token.claim. Default to `true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`.
#### Parameters
The following parameters are available in the `keycloak_protocol_mapper` type.
* [`client_scope`](#client_scope)
* [`id`](#id)
* [`name`](#name)
* [`provider`](#provider)
* [`realm`](#realm)
* [`resource_name`](#resource_name)
* [`type`](#type)
##### `client_scope`
client scope
##### `id`
Id.
##### `name`
namevar
The protocol mapper name
##### `provider`
The specific backend to use for this `keycloak_protocol_mapper` resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
##### `realm`
realm
##### `resource_name`
The protocol mapper name. Defaults to `name`.
##### `type`
Valid values: `oidc-usermodel-property-mapper`, `oidc-usermodel-attribute-mapper`, `oidc-full-name-mapper`, `oidc-group-membership-mapper`, `oidc-audience-mapper`, `saml-group-membership-mapper`, `saml-user-property-mapper`, `saml-user-attribute-mapper`, `saml-role-list-mapper`
protocolMapper.
Default is `oidc-usermodel-property-mapper` for `protocol` `openid-connect` and
`saml-user-property-mapper` for `protocol` `saml`.
### `keycloak_realm`
Manage Keycloak realms
#### Examples
##### Add a realm with a custom theme
```puppet
keycloak_realm { 'test':
ensure => 'present',
remember_me => true,
login_with_email_allowed => false,
login_theme => 'my_theme',
}
```
#### Properties
The following properties are available in the `keycloak_realm` type.
##### `access_code_lifespan`
accessCodeLifespan
##### `access_code_lifespan_login`
accessCodeLifespanLogin
##### `access_code_lifespan_user_action`
accessCodeLifespanUserAction
##### `access_token_lifespan`
accessTokenLifespan
##### `access_token_lifespan_for_implicit_flow`
accessTokenLifespanForImplicitFlow
##### `account_theme`
accountTheme
Default value: `keycloak`
##### `action_token_generated_by_admin_lifespan`
actionTokenGeneratedByAdminLifespan
##### `action_token_generated_by_user_lifespan`
actionTokenGeneratedByUserLifespan
##### `admin_events_details_enabled`
Valid values: ``true``, ``false``
adminEventsDetailsEnabled
Default value: `false`
##### `admin_events_enabled`
Valid values: ``true``, ``false``
adminEventsEnabled
Default value: `false`
##### `admin_theme`
adminTheme
Default value: `keycloak`
##### `browser_flow`
browserFlow
Default value: `browser`
##### `brute_force_protected`
Valid values: ``true``, ``false``
bruteForceProtected
##### `client_authentication_flow`
clientAuthenticationFlow
Default value: `clients`
##### `content_security_policy`
contentSecurityPolicy
Default value: `frame-src 'self'; frame-ancestors 'self'; object-src 'none';`
+##### `custom_properties`
+
+custom properties to pass as realm configurations
+
##### `default_client_scopes`
Default Client Scopes
##### `direct_grant_flow`
directGrantFlow
Default value: `direct grant`
##### `display_name`
displayName
##### `display_name_html`
displayNameHtml
##### `docker_authentication_flow`
dockerAuthenticationFlow
Default value: `docker auth`
+##### `edit_username_allowed`
+
+Valid values: ``true``, ``false``
+
+editUsernameAllowed
+
+Default value: `false`
+
##### `email_theme`
emailTheme
Default value: `keycloak`
##### `enabled`
Valid values: ``true``, ``false``
enabled
Default value: `true`
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `events_enabled`
Valid values: ``true``, ``false``
eventsEnabled
Default value: `false`
##### `events_expiration`
eventsExpiration
##### `events_listeners`
eventsListeners
Default value: `['jboss-logging']`
##### `internationalization_enabled`
Valid values: ``true``, ``false``
internationalizationEnabled
Default value: `false`
##### `login_theme`
loginTheme
Default value: `keycloak`
##### `login_with_email_allowed`
Valid values: ``true``, ``false``
loginWithEmailAllowed
Default value: `true`
##### `offline_session_idle_timeout`
offlineSessionIdleTimeout
##### `offline_session_max_lifespan`
offlineSessionMaxLifespan
##### `offline_session_max_lifespan_enabled`
Valid values: ``true``, ``false``
offlineSessionMaxLifespanEnabled
Default value: `false`
##### `optional_client_scopes`
Optional Client Scopes
##### `registration_allowed`
Valid values: ``true``, ``false``
registrationAllowed
Default value: `false`
##### `registration_flow`
registrationFlow
Default value: `registration`
##### `remember_me`
Valid values: ``true``, ``false``
rememberMe
Default value: `false`
##### `reset_credentials_flow`
resetCredentialsFlow
Default value: `reset credentials`
##### `reset_password_allowed`
Valid values: ``true``, ``false``
resetPasswordAllowed
Default value: `false`
##### `roles`
roles
Default value: `['offline_access', 'uma_authorization']`
##### `smtp_server_auth`
Valid values: ``true``, ``false``
smtpServer auth
##### `smtp_server_envelope_from`
smtpServer envelope_from
##### `smtp_server_from`
smtpServer from
##### `smtp_server_from_display_name`
smtpServer fromDisplayName
##### `smtp_server_host`
smtpServer host
##### `smtp_server_password`
smtpServer password
##### `smtp_server_port`
smtpServer port
##### `smtp_server_reply_to`
smtpServer replyto
##### `smtp_server_reply_to_display_name`
smtpServer replyToDisplayName
##### `smtp_server_ssl`
Valid values: ``true``, ``false``
smtpServer ssl
##### `smtp_server_starttls`
Valid values: ``true``, ``false``
smtpServer starttls
##### `smtp_server_user`
smtpServer user
+##### `ssl_required`
+
+Valid values: `none`, `all`, `external`
+
+sslRequired
+
+Default value: `external`
+
##### `sso_session_idle_timeout`
ssoSessionIdleTimeout
##### `sso_session_idle_timeout_remember_me`
ssoSessionIdleTimeoutRememberMe
##### `sso_session_max_lifespan`
ssoSessionMaxLifespan
##### `sso_session_max_lifespan_remember_me`
ssoSessionMaxLifespanRememberMe
##### `supported_locales`
Supported Locales
##### `user_managed_access_allowed`
Valid values: ``true``, ``false``
userManagedAccessAllowed
Default value: `false`
##### `verify_email`
Valid values: ``true``, ``false``
verifyEmail
Default value: `false`
#### Parameters
The following parameters are available in the `keycloak_realm` type.
* [`id`](#id)
* [`manage_roles`](#manage_roles)
* [`name`](#name)
* [`provider`](#provider)
##### `id`
Id. Default to `name`.
##### `manage_roles`
Valid values: ``true``, ``false``
Manage realm roles
Default value: ``true``
##### `name`
namevar
The realm name
##### `provider`
The specific backend to use for this `keycloak_realm` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
### `keycloak_required_action`
Manage Keycloak required actions
#### Examples
##### Enable Webauthn Register and make it default
```puppet
keycloak_required_action { 'webauthn-register on master':
ensure => present,
provider_id => 'webauthn-register',
display_name => 'Webauthn Register',
default => true,
enabled => true,
priority => 1,
config => {
'something' => 'true', # keep in mind that keycloak only supports strings for both keys and values
'smth else' => '1',
},
alias => 'webauthn',
}
@example Minimal example to enable email verification without making it default
keycloak_required_action { 'VERIFY_EMAIL on master':
ensure => present,
provider_id => 'webauthn-register',
}
```
#### Properties
The following properties are available in the `keycloak_required_action` type.
##### `alias`
Alias. Default to `provider_id`.
##### `config`
Required action config
##### `default`
Valid values: ``true``, ``false``
If the required action is a default one. Default to false
Default value: `false`
##### `display_name`
Displayed name. Default to `provider_id`
##### `enabled`
Valid values: ``true``, ``false``
If the required action is enabled. Default to true.
Default value: `true`
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `priority`
Required action priority
#### Parameters
The following parameters are available in the `keycloak_required_action` type.
* [`name`](#name)
* [`provider`](#provider)
* [`provider_id`](#provider_id)
* [`realm`](#realm)
##### `name`
namevar
The required action name
##### `provider`
The specific backend to use for this `keycloak_required_action` resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
##### `provider_id`
providerId of the required action
##### `realm`
realm
### `keycloak_resource_validator`
Verify that a specific Keycloak resource is available
#### Properties
The following properties are available in the `keycloak_resource_validator` type.
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
#### Parameters
The following parameters are available in the `keycloak_resource_validator` type.
* [`dependent_resources`](#dependent_resources)
* [`name`](#name)
* [`provider`](#provider)
* [`realm`](#realm)
* [`test_key`](#test_key)
* [`test_url`](#test_url)
* [`test_value`](#test_value)
* [`timeout`](#timeout)
##### `dependent_resources`
Resources that should autorequire this validator, eg: Keycloak_flow_execution[foobar]
##### `name`
namevar
An arbitrary name used as the identity of the resource.
##### `provider`
The specific backend to use for this `keycloak_resource_validator` resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
##### `realm`
Realm to query
##### `test_key`
Key to lookup
##### `test_url`
URL to use for testing if the Keycloak database is up
##### `test_value`
Value to lookup
##### `timeout`
The max number of seconds that the validator should wait before giving up and deciding that keycloak is not running;
defaults to 15 seconds.
Default value: `30`
### `keycloak_sssd_user_provider`
Manage Keycloak SSSD user providers
#### Examples
##### Add SSSD user provider to test realm
```puppet
keycloak_sssd_user_provider { 'SSSD on test':
ensure => 'present',
}
```
#### Properties
The following properties are available in the `keycloak_sssd_user_provider` type.
##### `cache_policy`
Valid values: `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, `NO_CACHE`
cachePolicy
Default value: `DEFAULT`
##### `enabled`
Valid values: ``true``, ``false``
enabled
Default value: `true`
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `eviction_day`
evictionDay
##### `eviction_hour`
evictionHour
##### `eviction_minute`
evictionMinute
##### `max_lifespan`
maxLifespan
##### `priority`
priority
Default value: `0`
#### Parameters
The following parameters are available in the `keycloak_sssd_user_provider` type.
* [`id`](#id)
* [`name`](#name)
* [`provider`](#provider)
* [`realm`](#realm)
* [`resource_name`](#resource_name)
##### `id`
Id. Defaults to "`resource_name`-`realm`"
##### `name`
namevar
The SSSD user provider name
##### `provider`
The specific backend to use for this `keycloak_sssd_user_provider` resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
##### `realm`
parentId
##### `resource_name`
The SSSD user provider name. Defaults to `name`.
diff --git a/metadata.json b/metadata.json
index 0e55070..4389058 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,92 +1,92 @@
{
"name": "treydock-keycloak",
- "version": "7.11.1",
+ "version": "7.12.0",
"author": "treydock",
"summary": "Keycloak Puppet module",
"license": "Apache-2.0",
"source": "https://github.com/treydock/puppet-module-keycloak",
"project_page": "https://github.com/treydock/puppet-module-keycloak",
"issues_url": "https://github.com/treydock/puppet-module-keycloak/issues",
"dependencies": [
{
"name": "puppetlabs/stdlib",
"version_requirement": ">= 4.25.0 <9.0.0"
},
{
"name": "puppetlabs/mysql",
"version_requirement": ">= 10.3.0 <13.0.0"
},
{
"name": "puppetlabs/postgresql",
"version_requirement": ">= 6.6.0 <8.0.0"
},
{
"name": "puppetlabs/java",
"version_requirement": ">= 7.3.0 <8.0.0"
},
{
"name": "puppetlabs/java_ks",
"version_requirement": ">= 1.0.0 <5.0.0"
},
{
"name": "puppetlabs/augeas_core",
"version_requirement": ">= 1.0.0 <2.0.0"
},
{
"name": "puppetlabs/yumrepo_core",
"version_requirement": ">= 1.0.0 <2.0.0"
},
{
"name": "puppet/archive",
"version_requirement": ">= 0.5.1 <7.0.0"
},
{
"name": "puppet/systemd",
"version_requirement": ">= 0.4.0 <4.0.0"
}
],
"operatingsystem_support": [
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"7",
"8"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "Rocky",
"operatingsystemrelease": [
"8"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"9",
"10"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"18.04",
"20.04"
]
}
],
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 6.0.0 < 8.0.0"
}
],
"pdk-version": "1.17.0",
"template-url": "https://github.com/treydock/pdk-templates.git#master",
"template-ref": "heads/master-0-g3b13f94"
}