-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(keycloak): add seeder for clientScopeMappers (#352)
* extend the keycloak seeding to seed the clientScopeMappers -------------------- Refs: CPLP-3530 Reviewed-By: Evelyn Gurschler <evelyn.gurschler@bmw.de>
- Loading branch information
Showing
7 changed files
with
141 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
81 changes: 81 additions & 0 deletions
81
src/keycloak/Keycloak.Seeding/BusinessLogic/ClientScopeMapperUpdater.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
/******************************************************************************** | ||
* Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Apache License, Version 2.0 which is available at | ||
* https://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations | ||
* under the License. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
********************************************************************************/ | ||
|
||
using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling; | ||
using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Factory; | ||
using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library; | ||
using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library.Models.Roles; | ||
|
||
namespace Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.BusinessLogic; | ||
|
||
public class ClientScopeMapperUpdater : IClientScopeMapperUpdater | ||
{ | ||
private readonly IKeycloakFactory _keycloakFactory; | ||
private readonly ISeedDataHandler _seedData; | ||
|
||
public ClientScopeMapperUpdater(IKeycloakFactory keycloakFactory, ISeedDataHandler seedDataHandler) | ||
{ | ||
_keycloakFactory = keycloakFactory; | ||
_seedData = seedDataHandler; | ||
} | ||
|
||
public async Task UpdateClientScopeMapper(string instanceName, CancellationToken cancellationToken) | ||
{ | ||
var keycloak = _keycloakFactory.CreateKeycloakClient(instanceName); | ||
var realm = _seedData.Realm; | ||
|
||
var clients = await keycloak.GetClientsAsync(realm, null, true, cancellationToken).ConfigureAwait(false); | ||
foreach (var (clientName, mappingModels) in _seedData.ClientScopeMappings) | ||
{ | ||
var client = clients.SingleOrDefault(x => x.ClientId == clientName); | ||
if (client?.Id is null) | ||
{ | ||
throw new ConflictException($"No client id found with name {clientName}"); | ||
} | ||
|
||
var roles = await keycloak.GetRolesAsync(realm, client.Id, cancellationToken: cancellationToken).ConfigureAwait(false); | ||
foreach (var mappingModel in mappingModels) | ||
{ | ||
var clientScope = clients.SingleOrDefault(x => x.ClientId == mappingModel.Client); | ||
if (clientScope?.Id is null) | ||
{ | ||
throw new ConflictException($"No client id found with name {clientName}"); | ||
} | ||
var clientRoles = await keycloak.GetClientRolesScopeMappingsForClientAsync(realm, clientScope.Id, client.Id, cancellationToken).ConfigureAwait(false); | ||
var mappingModelRoles = mappingModel.Roles.Select(roleName => roles.SingleOrDefault(r => r.Name == roleName) ?? throw new ConflictException($"No role with name {roleName} found")); | ||
await AddAndDeleteRoles(keycloak, realm, clientScope.Id, client.Id, clientRoles, mappingModelRoles, cancellationToken).ConfigureAwait(false); | ||
} | ||
} | ||
} | ||
|
||
private static async Task AddAndDeleteRoles(KeycloakClient keycloak, string realm, string clientScopeId, string clientId, IEnumerable<Role> roles, IEnumerable<Role> updateRoles, CancellationToken cancellationToken) | ||
{ | ||
var rolesToAdd = updateRoles.ExceptBy(roles.Select(role => role.Name), roleModel => roleModel.Name).ToList(); | ||
var rolesToDelete = roles.ExceptBy(updateRoles.Select(roleModel => roleModel.Name), role => role.Name).ToList(); | ||
if (rolesToDelete.Any()) | ||
{ | ||
await keycloak.RemoveClientRolesFromClientScopeForClientAsync(realm, clientScopeId, clientId, rolesToDelete, cancellationToken).ConfigureAwait(false); | ||
} | ||
|
||
if (rolesToAdd.Any()) | ||
{ | ||
await keycloak.AddClientRolesScopeMappingToClientAsync(realm, clientScopeId, clientId, rolesToAdd, cancellationToken).ConfigureAwait(false); | ||
} | ||
} | ||
} |
25 changes: 25 additions & 0 deletions
25
src/keycloak/Keycloak.Seeding/BusinessLogic/IClientScopeMapperUpdater.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
/******************************************************************************** | ||
* Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Apache License, Version 2.0 which is available at | ||
* https://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations | ||
* under the License. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
********************************************************************************/ | ||
|
||
namespace Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.BusinessLogic; | ||
|
||
public interface IClientScopeMapperUpdater | ||
{ | ||
Task UpdateClientScopeMapper(string instanceName, CancellationToken cancellationToken); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters