Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use payload when deleting keycloak_generic_role_mapper for realm roles #772

Merged
merged 3 commits into from
Dec 4, 2022
Merged

fix: use payload when deleting keycloak_generic_role_mapper for realm roles #772

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6ffbb42
Use payload when deleting client realm roles
rd-robert-avram Nov 15, 2022
99a1cfe
Write test for corner case
rd-robert-avram Nov 15, 2022
8d91ea8
Merge branch 'master' into bugfix/delete-generic-keycloak-role-mapper…
rd-robert-avram Nov 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion keycloak/role_scope_mapping.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,15 @@ import (
"fmt"
)

type RealmRoleRepresentation struct {
Id string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Composite bool `json:"composite"`
ClientRole bool `json:"clientRole"`
ContainerId string `json:"containerId"`
}

func roleScopeMappingUrl(realmId, clientId string, clientScopeId string, role *Role) string {
if clientId != "" {
if role.ClientRole {
Expand Down Expand Up @@ -52,5 +61,19 @@ func (keycloakClient *KeycloakClient) GetRoleScopeMapping(ctx context.Context, r

func (keycloakClient *KeycloakClient) DeleteRoleScopeMapping(ctx context.Context, realmId string, clientId string, clientScopeId string, role *Role) error {
roleUrl := roleScopeMappingUrl(realmId, clientId, clientScopeId, role)
return keycloakClient.delete(ctx, roleUrl, nil)
if role.ClientRole {
return keycloakClient.delete(ctx, roleUrl, nil)
} else {
body := [1]RealmRoleRepresentation{
{
Id: role.Id,
Name: role.Name,
Description: role.Description,
Composite: role.Composite,
ClientRole: role.ClientRole,
ContainerId: role.ContainerId,
},
}
return keycloakClient.delete(ctx, roleUrl, body)
}
}
112 changes: 112 additions & 0 deletions provider/resource_keycloak_generic_role_mapper_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,42 @@ func TestAccKeycloakGenericRoleMapper_basicClientScopeRealmRole(t *testing.T) {
})
}

func TestAccKeycloakGenericRoleMapper_deleteIndividualMappers(t *testing.T) {
t.Parallel()

var someRole = &keycloak.Role{}
var someOtherRole = &keycloak.Role{}
var client = &keycloak.GenericClient{}

clientName := acctest.RandomWithPrefix("tf-acc")
someRoleName := acctest.RandomWithPrefix("tf-acc")
someOtherRoleName := acctest.RandomWithPrefix("tf-acc")

resource.Test(t, resource.TestCase{
ProviderFactories: testAccProviderFactories,
PreCheck: func() { testAccPreCheck(t) },
CheckDestroy: testAccCheckKeycloakGenericRoleMapperDestroy("keycloak_generic_role_mapper.client-with-some-role"),
Steps: []resource.TestStep{
{
Config: testKeycloakGenericRoleMapper_basicClientDedicatedAllRealmRoles(clientName, someRoleName, someOtherRoleName),
Check: resource.ComposeTestCheckFunc(
testAccCheckKeycloakGenericClientRoleMapperExists("keycloak_generic_role_mapper.client-with-some-role"),
testAccCheckKeycloakGenericClientRoleMapperExists("keycloak_generic_role_mapper.client-with-some-other-role"),
testAccCheckKeycloakRoleFetch("keycloak_role.some-role", someRole),
testAccCheckKeycloakRoleFetch("keycloak_role.some-other-role", someOtherRole),
testAccCheckKeycloakGenericClientFetch("keycloak_openid_client.client", client),
),
},
{
Config: testKeycloakGenericRoleMapper_basicClientDedicatedPartialRealmRoles(clientName, someRoleName, someOtherRoleName),
Check: resource.ComposeTestCheckFunc(
testAccCheckKeycloakGenericClientRoleMapperExists("keycloak_generic_role_mapper.client-with-some-other-role"),
),
},
},
})
}

func testAccCheckKeycloakGenericRoleMapperExists(resourceName string) resource.TestCheckFunc {
return func(s *terraform.State) error {
_, ok := s.RootModule().Resources[resourceName]
Expand All @@ -178,6 +214,16 @@ func getGenericRoleMapperId(resourceName string) resource.ImportStateIdFunc {
}
}

func testAccCheckKeycloakGenericRoleMapperDestroy(resourceName string) resource.TestCheckFunc {
return func(s *terraform.State) error {
_, ok := s.RootModule().Resources[resourceName]
if ok {
return fmt.Errorf("resource should not exist: %s", resourceName)
}
return nil
}
}

func testKeycloakGenericRoleMapper_basic(parentClientName, parentRoleName, childClientName string) string {
return fmt.Sprintf(`
data "keycloak_realm" "realm" {
Expand Down Expand Up @@ -264,3 +310,69 @@ resource "keycloak_generic_role_mapper" "clientscope-with-realm-role" {
}
`, testAccRealm.Realm, roleName, clientScopeName)
}

func testKeycloakGenericRoleMapper_basicClientDedicatedAllRealmRoles(clientName, someRoleName, someOtherRoleName string) string {
return fmt.Sprintf(`
data "keycloak_realm" "realm" {
realm = "%s"
}

resource "keycloak_openid_client" "client" {
realm_id = data.keycloak_realm.realm.id
client_id = "%s"
access_type = "PUBLIC"
}

resource "keycloak_role" "some-role" {
realm_id = data.keycloak_realm.realm.id
name = "%s"
}

resource "keycloak_role" "some-other-role" {
realm_id = data.keycloak_realm.realm.id
name = "%s"
}

resource "keycloak_generic_role_mapper" "client-with-some-role" {
realm_id = data.keycloak_realm.realm.id
client_id = keycloak_openid_client.client.id
role_id = keycloak_role.some-role.id
}

resource "keycloak_generic_role_mapper" "client-with-some-other-role" {
realm_id = data.keycloak_realm.realm.id
client_id = keycloak_openid_client.client.id
role_id = keycloak_role.some-other-role.id
}
`, testAccRealm.Realm, clientName, someRoleName, someOtherRoleName)
}

func testKeycloakGenericRoleMapper_basicClientDedicatedPartialRealmRoles(clientName, someRoleName, someOtherRoleName string) string {
return fmt.Sprintf(`
data "keycloak_realm" "realm" {
realm = "%s"
}

resource "keycloak_openid_client" "client" {
realm_id = data.keycloak_realm.realm.id
client_id = "%s"
access_type = "PUBLIC"
}

resource "keycloak_role" "some-role" {
realm_id = data.keycloak_realm.realm.id
name = "%s"
}

resource "keycloak_role" "some-other-role" {
realm_id = data.keycloak_realm.realm.id
name = "%s"
}

resource "keycloak_generic_role_mapper" "client-with-some-other-role" {
realm_id = data.keycloak_realm.realm.id
client_id = keycloak_openid_client.client.id
role_id = keycloak_role.some-other-role.id
}
`, testAccRealm.Realm, clientName, someRoleName, someOtherRoleName)
}