[CLOUDTRUST-1801] Support multiple OIDC verifier URL

cloudtrust · Oct 11, 2019 · 09c2077 · 09c2077
1 parent 277569c
commit 09c2077
Show file tree

Hide file tree

Showing 8 changed files with 101 additions and 31 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -27,11 +27,11 @@
 
 [[constraint]]
   name = "github.com/cloudtrust/common-service"
-  version = "v1.0-rc7"
+  version = "v1.1.0"
 
 [[constraint]]
   name = "github.com/cloudtrust/keycloak-client"
-  version = "v1.1.0"
+  version = "v1.1.1"
 
 [[constraint]]
   name = "github.com/go-kit/kit"

diff --git a/README.md b/README.md
@@ -47,8 +47,9 @@ account-http-host-port | HTTP server listening address | 0.0.0.0:8866
 
 Key | Description | Default value
 --- | ----------- | -------------
-keycloak-host-port | Keycloak host:port | "127.0.0.1:8080"
-keycloak-timeout-ms | Keycloak requests timeout in milliseconds | 5000
+keycloak-api-uri | Keycloak protocol:host:port | "http://127.0.0.1:8080"
+keycloak-oidc-uri | Keycloak protocol:host:port (multiple value supported) | "http://127.0.0.1:8080 http://localhost:8080"
+keycloak-timeout | Keycloak requests timeout in milliseconds | 5000
 
 
 ### ENV variables

diff --git a/api/account/api.go b/api/account/api.go
@@ -18,7 +18,7 @@ type AccountRepresentation struct {
 
 // CredentialRepresentation struct
 type CredentialRepresentation struct {
-	Id             *string `json:"id,omitempty"`
+	ID             *string `json:"id,omitempty"`
 	Type           *string `json:"type,omitempty"`
 	UserLabel      *string `json:"userLabel,omitempty"`
 	CreatedDate    *int64  `json:"createdDate,omitempty"`
@@ -41,7 +41,7 @@ type LabelBody struct {
 // ConvertCredential creates an API credential from a KC credential
 func ConvertCredential(credKc *kc.CredentialRepresentation) CredentialRepresentation {
 	var cred CredentialRepresentation
-	cred.Id = credKc.Id
+	cred.ID = credKc.Id
 	cred.Type = credKc.Type
 	cred.UserLabel = credKc.UserLabel
 	cred.CreatedDate = credKc.CreatedDate
@@ -139,7 +139,7 @@ func (updatePwd UpdatePasswordBody) Validate() error {
 
 // Validate is a validator for CredentialRepresentation
 func (credential CredentialRepresentation) Validate() error {
-	if credential.Id != nil && !matchesRegExp(*credential.Id, RegExpID) {
+	if credential.ID != nil && !matchesRegExp(*credential.ID, RegExpID) {
 		return errors.New("Invalid Id")
 	}
 

diff --git a/api/account/api_test.go b/api/account/api_test.go
@@ -18,14 +18,61 @@ func TestConvertCredential(t *testing.T) {
 	credKc.CredentialData = nil
 
 	assert.Equal(t, credKc.Type, ConvertCredential(&credKc).Type)
-	assert.Equal(t, credKc.Id, ConvertCredential(&credKc).Id)
+	assert.Equal(t, credKc.Id, ConvertCredential(&credKc).ID)
 	assert.Nil(t, ConvertCredential(&credKc).CredentialData)
 
 	credKc.CredentialData = &configKc
 	assert.NotNil(t, ConvertCredential(&credKc).CredentialData)
 	assert.Equal(t, "{}", *ConvertCredential(&credKc).CredentialData)
 }
 
+func TestConvertToAPIAccount(t *testing.T) {
+	var kcUser = kc.UserRepresentation{}
+	assert.Nil(t, nil, ConvertToAPIAccount(kcUser))
+
+	var attributes = make(map[string][]string)
+	kcUser = kc.UserRepresentation{Attributes: &attributes}
+	assert.Nil(t, nil, ConvertToAPIAccount(kcUser).PhoneNumber)
+
+	attributes["phoneNumber"] = []string{"+41221234567"}
+	kcUser = kc.UserRepresentation{Attributes: &attributes}
+	assert.Equal(t, "+41221234567", *ConvertToAPIAccount(kcUser).PhoneNumber)
+}
+
+func TestConvertToKCUser(t *testing.T) {
+	var apiUser = AccountRepresentation{}
+	assert.Nil(t, ConvertToKCUser(apiUser).Attributes)
+
+	var phoneNumber = "+41221234567"
+	apiUser = AccountRepresentation{PhoneNumber: &phoneNumber}
+	var kcUser = ConvertToKCUser(apiUser)
+	var kcAttributes = *kcUser.Attributes
+	assert.Equal(t, phoneNumber, kcAttributes["phoneNumber"][0])
+}
+
+func TestValidateAccountRepresentation(t *testing.T) {
+	var invalidName = ""
+	var invalidEmail = "bobby-at-mail.com"
+	var invalidPhone = "+412212345AB"
+	var accounts []AccountRepresentation
+
+	for i := 0; i < 5; i++ {
+		accounts = append(accounts, createValidAccountRepresentation())
+	}
+
+	assert.Nil(t, accounts[0].Validate())
+
+	accounts[0].Username = &invalidName
+	accounts[1].FirstName = &invalidName
+	accounts[2].LastName = &invalidName
+	accounts[3].Email = &invalidEmail
+	accounts[4].PhoneNumber = &invalidPhone
+
+	for _, account := range accounts {
+		assert.NotNil(t, account.Validate())
+	}
+}
+
 func TestValidateUpdatePasswordRepresentation(t *testing.T) {
 	{
 		password := createValidUpdatePasswordBody()
@@ -64,7 +111,7 @@ func TestValidateCredentialRepresentation(t *testing.T) {
 
 	{
 		credential := createValidCredentialRepresentation()
-		credential.Id = &value
+		credential.ID = &value
 		assert.NotNil(t, credential.Validate())
 	}
 
@@ -74,6 +121,28 @@ func TestValidateCredentialRepresentation(t *testing.T) {
 		assert.NotNil(t, credential.Validate())
 	}
 
+	{
+		tooLong := "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" // 36 characters
+		tooLong = tooLong + tooLong + tooLong             // 108 characters
+		tooLong = tooLong + tooLong + tooLong             // 324 characters
+		credential := createValidCredentialRepresentation()
+		credential.UserLabel = &tooLong
+		assert.NotNil(t, credential.Validate())
+	}
+}
+
+func createValidAccountRepresentation() AccountRepresentation {
+	var validName = "Bobby"
+	var validEmail = "bobby@mail.com"
+	var validPhone = "+41221234567"
+
+	return AccountRepresentation{
+		Username:    &validName,
+		FirstName:   &validName,
+		LastName:    &validName,
+		Email:       &validEmail,
+		PhoneNumber: &validPhone,
+	}
 }
 
 func createValidUpdatePasswordBody() UpdatePasswordBody {
@@ -93,7 +162,7 @@ func createValidCredentialRepresentation() CredentialRepresentation {
 	credData := "{}"
 
 	return CredentialRepresentation{
-		Id:             &id,
+		ID:             &id,
 		Type:           &credType,
 		CredentialData: &credData,
 		UserLabel:      &userLabel,

diff --git a/cmd/keycloakb/keycloak_bridge.go b/cmd/keycloakb/keycloak_bridge.go
@@ -706,7 +706,7 @@ func config(logger log.Logger) *viper.Viper {
 
 	// Keycloak default.
 	v.SetDefault("keycloak-api-uri", "http://127.0.0.1:8080")
-	v.SetDefault("keycloak-oidc-uri", "http://127.0.0.1:8080")
+	v.SetDefault("keycloak-oidc-uri", "http://127.0.0.1:8080 http://localhost:8080")
 	v.SetDefault("keycloak-timeout", "5s")
 
 	// Storage events in DB (read/write)

diff --git a/configs/keycloak_bridge.yml b/configs/keycloak_bridge.yml
@@ -39,7 +39,7 @@ event-basic-auth-token: "superpasswordverylongandstrong"
 
 # Keycloak configs
 keycloak-api-uri: http://localhost:8080
-keycloak-oidc-uri: http://localhost:8080
+keycloak-oidc-uri: http://localhost:8080 http://127.0.0.1:8080
 keycloak-timeout: 5s
 
 # DB Audit RW

diff --git a/pkg/account/component_test.go b/pkg/account/component_test.go
@@ -432,7 +432,7 @@ func TestGetCredentials(t *testing.T) {
 		apiCredsRep, err := component.GetCredentials(ctx)
 
 		var expectedAPICredRep = account_api.CredentialRepresentation{
-			Id: &id,
+			ID: &id,
 		}
 
 		var expectedAPICredsRep []account_api.CredentialRepresentation