Merge pull request #89 from RedHatInsights/master

Rebase security-compliance with main branch
RedHatInsights · Jun 21, 2023 · 832f2d3 · 832f2d3
2 parents 5761f53 + 3261106
commit 832f2d3
Show file tree

Hide file tree

Showing 10 changed files with 306 additions and 206 deletions.
diff --git a/deployments/deployment.yaml b/deployments/deployment.yaml
@@ -145,6 +145,18 @@ objects:
             value: ${KEYCLOAK_TIMEOUT}
           - name: KEYCLOAK_SCHEME
             value: ${KEYCLOAK_SCHEME}
+          - name: KEYCLOAK_USER_SERVICE_HOST
+            value: ${KEYCLOAK_USER_SERVICE_HOST}
+          - name: KEYCLOAK_USER_SERVICE_PORT
+            value: ${KEYCLOAK_USER_SERVICE_PORT}
+          - name: KEYCLOAK_USER_SERVICE_SCHEME
+            value: ${KEYCLOAK_USER_SERVICE_SCHEME}
+          - name: KEYCLOAK_USER_SERVICE_TIMEOUT
+            value: ${KEYCLOAK_USER_SERVICE_TIMEOUT}
+          - name: KEYCLOAK_TOKEN_URL
+            value: ${KEYCLOAK_TOKEN_URL}
+          - name: KEYCLOAK_TOKEN_PATH
+            value: ${KEYCLOAK_TOKEN_PATH}
           - name: KEYCLOAK_TOKEN_GRANT_TYPE
             value: ${KEYCLOAK_TOKEN_GRANT_TYPE}
           - name: KEYCLOAK_TOKEN_USERNAME
@@ -238,6 +250,24 @@ parameters:
 - name: KEYCLOAK_TIMEOUT
   description: keycloak client's timeout value
   value: "10"
+- name: KEYCLOAK_USER_SERVICE_HOST
+  description: keycloak userservice's host
+  value: "localhost"
+- name: KEYCLOAK_USER_SERVICE_PORT
+  description: keycloak userservice's post
+  value: "8000"
+- name: KEYCLOAK_USER_SERVICE_SCHEME
+  description: keycloak userservice's scheme
+  value: "http"
+- name: KEYCLOAK_USER_SERVICE_TIMEOUT
+  description: keycloak userservice's timeout
+  value: "60"
+- name: KEYCLOAK_TOKEN_URL
+  description: host for keycloak token request
+  value: "http://localhost:8080/"
+- name: KEYCLOAK_TOKEN_PATH
+  description: path for keycloak token request
+  value: "realms/master/protocol/openid-connect/token"
 - name: KEYCLOAK_TOKEN_GRANT_TYPE
   description: grant type value for keycloak token request
   value: password

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -27,14 +27,17 @@ type MbopConfig struct {
 	IsInternalLabel        string
 	Debug                  bool
 
-	KeyCloakScheme         string
-	KeyCloakHost           string
-	KeyCloakPort           string
-	KeyCloakTimeout        int64
-	KeyCloakTokenUsername  string
-	KeyCloakTokenPassword  string
-	KeyCloakTokenGrantType string
-	KeyCloakTokenClientID  string
+	KeyCloakUserServiceScheme  string
+	KeyCloakUserServiceHost    string
+	KeyCloakUserServicePort    string
+	KeyCloakUserServiceTimeout int64
+	KeyCloakTimeout            int64
+	KeyCloakTokenURL           string
+	KeyCloakTokenPath          string
+	KeyCloakTokenUsername      string
+	KeyCloakTokenPassword      string
+	KeyCloakTokenGrantType     string
+	KeyCloakTokenClientID      string
 
 	StoreBackend     string
 	DatabaseHost     string
@@ -60,6 +63,7 @@ func Get() *MbopConfig {
 	debug, _ := strconv.ParseBool(fetchWithDefault("DEBUG", "false"))
 	certDir := fetchWithDefault("CERT_DIR", "/certs")
 	keyCloakTimeout, _ := strconv.ParseInt(fetchWithDefault("KEYCLOAK_TIMEOUT", "60"), 0, 64)
+	userServiceTimeout, _ := strconv.ParseInt(fetchWithDefault("KEYCLOAK_USER_SERVICE_TIMEOUT", "60"), 0, 64)
 
 	var tls bool
 	_, err := os.Stat(certDir + "/tls.crt")
@@ -97,14 +101,17 @@ func Get() *MbopConfig {
 		IsInternalLabel:        fetchWithDefault("IS_INTERNAL_LABEL", ""),
 		Debug:                  debug,
 
-		KeyCloakHost:           fetchWithDefault("KEYCLOAK_HOST", "localhost"),
-		KeyCloakPort:           fetchWithDefault("KEYCLOAK_PORT", "8000"),
-		KeyCloakScheme:         fetchWithDefault("KEYCLOAK_SCHEME", "http"),
-		KeyCloakTimeout:        keyCloakTimeout,
-		KeyCloakTokenUsername:  fetchWithDefault("KEYCLOAK_TOKEN_USERNAME", "admin"),
-		KeyCloakTokenPassword:  fetchWithDefault("KEYCLOAK_TOKEN_PASSWORD", "admin"),
-		KeyCloakTokenGrantType: fetchWithDefault("KEYCLOAK_TOKEN_GRANT_TYPE", "password"),
-		KeyCloakTokenClientID:  fetchWithDefault("KEYCLOAK_TOKEN_CLIENT_ID", "admin-cli"),
+		KeyCloakUserServiceHost:    fetchWithDefault("KEYCLOAK_USER_SERVICE_HOST", "localhost"),
+		KeyCloakUserServicePort:    fetchWithDefault("KEYCLOAK_USER_SERVICE_PORT", ":8000"),
+		KeyCloakUserServiceScheme:  fetchWithDefault("KEYCLOAK_USER_SERVICE_SCHEME", "http"),
+		KeyCloakUserServiceTimeout: userServiceTimeout,
+		KeyCloakTimeout:            keyCloakTimeout,
+		KeyCloakTokenURL:           fetchWithDefault("KEYCLOAK_TOKEN_URL", "http://localhost:8080/"),
+		KeyCloakTokenPath:          fetchWithDefault("KEYCLOAK_TOKEN_PATH", "realms/master/protocol/openid-connect/token"),
+		KeyCloakTokenUsername:      fetchWithDefault("KEYCLOAK_TOKEN_USERNAME", "admin"),
+		KeyCloakTokenPassword:      fetchWithDefault("KEYCLOAK_TOKEN_PASSWORD", "admin"),
+		KeyCloakTokenGrantType:     fetchWithDefault("KEYCLOAK_TOKEN_GRANT_TYPE", "password"),
+		KeyCloakTokenClientID:      fetchWithDefault("KEYCLOAK_TOKEN_CLIENT_ID", "admin-cli"),
 
 		Port:    fetchWithDefault("PORT", "8090"),
 		TLSPort: fetchWithDefault("TLS_PORT", "8890"),

diff --git a/internal/handlers/accounts_v3_usersBy_handler.go b/internal/handlers/accounts_v3_usersBy_handler.go
@@ -6,6 +6,7 @@ import (
 	"github.com/redhatinsights/mbop/internal/config"
 	"github.com/redhatinsights/mbop/internal/models"
 	"github.com/redhatinsights/mbop/internal/service/keycloak"
+	keycloakuserservice "github.com/redhatinsights/mbop/internal/service/keycloak-user-service"
 	"github.com/redhatinsights/mbop/internal/service/ocm"
 )
 
@@ -104,25 +105,32 @@ func AccountsV3UsersByHandler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		client, err := keycloak.NewKeyCloakClient()
+		keycloakClient := keycloak.NewKeyCloakClient()
+		err = keycloakClient.InitKeycloakConnection()
 		if err != nil {
-			do400(w, err.Error())
+			do500(w, "Can't build keycloak connection: "+err.Error())
 			return
 		}
 
-		err = client.InitKeycloakConnection()
+		token, err := keycloakClient.GetAccessToken()
 		if err != nil {
-			do500(w, "Can't build keycloak connection: "+err.Error())
+			do500(w, "Can't fetch keycloak token: "+err.Error())
 			return
 		}
 
-		token, err := client.GetAccessToken()
+		userServiceClient, err := keycloakuserservice.NewKeyCloakUserServiceClient()
 		if err != nil {
-			do500(w, "Can't fetch keycloak token: "+err.Error())
+			do500(w, "Can't build keycloak user service client: "+err.Error())
+			return
+		}
+
+		err = userServiceClient.InitKeycloakUserServiceConnection()
+		if err != nil {
+			do500(w, "Can't build keycloak user service connection: "+err.Error())
 			return
 		}
 
-		u, err := client.GetAccountV3Users(orgID, token, q)
+		u, err := userServiceClient.GetAccountV3Users(orgID, token, q)
 		if err != nil {
 			do500(w, "Cant Retrieve Keycloak Accounts: "+err.Error())
 			return

diff --git a/internal/handlers/accounts_v3_users_handler.go b/internal/handlers/accounts_v3_users_handler.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/redhatinsights/mbop/internal/config"
 	"github.com/redhatinsights/mbop/internal/service/keycloak"
+	keycloakuserservice "github.com/redhatinsights/mbop/internal/service/keycloak-user-service"
 	"github.com/redhatinsights/mbop/internal/service/ocm"
 )
 
@@ -81,25 +82,32 @@ func AccountsV3UsersHandler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		client, err := keycloak.NewKeyCloakClient()
+		keycloakClient := keycloak.NewKeyCloakClient()
+		err = keycloakClient.InitKeycloakConnection()
 		if err != nil {
-			do400(w, err.Error())
+			do500(w, "Can't build keycloak connection: "+err.Error())
 			return
 		}
 
-		err = client.InitKeycloakConnection()
+		token, err := keycloakClient.GetAccessToken()
 		if err != nil {
-			do500(w, "Can't build keycloak connection: "+err.Error())
+			do500(w, "Can't fetch keycloak token: "+err.Error())
 			return
 		}
 
-		token, err := client.GetAccessToken()
+		userServiceClient, err := keycloakuserservice.NewKeyCloakUserServiceClient()
 		if err != nil {
-			do500(w, "Can't fetch keycloak token: "+err.Error())
+			do500(w, "Can't build keycloak user service client: "+err.Error())
+			return
+		}
+
+		err = userServiceClient.InitKeycloakUserServiceConnection()
+		if err != nil {
+			do500(w, "Can't build keycloak user service connection: "+err.Error())
 			return
 		}
 
-		u, err := client.GetAccountV3Users(orgID, token, q)
+		u, err := userServiceClient.GetAccountV3Users(orgID, token, q)
 		if err != nil {
 			do500(w, "Cant Retrieve Keycloak Accounts: "+err.Error())
 			return

diff --git a/internal/handlers/users_v1_handler.go b/internal/handlers/users_v1_handler.go
@@ -5,6 +5,8 @@ import (
 
 	"github.com/redhatinsights/mbop/internal/config"
 	"github.com/redhatinsights/mbop/internal/service/keycloak"
+	keycloakuserservice "github.com/redhatinsights/mbop/internal/service/keycloak-user-service"
+
 	"github.com/redhatinsights/mbop/internal/service/ocm"
 )
 
@@ -75,25 +77,32 @@ func UsersV1Handler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		client, err := keycloak.NewKeyCloakClient()
+		keycloakClient := keycloak.NewKeyCloakClient()
+		err = keycloakClient.InitKeycloakConnection()
 		if err != nil {
-			do400(w, err.Error())
+			do500(w, "Can't build keycloak connection: "+err.Error())
 			return
 		}
 
-		err = client.InitKeycloakConnection()
+		token, err := keycloakClient.GetAccessToken()
 		if err != nil {
-			do500(w, "Can't build keycloak connection: "+err.Error())
+			do500(w, "Can't fetch keycloak token: "+err.Error())
 			return
 		}
 
-		token, err := client.GetAccessToken()
+		userServiceClient, err := keycloakuserservice.NewKeyCloakUserServiceClient()
 		if err != nil {
-			do500(w, "Can't fetch keycloak token: "+err.Error())
+			do500(w, "Can't build keycloak user service client: "+err.Error())
+			return
+		}
+
+		err = userServiceClient.InitKeycloakUserServiceConnection()
+		if err != nil {
+			do500(w, "Can't build keycloak user service connection: "+err.Error())
 			return
 		}
 
-		u, err := client.GetUsers(token, usernames, q)
+		u, err := userServiceClient.GetUsers(token, usernames, q)
 		if err != nil {
 			do500(w, "Cant Retrieve Keycloak Accounts: "+err.Error())
 			return

diff --git a/internal/models/user.go b/internal/models/user.go
@@ -44,14 +44,15 @@ type KeycloakResponse struct {
 	Created    string              `json:"created"`
 	Email      string              `json:"email"`
 	IsInternal bool                `json:"is_internal"`
+	IsActive   bool                `json:"is_active"`
 	Modified   string              `json:"modified"`
-	OrgAdmin   bool                `json:"org_admin"`
+	IsOrgAdmin bool                `json:"is_org_admin"`
 	OrgID      string              `json:"org_id"`
 	Type       string              `json:"type"`
 	Username   string              `json:"username"`
 	UserID     string              `json:"user_id"`
-	FirstName  string              `json:"firstName"`
-	LastName   string              `json:"lastName"`
+	FirstName  string              `json:"first_name"`
+	LastName   string              `json:"last_name"`
 	ID         string              `json:"id"`
 }