Skip to content

Commit

Permalink
Adds user attributes, client auth resources, service account roles (#104
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@AndrewChubatiuk @mrparkers
AndrewChubatiuk authored and mrparkers committed May 14, 2019
1 parent a278106 commit 1267c01
Show file tree
Hide file tree
Showing 50 changed files with 2,699 additions and 164 deletions.
77 changes: 77 additions & 0 deletions example/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -444,3 +444,80 @@ resource keycloak_hardcoded_attribute_identity_provider_mapper saml {
attribute_value = "value"
user_session = false
}

data "keycloak_openid_client" "broker" {
realm_id = "${keycloak_realm.test.id}"
client_id = "broker"
}

data "keycloak_openid_client_authorization_policy" "default" {
realm_id = "${keycloak_realm.test.id}"
resource_server_id = "${keycloak_openid_client.test_client_auth.resource_server_id}"
name = "default"
}

resource "keycloak_openid_client" "test_client_auth" {
client_id = "test-client-auth"
name = "test-client-auth"
realm_id = "${keycloak_realm.test.id}"
description = "a test openid client"

access_type = "CONFIDENTIAL"
direct_access_grants_enabled = true
implicit_flow_enabled = true
service_accounts_enabled = true

valid_redirect_uris = [
"http://localhost:5555/callback",
]

authorization {
policy_enforcement_mode = "ENFORCING"
}

client_secret = "secret"
}

resource "keycloak_openid_client_authorization_permission" "resource" {
resource_server_id = "${keycloak_openid_client.test_client_auth.resource_server_id}"
realm_id = "${keycloak_realm.test.id}"
name = "test"
policies = ["${data.keycloak_openid_client_authorization_policy.default.id}"]
resources = ["${keycloak_openid_client_authorization_resource.resource.id}"]
}

resource "keycloak_openid_client_authorization_resource" "resource" {
resource_server_id = "${keycloak_openid_client.test_client_auth.resource_server_id}"
name = "test-openid-client1"
realm_id = "${keycloak_realm.test.id}"

uris = [
"/endpoint/*"
]

attributes = {
"asdads" = "asdasd"
}
}

resource "keycloak_openid_client_authorization_scope" "resource" {
resource_server_id = "${keycloak_openid_client.test_client_auth.resource_server_id}"
name = "test-openid-client1"
realm_id = "${keycloak_realm.test.id}"
}

resource "keycloak_user" "resource" {
realm_id = "${keycloak_realm.test.id}"
username = "test"

attributes = {
"key" = "value"
}
}

resource "keycloak_openid_client_service_account_role" "read_token" {
realm_id = "${keycloak_realm.test.id}"
client_id = "${data.keycloak_openid_client.broker.id}"
service_account_user_id = "${keycloak_openid_client.test_client_auth.service_account_user_id}"
role = "read-token"
}
6 changes: 3 additions & 3 deletions keycloak/custom_user_federation.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ func (keycloakClient *KeycloakClient) ValidateCustomUserFederation(custom *Custo
}

func (keycloakClient *KeycloakClient) NewCustomUserFederation(customUserFederation *CustomUserFederation) error {
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", customUserFederation.RealmId), convertFromCustomUserFederationToComponent(customUserFederation))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", customUserFederation.RealmId), convertFromCustomUserFederationToComponent(customUserFederation))
if err != nil {
return err
}
Expand All @@ -98,7 +98,7 @@ func (keycloakClient *KeycloakClient) NewCustomUserFederation(customUserFederati
func (keycloakClient *KeycloakClient) GetCustomUserFederation(realmId, id string) (*CustomUserFederation, error) {
var component *component

err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component, nil)
if err != nil {
return nil, err
}
Expand All @@ -111,5 +111,5 @@ func (keycloakClient *KeycloakClient) UpdateCustomUserFederation(customUserFeder
}

func (keycloakClient *KeycloakClient) DeleteCustomUserFederation(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id), nil)
}
2 changes: 1 addition & 1 deletion keycloak/generic_client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ type GenericClient struct {
func (keycloakClient *KeycloakClient) listGenericClients(realmId string) ([]*GenericClient, error) {
var clients []*GenericClient

err := keycloakClient.get(fmt.Sprintf("/realms/%s/clients", realmId), &clients)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/clients", realmId), &clients, nil)
if err != nil {
return nil, err
}
Expand Down
15 changes: 9 additions & 6 deletions keycloak/group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package keycloak

import (
"fmt"
"net/url"
"strings"
)

Expand Down Expand Up @@ -79,7 +78,7 @@ func (keycloakClient *KeycloakClient) NewGroup(group *Group) error {
createGroupUrl = fmt.Sprintf("/realms/%s/groups/%s/children", group.RealmId, group.ParentId)
}

location, err := keycloakClient.post(createGroupUrl, group)
_, location, err := keycloakClient.post(createGroupUrl, group)
if err != nil {
return err
}
Expand All @@ -92,7 +91,7 @@ func (keycloakClient *KeycloakClient) NewGroup(group *Group) error {
func (keycloakClient *KeycloakClient) GetGroup(realmId, id string) (*Group, error) {
var group Group

err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups/%s", realmId, id), &group)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups/%s", realmId, id), &group, nil)
if err != nil {
return nil, err
}
Expand All @@ -114,13 +113,17 @@ func (keycloakClient *KeycloakClient) UpdateGroup(group *Group) error {
}

func (keycloakClient *KeycloakClient) DeleteGroup(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/groups/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/groups/%s", realmId, id), nil)
}

func (keycloakClient *KeycloakClient) ListGroupsWithName(realmId, name string) ([]*Group, error) {
var groups []*Group

err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups?search=%s", realmId, url.QueryEscape(name)), &groups)
params := map[string]string{
"search": name,
}

err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups", realmId), &groups, params)
if err != nil {
return nil, err
}
Expand All @@ -131,7 +134,7 @@ func (keycloakClient *KeycloakClient) ListGroupsWithName(realmId, name string) (
func (keycloakClient *KeycloakClient) GetGroupMembers(realmId, groupId string) ([]*User, error) {
var users []*User

err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups/%s/members", realmId, groupId), &users)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups/%s/members", realmId, groupId), &users, nil)
if err != nil {
return nil, err
}
Expand Down
6 changes: 3 additions & 3 deletions keycloak/identity_provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ type IdentityProvider struct {

func (keycloakClient *KeycloakClient) NewIdentityProvider(identityProvider *IdentityProvider) error {
log.Printf("[WARN] Realm: %s", identityProvider.Realm)
_, err := keycloakClient.post(fmt.Sprintf("/realms/%s/identity-provider/instances", identityProvider.Realm), identityProvider)
_, _, err := keycloakClient.post(fmt.Sprintf("/realms/%s/identity-provider/instances", identityProvider.Realm), identityProvider)
if err != nil {
return err
}
Expand All @@ -65,7 +65,7 @@ func (keycloakClient *KeycloakClient) GetIdentityProvider(realm, alias string) (
var identityProvider IdentityProvider
identityProvider.Realm = realm

err := keycloakClient.get(fmt.Sprintf("/realms/%s/identity-provider/instances/%s", realm, alias), &identityProvider)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/identity-provider/instances/%s", realm, alias), &identityProvider, nil)
if err != nil {
return nil, err
}
Expand All @@ -78,5 +78,5 @@ func (keycloakClient *KeycloakClient) UpdateIdentityProvider(identityProvider *I
}

func (keycloakClient *KeycloakClient) DeleteIdentityProvider(realm, alias string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/identity-provider/instances/%s", realm, alias))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/identity-provider/instances/%s", realm, alias), nil)
}
6 changes: 3 additions & 3 deletions keycloak/identity_provider_mapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ type IdentityProviderMapper struct {

func (keycloakClient *KeycloakClient) NewIdentityProviderMapper(identityProviderMapper *IdentityProviderMapper) error {
log.Printf("[WARN] Realm: %s", identityProviderMapper.Realm)
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers", identityProviderMapper.Realm, identityProviderMapper.IdentityProviderAlias), identityProviderMapper)
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers", identityProviderMapper.Realm, identityProviderMapper.IdentityProviderAlias), identityProviderMapper)
if err != nil {
return err
}
Expand All @@ -44,7 +44,7 @@ func (keycloakClient *KeycloakClient) GetIdentityProviderMapper(realm, alias, id
identityProviderMapper.Realm = realm
identityProviderMapper.IdentityProviderAlias = alias

err := keycloakClient.get(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers/%s", realm, alias, id), &identityProviderMapper)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers/%s", realm, alias, id), &identityProviderMapper, nil)
if err != nil {
return nil, err
}
Expand All @@ -57,5 +57,5 @@ func (keycloakClient *KeycloakClient) UpdateIdentityProviderMapper(identityProvi
}

func (keycloakClient *KeycloakClient) DeleteIdentityProviderMapper(realm, alias, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers/%s", realm, alias, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers/%s", realm, alias, id), nil)
}
37 changes: 28 additions & 9 deletions keycloak/keycloak_client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
Expand Down Expand Up @@ -166,7 +167,7 @@ func (keycloakClient *KeycloakClient) addRequestHeaders(request *http.Request) {
request.Header.Set("Authorization", fmt.Sprintf("%s %s", tokenType, accessToken))
request.Header.Set("Accept", "application/json")

if request.Method == http.MethodPost || request.Method == http.MethodPut {
if request.Method == http.MethodPost || request.Method == http.MethodPut || request.Method == http.MethodDelete {
request.Header.Set("Content-type", "application/json")
}
}
Expand Down Expand Up @@ -247,14 +248,22 @@ func (keycloakClient *KeycloakClient) sendRequest(request *http.Request) ([]byte
return body, response.Header.Get("Location"), nil
}

func (keycloakClient *KeycloakClient) get(path string, resource interface{}) error {
func (keycloakClient *KeycloakClient) get(path string, resource interface{}, params map[string]string) error {
resourceUrl := keycloakClient.baseUrl + apiUrl + path

request, err := http.NewRequest(http.MethodGet, resourceUrl, nil)
if err != nil {
return err
}

if params != nil {
query := url.Values{}
for k, v := range params {
query.Add(k, v)
}
request.URL.RawQuery = query.Encode()
}

body, _, err := keycloakClient.sendRequest(request)
if err != nil {
return err
Expand All @@ -263,22 +272,22 @@ func (keycloakClient *KeycloakClient) get(path string, resource interface{}) err
return json.Unmarshal(body, resource)
}

func (keycloakClient *KeycloakClient) post(path string, requestBody interface{}) (string, error) {
func (keycloakClient *KeycloakClient) post(path string, requestBody interface{}) ([]byte, string, error) {
resourceUrl := keycloakClient.baseUrl + apiUrl + path

payload, err := json.Marshal(requestBody)
if err != nil {
return "", err
return nil, "", err
}

request, err := http.NewRequest(http.MethodPost, resourceUrl, bytes.NewReader(payload))
if err != nil {
return "", err
return nil, "", err
}

_, location, err := keycloakClient.sendRequest(request)
body, location, err := keycloakClient.sendRequest(request)

return location, err
return body, location, err
}

func (keycloakClient *KeycloakClient) put(path string, requestBody interface{}) error {
Expand All @@ -299,10 +308,20 @@ func (keycloakClient *KeycloakClient) put(path string, requestBody interface{})
return err
}

func (keycloakClient *KeycloakClient) delete(path string) error {
func (keycloakClient *KeycloakClient) delete(path string, requestBody interface{}) error {
resourceUrl := keycloakClient.baseUrl + apiUrl + path

request, err := http.NewRequest(http.MethodDelete, resourceUrl, nil)
var body io.Reader

if requestBody != nil {
payload, err := json.Marshal(requestBody)
if err != nil {
return err
}
body = bytes.NewReader(payload)
}

request, err := http.NewRequest(http.MethodDelete, resourceUrl, body)
if err != nil {
return err
}
Expand Down
6 changes: 3 additions & 3 deletions keycloak/ldap_full_name_mapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func (keycloakClient *KeycloakClient) ValidateLdapFullNameMapper(mapper *LdapFul
}

func (keycloakClient *KeycloakClient) NewLdapFullNameMapper(ldapFullNameMapper *LdapFullNameMapper) error {
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapFullNameMapper.RealmId), convertFromLdapFullNameMapperToComponent(ldapFullNameMapper))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapFullNameMapper.RealmId), convertFromLdapFullNameMapperToComponent(ldapFullNameMapper))
if err != nil {
return err
}
Expand All @@ -95,7 +95,7 @@ func (keycloakClient *KeycloakClient) NewLdapFullNameMapper(ldapFullNameMapper *
func (keycloakClient *KeycloakClient) GetLdapFullNameMapper(realmId, id string) (*LdapFullNameMapper, error) {
var component *component

err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component, nil)
if err != nil {
return nil, err
}
Expand All @@ -108,5 +108,5 @@ func (keycloakClient *KeycloakClient) UpdateLdapFullNameMapper(ldapFullNameMappe
}

func (keycloakClient *KeycloakClient) DeleteLdapFullNameMapper(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id), nil)
}
6 changes: 3 additions & 3 deletions keycloak/ldap_group_mapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ func (keycloakClient *KeycloakClient) ValidateLdapGroupMapper(ldapGroupMapper *L
}

func (keycloakClient *KeycloakClient) NewLdapGroupMapper(ldapGroupMapper *LdapGroupMapper) error {
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapGroupMapper.RealmId), convertFromLdapGroupMapperToComponent(ldapGroupMapper))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapGroupMapper.RealmId), convertFromLdapGroupMapperToComponent(ldapGroupMapper))
if err != nil {
return err
}
Expand All @@ -166,7 +166,7 @@ func (keycloakClient *KeycloakClient) NewLdapGroupMapper(ldapGroupMapper *LdapGr
func (keycloakClient *KeycloakClient) GetLdapGroupMapper(realmId, id string) (*LdapGroupMapper, error) {
var component *component

err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component, nil)
if err != nil {
return nil, err
}
Expand All @@ -179,5 +179,5 @@ func (keycloakClient *KeycloakClient) UpdateLdapGroupMapper(ldapGroupMapper *Lda
}

func (keycloakClient *KeycloakClient) DeleteLdapGroupMapper(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id), nil)
}
6 changes: 3 additions & 3 deletions keycloak/ldap_msad_user_account_control_mapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func convertFromComponentToLdapMsadUserAccountControlMapper(component *component
}

func (keycloakClient *KeycloakClient) NewLdapMsadUserAccountControlMapper(ldapMsadUserAccountControlMapper *LdapMsadUserAccountControlMapper) error {
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapMsadUserAccountControlMapper.RealmId), convertFromLdapMsadUserAccountControlMapperToComponent(ldapMsadUserAccountControlMapper))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapMsadUserAccountControlMapper.RealmId), convertFromLdapMsadUserAccountControlMapperToComponent(ldapMsadUserAccountControlMapper))
if err != nil {
return err
}
Expand All @@ -59,7 +59,7 @@ func (keycloakClient *KeycloakClient) NewLdapMsadUserAccountControlMapper(ldapMs
func (keycloakClient *KeycloakClient) GetLdapMsadUserAccountControlMapper(realmId, id string) (*LdapMsadUserAccountControlMapper, error) {
var component *component

err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component, nil)
if err != nil {
return nil, err
}
Expand All @@ -72,5 +72,5 @@ func (keycloakClient *KeycloakClient) UpdateLdapMsadUserAccountControlMapper(lda
}

func (keycloakClient *KeycloakClient) DeleteLdapMsadUserAccountControlMapper(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id), nil)
}
Loading

0 comments on commit 1267c01

Please sign in to comment.