From f40349bd905121c7759bc75d673a8ed12becfbac Mon Sep 17 00:00:00 2001
From: Robert Wolf <robert.wolf@abacus.ch>
Date: Mon, 20 Jan 2025 17:40:38 +0100
Subject: [PATCH 1/5] add custom protocol mapper

---
 .../provider/keycloak_protocol_mapper/kcadm.rb   | 13 +++++++++++++
 lib/puppet/type/keycloak_protocol_mapper.rb      | 16 ++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb b/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
index d26bab62..d695f3b7 100644
--- a/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
+++ b/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
@@ -72,6 +72,11 @@ def self.instances
           if ['saml-group-membership-mapper', 'saml-role-list-mapper', 'saml-javascript-mapper'].include?(protocol_mapper[:type])
             protocol_mapper[:single] = d['config']['single'].to_s.to_sym
           end
+          unless ['oidc-usermodel-property-mapper', 'oidc-usermodel-attribute-mapper', 'oidc-full-name-mapper', 'oidc-group-membership-mapper', 'oidc-audience-mapper', 'saml-group-membership-mapper', 'saml-user-property-mapper', 'saml-user-attribute-mapper', 'saml-role-list-mapper', 'saml-javascript-mapper'].include?(d['protocolMapper'])
+            protocol_mapper[:type] = 'custom'
+            protocol_mapper[:custom_type] = d['protocolMapper']
+            protocol_mapper[:custom_config] = d['config']
+          end
           protocol_mappers << new(protocol_mapper)
         end
       end
@@ -102,6 +107,10 @@ def create
     data[:protocol] = resource[:protocol]
     data[:protocolMapper] = resource[:type]
     data[:config] = {}
+    if resource[:type] == "custom"
+      data[:protocolMapper] = resource[:custom_type]
+      data[:config] = resource[:custom_config]
+    end
     if ['oidc-usermodel-property-mapper', 'saml-user-property-mapper', 'saml-user-attribute-mapper', 'oidc-usermodel-attribute-mapper'].include?(resource[:type])
       data[:config][:'user.attribute'] = resource[:user_attribute] if resource[:user_attribute]
     end
@@ -186,6 +195,10 @@ def flush
       data[:protocol] = resource[:protocol]
       data[:protocolMapper] = resource[:type]
       config = {}
+      if resource[:type] == "custom"
+        data[:protocolMapper] = resource[:custom_type]
+        data[:config] = resource[:custom_config]
+      end
       if ['oidc-usermodel-property-mapper', 'saml-user-property-mapper', 'saml-user-attribute-mapper', 'oidc-usermodel-attribute-mapper'].include?(resource[:type])
         config[:'user.attribute'] = resource[:user_attribute] if resource[:user_attribute]
       end
diff --git a/lib/puppet/type/keycloak_protocol_mapper.rb b/lib/puppet/type/keycloak_protocol_mapper.rb
index ce782d41..8cabdc86 100644
--- a/lib/puppet/type/keycloak_protocol_mapper.rb
+++ b/lib/puppet/type/keycloak_protocol_mapper.rb
@@ -65,6 +65,7 @@
       'saml-user-attribute-mapper',
       'saml-role-list-mapper',
       'saml-javascript-mapper',
+      'custom',
     )
     defaultto do
       if @resource[:protocol] == 'openid-connect'
@@ -210,6 +211,14 @@
     desc 'included.client.audience Required for `type` of `oidc-audience-mapper`'
   end
 
+  newproperty(:custom_config) do
+    desc 'custom configuration data for `custom` protocolMapper type'
+  end
+
+  newproperty(:custom_type) do
+    desc 'custom protocolMapper type'
+  end
+
   autorequire(:keycloak_client_scope) do
     requires = []
     catalog.resources.each do |resource|
@@ -248,6 +257,7 @@ def self.title_patterns
       'oidc-group-membership-mapper',
       'oidc-audience-mapper',
       'oidc-usermodel-attribute-mapper',
+      'custom',
     ]
     if self[:protocol] == 'openid-connect' && !openid_connect_types.include?(self[:type])
       raise Puppet::Error, "type #{self[:type]} is not valid for protocol openid-connect"
@@ -274,5 +284,11 @@ def self.title_patterns
     if self[:type] == 'oidc-audience-mapper' && self[:included_client_audience].nil?
       raise Puppet::Error, 'included_client_audience is required for oidc-audience-mapper'
     end
+    if self[:type] == "custom" && !self[:custom_type]
+      raise Puppet::Error, 'custom_type is required for `custom` protocol mapper type'
+    end
+    if self[:type] == "custom" && !self[:custom_config]
+      raise Puppet::Error, 'custom_config is required for `custom` protocol mapper type'
+    end
   end
 end

From 465547240f33e32f0a6e9ca64e71561d11c9a570 Mon Sep 17 00:00:00 2001
From: Robert Wolf <robert.wolf@abacus.ch>
Date: Thu, 23 Jan 2025 14:28:31 +0100
Subject: [PATCH 2/5] add reference for custom mapper type

---
 REFERENCE.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index 87b6f9f6..ccef5914 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -3143,6 +3143,8 @@ The following parameters are available in the `keycloak_protocol_mapper` type.
 * [`realm`](#realm)
 * [`resource_name`](#resource_name)
 * [`type`](#type)
+* [`custom_type`](#custom_type)
+* [`custom_config`](#custom_config)
 
 ##### <a name="client_scope"></a>`client_scope`
 
@@ -3173,13 +3175,21 @@ The protocol mapper name. Defaults to `name`.
 
 ##### <a name="type"></a>`type`
 
-Valid values: `oidc-usermodel-property-mapper`, `oidc-usermodel-attribute-mapper`, `oidc-full-name-mapper`, `oidc-group-membership-mapper`, `oidc-audience-mapper`, `saml-group-membership-mapper`, `saml-user-property-mapper`, `saml-user-attribute-mapper`, `saml-role-list-mapper`
+Valid values: `oidc-usermodel-property-mapper`, `oidc-usermodel-attribute-mapper`, `oidc-full-name-mapper`, `oidc-group-membership-mapper`, `oidc-audience-mapper`, `saml-group-membership-mapper`, `saml-user-property-mapper`, `saml-user-attribute-mapper`, `saml-role-list-mapper`, `custom`
 
 protocolMapper.
 
 Default is `oidc-usermodel-property-mapper` for `protocol` `openid-connect` and
 `saml-user-property-mapper` for `protocol` `saml`.
 
+##### <a name="custom_type"></a>`custom_type`
+
+Custom mapper type if `type` is set to `custom`.
+
+##### <a name="custom_config"></a>`custom_config`
+
+Custom mapper config for custom type. Simple hash with key-value pair, which will be converted to JSON.
+
 ### <a name="keycloak_realm"></a>`keycloak_realm`
 
 Manage Keycloak realms

From 6b8f4ba1fad6a66fa420a85629444d63e1833a8b Mon Sep 17 00:00:00 2001
From: Robert Wolf <robert.wolf@abacus.ch>
Date: Thu, 23 Jan 2025 14:35:38 +0100
Subject: [PATCH 3/5] link fix

---
 REFERENCE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index e945d63b..68918020 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -3198,7 +3198,7 @@ protocolMapper.
 Default is `oidc-usermodel-property-mapper` for `protocol` `openid-connect` and
 `saml-user-property-mapper` for `protocol` `saml`.
 
-##### <a name="-ckeycloak_protocol_mapper--ustom_type"></a>`custom_type`
+##### <a name="-keycloak_protocol_mapper--custom_type"></a>`custom_type`
 
 Custom mapper type if `type` is set to `custom`.
 

From 932969022e15a48f03ab07ecf6b954072dd3efe8 Mon Sep 17 00:00:00 2001
From: Robert Wolf <robert.wolf@abacus.ch>
Date: Mon, 3 Mar 2025 16:13:24 +0100
Subject: [PATCH 4/5] set custom_config to working variable config

---
 lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb b/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
index 35e156d4..b892e0e5 100644
--- a/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
+++ b/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
@@ -203,7 +203,7 @@ def flush
       config = {}
       if resource[:type] == "custom"
         data[:protocolMapper] = resource[:custom_type]
-        data[:config] = resource[:custom_config]
+        config = resource[:custom_config]
       end
       if ['oidc-usermodel-property-mapper', 'saml-user-property-mapper', 'saml-user-attribute-mapper', 'oidc-usermodel-attribute-mapper'].include?(resource[:type]) && resource[:user_attribute]
         config[:'user.attribute'] = resource[:user_attribute]

From 1334b3c7de872f97934d28d75caf7d05e8cc2da3 Mon Sep 17 00:00:00 2001
From: Robert Wolf <robert.wolf@abacus.ch>
Date: Mon, 3 Mar 2025 17:39:55 +0100
Subject: [PATCH 5/5] fix long line; use single-quoted strings

---
 lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb | 7 ++++---
 lib/puppet/type/keycloak_protocol_mapper.rb           | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb b/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
index b892e0e5..915705c8 100644
--- a/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
+++ b/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb
@@ -74,7 +74,8 @@ def self.instances
             protocol_mapper[:single] = d['config']['single'].to_s.to_sym
           end
           protocol_mapper[:multivalued] = d['config']['multivalued'].to_s.to_sym if d['config']['multivalued']
-          unless ['oidc-usermodel-property-mapper', 'oidc-usermodel-attribute-mapper', 'oidc-full-name-mapper', 'oidc-group-membership-mapper', 'oidc-audience-mapper', 'saml-group-membership-mapper', 'saml-user-property-mapper', 'saml-user-attribute-mapper', 'saml-role-list-mapper', 'saml-javascript-mapper'].include?(d['protocolMapper'])
+          unless ['oidc-usermodel-property-mapper', 'oidc-usermodel-attribute-mapper', 'oidc-full-name-mapper', 'oidc-group-membership-mapper', 'oidc-audience-mapper',
+                  'saml-group-membership-mapper', 'saml-user-property-mapper', 'saml-user-attribute-mapper', 'saml-role-list-mapper', 'saml-javascript-mapper'].include?(d['protocolMapper'])
             protocol_mapper[:type] = 'custom'
             protocol_mapper[:custom_type] = d['protocolMapper']
             protocol_mapper[:custom_config] = d['config']
@@ -110,7 +111,7 @@ def create
     data[:protocol] = resource[:protocol]
     data[:protocolMapper] = resource[:type]
     data[:config] = {}
-    if resource[:type] == "custom"
+    if resource[:type] == 'custom'
       data[:protocolMapper] = resource[:custom_type]
       data[:config] = resource[:custom_config]
     end
@@ -201,7 +202,7 @@ def flush
       data[:protocol] = resource[:protocol]
       data[:protocolMapper] = resource[:type]
       config = {}
-      if resource[:type] == "custom"
+      if resource[:type] == 'custom'
         data[:protocolMapper] = resource[:custom_type]
         config = resource[:custom_config]
       end
diff --git a/lib/puppet/type/keycloak_protocol_mapper.rb b/lib/puppet/type/keycloak_protocol_mapper.rb
index 51ee8a8a..2e248bfb 100644
--- a/lib/puppet/type/keycloak_protocol_mapper.rb
+++ b/lib/puppet/type/keycloak_protocol_mapper.rb
@@ -283,10 +283,10 @@ def self.title_patterns
     if self[:type] == 'oidc-audience-mapper' && self[:included_client_audience].nil?
       raise Puppet::Error, 'included_client_audience is required for oidc-audience-mapper'
     end
-    if self[:type] == "custom" && !self[:custom_type]
+    if self[:type] == 'custom' && !self[:custom_type]
       raise Puppet::Error, 'custom_type is required for `custom` protocol mapper type'
     end
-    if self[:type] == "custom" && !self[:custom_config]
+    if self[:type] == 'custom' && !self[:custom_config]
       raise Puppet::Error, 'custom_config is required for `custom` protocol mapper type'
     end
   end