Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for 11.0.0 and drop support for 8.0.0 #357

Closed
wants to merge 3 commits into from
Closed

Add support for 11.0.0 and drop support for 8.0.0 #357

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6fc7683
Add support for 11.0.0 and drop support for 8.0.0
klausenbusk Aug 3, 2020
b3f14ae
Add new ldap group mapper option (Groups Path)
klausenbusk Aug 4, 2020
3a93030
Send only ldap groups path if version >= 11.0.0
klausenbusk Aug 4, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ workflows:
matrix:
parameters:
keycloak-version:
- '11.0.0'
- '10.0.2'
- '9.0.3'
- '8.0.2'
release:
jobs:
- test:
Expand Down
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ This provider will officially support the latest three major versions of Keycloa

The following versions are used when running acceptance tests in CI:

- 10.0.2 (latest)
- 11.0.0 (latest)
- 10.0.2
- 9.0.3
- 8.0.2

## Releases

Expand Down
31 changes: 30 additions & 1 deletion keycloak/keycloak_client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,15 @@ import (
"crypto/x509"
"encoding/json"
"fmt"
"github.com/hashicorp/go-version"
"io"
"io/ioutil"
"log"
"net/http"
"net/http/cookiejar"
"net/http/httputil"
"net/url"
"regexp"
"strings"
"time"

Expand All @@ -26,6 +28,7 @@ type KeycloakClient struct {
httpClient *http.Client
initialLogin bool
userAgent string
serverVersion *version.Version
}

type ClientCredentials struct {
Expand All @@ -44,7 +47,7 @@ const (
tokenUrl = "%s/realms/%s/protocol/openid-connect/token"
)

func NewKeycloakClient(url, basePath, clientId, clientSecret, realm, username, password string, initialLogin bool, clientTimeout int, caCert string, tlsInsecureSkipVerify bool, userAgent string) (*KeycloakClient, error) {
func NewKeycloakClient(url, basePath, clientId, clientSecret, realm, username, password string, initialLogin bool, clientTimeout int, caCert string, tlsInsecureSkipVerify bool, keycloakVersion string, userAgent string) (*KeycloakClient, error) {
cookieJar, err := cookiejar.New(&cookiejar.Options{
PublicSuffixList: publicsuffix.List,
})
Expand Down Expand Up @@ -100,6 +103,28 @@ func NewKeycloakClient(url, basePath, clientId, clientSecret, realm, username, p
if err != nil {
return nil, err
}

if keycloakVersion == "" {
serverInfo, err := keycloakClient.GetServerInfo()
if err != nil {
return nil, fmt.Errorf("/serverInfo endpoint retuned an error, server Keycloak version could not be determined: %s", err)
}

regex := regexp.MustCompile(`^(\d+\.\d+\.\d+)`)
semver := regex.FindStringSubmatch(serverInfo.SystemInfo.ServerVersion)[0]

keycloakServerInfoVersion, err := version.NewVersion(semver)
if err != nil {
return nil, fmt.Errorf("/serverInfo endpoint retuned an unreadable version, server Keycloak version could not be determined: %s", err)
}
keycloakClient.serverVersion = keycloakServerInfoVersion
} else {
v, err := version.NewVersion(keycloakVersion)
if err != nil {
return nil, err
}
keycloakClient.serverVersion = v
}
}

return &keycloakClient, nil
Expand Down Expand Up @@ -401,3 +426,7 @@ func (keycloakClient *KeycloakClient) delete(path string, requestBody interface{

return err
}

func (keycloakClient *KeycloakClient) ServerVersion() *version.Version {
return keycloakClient.serverVersion
}
2 changes: 1 addition & 1 deletion keycloak/keycloak_client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ func TestAccKeycloakApiClientRefresh(t *testing.T) {
t.Fatal("KEYCLOAK_CLIENT_TIMEOUT must be an integer")
}

keycloakClient, err := NewKeycloakClient(os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), os.Getenv("KEYCLOAK_USER"), os.Getenv("KEYCLOAK_PASSWORD"), true, clientTimeout, "", false, "")
keycloakClient, err := NewKeycloakClient(os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), os.Getenv("KEYCLOAK_USER"), os.Getenv("KEYCLOAK_PASSWORD"), true, clientTimeout, "", false, "", "")
if err != nil {
t.Fatalf("%s", err)
}
Expand Down
13 changes: 10 additions & 3 deletions keycloak/ldap_group_mapper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,11 @@ type LdapGroupMapper struct {
MappedGroupAttributes []string

DropNonExistingGroupsDuringSync bool

LdapGroupsPath string
}

func convertFromLdapGroupMapperToComponent(ldapGroupMapper *LdapGroupMapper) *component {
func (keycloakClient *KeycloakClient) convertFromLdapGroupMapperToComponent(ldapGroupMapper *LdapGroupMapper) *component {
componentConfig := map[string][]string{
"groups.dn": {
ldapGroupMapper.LdapGroupsDn,
Expand Down Expand Up @@ -69,6 +71,10 @@ func convertFromLdapGroupMapperToComponent(ldapGroupMapper *LdapGroupMapper) *co
},
}

if KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient, "11.0.0") {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need this, but maybe it worth it anyway as it is more explicit.

componentConfig["groups.path"] = []string{ldapGroupMapper.LdapGroupsPath}
}

if ldapGroupMapper.GroupsLdapFilter != "" {
componentConfig["groups.ldap.filter"] = []string{ldapGroupMapper.GroupsLdapFilter}
}
Expand Down Expand Up @@ -126,6 +132,7 @@ func convertFromComponentToLdapGroupMapper(component *component, realmId string)
UserRolesRetrieveStrategy: component.getConfig("user.roles.retrieve.strategy"),
MemberofLdapAttribute: component.getConfig("memberof.ldap.attribute"),
DropNonExistingGroupsDuringSync: dropNonExistingGroupsDuringSync,
LdapGroupsPath: component.getConfig("groups.path"),
}

if groupsLdapFilter := component.getConfig("groups.ldap.filter"); groupsLdapFilter != "" {
Expand Down Expand Up @@ -153,7 +160,7 @@ func (keycloakClient *KeycloakClient) ValidateLdapGroupMapper(ldapGroupMapper *L
}

func (keycloakClient *KeycloakClient) NewLdapGroupMapper(ldapGroupMapper *LdapGroupMapper) error {
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapGroupMapper.RealmId), convertFromLdapGroupMapperToComponent(ldapGroupMapper))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapGroupMapper.RealmId), keycloakClient.convertFromLdapGroupMapperToComponent(ldapGroupMapper))
if err != nil {
return err
}
Expand All @@ -175,7 +182,7 @@ func (keycloakClient *KeycloakClient) GetLdapGroupMapper(realmId, id string) (*L
}

func (keycloakClient *KeycloakClient) UpdateLdapGroupMapper(ldapGroupMapper *LdapGroupMapper) error {
return keycloakClient.put(fmt.Sprintf("/realms/%s/components/%s", ldapGroupMapper.RealmId, ldapGroupMapper.Id), convertFromLdapGroupMapperToComponent(ldapGroupMapper))
return keycloakClient.put(fmt.Sprintf("/realms/%s/components/%s", ldapGroupMapper.RealmId, ldapGroupMapper.Id), keycloakClient.convertFromLdapGroupMapperToComponent(ldapGroupMapper))
}

func (keycloakClient *KeycloakClient) DeleteLdapGroupMapper(realmId, id string) error {
Expand Down
10 changes: 10 additions & 0 deletions keycloak/util.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package keycloak

import (
"bytes"
"github.com/hashicorp/go-version"
"strconv"
"strings"
"time"
Expand Down Expand Up @@ -74,3 +75,12 @@ func parseBoolAndTreatEmptyStringAsFalse(b string) (bool, error) {

return strconv.ParseBool(b)
}

func KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient *KeycloakClient, keycloakVersion string) bool {
v, err := version.NewVersion(keycloakVersion)
if err != nil {
// This should never happen
panic(err)
}
return keycloakClient.ServerVersion().GreaterThanOrEqual(v)
}
7 changes: 6 additions & 1 deletion provider/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,10 @@ func KeycloakProvider() *schema.Provider {
Description: "Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided.",
Default: false,
},
"keycloak_version": {
Optional: true,
Type: schema.TypeString,
},
"base_path": {
Optional: true,
Type: schema.TypeString,
Expand Down Expand Up @@ -177,7 +181,8 @@ func configureKeycloakProvider(data *schema.ResourceData, userAgent string) (int
initialLogin := data.Get("initial_login").(bool)
clientTimeout := data.Get("client_timeout").(int)
tlsInsecureSkipVerify := data.Get("tls_insecure_skip_verify").(bool)
keycloakVersion := data.Get("keycloak_version").(string)
rootCaCertificate := data.Get("root_ca_certificate").(string)

return keycloak.NewKeycloakClient(url, basePath, clientId, clientSecret, realm, username, password, initialLogin, clientTimeout, rootCaCertificate, tlsInsecureSkipVerify, userAgent)
return keycloak.NewKeycloakClient(url, basePath, clientId, clientSecret, realm, username, password, initialLogin, clientTimeout, rootCaCertificate, tlsInsecureSkipVerify, keycloakVersion, userAgent)
}
2 changes: 1 addition & 1 deletion provider/provider_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func init() {
"keycloak": testAccProvider,
}

keycloakClient, _ = keycloak.NewKeycloakClient(os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), "", "", true, 5, "", false, httpclient.TerraformUserAgent(testAccProvider.TerraformVersion))
keycloakClient, _ = keycloak.NewKeycloakClient(os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), "", "", true, 5, "", false, "", httpclient.TerraformUserAgent(testAccProvider.TerraformVersion))
}

func TestProvider(t *testing.T) {
Expand Down
19 changes: 15 additions & 4 deletions provider/resource_keycloak_ldap_group_mapper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ func resourceKeycloakLdapGroupMapper() *schema.Resource {
Optional: true,
Default: false,
},
"ldap_groups_path": {
Type: schema.TypeString,
Optional: true,
Default: "/",
},
},
}
}
Expand Down Expand Up @@ -148,10 +153,11 @@ func getLdapGroupMapperFromData(data *schema.ResourceData) *keycloak.LdapGroupMa
MemberofLdapAttribute: data.Get("memberof_ldap_attribute").(string),
MappedGroupAttributes: mappedGroupAttributes,
DropNonExistingGroupsDuringSync: data.Get("drop_non_existing_groups_during_sync").(bool),
LdapGroupsPath: data.Get("ldap_groups_path").(string),
}
}

func setLdapGroupMapperData(data *schema.ResourceData, ldapGroupMapper *keycloak.LdapGroupMapper) {
func setLdapGroupMapperData(keycloakClient *keycloak.KeycloakClient, data *schema.ResourceData, ldapGroupMapper *keycloak.LdapGroupMapper) {
data.SetId(ldapGroupMapper.Id)

data.Set("name", ldapGroupMapper.Name)
Expand All @@ -172,6 +178,11 @@ func setLdapGroupMapperData(data *schema.ResourceData, ldapGroupMapper *keycloak
data.Set("memberof_ldap_attribute", ldapGroupMapper.MemberofLdapAttribute)
data.Set("mapped_group_attributes", ldapGroupMapper.MappedGroupAttributes)
data.Set("drop_non_existing_groups_during_sync", ldapGroupMapper.DropNonExistingGroupsDuringSync)
if keycloak.KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient, "11.0.0") {
data.Set("ldap_groups_path", ldapGroupMapper.LdapGroupsPath)
} else {
data.Set("ldap_groups_path", "/")
}
}

func resourceKeycloakLdapGroupMapperCreate(data *schema.ResourceData, meta interface{}) error {
Expand All @@ -189,7 +200,7 @@ func resourceKeycloakLdapGroupMapperCreate(data *schema.ResourceData, meta inter
return err
}

setLdapGroupMapperData(data, ldapGroupMapper)
setLdapGroupMapperData(keycloakClient, data, ldapGroupMapper)

return resourceKeycloakLdapGroupMapperRead(data, meta)
}
Expand All @@ -205,7 +216,7 @@ func resourceKeycloakLdapGroupMapperRead(data *schema.ResourceData, meta interfa
return handleNotFoundError(err, data)
}

setLdapGroupMapperData(data, ldapGroupMapper)
setLdapGroupMapperData(keycloakClient, data, ldapGroupMapper)

return nil
}
Expand All @@ -225,7 +236,7 @@ func resourceKeycloakLdapGroupMapperUpdate(data *schema.ResourceData, meta inter
return err
}

setLdapGroupMapperData(data, ldapGroupMapper)
setLdapGroupMapperData(keycloakClient, data, ldapGroupMapper)

return nil
}
Expand Down
13 changes: 5 additions & 8 deletions provider/resource_keycloak_openid_client_optional_scopes_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,7 @@ import (

// All openid clients in Keycloak will automatically have these scopes listed as "optional client scopes".
func getPreAssignedOptionalClientScopes(t *testing.T) []string {
keycloakVersionIsGreaterThanOrEqualTo6, err := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600())
if err != nil {
t.Fatal(err)
}
keycloakVersionIsGreaterThanOrEqualTo6 := keycloak.KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient, "6.0.0")
if keycloakVersionIsGreaterThanOrEqualTo6 {
return []string{"address", "phone", "offline_access", "microprofile-jwt"}
} else {
Expand Down Expand Up @@ -409,7 +406,7 @@ func testAccCheckKeycloakOpenidClientOptionalScopeIsNotAttached(resourceName, cl
}

func testKeycloakOpenidClientOptionalScopes_basic(realm, client, clientScope string) string {
keycloakVersionIsHigherOrEqualTo6, _ := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600())
keycloakVersionIsHigherOrEqualTo6 := keycloak.KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient, "6.0.0")
if keycloakVersionIsHigherOrEqualTo6 {
return fmt.Sprintf(`
resource "keycloak_realm" "realm" {
Expand Down Expand Up @@ -525,7 +522,7 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" {
}

func testKeycloakOpenidClientOptionalScopes_validationNoClient(realm, client, clientScope string) string {
keycloakVersionIsHigherOrEqualTo6, _ := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600())
keycloakVersionIsHigherOrEqualTo6 := keycloak.KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient, "6.0.0")
if keycloakVersionIsHigherOrEqualTo6 {
return fmt.Sprintf(`
resource "keycloak_realm" "realm" {
Expand Down Expand Up @@ -580,7 +577,7 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" {

func testKeycloakOpenidClientOptionalScopes_validationBearerOnlyClient(realm, client, clientScope string) string {

keycloakVersionIsHigherOrEqualTo6, _ := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600())
keycloakVersionIsHigherOrEqualTo6 := keycloak.KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient, "6.0.0")
if keycloakVersionIsHigherOrEqualTo6 {
return fmt.Sprintf(`
resource "keycloak_realm" "realm" {
Expand Down Expand Up @@ -689,7 +686,7 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" {
}

func testKeycloakOpenidClientOptionalScopes_duplicateScopeAssignment(realm, client, clientScope string) string {
keycloakVersionIsHigherOrEqualTo6, _ := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600())
keycloakVersionIsHigherOrEqualTo6 := keycloak.KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient, "6.0.0")
if keycloakVersionIsHigherOrEqualTo6 {
return fmt.Sprintf(`
%s
Expand Down
5 changes: 1 addition & 4 deletions provider/resource_keycloak_realm_events_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,10 +165,7 @@ func TestAccKeycloakRealmEvents_unsetEnabledEventTypes(t *testing.T) {
return err
}
keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient)
keycloakVersionIsGreaterThanOrEqualTo7, err := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion700())
if err != nil {
return err
}
keycloakVersionIsGreaterThanOrEqualTo7 := keycloak.KeycloakVersionIsGreaterThanOrEqualTo(keycloakClient, "7.0.0")

if keycloakVersionIsGreaterThanOrEqualTo7 { //keycloak versions < 7.0.0 have 63 events, versions >=7.0.0 have 67 events
if len(realmEventsConfig.EnabledEventTypes) != 67 {
Expand Down
48 changes: 0 additions & 48 deletions provider/test_utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,8 @@ package provider

import (
"fmt"
"github.com/hashicorp/go-version"
"github.com/mrparkers/terraform-provider-keycloak/keycloak"
"math/rand"
"os"
"regexp"
"strings"
"testing"
"time"
Expand Down Expand Up @@ -78,48 +75,3 @@ func TestCheckResourceAttrNot(name, key, value string) resource.TestCheckFunc {
return nil
}
}

var keycloakServerInfoVersion *version.Version

func keycloakVersionIsGreaterThanOrEqualTo(keycloakClient *keycloak.KeycloakClient, keycloakMajorVersion *version.Version) (bool, error) {
if keycloakServerInfoVersion == nil {
serverInfo, err := keycloakClient.GetServerInfo()
if err != nil {
return false, fmt.Errorf("/serverInfo endpoint retuned an error, server Keycloak version could not be determined: %s", err)
}

regex := regexp.MustCompile(`^(\d+\.\d+\.\d+)`)
semver := regex.FindStringSubmatch(serverInfo.SystemInfo.ServerVersion)[0]

keycloakServerInfoVersion, err = version.NewVersion(semver)
if err != nil {
return false, fmt.Errorf("/serverInfo endpoint retuned an unreadable version, server Keycloak version could not be determined: %s", err)
}
}
return keycloakServerInfoVersion.GreaterThanOrEqual(keycloakMajorVersion), nil
}

func getKeycloakVersion600() *version.Version {
v, _ := version.NewVersion("6.0.0")
return v
}

func getKeycloakVersion700() *version.Version {
v, _ := version.NewVersion("7.0.0")
return v
}

func getKeycloakVersion800() *version.Version {
v, _ := version.NewVersion("8.0.0")
return v
}

func getKeycloakVersion900() *version.Version {
v, _ := version.NewVersion("9.0.0")
return v
}

func getKeycloakVersion1000() *version.Version {
v, _ := version.NewVersion("10.0.0")
return v
}