Skip to content
This repository was archived by the owner on Apr 24, 2023. It is now read-only.

Commit 030083a

Browse files
matskivmatskiv
authored
Merge pull request #96 from matskiv/INTLY-2987
 INTLY-2987 - add users realmRoles reconciliation
2 parents 1e51216 + 2a031b1 commit 030083a

File tree

10 files changed

+430
-72
lines changed

10 files changed

+430
-72
lines changed

Makefile

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ CONSUMER_NAMESPACES=${NAMESPACE}
44
PROJECT=keycloak-operator
55
REG=quay.io
66
SHELL=/bin/bash
7-
TAG=v1.8.3
7+
TAG=v1.9.0
88
PKG=github.com/integr8ly/keycloak-operator
99
TEST_DIRS?=$(shell sh -c "find $(TOP_SRC_DIRS) -name \\*_test.go -exec dirname {} \\; | sort | uniq")
1010
TEST_POD_NAME=keycloak-operator-test

deploy/operator.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ spec:
1414
spec:
1515
containers:
1616
- name: keycloak-operator
17-
image: quay.io/integreatly/keycloak-operator:v1.8.3
17+
image: quay.io/integreatly/keycloak-operator:v1.9.0
1818
ports:
1919
- containerPort: 60000
2020
name: metrics

deploy/test-pod.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ spec:
66
restartPolicy: Never
77
containers:
88
- name: keycloak-operator-test
9-
image: quay.io/integreatly/keycloak-operator:v1.8.3
9+
image: quay.io/integreatly/keycloak-operator:v1.9.0
1010
imagePullPolicy: Always
1111
command: ["/go-test.sh"]
1212
env:

pkg/apis/aerogear/v1alpha1/types.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ type KeycloakUserPair struct {
162162
SpecUser *KeycloakUser
163163
}
164164

165-
type KeycloakUserClientRole struct {
165+
type KeycloakUserRole struct {
166166
ID string `json:"id,omitempty"`
167167
Name string `json:"name,omitempty"`
168168
Description string `json:"description,omitempty"`

pkg/apis/aerogear/v1alpha1/zz_generated.deepcopy.go

+16-16
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/keycloak/client.go

+59-14
Original file line numberDiff line numberDiff line change
@@ -111,23 +111,39 @@ func (c *Client) GetUserFederatedIdentities(userID string, realmName string) ([]
111111
return result.([]v1alpha1.FederatedIdentity), err
112112
}
113113

114-
func (c *Client) CreateUserClientRole(role *v1alpha1.KeycloakUserClientRole, realmName, clientID, userId string) error {
114+
func (c *Client) CreateUserClientRole(role *v1alpha1.KeycloakUserRole, realmName, clientID, userId string) error {
115115
return c.create(
116-
[]*v1alpha1.KeycloakUserClientRole{role},
116+
[]*v1alpha1.KeycloakUserRole{role},
117117
fmt.Sprintf("realms/%s/users/%s/role-mappings/clients/%s", realmName, userId, clientID),
118118
"user-client-role",
119119
)
120120
}
121+
func (c *Client) CreateUserRealmRole(role *v1alpha1.KeycloakUserRole, realmName, userId string) error {
122+
return c.create(
123+
[]*v1alpha1.KeycloakUserRole{role},
124+
fmt.Sprintf("realms/%s/users/%s/role-mappings/realm", realmName, userId),
125+
"user-realm-role",
126+
)
127+
}
121128

122129
func (c *Client) CreateAuthenticatorConfig(authenticatorConfig *v1alpha1.AuthenticatorConfig, realmName, executionID string) error {
123130
return c.create(authenticatorConfig, fmt.Sprintf("realms/%s/authentication/executions/%s/config", realmName, executionID), "AuthenticatorConfig")
124131
}
125132

126-
func (c *Client) DeleteUserClientRole(role *v1alpha1.KeycloakUserClientRole, realmName, clientID, userId string) error {
133+
func (c *Client) DeleteUserClientRole(role *v1alpha1.KeycloakUserRole, realmName, clientID, userId string) error {
127134
err := c.delete(
128135
fmt.Sprintf("realms/%s/users/%s/role-mappings/clients/%s", realmName, userId, clientID),
129136
"user-client-role",
130-
[]*v1alpha1.KeycloakUserClientRole{role},
137+
[]*v1alpha1.KeycloakUserRole{role},
138+
)
139+
return err
140+
}
141+
142+
func (c *Client) DeleteUserRealmRole(role *v1alpha1.KeycloakUserRole, realmName, userId string) error {
143+
err := c.delete(
144+
fmt.Sprintf("realms/%s/users/%s/role-mappings/realm", realmName, userId),
145+
"user-realm-role",
146+
[]*v1alpha1.KeycloakUserRole{role},
131147
)
132148
return err
133149
}
@@ -532,28 +548,52 @@ func (c *Client) ListIdentityProviders(realmName string) ([]*v1alpha1.KeycloakId
532548
return result.([]*v1alpha1.KeycloakIdentityProvider), err
533549
}
534550

535-
func (c *Client) ListUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserClientRole, error) {
551+
func (c *Client) ListUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserRole, error) {
536552
objects, err := c.list("realms/"+realmName+"/users/"+userID+"/role-mappings/clients/"+clientID, "userClientRoles", func(body []byte) (t T, e error) {
537-
var userClientRoles []*v1alpha1.KeycloakUserClientRole
553+
var userClientRoles []*v1alpha1.KeycloakUserRole
538554
err := json.Unmarshal(body, &userClientRoles)
539555
return userClientRoles, err
540556
})
541557
if err != nil {
542558
return nil, err
543559
}
544-
return objects.([]*v1alpha1.KeycloakUserClientRole), err
560+
return objects.([]*v1alpha1.KeycloakUserRole), err
545561
}
546562

547-
func (c *Client) ListAvailableUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserClientRole, error) {
563+
func (c *Client) ListAvailableUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserRole, error) {
548564
objects, err := c.list("realms/"+realmName+"/users/"+userID+"/role-mappings/clients/"+clientID+"/available", "userClientRoles", func(body []byte) (t T, e error) {
549-
var userClientRoles []*v1alpha1.KeycloakUserClientRole
565+
var userClientRoles []*v1alpha1.KeycloakUserRole
550566
err := json.Unmarshal(body, &userClientRoles)
551567
return userClientRoles, err
552568
})
553569
if err != nil {
554570
return nil, err
555571
}
556-
return objects.([]*v1alpha1.KeycloakUserClientRole), err
572+
return objects.([]*v1alpha1.KeycloakUserRole), err
573+
}
574+
575+
func (c *Client) ListUserRealmRoles(realmName, userID string) ([]*v1alpha1.KeycloakUserRole, error) {
576+
objects, err := c.list("realms/"+realmName+"/users/"+userID+"/role-mappings/realm", "userRealmRoles", func(body []byte) (t T, e error) {
577+
var userRealmRoles []*v1alpha1.KeycloakUserRole
578+
err := json.Unmarshal(body, &userRealmRoles)
579+
return userRealmRoles, err
580+
})
581+
if err != nil {
582+
return nil, err
583+
}
584+
return objects.([]*v1alpha1.KeycloakUserRole), err
585+
}
586+
587+
func (c *Client) ListAvailableUserRealmRoles(realmName, userID string) ([]*v1alpha1.KeycloakUserRole, error) {
588+
objects, err := c.list("realms/"+realmName+"/users/"+userID+"/role-mappings/realm/available", "userClientRoles", func(body []byte) (t T, e error) {
589+
var userRealmRoles []*v1alpha1.KeycloakUserRole
590+
err := json.Unmarshal(body, &userRealmRoles)
591+
return userRealmRoles, err
592+
})
593+
if err != nil {
594+
return nil, err
595+
}
596+
return objects.([]*v1alpha1.KeycloakUserRole), err
557597
}
558598

559599
func (c *Client) ListAuthenticationExecutionsForFlow(flowAlias, realmName string) ([]*v1alpha1.AuthenticationExecutionInfo, error) {
@@ -683,10 +723,15 @@ type KeycloakInterface interface {
683723
DeleteIdentityProvider(alias, realmName string) error
684724
ListIdentityProviders(realmName string) ([]*v1alpha1.KeycloakIdentityProvider, error)
685725

686-
CreateUserClientRole(role *v1alpha1.KeycloakUserClientRole, realmName, clientID, userId string) error
687-
ListUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserClientRole, error)
688-
ListAvailableUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserClientRole, error)
689-
DeleteUserClientRole(role *v1alpha1.KeycloakUserClientRole, realmName, clientID, userID string) error
726+
CreateUserClientRole(role *v1alpha1.KeycloakUserRole, realmName, clientID, userId string) error
727+
ListUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserRole, error)
728+
ListAvailableUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserRole, error)
729+
DeleteUserClientRole(role *v1alpha1.KeycloakUserRole, realmName, clientID, userID string) error
730+
731+
CreateUserRealmRole(role *v1alpha1.KeycloakUserRole, realmName, userId string) error
732+
ListUserRealmRoles(realmName, userID string) ([]*v1alpha1.KeycloakUserRole, error)
733+
ListAvailableUserRealmRoles(realmName, userID string) ([]*v1alpha1.KeycloakUserRole, error)
734+
DeleteUserRealmRole(role *v1alpha1.KeycloakUserRole, realmName, userID string) error
690735

691736
ListAuthenticationExecutionsForFlow(flowAlias, realmName string) ([]*v1alpha1.AuthenticationExecutionInfo, error)
692737

0 commit comments

Comments
 (0)