/
kcauthclient.go
85 lines (71 loc) · 2.26 KB
/
kcauthclient.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package keycloakb
import (
"context"
"github.com/cloudtrust/common-service/middleware"
"github.com/cloudtrust/common-service/security"
kc "github.com/cloudtrust/keycloak-client"
)
// KeycloakClient are methods from keycloak-client used by authorization manager
type KeycloakClient interface {
GetGroupsOfUser(accessToken string, realmName, userID string) ([]kc.GroupRepresentation, error)
GetGroup(accessToken string, realmName, groupID string) (kc.GroupRepresentation, error)
GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error)
}
type kcAuthClient struct {
keycloak KeycloakClient
logger Logger
}
type idretriever struct {
kcClient KeycloakClient
}
// NewKeycloakAuthClient creates an adaptor for Authorization management to access Keycloak
func NewKeycloakAuthClient(client KeycloakClient, logger Logger) security.KeycloakClient {
return &kcAuthClient{
keycloak: client,
logger: logger,
}
}
func (k *kcAuthClient) GetGroupNamesOfUser(ctx context.Context, accessToken string, realmName, userID string) ([]string, error) {
grps, err := k.keycloak.GetGroupsOfUser(accessToken, realmName, userID)
if err != nil {
k.logger.Warn(ctx, "msg", "Can't get group names of user", "err", err.Error(), "realm", realmName, "user", userID)
return nil, err
}
if grps == nil {
return nil, nil
}
var res []string
for _, grp := range grps {
if grp.Name != nil {
res = append(res, *(grp.Name))
}
}
return res, nil
}
func (k *kcAuthClient) GetGroupName(ctx context.Context, accessToken string, realmName, groupID string) (string, error) {
grp, err := k.keycloak.GetGroup(accessToken, realmName, groupID)
if err != nil {
k.logger.Warn(ctx, "msg", "Can't get group name", "err", err.Error(), "realm", realmName, "group", groupID)
return "", err
}
if grp.Name == nil {
return "", nil
}
return *(grp.Name), nil
}
// NewRealmIDRetriever is a tool use to convert a realm name in a realm ID
func NewRealmIDRetriever(kcClient KeycloakClient) middleware.IDRetriever {
return &idretriever{
kcClient: kcClient,
}
}
func (ir *idretriever) GetID(accessToken, name string) (string, error) {
var realm, err = ir.kcClient.GetRealm(accessToken, name)
if err != nil {
return "", err
}
if realm.ID == nil {
return "", nil
}
return *realm.ID, nil
}