Skip to content

Commit

Permalink
feat: update version parsing to handle redhat sso version strings (#721)
Browse files Browse the repository at this point in the history
  • Loading branch information
mrparkers authored Aug 21, 2022
1 parent e605f28 commit e379fb4
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 5 deletions.
22 changes: 20 additions & 2 deletions keycloak/keycloak_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ type KeycloakClient struct {
version *version.Version
additionalHeaders map[string]string
debug bool
redHatSSO bool
}

type ClientCredentials struct {
Expand All @@ -51,7 +52,14 @@ const (
tokenUrl = "%s/realms/%s/protocol/openid-connect/token"
)

func NewKeycloakClient(ctx context.Context, url, basePath, clientId, clientSecret, realm, username, password string, initialLogin bool, clientTimeout int, caCert string, tlsInsecureSkipVerify bool, userAgent string, additionalHeaders map[string]string) (*KeycloakClient, error) {
// https://access.redhat.com/articles/2342881
var redHatSSO7VersionMap = map[int]string{
6: "18.0.0",
5: "15.0.6",
4: "9.0.17",
}

func NewKeycloakClient(ctx context.Context, url, basePath, clientId, clientSecret, realm, username, password string, initialLogin bool, clientTimeout int, caCert string, tlsInsecureSkipVerify bool, userAgent string, redHatSSO bool, additionalHeaders map[string]string) (*KeycloakClient, error) {
clientCredentials := &ClientCredentials{
ClientId: clientId,
ClientSecret: clientSecret,
Expand Down Expand Up @@ -82,6 +90,7 @@ func NewKeycloakClient(ctx context.Context, url, basePath, clientId, clientSecre
initialLogin: initialLogin,
realm: realm,
userAgent: userAgent,
redHatSSO: redHatSSO,
additionalHeaders: additionalHeaders,
}

Expand Down Expand Up @@ -165,7 +174,16 @@ func (keycloakClient *KeycloakClient) login(ctx context.Context) error {
return err
}

keycloakClient.version = v
if keycloakClient.redHatSSO {
keycloakVersion, err := version.NewVersion(redHatSSO7VersionMap[v.Segments()[1]])
if err != nil {
return err
}

keycloakClient.version = keycloakVersion
} else {
keycloakClient.version = v
}

return nil
}
Expand Down
2 changes: 1 addition & 1 deletion keycloak/keycloak_client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func TestAccKeycloakApiClientRefresh(t *testing.T) {
t.Fatal("KEYCLOAK_CLIENT_TIMEOUT must be an integer")
}

keycloakClient, err := NewKeycloakClient(ctx, os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), os.Getenv("KEYCLOAK_USER"), os.Getenv("KEYCLOAK_PASSWORD"), true, clientTimeout, "", false, "", map[string]string{
keycloakClient, err := NewKeycloakClient(ctx, os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), os.Getenv("KEYCLOAK_USER"), os.Getenv("KEYCLOAK_PASSWORD"), true, clientTimeout, "", false, "", false, map[string]string{
"foo": "bar",
})
if err != nil {
Expand Down
9 changes: 8 additions & 1 deletion provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,12 @@ func KeycloakProvider(client *keycloak.KeycloakClient) *schema.Provider {
Description: "Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided.",
Default: false,
},
"red_hat_sso": {
Optional: true,
Type: schema.TypeBool,
Description: "When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint.",
Default: false,
},
"base_path": {
Optional: true,
Type: schema.TypeString,
Expand Down Expand Up @@ -200,6 +206,7 @@ func KeycloakProvider(client *keycloak.KeycloakClient) *schema.Provider {
clientTimeout := data.Get("client_timeout").(int)
tlsInsecureSkipVerify := data.Get("tls_insecure_skip_verify").(bool)
rootCaCertificate := data.Get("root_ca_certificate").(string)
redHatSSO := data.Get("red_hat_sso").(bool)
additionalHeaders := make(map[string]string)
for k, v := range data.Get("additional_headers").(map[string]interface{}) {
additionalHeaders[k] = v.(string)
Expand All @@ -209,7 +216,7 @@ func KeycloakProvider(client *keycloak.KeycloakClient) *schema.Provider {

userAgent := fmt.Sprintf("HashiCorp Terraform/%s (+https://www.terraform.io) Terraform Plugin SDK/%s", provider.TerraformVersion, meta.SDKVersionString())

keycloakClient, err := keycloak.NewKeycloakClient(ctx, url, basePath, clientId, clientSecret, realm, username, password, initialLogin, clientTimeout, rootCaCertificate, tlsInsecureSkipVerify, userAgent, additionalHeaders)
keycloakClient, err := keycloak.NewKeycloakClient(ctx, url, basePath, clientId, clientSecret, realm, username, password, initialLogin, clientTimeout, rootCaCertificate, tlsInsecureSkipVerify, userAgent, redHatSSO, additionalHeaders)
if err != nil {
diags = append(diags, diag.Diagnostic{
Severity: diag.Error,
Expand Down
2 changes: 1 addition & 1 deletion provider/provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ var requiredEnvironmentVariables = []string{
func init() {
testCtx = context.Background()
userAgent := fmt.Sprintf("HashiCorp Terraform/%s (+https://www.terraform.io) Terraform Plugin SDK/%s", schema.Provider{}.TerraformVersion, meta.SDKVersionString())
keycloakClient, _ = keycloak.NewKeycloakClient(testCtx, os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), "", "", true, 5, "", false, userAgent, map[string]string{
keycloakClient, _ = keycloak.NewKeycloakClient(testCtx, os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), "", "", true, 5, "", false, userAgent, false, map[string]string{
"foo": "bar",
})
testAccProvider = KeycloakProvider(keycloakClient)
Expand Down

0 comments on commit e379fb4

Please sign in to comment.