Added user attributes, client auth resources, service account roles #104
Conversation
…rm-provider-keycloak into client-resources
AndrewChubatiuk
changed the title
|
@mrparkers
|
There was a problem hiding this comment.
Thanks for the contributions!
I'm okay with the addition of all of these resources and data sources in one PR, but I'm a little uneasy about also upgrading Keycloak to 6.0.1 in the same PR. Would you be okay with opening a smaller PR that only contains the changes needed for the 6.0.1 upgrade? I can merge that one first, and you can rebase this PR with master to continue with these changes.
Also, since this is the first time data sources will be supported (thank you for this by the way), we may need to make some significant changes to the file names. The convention for all of the other Terraform providers I've seen prefixes all resources with resource_ and all data sources with data_. I'm not sure why I didn't do this from the start 😢. Would you be okay with opening a separate PR that contains only those changes, as well as the new data sources? I'm afraid this PR will be massive if we make all of the file name changes here.
keycloak/group.go
Outdated
| } | ||
|
|
||
| func (keycloakClient *KeycloakClient) ListGroupsWithName(realmId, name string) ([]*Group, error) { | ||
| var groups []*Group | ||
|
|
||
| err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups?search=%s", realmId, url.QueryEscape(name)), &groups) | ||
| err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups?search=%s", realmId, url.QueryEscape(name)), &groups, nil) |
There was a problem hiding this comment.
Since you added the params argument to the get method, would you mind updating this line to use that argument for the search param here?
keycloak/openid_client.go
Outdated
|
|
||
| err := keycloakClient.get(fmt.Sprintf("/realms/%s/clients?clientId=%s", realmId, clientId), &clients) | ||
| err := keycloakClient.get(fmt.Sprintf("/realms/%s/clients?clientId=%s", realmId, clientId), &clients, nil) |
There was a problem hiding this comment.
Could you update this line to use the new params argument for the clientId param?
keycloak/user.go
Outdated
| } | ||
|
|
||
| func (keycloakClient *KeycloakClient) GetUserByUsername(realmId, username string) (*User, error) { | ||
| var users []*User | ||
|
|
||
| err := keycloakClient.get(fmt.Sprintf("/realms/%s/users?username=%s", realmId, url.QueryEscape(username)), &users) | ||
| err := keycloakClient.get(fmt.Sprintf("/realms/%s/users?username=%s", realmId, url.QueryEscape(username)), &users, nil) |
There was a problem hiding this comment.
Could you update this line to use the new params argument for the username param?
| ) | ||
|
|
||
| func dataSourceKeycloakOpenidClient() *schema.Resource { | ||
| return &schema.Resource{ |
There was a problem hiding this comment.
Could the schema for the openid_client resource be re-used here instead of defining it again?
There was a problem hiding this comment.
I assume the answer is no since the data attributes will almost all be Computed, but I want to hear your thoughts on this.
There was a problem hiding this comment.
Right, now the only difference is that data source attributes are computed, but usually data source scheme has bigger differences. I would like to leave it as it is
| type OpenidClientAuthorizationSettings struct { | ||
| PolicyEnforcementMode string `json:"policyEnforcementMode,omitempty"` | ||
| AllowRemoteResourceManagement bool `json:"allowRemoteResourceManagement,omitempty"` | ||
| } |
There was a problem hiding this comment.
I think these new structs and methods can probably be moved to their own files, unless there is a specific reason you wanted them here.
| @@ -129,6 +129,10 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { | |||
| directAccessGrantsEnabled := randomBool() | |||
| serviceAccountsEnabled := randomBool() | |||
|
|
|||
| if !standardFlowEnabled { | |||
| implicitFlowEnabled = !standardFlowEnabled | |||
| } | |||
There was a problem hiding this comment.
What's the reason for this change?
There was a problem hiding this comment.
At least standard or implicit flow should be enabled to set valid redirect URI
There was a problem hiding this comment.
Is that new behavior with version 5.0.0 or 6.0.0 of Keycloak. I realize that there is no point in setting valid redirect uris without either of these two flows enabled, but I don't believe Keycloak 4.8.3 requires it.
I'm fine with keeping this change, I was just curious what the context was.
provider/keycloak_openid_client.go
Outdated
| serviceAccountUserId = serviceAccountUser.Id | ||
| } | ||
|
|
||
| setOpenidClientData(data, client, serviceAccountUserId) |
There was a problem hiding this comment.
This block of code (lines 301 - 311) seems to be repeated multiple times. Could you update the setOpenidClientData to do this instead?
keycloak/openid_client.go
Outdated
| ContainerId: clientId, | ||
| ServiceAccountUserId: serviceAccountUserId, | ||
| }) | ||
| err := keycloakClient.get(fmt.Sprintf("/realms/%s/users/%s/role-mappings/clients/%s", realm, serviceAccountUserId, clientId), &serviceAccountRoles, nil) |
There was a problem hiding this comment.
I'm not sure I understand what's going on here. It looks like you're initializing the serviceAccountRoles slice with a single element, but then it's immediately being overwritten by this line. Is there a reason for this?
keycloak/openid_client.go
Outdated
|
|
||
| func (keycloakClient *KeycloakClient) DeleteOpenidClientServiceAccountRole(realm, serviceAccountUserId, clientId, roleId string) error { | ||
| serviceAccountRoles := []OpenidClientServiceAccountRole{} | ||
| serviceAccountRoles = append(serviceAccountRoles, OpenidClientServiceAccountRole{ |
keycloak/openid_client.go
Outdated
| } | ||
| serviceAccountRole.Id = role.Id | ||
| serviceAccountRoles := []OpenidClientServiceAccountRole{} | ||
| serviceAccountRoles = append(serviceAccountRoles, *serviceAccountRole) |
There was a problem hiding this comment.
Do you need to use append here? I think you could just initialize the slice with the single element instead of making it empty and adding to it.
…r-keycloak into client-resources
…rm-provider-keycloak into client-resources
…rm-provider-keycloak into client-resources
|
@mrparkers |
No description provided.