new resource: keycloak_user_roles (#315)

keycloak/user.go

@@ -90,31 +90,6 @@ func (keycloakClient *KeycloakClient) GetUsers(realmId string) ([]*User, error)
 	return users, nil
 }
 
-func (keycloakClient *KeycloakClient) GetUsersRoles(realmId string) ([]*Role, error) {
-	var roles []*Role
-	var users []*User
-
-	err := keycloakClient.get(fmt.Sprintf("/realms/%s/users", realmId), &users, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, user := range users {
-		var roles_user []*Role
-		err = keycloakClient.get(fmt.Sprintf("/realms/%s/users/%s/roles", realmId, user.Id), &roles_user, nil)
-		if err != nil {
-			return nil, err
-		}
-		roles = append(roles, roles_user...)
-	}
-
-	for _, role := range roles {
-		role.RealmId = realmId
-	}
-
-	return roles, nil
-}
-
 func (keycloakClient *KeycloakClient) GetUser(realmId, id string) (*User, error) {
 	var user User
 

keycloak/user_role_mappings.go

@@ -0,0 +1,52 @@
+package keycloak
+
+import "fmt"
+
+// struct for the MappingRepresentation
+// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_mappingsrepresentation
+type UserRoleMapping struct {
+	ClientMappings map[string]*ClientRoleMapping `json:"clientMappings"`
+	RealmMappings  []*Role                       `json:"realmMappings"`
+}
+
+// struct for the ClientMappingRepresentation
+// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientmappingsrepresentation
+type ClientRoleMapping struct {
+	Client   string  `json:"client"`
+	Id       string  `json:"id"`
+	Mappings []*Role `json:"mappings"`
+}
+
+func (keycloakClient *KeycloakClient) GetUserRoleMappings(realmId string, userId string) (*UserRoleMapping, error) {
+	var roleMapping *UserRoleMapping
+	err := keycloakClient.get(fmt.Sprintf("/realms/%s/users/%s/role-mappings", realmId, userId), &roleMapping, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return roleMapping, nil
+}
+
+func (keycloakClient *KeycloakClient) AddRealmRolesToUser(realmId, userId string, roles []*Role) error {
+	_, _, err := keycloakClient.post(fmt.Sprintf("/realms/%s/users/%s/role-mappings/realm", realmId, userId), roles)
+
+	return err
+}
+
+func (keycloakClient *KeycloakClient) AddClientRolesToUser(realmId, userId, clientId string, roles []*Role) error {
+	_, _, err := keycloakClient.post(fmt.Sprintf("/realms/%s/users/%s/role-mappings/clients/%s", realmId, userId, clientId), roles)
+
+	return err
+}
+
+func (keycloakClient *KeycloakClient) RemoveRealmRolesFromUser(realmId, userId string, roles []*Role) error {
+	err := keycloakClient.delete(fmt.Sprintf("/realms/%s/users/%s/role-mappings/realm", realmId, userId), roles)
+
+	return err
+}
+
+func (keycloakClient *KeycloakClient) RemoveClientRolesFromUser(realmId, userId, clientId string, roles []*Role) error {
+	err := keycloakClient.delete(fmt.Sprintf("/realms/%s/users/%s/role-mappings/clients/%s", realmId, userId, clientId), roles)
+
+	return err
+}

provider/provider.go

@@ -27,6 +27,7 @@ func KeycloakProvider() *schema.Provider {
 			"keycloak_default_groups":                                  resourceKeycloakDefaultGroups(),
 			"keycloak_group_roles":                                     resourceKeycloakGroupRoles(),
 			"keycloak_user":                                            resourceKeycloakUser(),
+			"keycloak_user_roles":                                      resourceKeycloakUserRoles(),
 			"keycloak_openid_client":                                   resourceKeycloakOpenidClient(),
 			"keycloak_openid_client_scope":                             resourceKeycloakOpenidClientScope(),
 			"keycloak_ldap_user_federation":                            resourceKeycloakLdapUserFederation(),