Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added user attributes, client auth resources, service account roles #104

Merged
merged 54 commits into from
May 14, 2019
Merged

Added user attributes, client auth resources, service account roles #104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
54 commits
Select commit Hold shift + click to select a range
3dd442f
initial commit
Apr 25, 2019
6909b20
go fmt
Apr 26, 2019
853524d
fixed resource body params
Apr 26, 2019
5555d95
fixed resource id
Apr 26, 2019
bcbd78b
upgraded keycloak and added example
Apr 26, 2019
81d5740
minor fix
Apr 27, 2019
fcce373
fixed resources
Apr 28, 2019
1e41445
fixed web origins
Apr 28, 2019
2c1c57b
added openid client authorization resources
Apr 29, 2019
78f84e9
resolved merge conflicts
Apr 29, 2019
a96715e
added examples
Apr 29, 2019
50d0dd4
Merge branch 'client-resources' of github.com:AndrewChubatiuk/terrafo…
Apr 29, 2019
ae21d62
updated endpoints
Apr 29, 2019
2ca6644
minor fix
Apr 30, 2019
6ca699f
fixed examples
Apr 30, 2019
558218b
removed unused util function
Apr 30, 2019
8edfe09
minor fix
Apr 30, 2019
ea1eae2
enable authorization service
Apr 30, 2019
1b25743
minor fix
Apr 30, 2019
cb87711
fixed tests for keycloak 6
Apr 30, 2019
5b540dd
minor fix
Apr 30, 2019
9131e7f
fixed tests
Apr 30, 2019
fdfe893
minor fix
Apr 30, 2019
ed8a631
minor fix
Apr 30, 2019
62d0e1b
minor fix
Apr 30, 2019
49697d0
updated service account role logic
May 1, 2019
3f5ec97
added resource_server_id
May 2, 2019
4c1606c
updated examples
May 2, 2019
c5f7396
minor fix
May 2, 2019
1a1a724
resolved conflicts
May 2, 2019
0e38f7c
Merge branch 'master' of github.com:AndrewChubatiuk/terraform-provide…
May 9, 2019
ff257fe
Merge branch 'master' into client-resources
AndrewChubatiuk May 9, 2019
cdcd08a
renamed new providers, PR comments fixes
May 10, 2019
e3c4562
Merge branch 'client-resources' of github.com:AndrewChubatiuk/terrafo…
May 10, 2019
eb3ea2a
fmt fix
May 10, 2019
484e7c2
pr comments
May 10, 2019
0084dd8
added tests
May 10, 2019
13fa442
minor fix
May 10, 2019
51edd05
minor fix
May 10, 2019
5f7328c
minor test fix
May 10, 2019
a1fd8bc
fixed getclientbyName
May 10, 2019
3cd9b3d
fixed delete request
May 10, 2019
288a4a7
Merge branch 'client-resources' of github.com:AndrewChubatiuk/terrafo…
May 10, 2019
adf1a3b
fixed auth policy test
May 10, 2019
eda5f46
test
May 10, 2019
26567d3
fixed service account tests
May 10, 2019
69a5c4f
fixed typo
May 10, 2019
0cdf594
minor fix
May 10, 2019
c9ef71b
minor update
May 10, 2019
517452b
minor fix
May 10, 2019
fae15f0
fixed delete request for service account role
May 10, 2019
d7c0e21
minor fix
May 10, 2019
8919a4e
trigger build
May 10, 2019
a688cc0
added default resource removal
May 11, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions example/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -444,3 +444,80 @@ resource keycloak_hardcoded_attribute_identity_provider_mapper saml {
attribute_value = "value"
user_session = false
}

data "keycloak_openid_client" "broker" {
realm_id = "${keycloak_realm.test.id}"
client_id = "broker"
}

data "keycloak_openid_client_authorization_policy" "default" {
realm_id = "${keycloak_realm.test.id}"
resource_server_id = "${keycloak_openid_client.test_client_auth.resource_server_id}"
name = "default"
}

resource "keycloak_openid_client" "test_client_auth" {
client_id = "test-client-auth"
name = "test-client-auth"
realm_id = "${keycloak_realm.test.id}"
description = "a test openid client"

access_type = "CONFIDENTIAL"
direct_access_grants_enabled = true
implicit_flow_enabled = true
service_accounts_enabled = true

valid_redirect_uris = [
"http://localhost:5555/callback",
]

authorization {
policy_enforcement_mode = "ENFORCING"
}

client_secret = "secret"
}

resource "keycloak_openid_client_authorization_permission" "resource" {
resource_server_id = "${keycloak_openid_client.test_client_auth.resource_server_id}"
realm_id = "${keycloak_realm.test.id}"
name = "test"
policies = ["${data.keycloak_openid_client_authorization_policy.default.id}"]
resources = ["${keycloak_openid_client_authorization_resource.resource.id}"]
}

resource "keycloak_openid_client_authorization_resource" "resource" {
resource_server_id = "${keycloak_openid_client.test_client_auth.resource_server_id}"
name = "test-openid-client1"
realm_id = "${keycloak_realm.test.id}"

uris = [
"/endpoint/*"
]

attributes = {
"asdads" = "asdasd"
}
}

resource "keycloak_openid_client_authorization_scope" "resource" {
resource_server_id = "${keycloak_openid_client.test_client_auth.resource_server_id}"
name = "test-openid-client1"
realm_id = "${keycloak_realm.test.id}"
}

resource "keycloak_user" "resource" {
realm_id = "${keycloak_realm.test.id}"
username = "test"

attributes = {
"key" = "value"
}
}

resource "keycloak_openid_client_service_account_role" "read_token" {
realm_id = "${keycloak_realm.test.id}"
client_id = "${data.keycloak_openid_client.broker.id}"
service_account_user_id = "${keycloak_openid_client.test_client_auth.service_account_user_id}"
role = "read-token"
}
6 changes: 3 additions & 3 deletions keycloak/custom_user_federation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ func (keycloakClient *KeycloakClient) ValidateCustomUserFederation(custom *Custo
}

func (keycloakClient *KeycloakClient) NewCustomUserFederation(customUserFederation *CustomUserFederation) error {
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", customUserFederation.RealmId), convertFromCustomUserFederationToComponent(customUserFederation))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", customUserFederation.RealmId), convertFromCustomUserFederationToComponent(customUserFederation))
if err != nil {
return err
}
Expand All @@ -98,7 +98,7 @@ func (keycloakClient *KeycloakClient) NewCustomUserFederation(customUserFederati
func (keycloakClient *KeycloakClient) GetCustomUserFederation(realmId, id string) (*CustomUserFederation, error) {
var component *component

err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component, nil)
if err != nil {
return nil, err
}
Expand All @@ -111,5 +111,5 @@ func (keycloakClient *KeycloakClient) UpdateCustomUserFederation(customUserFeder
}

func (keycloakClient *KeycloakClient) DeleteCustomUserFederation(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id), nil)
}
2 changes: 1 addition & 1 deletion keycloak/generic_client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ type GenericClient struct {
func (keycloakClient *KeycloakClient) listGenericClients(realmId string) ([]*GenericClient, error) {
var clients []*GenericClient

err := keycloakClient.get(fmt.Sprintf("/realms/%s/clients", realmId), &clients)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/clients", realmId), &clients, nil)
if err != nil {
return nil, err
}
Expand Down
15 changes: 9 additions & 6 deletions keycloak/group.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package keycloak

import (
"fmt"
"net/url"
"strings"
)

Expand Down Expand Up @@ -79,7 +78,7 @@ func (keycloakClient *KeycloakClient) NewGroup(group *Group) error {
createGroupUrl = fmt.Sprintf("/realms/%s/groups/%s/children", group.RealmId, group.ParentId)
}

location, err := keycloakClient.post(createGroupUrl, group)
_, location, err := keycloakClient.post(createGroupUrl, group)
if err != nil {
return err
}
Expand All @@ -92,7 +91,7 @@ func (keycloakClient *KeycloakClient) NewGroup(group *Group) error {
func (keycloakClient *KeycloakClient) GetGroup(realmId, id string) (*Group, error) {
var group Group

err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups/%s", realmId, id), &group)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups/%s", realmId, id), &group, nil)
if err != nil {
return nil, err
}
Expand All @@ -114,13 +113,17 @@ func (keycloakClient *KeycloakClient) UpdateGroup(group *Group) error {
}

func (keycloakClient *KeycloakClient) DeleteGroup(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/groups/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/groups/%s", realmId, id), nil)
}

func (keycloakClient *KeycloakClient) ListGroupsWithName(realmId, name string) ([]*Group, error) {
var groups []*Group

err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups?search=%s", realmId, url.QueryEscape(name)), &groups)
params := map[string]string{
"search": name,
}

err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups", realmId), &groups, params)
if err != nil {
return nil, err
}
Expand All @@ -131,7 +134,7 @@ func (keycloakClient *KeycloakClient) ListGroupsWithName(realmId, name string) (
func (keycloakClient *KeycloakClient) GetGroupMembers(realmId, groupId string) ([]*User, error) {
var users []*User

err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups/%s/members", realmId, groupId), &users)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/groups/%s/members", realmId, groupId), &users, nil)
if err != nil {
return nil, err
}
Expand Down
6 changes: 3 additions & 3 deletions keycloak/identity_provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ type IdentityProvider struct {

func (keycloakClient *KeycloakClient) NewIdentityProvider(identityProvider *IdentityProvider) error {
log.Printf("[WARN] Realm: %s", identityProvider.Realm)
_, err := keycloakClient.post(fmt.Sprintf("/realms/%s/identity-provider/instances", identityProvider.Realm), identityProvider)
_, _, err := keycloakClient.post(fmt.Sprintf("/realms/%s/identity-provider/instances", identityProvider.Realm), identityProvider)
if err != nil {
return err
}
Expand All @@ -65,7 +65,7 @@ func (keycloakClient *KeycloakClient) GetIdentityProvider(realm, alias string) (
var identityProvider IdentityProvider
identityProvider.Realm = realm

err := keycloakClient.get(fmt.Sprintf("/realms/%s/identity-provider/instances/%s", realm, alias), &identityProvider)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/identity-provider/instances/%s", realm, alias), &identityProvider, nil)
if err != nil {
return nil, err
}
Expand All @@ -78,5 +78,5 @@ func (keycloakClient *KeycloakClient) UpdateIdentityProvider(identityProvider *I
}

func (keycloakClient *KeycloakClient) DeleteIdentityProvider(realm, alias string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/identity-provider/instances/%s", realm, alias))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/identity-provider/instances/%s", realm, alias), nil)
}
6 changes: 3 additions & 3 deletions keycloak/identity_provider_mapper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ type IdentityProviderMapper struct {

func (keycloakClient *KeycloakClient) NewIdentityProviderMapper(identityProviderMapper *IdentityProviderMapper) error {
log.Printf("[WARN] Realm: %s", identityProviderMapper.Realm)
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers", identityProviderMapper.Realm, identityProviderMapper.IdentityProviderAlias), identityProviderMapper)
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers", identityProviderMapper.Realm, identityProviderMapper.IdentityProviderAlias), identityProviderMapper)
if err != nil {
return err
}
Expand All @@ -44,7 +44,7 @@ func (keycloakClient *KeycloakClient) GetIdentityProviderMapper(realm, alias, id
identityProviderMapper.Realm = realm
identityProviderMapper.IdentityProviderAlias = alias

err := keycloakClient.get(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers/%s", realm, alias, id), &identityProviderMapper)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers/%s", realm, alias, id), &identityProviderMapper, nil)
if err != nil {
return nil, err
}
Expand All @@ -57,5 +57,5 @@ func (keycloakClient *KeycloakClient) UpdateIdentityProviderMapper(identityProvi
}

func (keycloakClient *KeycloakClient) DeleteIdentityProviderMapper(realm, alias, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers/%s", realm, alias, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/identity-provider/instances/%s/mappers/%s", realm, alias, id), nil)
}
37 changes: 28 additions & 9 deletions keycloak/keycloak_client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
Expand Down Expand Up @@ -166,7 +167,7 @@ func (keycloakClient *KeycloakClient) addRequestHeaders(request *http.Request) {
request.Header.Set("Authorization", fmt.Sprintf("%s %s", tokenType, accessToken))
request.Header.Set("Accept", "application/json")

if request.Method == http.MethodPost || request.Method == http.MethodPut {
if request.Method == http.MethodPost || request.Method == http.MethodPut || request.Method == http.MethodDelete {
request.Header.Set("Content-type", "application/json")
}
}
Expand Down Expand Up @@ -247,14 +248,22 @@ func (keycloakClient *KeycloakClient) sendRequest(request *http.Request) ([]byte
return body, response.Header.Get("Location"), nil
}

func (keycloakClient *KeycloakClient) get(path string, resource interface{}) error {
func (keycloakClient *KeycloakClient) get(path string, resource interface{}, params map[string]string) error {
resourceUrl := keycloakClient.baseUrl + apiUrl + path

request, err := http.NewRequest(http.MethodGet, resourceUrl, nil)
if err != nil {
return err
}

if params != nil {
query := url.Values{}
for k, v := range params {
query.Add(k, v)
}
request.URL.RawQuery = query.Encode()
}

body, _, err := keycloakClient.sendRequest(request)
if err != nil {
return err
Expand All @@ -263,22 +272,22 @@ func (keycloakClient *KeycloakClient) get(path string, resource interface{}) err
return json.Unmarshal(body, resource)
}

func (keycloakClient *KeycloakClient) post(path string, requestBody interface{}) (string, error) {
func (keycloakClient *KeycloakClient) post(path string, requestBody interface{}) ([]byte, string, error) {
resourceUrl := keycloakClient.baseUrl + apiUrl + path

payload, err := json.Marshal(requestBody)
if err != nil {
return "", err
return nil, "", err
}

request, err := http.NewRequest(http.MethodPost, resourceUrl, bytes.NewReader(payload))
if err != nil {
return "", err
return nil, "", err
}

_, location, err := keycloakClient.sendRequest(request)
body, location, err := keycloakClient.sendRequest(request)

return location, err
return body, location, err
}

func (keycloakClient *KeycloakClient) put(path string, requestBody interface{}) error {
Expand All @@ -299,10 +308,20 @@ func (keycloakClient *KeycloakClient) put(path string, requestBody interface{})
return err
}

func (keycloakClient *KeycloakClient) delete(path string) error {
func (keycloakClient *KeycloakClient) delete(path string, requestBody interface{}) error {
resourceUrl := keycloakClient.baseUrl + apiUrl + path

request, err := http.NewRequest(http.MethodDelete, resourceUrl, nil)
var body io.Reader

if requestBody != nil {
payload, err := json.Marshal(requestBody)
if err != nil {
return err
}
body = bytes.NewReader(payload)
}

request, err := http.NewRequest(http.MethodDelete, resourceUrl, body)
if err != nil {
return err
}
Expand Down
6 changes: 3 additions & 3 deletions keycloak/ldap_full_name_mapper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func (keycloakClient *KeycloakClient) ValidateLdapFullNameMapper(mapper *LdapFul
}

func (keycloakClient *KeycloakClient) NewLdapFullNameMapper(ldapFullNameMapper *LdapFullNameMapper) error {
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapFullNameMapper.RealmId), convertFromLdapFullNameMapperToComponent(ldapFullNameMapper))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapFullNameMapper.RealmId), convertFromLdapFullNameMapperToComponent(ldapFullNameMapper))
if err != nil {
return err
}
Expand All @@ -95,7 +95,7 @@ func (keycloakClient *KeycloakClient) NewLdapFullNameMapper(ldapFullNameMapper *
func (keycloakClient *KeycloakClient) GetLdapFullNameMapper(realmId, id string) (*LdapFullNameMapper, error) {
var component *component

err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component, nil)
if err != nil {
return nil, err
}
Expand All @@ -108,5 +108,5 @@ func (keycloakClient *KeycloakClient) UpdateLdapFullNameMapper(ldapFullNameMappe
}

func (keycloakClient *KeycloakClient) DeleteLdapFullNameMapper(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id), nil)
}
6 changes: 3 additions & 3 deletions keycloak/ldap_group_mapper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ func (keycloakClient *KeycloakClient) ValidateLdapGroupMapper(ldapGroupMapper *L
}

func (keycloakClient *KeycloakClient) NewLdapGroupMapper(ldapGroupMapper *LdapGroupMapper) error {
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapGroupMapper.RealmId), convertFromLdapGroupMapperToComponent(ldapGroupMapper))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapGroupMapper.RealmId), convertFromLdapGroupMapperToComponent(ldapGroupMapper))
if err != nil {
return err
}
Expand All @@ -166,7 +166,7 @@ func (keycloakClient *KeycloakClient) NewLdapGroupMapper(ldapGroupMapper *LdapGr
func (keycloakClient *KeycloakClient) GetLdapGroupMapper(realmId, id string) (*LdapGroupMapper, error) {
var component *component

err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component, nil)
if err != nil {
return nil, err
}
Expand All @@ -179,5 +179,5 @@ func (keycloakClient *KeycloakClient) UpdateLdapGroupMapper(ldapGroupMapper *Lda
}

func (keycloakClient *KeycloakClient) DeleteLdapGroupMapper(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id), nil)
}
6 changes: 3 additions & 3 deletions keycloak/ldap_msad_user_account_control_mapper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func convertFromComponentToLdapMsadUserAccountControlMapper(component *component
}

func (keycloakClient *KeycloakClient) NewLdapMsadUserAccountControlMapper(ldapMsadUserAccountControlMapper *LdapMsadUserAccountControlMapper) error {
location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapMsadUserAccountControlMapper.RealmId), convertFromLdapMsadUserAccountControlMapperToComponent(ldapMsadUserAccountControlMapper))
_, location, err := keycloakClient.post(fmt.Sprintf("/realms/%s/components", ldapMsadUserAccountControlMapper.RealmId), convertFromLdapMsadUserAccountControlMapperToComponent(ldapMsadUserAccountControlMapper))
if err != nil {
return err
}
Expand All @@ -59,7 +59,7 @@ func (keycloakClient *KeycloakClient) NewLdapMsadUserAccountControlMapper(ldapMs
func (keycloakClient *KeycloakClient) GetLdapMsadUserAccountControlMapper(realmId, id string) (*LdapMsadUserAccountControlMapper, error) {
var component *component

err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component)
err := keycloakClient.get(fmt.Sprintf("/realms/%s/components/%s", realmId, id), &component, nil)
if err != nil {
return nil, err
}
Expand All @@ -72,5 +72,5 @@ func (keycloakClient *KeycloakClient) UpdateLdapMsadUserAccountControlMapper(lda
}

func (keycloakClient *KeycloakClient) DeleteLdapMsadUserAccountControlMapper(realmId, id string) error {
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id))
return keycloakClient.delete(fmt.Sprintf("/realms/%s/components/%s", realmId, id), nil)
}
Loading