-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add service user client role mapping (#30)
- Loading branch information
1 parent
f9a15f5
commit cea475a
Showing
4 changed files
with
145 additions
and
2 deletions.
There are no files selected for viewing
111 changes: 111 additions & 0 deletions
111
...crilabs/keycloak/configurator/commands/configure/boundary/ServiceAccountRoleImporter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
package com.cycrilabs.keycloak.configurator.commands.configure.boundary; | ||
|
||
import java.nio.file.Path; | ||
import java.util.List; | ||
import java.util.Map; | ||
import java.util.function.Function; | ||
import java.util.stream.Collectors; | ||
|
||
import jakarta.enterprise.context.ApplicationScoped; | ||
import jakarta.ws.rs.core.GenericType; | ||
|
||
import org.keycloak.representations.idm.ClientRepresentation; | ||
import org.keycloak.representations.idm.RoleRepresentation; | ||
import org.keycloak.representations.idm.UserRepresentation; | ||
|
||
import com.cycrilabs.keycloak.configurator.commands.configure.entity.ServiceUserClientRoleMappingDTO; | ||
import com.cycrilabs.keycloak.configurator.shared.control.JsonUtil; | ||
import com.cycrilabs.keycloak.configurator.shared.entity.EntityType; | ||
|
||
import io.quarkus.logging.Log; | ||
|
||
@ApplicationScoped | ||
public class ServiceAccountRoleImporter extends AbstractImporter { | ||
@Override | ||
public EntityType getType() { | ||
return EntityType.SERVICE_ACCOUNT_ROLE; | ||
} | ||
|
||
@Override | ||
protected Object importFile(final Path file) { | ||
final String[] fileNameParts = file.toString().split(PATH_SEPARATOR); | ||
final String realmName = fileNameParts[fileNameParts.length - 4]; | ||
final String serviceUsername = fileNameParts[fileNameParts.length - 2]; | ||
|
||
Log.debugf("Importing service account roles '%s' for service user '%s' of realm '%s'.", | ||
file.getFileName(), serviceUsername, realmName); | ||
|
||
final UserRepresentation user = loadUserByUsername(realmName, serviceUsername); | ||
if (user == null) { | ||
return null; | ||
} | ||
|
||
Log.debugf("Found service user '%s' of realm '%s'.", user.getUsername(), realmName); | ||
|
||
importServiceUserClientRoleMappings(file, realmName, user); | ||
|
||
return null; | ||
} | ||
|
||
private UserRepresentation loadUserByUsername(final String realmName, final String username) { | ||
try { | ||
final List<UserRepresentation> userRepresentations = keycloak.realm(realmName) | ||
.users() | ||
.searchByUsername(username, Boolean.TRUE); | ||
if (userRepresentations.size() == 1) { | ||
return userRepresentations.getFirst(); | ||
} | ||
|
||
Log.warnf("Found %d users '%s' of realm '%s'. Skipping import.", | ||
Integer.valueOf(userRepresentations.size()), username, realmName); | ||
} catch (final Exception e) { | ||
Log.errorf("Could not find user '%s' of realm '%s': %s", username, realmName, | ||
e.getMessage()); | ||
} | ||
return null; | ||
} | ||
|
||
private void importServiceUserClientRoleMappings(final Path file, final String realmName, | ||
final UserRepresentation serviceUser) { | ||
final List<ServiceUserClientRoleMappingDTO> serviceUserClientRoleMappings = | ||
JsonUtil.loadEntity(file, new GenericType<List<ServiceUserClientRoleMappingDTO>>() { | ||
}.getType()); | ||
for (final ServiceUserClientRoleMappingDTO mapping : serviceUserClientRoleMappings) { | ||
final String clientName = mapping.getClient(); | ||
final List<String> roles = mapping.getRoles(); | ||
|
||
Log.debugf( | ||
"Importing client roles '%s' of client '%s' for service user '%s' of realm '%s'.", | ||
roles.toString(), clientName, serviceUser.getUsername(), realmName); | ||
final List<ClientRepresentation> clients = keycloak.realm(realmName) | ||
.clients() | ||
.findByClientId(clientName); | ||
if (clients.size() != 1) { | ||
Log.warnf("Found %d clients '%s' of realm '%s'. Skipping import.", | ||
Integer.valueOf(clients.size()), clientName, realmName); | ||
return; | ||
} | ||
|
||
final ClientRepresentation client = clients.getFirst(); | ||
final Map<String, RoleRepresentation> availableClientRoles = keycloak.realm(realmName) | ||
.clients() | ||
.get(client.getId()) | ||
.roles() | ||
.list() | ||
.stream() | ||
.collect(Collectors.toMap(RoleRepresentation::getName, Function.identity())); | ||
Log.debugf("Found %d roles of client '%s' of realm '%s'.", | ||
Integer.valueOf(availableClientRoles.size()), clientName, realmName); | ||
|
||
keycloak.realm(realmName) | ||
.users() | ||
.get(serviceUser.getId()) | ||
.roles() | ||
.clientLevel(client.getId()) | ||
.add(roles.stream() | ||
.filter(availableClientRoles::containsKey) | ||
.map(availableClientRoles::get) | ||
.toList()); | ||
} | ||
} | ||
} |
13 changes: 13 additions & 0 deletions
13
...labs/keycloak/configurator/commands/configure/entity/ServiceUserClientRoleMappingDTO.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package com.cycrilabs.keycloak.configurator.commands.configure.entity; | ||
|
||
import java.util.List; | ||
|
||
import lombok.Getter; | ||
import lombok.Setter; | ||
|
||
@Getter | ||
@Setter | ||
public class ServiceUserClientRoleMappingDTO { | ||
private String client; | ||
private List<String> roles; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters