keycloak

package
v0.0.0-...-9b598c7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 28, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OrgKey  = "rh-org-id"
	UserKey = "rh-user-id"
)
View Source 
const (
	MAS_SSO                       string = "mas_sso"
	REDHAT_SSO                    string = "redhat_sso"
	INTERNAL_SSO_REALM            string = "internal_sso"
	SSO_SPEICAL_MGMT_ORG_ID_STAGE string = "13640203"
)
View Source 
const MASClientSecretKey = "ssoClientSecret"

MASClientSecretKey is a sso client secret key.

Variables

This section is empty.

Functions

func IsJWTTokenExpired 

func IsJWTTokenExpired(accessToken string) bool

IsJWTTokenExpired returns false if JWT token is not expired, otherwise returns true This method does NOT validate the token, and should not be used when validation is necessary

func NewClient 

func NewClient(config *KeycloakConfig, realmConfig *KeycloakRealmConfig) *kcClient

Types

type ClientRepresentation 

type ClientRepresentation struct {
	Name                         string
	ClientID                     string
	ServiceAccountsEnabled       bool
	Secret                       *string
	StandardFlowEnabled          bool
	Attributes                   map[string]string
	AuthorizationServicesEnabled bool
	ProtocolMappers              []gocloak.ProtocolMapperRepresentation
	Description                  string
	RedirectURIs                 *[]string
}

type KcClient 

type KcClient interface {
	CreateClient(client gocloak.Client, accessToken string) (string, error)
	GetToken() (string, error)
	GetCachedToken(tokenKey string) (string, error)
	DeleteClient(internalClientID string, accessToken string) error
	GetClientSecret(internalClientId string, accessToken string) (string, error)
	GetClient(clientId string, accessToken string) (*gocloak.Client, error)
	IsClientExist(clientId string, accessToken string) (string, error)
	GetConfig() *KeycloakConfig
	GetRealmConfig() *KeycloakRealmConfig
	GetClientById(id string, accessToken string) (*gocloak.Client, error)
	ClientConfig(client ClientRepresentation) gocloak.Client
	CreateProtocolMapperConfig(string) []gocloak.ProtocolMapperRepresentation
	GetClientServiceAccount(accessToken string, internalClient string) (*gocloak.User, error)
	UpdateServiceAccountUser(accessToken string, serviceAccountUser gocloak.User) error
	// GetClients returns keycloak clients using the given method parameters. If max is less than 0, then returns all the clients.
	// If it is 0, then default to using the default max allowed service accounts configuration.
	GetClients(accessToken string, first int, max int, attribute string) ([]*gocloak.Client, error)
	IsSameOrg(client *gocloak.Client, orgId string) bool
	IsOwner(client *gocloak.Client, userId string) bool
	RegenerateClientSecret(accessToken string, id string) (*gocloak.CredentialRepresentation, error)
	GetRealmRole(accessToken string, roleName string) (*gocloak.Role, error)
	CreateRealmRole(accessToken string, roleName string) (*gocloak.Role, error)
	UserHasRealmRole(accessToken string, userId string, roleName string) (*gocloak.Role, error)
	AddRealmRoleToUser(accessToken string, userId string, role gocloak.Role) error
}

type KcClientMock 

type KcClientMock struct {
	// AddRealmRoleToUserFunc mocks the AddRealmRoleToUser method.
	AddRealmRoleToUserFunc func(accessToken string, userId string, role gocloak.Role) error

	// ClientConfigFunc mocks the ClientConfig method.
	ClientConfigFunc func(client ClientRepresentation) gocloak.Client

	// CreateClientFunc mocks the CreateClient method.
	CreateClientFunc func(client gocloak.Client, accessToken string) (string, error)

	// CreateProtocolMapperConfigFunc mocks the CreateProtocolMapperConfig method.
	CreateProtocolMapperConfigFunc func(s string) []gocloak.ProtocolMapperRepresentation

	// CreateRealmRoleFunc mocks the CreateRealmRole method.
	CreateRealmRoleFunc func(accessToken string, roleName string) (*gocloak.Role, error)

	// DeleteClientFunc mocks the DeleteClient method.
	DeleteClientFunc func(internalClientID string, accessToken string) error

	// GetCachedTokenFunc mocks the GetCachedToken method.
	GetCachedTokenFunc func(tokenKey string) (string, error)

	// GetClientFunc mocks the GetClient method.
	GetClientFunc func(clientId string, accessToken string) (*gocloak.Client, error)

	// GetClientByIdFunc mocks the GetClientById method.
	GetClientByIdFunc func(id string, accessToken string) (*gocloak.Client, error)

	// GetClientSecretFunc mocks the GetClientSecret method.
	GetClientSecretFunc func(internalClientId string, accessToken string) (string, error)

	// GetClientServiceAccountFunc mocks the GetClientServiceAccount method.
	GetClientServiceAccountFunc func(accessToken string, internalClient string) (*gocloak.User, error)

	// GetClientsFunc mocks the GetClients method.
	GetClientsFunc func(accessToken string, first int, max int, attribute string) ([]*gocloak.Client, error)

	// GetConfigFunc mocks the GetConfig method.
	GetConfigFunc func() *KeycloakConfig

	// GetRealmConfigFunc mocks the GetRealmConfig method.
	GetRealmConfigFunc func() *KeycloakRealmConfig

	// GetRealmRoleFunc mocks the GetRealmRole method.
	GetRealmRoleFunc func(accessToken string, roleName string) (*gocloak.Role, error)

	// GetTokenFunc mocks the GetToken method.
	GetTokenFunc func() (string, error)

	// IsClientExistFunc mocks the IsClientExist method.
	IsClientExistFunc func(clientId string, accessToken string) (string, error)

	// IsOwnerFunc mocks the IsOwner method.
	IsOwnerFunc func(client *gocloak.Client, userId string) bool

	// IsSameOrgFunc mocks the IsSameOrg method.
	IsSameOrgFunc func(client *gocloak.Client, orgId string) bool

	// RegenerateClientSecretFunc mocks the RegenerateClientSecret method.
	RegenerateClientSecretFunc func(accessToken string, id string) (*gocloak.CredentialRepresentation, error)

	// UpdateServiceAccountUserFunc mocks the UpdateServiceAccountUser method.
	UpdateServiceAccountUserFunc func(accessToken string, serviceAccountUser gocloak.User) error

	// UserHasRealmRoleFunc mocks the UserHasRealmRole method.
	UserHasRealmRoleFunc func(accessToken string, userId string, roleName string) (*gocloak.Role, error)
	// contains filtered or unexported fields
}

KcClientMock is a mock implementation of KcClient. 

func TestSomethingThatUsesKcClient(t *testing.T) {

	// make and configure a mocked KcClient
	mockedKcClient := &KcClientMock{
		AddRealmRoleToUserFunc: func(accessToken string, userId string, role gocloak.Role) error {
			panic("mock out the AddRealmRoleToUser method")
		},
		ClientConfigFunc: func(client ClientRepresentation) gocloak.Client {
			panic("mock out the ClientConfig method")
		},
		CreateClientFunc: func(client gocloak.Client, accessToken string) (string, error) {
			panic("mock out the CreateClient method")
		},
		CreateProtocolMapperConfigFunc: func(s string) []gocloak.ProtocolMapperRepresentation {
			panic("mock out the CreateProtocolMapperConfig method")
		},
		CreateRealmRoleFunc: func(accessToken string, roleName string) (*gocloak.Role, error) {
			panic("mock out the CreateRealmRole method")
		},
		DeleteClientFunc: func(internalClientID string, accessToken string) error {
			panic("mock out the DeleteClient method")
		},
		GetCachedTokenFunc: func(tokenKey string) (string, error) {
			panic("mock out the GetCachedToken method")
		},
		GetClientFunc: func(clientId string, accessToken string) (*gocloak.Client, error) {
			panic("mock out the GetClient method")
		},
		GetClientByIdFunc: func(id string, accessToken string) (*gocloak.Client, error) {
			panic("mock out the GetClientById method")
		},
		GetClientSecretFunc: func(internalClientId string, accessToken string) (string, error) {
			panic("mock out the GetClientSecret method")
		},
		GetClientServiceAccountFunc: func(accessToken string, internalClient string) (*gocloak.User, error) {
			panic("mock out the GetClientServiceAccount method")
		},
		GetClientsFunc: func(accessToken string, first int, max int, attribute string) ([]*gocloak.Client, error) {
			panic("mock out the GetClients method")
		},
		GetConfigFunc: func() *KeycloakConfig {
			panic("mock out the GetConfig method")
		},
		GetRealmConfigFunc: func() *KeycloakRealmConfig {
			panic("mock out the GetRealmConfig method")
		},
		GetRealmRoleFunc: func(accessToken string, roleName string) (*gocloak.Role, error) {
			panic("mock out the GetRealmRole method")
		},
		GetTokenFunc: func() (string, error) {
			panic("mock out the GetToken method")
		},
		IsClientExistFunc: func(clientId string, accessToken string) (string, error) {
			panic("mock out the IsClientExist method")
		},
		IsOwnerFunc: func(client *gocloak.Client, userId string) bool {
			panic("mock out the IsOwner method")
		},
		IsSameOrgFunc: func(client *gocloak.Client, orgId string) bool {
			panic("mock out the IsSameOrg method")
		},
		RegenerateClientSecretFunc: func(accessToken string, id string) (*gocloak.CredentialRepresentation, error) {
			panic("mock out the RegenerateClientSecret method")
		},
		UpdateServiceAccountUserFunc: func(accessToken string, serviceAccountUser gocloak.User) error {
			panic("mock out the UpdateServiceAccountUser method")
		},
		UserHasRealmRoleFunc: func(accessToken string, userId string, roleName string) (*gocloak.Role, error) {
			panic("mock out the UserHasRealmRole method")
		},
	}

	// use mockedKcClient in code that requires KcClient
	// and then make assertions.

}

func (*KcClientMock) AddRealmRoleToUser 

func (mock *KcClientMock) AddRealmRoleToUser(accessToken string, userId string, role gocloak.Role) error

AddRealmRoleToUser calls AddRealmRoleToUserFunc.

func (*KcClientMock) AddRealmRoleToUserCalls 

func (mock *KcClientMock) AddRealmRoleToUserCalls() []struct {
	AccessToken string
	UserId      string
	Role        gocloak.Role
}

AddRealmRoleToUserCalls gets all the calls that were made to AddRealmRoleToUser. Check the length with: 

len(mockedKcClient.AddRealmRoleToUserCalls())

func (*KcClientMock) ClientConfig 

func (mock *KcClientMock) ClientConfig(client ClientRepresentation) gocloak.Client

ClientConfig calls ClientConfigFunc.

func (*KcClientMock) ClientConfigCalls 

func (mock *KcClientMock) ClientConfigCalls() []struct {
	Client ClientRepresentation
}

ClientConfigCalls gets all the calls that were made to ClientConfig. Check the length with: 

len(mockedKcClient.ClientConfigCalls())

func (*KcClientMock) CreateClient 

func (mock *KcClientMock) CreateClient(client gocloak.Client, accessToken string) (string, error)

CreateClient calls CreateClientFunc.

func (*KcClientMock) CreateClientCalls 

func (mock *KcClientMock) CreateClientCalls() []struct {
	Client      gocloak.Client
	AccessToken string
}

CreateClientCalls gets all the calls that were made to CreateClient. Check the length with: 

len(mockedKcClient.CreateClientCalls())

func (*KcClientMock) CreateProtocolMapperConfig 

func (mock *KcClientMock) CreateProtocolMapperConfig(s string) []gocloak.ProtocolMapperRepresentation

CreateProtocolMapperConfig calls CreateProtocolMapperConfigFunc.

func (*KcClientMock) CreateProtocolMapperConfigCalls 

func (mock *KcClientMock) CreateProtocolMapperConfigCalls() []struct {
	S string
}

CreateProtocolMapperConfigCalls gets all the calls that were made to CreateProtocolMapperConfig. Check the length with: 

len(mockedKcClient.CreateProtocolMapperConfigCalls())

func (*KcClientMock) CreateRealmRole 

func (mock *KcClientMock) CreateRealmRole(accessToken string, roleName string) (*gocloak.Role, error)

CreateRealmRole calls CreateRealmRoleFunc.

func (*KcClientMock) CreateRealmRoleCalls 

func (mock *KcClientMock) CreateRealmRoleCalls() []struct {
	AccessToken string
	RoleName    string
}

CreateRealmRoleCalls gets all the calls that were made to CreateRealmRole. Check the length with: 

len(mockedKcClient.CreateRealmRoleCalls())

func (*KcClientMock) DeleteClient 

func (mock *KcClientMock) DeleteClient(internalClientID string, accessToken string) error

DeleteClient calls DeleteClientFunc.

func (*KcClientMock) DeleteClientCalls 

func (mock *KcClientMock) DeleteClientCalls() []struct {
	InternalClientID string
	AccessToken      string
}

DeleteClientCalls gets all the calls that were made to DeleteClient. Check the length with: 

len(mockedKcClient.DeleteClientCalls())

func (*KcClientMock) GetCachedToken 

func (mock *KcClientMock) GetCachedToken(tokenKey string) (string, error)

GetCachedToken calls GetCachedTokenFunc.

func (*KcClientMock) GetCachedTokenCalls 

func (mock *KcClientMock) GetCachedTokenCalls() []struct {
	TokenKey string
}

GetCachedTokenCalls gets all the calls that were made to GetCachedToken. Check the length with: 

len(mockedKcClient.GetCachedTokenCalls())

func (*KcClientMock) GetClient 

func (mock *KcClientMock) GetClient(clientId string, accessToken string) (*gocloak.Client, error)

GetClient calls GetClientFunc.

func (*KcClientMock) GetClientById 

func (mock *KcClientMock) GetClientById(id string, accessToken string) (*gocloak.Client, error)

GetClientById calls GetClientByIdFunc.

func (*KcClientMock) GetClientByIdCalls 

func (mock *KcClientMock) GetClientByIdCalls() []struct {
	ID          string
	AccessToken string
}

GetClientByIdCalls gets all the calls that were made to GetClientById. Check the length with: 

len(mockedKcClient.GetClientByIdCalls())

func (*KcClientMock) GetClientCalls 

func (mock *KcClientMock) GetClientCalls() []struct {
	ClientId    string
	AccessToken string
}

GetClientCalls gets all the calls that were made to GetClient. Check the length with: 

len(mockedKcClient.GetClientCalls())

func (*KcClientMock) GetClientSecret 

func (mock *KcClientMock) GetClientSecret(internalClientId string, accessToken string) (string, error)

GetClientSecret calls GetClientSecretFunc.

func (*KcClientMock) GetClientSecretCalls 

func (mock *KcClientMock) GetClientSecretCalls() []struct {
	InternalClientId string
	AccessToken      string
}

GetClientSecretCalls gets all the calls that were made to GetClientSecret. Check the length with: 

len(mockedKcClient.GetClientSecretCalls())

func (*KcClientMock) GetClientServiceAccount 

func (mock *KcClientMock) GetClientServiceAccount(accessToken string, internalClient string) (*gocloak.User, error)

GetClientServiceAccount calls GetClientServiceAccountFunc.

func (*KcClientMock) GetClientServiceAccountCalls 

func (mock *KcClientMock) GetClientServiceAccountCalls() []struct {
	AccessToken    string
	InternalClient string
}

GetClientServiceAccountCalls gets all the calls that were made to GetClientServiceAccount. Check the length with: 

len(mockedKcClient.GetClientServiceAccountCalls())

func (*KcClientMock) GetClients 

func (mock *KcClientMock) GetClients(accessToken string, first int, max int, attribute string) ([]*gocloak.Client, error)

GetClients calls GetClientsFunc.

func (*KcClientMock) GetClientsCalls 

func (mock *KcClientMock) GetClientsCalls() []struct {
	AccessToken string
	First       int
	Max         int
	Attribute   string
}

GetClientsCalls gets all the calls that were made to GetClients. Check the length with: 

len(mockedKcClient.GetClientsCalls())

func (*KcClientMock) GetConfig 

func (mock *KcClientMock) GetConfig() *KeycloakConfig

GetConfig calls GetConfigFunc.

func (*KcClientMock) GetConfigCalls 

func (mock *KcClientMock) GetConfigCalls() []struct {
}

GetConfigCalls gets all the calls that were made to GetConfig. Check the length with: 

len(mockedKcClient.GetConfigCalls())

func (*KcClientMock) GetRealmConfig 

func (mock *KcClientMock) GetRealmConfig() *KeycloakRealmConfig

GetRealmConfig calls GetRealmConfigFunc.

func (*KcClientMock) GetRealmConfigCalls 

func (mock *KcClientMock) GetRealmConfigCalls() []struct {
}

GetRealmConfigCalls gets all the calls that were made to GetRealmConfig. Check the length with: 

len(mockedKcClient.GetRealmConfigCalls())

func (*KcClientMock) GetRealmRole 

func (mock *KcClientMock) GetRealmRole(accessToken string, roleName string) (*gocloak.Role, error)

GetRealmRole calls GetRealmRoleFunc.

func (*KcClientMock) GetRealmRoleCalls 

func (mock *KcClientMock) GetRealmRoleCalls() []struct {
	AccessToken string
	RoleName    string
}

GetRealmRoleCalls gets all the calls that were made to GetRealmRole. Check the length with: 

len(mockedKcClient.GetRealmRoleCalls())

func (*KcClientMock) GetToken 

func (mock *KcClientMock) GetToken() (string, error)

GetToken calls GetTokenFunc.

func (*KcClientMock) GetTokenCalls 

func (mock *KcClientMock) GetTokenCalls() []struct {
}

GetTokenCalls gets all the calls that were made to GetToken. Check the length with: 

len(mockedKcClient.GetTokenCalls())

func (*KcClientMock) IsClientExist 

func (mock *KcClientMock) IsClientExist(clientId string, accessToken string) (string, error)

IsClientExist calls IsClientExistFunc.

func (*KcClientMock) IsClientExistCalls 

func (mock *KcClientMock) IsClientExistCalls() []struct {
	ClientId    string
	AccessToken string
}

IsClientExistCalls gets all the calls that were made to IsClientExist. Check the length with: 

len(mockedKcClient.IsClientExistCalls())

func (*KcClientMock) IsOwner 

func (mock *KcClientMock) IsOwner(client *gocloak.Client, userId string) bool

IsOwner calls IsOwnerFunc.

func (*KcClientMock) IsOwnerCalls 

func (mock *KcClientMock) IsOwnerCalls() []struct {
	Client *gocloak.Client
	UserId string
}

IsOwnerCalls gets all the calls that were made to IsOwner. Check the length with: 

len(mockedKcClient.IsOwnerCalls())

func (*KcClientMock) IsSameOrg 

func (mock *KcClientMock) IsSameOrg(client *gocloak.Client, orgId string) bool

IsSameOrg calls IsSameOrgFunc.

func (*KcClientMock) IsSameOrgCalls 

func (mock *KcClientMock) IsSameOrgCalls() []struct {
	Client *gocloak.Client
	OrgId  string
}

IsSameOrgCalls gets all the calls that were made to IsSameOrg. Check the length with: 

len(mockedKcClient.IsSameOrgCalls())

func (*KcClientMock) RegenerateClientSecret 

func (mock *KcClientMock) RegenerateClientSecret(accessToken string, id string) (*gocloak.CredentialRepresentation, error)

RegenerateClientSecret calls RegenerateClientSecretFunc.

func (*KcClientMock) RegenerateClientSecretCalls 

func (mock *KcClientMock) RegenerateClientSecretCalls() []struct {
	AccessToken string
	ID          string
}

RegenerateClientSecretCalls gets all the calls that were made to RegenerateClientSecret. Check the length with: 

len(mockedKcClient.RegenerateClientSecretCalls())

func (*KcClientMock) UpdateServiceAccountUser 

func (mock *KcClientMock) UpdateServiceAccountUser(accessToken string, serviceAccountUser gocloak.User) error

UpdateServiceAccountUser calls UpdateServiceAccountUserFunc.

func (*KcClientMock) UpdateServiceAccountUserCalls 

func (mock *KcClientMock) UpdateServiceAccountUserCalls() []struct {
	AccessToken        string
	ServiceAccountUser gocloak.User
}

UpdateServiceAccountUserCalls gets all the calls that were made to UpdateServiceAccountUser. Check the length with: 

len(mockedKcClient.UpdateServiceAccountUserCalls())

func (*KcClientMock) UserHasRealmRole 

func (mock *KcClientMock) UserHasRealmRole(accessToken string, userId string, roleName string) (*gocloak.Role, error)

UserHasRealmRole calls UserHasRealmRoleFunc.

func (*KcClientMock) UserHasRealmRoleCalls 

func (mock *KcClientMock) UserHasRealmRoleCalls() []struct {
	AccessToken string
	UserId      string
	RoleName    string
}

UserHasRealmRoleCalls gets all the calls that were made to UserHasRealmRole. Check the length with: 

len(mockedKcClient.UserHasRealmRoleCalls())

type KeycloakConfig 

type KeycloakConfig struct {
	EnableAuthenticationOnKafka                bool                 `json:"enable_auth"`
	BaseURL                                    string               `json:"base_url"`
	SsoBaseUrl                                 string               `json:"sso_base_url"`
	Debug                                      bool                 `json:"debug"`
	InsecureSkipVerify                         bool                 `json:"insecure-skip-verify"`
	UserNameClaim                              string               `json:"user_name_claim"`
	FallBackUserNameClaim                      string               `json:"fall_back_user_name_claim"`
	TLSTrustedCertificatesKey                  string               `json:"tls_trusted_certificates_key"`
	TLSTrustedCertificatesValue                string               `json:"tls_trusted_certificates_value"`
	TLSTrustedCertificatesFile                 string               `json:"tls_trusted_certificates_file"`
	KafkaRealm                                 *KeycloakRealmConfig `json:"kafka_realm"`
	OSDClusterIDPRealm                         *KeycloakRealmConfig `json:"osd_cluster_idp_realm"`
	RedhatSSORealm                             *KeycloakRealmConfig `json:"redhat_sso_config"`
	AdminAPISSORealm                           *KeycloakRealmConfig `json:"internal_sso_config"`
	MaxAllowedServiceAccounts                  int                  `json:"max_allowed_service_accounts"`
	MaxLimitForGetClients                      int                  `json:"max_limit_for_get_clients"`
	SelectSSOProvider                          string               `json:"select_sso_provider"`
	SSOSpecialManagementOrgID                  string               `json:"-"`
	ServiceAccounttLimitCheckSkipOrgIdListFile string               `json:"-"`
	ServiceAccounttLimitCheckSkipOrgIdList     []string             `json:"-"`
}

func NewKeycloakConfig 

func NewKeycloakConfig() *KeycloakConfig

func (*KeycloakConfig) AddFlags 

func (kc *KeycloakConfig) AddFlags(fs *pflag.FlagSet)

func (*KeycloakConfig) ReadFiles 

func (kc *KeycloakConfig) ReadFiles() error

func (*KeycloakConfig) SSOProviderRealm 

func (kc *KeycloakConfig) SSOProviderRealm() *KeycloakRealmConfig

func (*KeycloakConfig) Validate 

func (kc *KeycloakConfig) Validate(env *environments.Env) error

type KeycloakRealmConfig 

type KeycloakRealmConfig struct {
	BaseURL          string `json:"base_url"`
	Realm            string `json:"realm"`
	ClientID         string `json:"client-id"`
	ClientIDFile     string `json:"client-id_file"`
	ClientSecret     string `json:"client-secret"`
	ClientSecretFile string `json:"client-secret_file"`
	GrantType        string `json:"grant_type"`
	TokenEndpointURI string `json:"token_endpoint_uri"`
	JwksEndpointURI  string `json:"jwks_endpoint_uri"`
	ValidIssuerURI   string `json:"valid_issuer_uri"`
	APIEndpointURI   string `json:"api_endpoint_uri"`
	Scope            string `json:"scope"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.