Merge pull request #97 from matskiv/INTLY-2987-cp-v1.7

INTLY-2987 - add users realmRoles reconciliation (v1.7)

Makefile

@@ -4,7 +4,7 @@ CONSUMER_NAMESPACES=${NAMESPACE}
 PROJECT=keycloak-operator
 REG=quay.io
 SHELL=/bin/bash
-TAG=v1.7.5
+TAG=v1.7.6
 PKG=github.com/integr8ly/keycloak-operator
 TEST_DIRS?=$(shell sh -c "find $(TOP_SRC_DIRS) -name \\*_test.go -exec dirname {} \\; | sort | uniq")
 TEST_POD_NAME=keycloak-operator-test

deploy/operator.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: keycloak-operator
-          image: quay.io/integreatly/keycloak-operator:v1.7.5
+          image: quay.io/integreatly/keycloak-operator:v1.7.6
           ports:
           - containerPort: 60000
             name: metrics

deploy/test-pod.yaml

@@ -6,7 +6,7 @@ spec:
   restartPolicy: Never
   containers:
   - name: keycloak-operator-test
-    image: quay.io/integreatly/keycloak-operator:v1.7.5
+    image: quay.io/integreatly/keycloak-operator:v1.7.6
     imagePullPolicy: Always
     command: ["/go-test.sh"]
     env:

pkg/apis/aerogear/v1alpha1/types.go

@@ -154,7 +154,7 @@ type KeycloakUserPair struct {
 	SpecUser *KeycloakUser
 }
 
-type KeycloakUserClientRole struct {
+type KeycloakUserRole struct {
 	ID          string `json:"id,omitempty"`
 	Name        string `json:"name,omitempty"`
 	Description string `json:"description,omitempty"`

pkg/keycloak/client.go

@@ -91,23 +91,39 @@ func (c *Client) CreateUser(user *v1alpha1.KeycloakUser, realmName string) error
 	return c.create(user.KeycloakApiUser, fmt.Sprintf("realms/%s/users", realmName), "user")
 }
 
-func (c *Client) CreateUserClientRole(role *v1alpha1.KeycloakUserClientRole, realmName, clientID, userId string) error {
+func (c *Client) CreateUserClientRole(role *v1alpha1.KeycloakUserRole, realmName, clientID, userId string) error {
 	return c.create(
-		[]*v1alpha1.KeycloakUserClientRole{role},
+		[]*v1alpha1.KeycloakUserRole{role},
 		fmt.Sprintf("realms/%s/users/%s/role-mappings/clients/%s", realmName, userId, clientID),
 		"user-client-role",
 	)
 }
+func (c *Client) CreateUserRealmRole(role *v1alpha1.KeycloakUserRole, realmName, userId string) error {
+	return c.create(
+		[]*v1alpha1.KeycloakUserRole{role},
+		fmt.Sprintf("realms/%s/users/%s/role-mappings/realm", realmName, userId),
+		"user-realm-role",
+	)
+}
 
 func (c *Client) CreateAuthenticatorConfig(authenticatorConfig *v1alpha1.AuthenticatorConfig, realmName, executionID string) error {
 	return c.create(authenticatorConfig, fmt.Sprintf("realms/%s/authentication/executions/%s/config", realmName, executionID), "AuthenticatorConfig")
 }
 
-func (c *Client) DeleteUserClientRole(role *v1alpha1.KeycloakUserClientRole, realmName, clientID, userId string) error {
+func (c *Client) DeleteUserClientRole(role *v1alpha1.KeycloakUserRole, realmName, clientID, userId string) error {
 	err := c.delete(
 		fmt.Sprintf("realms/%s/users/%s/role-mappings/clients/%s", realmName, userId, clientID),
 		"user-client-role",
-		[]*v1alpha1.KeycloakUserClientRole{role},
+		[]*v1alpha1.KeycloakUserRole{role},
+	)
+	return err
+}
+
+func (c *Client) DeleteUserRealmRole(role *v1alpha1.KeycloakUserRole, realmName, userId string) error {
+	err := c.delete(
+		fmt.Sprintf("realms/%s/users/%s/role-mappings/realm", realmName, userId),
+		"user-realm-role",
+		[]*v1alpha1.KeycloakUserRole{role},
 	)
 	return err
 }
@@ -512,28 +528,52 @@ func (c *Client) ListIdentityProviders(realmName string) ([]*v1alpha1.KeycloakId
 	return result.([]*v1alpha1.KeycloakIdentityProvider), err
 }
 
-func (c *Client) ListUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserClientRole, error) {
+func (c *Client) ListUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserRole, error) {
 	objects, err := c.list("realms/"+realmName+"/users/"+userID+"/role-mappings/clients/"+clientID, "userClientRoles", func(body []byte) (t T, e error) {
-		var userClientRoles []*v1alpha1.KeycloakUserClientRole
+		var userClientRoles []*v1alpha1.KeycloakUserRole
 		err := json.Unmarshal(body, &userClientRoles)
 		return userClientRoles, err
 	})
 	if err != nil {
 		return nil, err
 	}
-	return objects.([]*v1alpha1.KeycloakUserClientRole), err
+	return objects.([]*v1alpha1.KeycloakUserRole), err
 }
 
-func (c *Client) ListAvailableUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserClientRole, error) {
+func (c *Client) ListAvailableUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserRole, error) {
 	objects, err := c.list("realms/"+realmName+"/users/"+userID+"/role-mappings/clients/"+clientID+"/available", "userClientRoles", func(body []byte) (t T, e error) {
-		var userClientRoles []*v1alpha1.KeycloakUserClientRole
+		var userClientRoles []*v1alpha1.KeycloakUserRole
 		err := json.Unmarshal(body, &userClientRoles)
 		return userClientRoles, err
 	})
 	if err != nil {
 		return nil, err
 	}
-	return objects.([]*v1alpha1.KeycloakUserClientRole), err
+	return objects.([]*v1alpha1.KeycloakUserRole), err
+}
+
+func (c *Client) ListUserRealmRoles(realmName, userID string) ([]*v1alpha1.KeycloakUserRole, error) {
+	objects, err := c.list("realms/"+realmName+"/users/"+userID+"/role-mappings/realm", "userRealmRoles", func(body []byte) (t T, e error) {
+		var userRealmRoles []*v1alpha1.KeycloakUserRole
+		err := json.Unmarshal(body, &userRealmRoles)
+		return userRealmRoles, err
+	})
+	if err != nil {
+		return nil, err
+	}
+	return objects.([]*v1alpha1.KeycloakUserRole), err
+}
+
+func (c *Client) ListAvailableUserRealmRoles(realmName, userID string) ([]*v1alpha1.KeycloakUserRole, error) {
+	objects, err := c.list("realms/"+realmName+"/users/"+userID+"/role-mappings/realm/available", "userClientRoles", func(body []byte) (t T, e error) {
+		var userRealmRoles []*v1alpha1.KeycloakUserRole
+		err := json.Unmarshal(body, &userRealmRoles)
+		return userRealmRoles, err
+	})
+	if err != nil {
+		return nil, err
+	}
+	return objects.([]*v1alpha1.KeycloakUserRole), err
 }
 
 func (c *Client) ListAuthenticationExecutionsForFlow(flowAlias, realmName string) ([]*v1alpha1.AuthenticationExecutionInfo, error) {
@@ -660,10 +700,15 @@ type KeycloakInterface interface {
 	DeleteIdentityProvider(alias, realmName string) error
 	ListIdentityProviders(realmName string) ([]*v1alpha1.KeycloakIdentityProvider, error)
 
-	CreateUserClientRole(role *v1alpha1.KeycloakUserClientRole, realmName, clientID, userId string) error
-	ListUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserClientRole, error)
-	ListAvailableUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserClientRole, error)
-	DeleteUserClientRole(role *v1alpha1.KeycloakUserClientRole, realmName, clientID, userID string) error
+	CreateUserClientRole(role *v1alpha1.KeycloakUserRole, realmName, clientID, userId string) error
+	ListUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserRole, error)
+	ListAvailableUserClientRoles(realmName, clientID, userID string) ([]*v1alpha1.KeycloakUserRole, error)
+	DeleteUserClientRole(role *v1alpha1.KeycloakUserRole, realmName, clientID, userID string) error
+
+	CreateUserRealmRole(role *v1alpha1.KeycloakUserRole, realmName, userId string) error
+	ListUserRealmRoles(realmName, userID string) ([]*v1alpha1.KeycloakUserRole, error)
+	ListAvailableUserRealmRoles(realmName, userID string) ([]*v1alpha1.KeycloakUserRole, error)
+	DeleteUserRealmRole(role *v1alpha1.KeycloakUserRole, realmName, userID string) error
 
 	ListAuthenticationExecutionsForFlow(flowAlias, realmName string) ([]*v1alpha1.AuthenticationExecutionInfo, error)