Merge c964569 into 2cbf616

Gopkg.toml

@@ -27,11 +27,11 @@
 
 [[constraint]]
   name = "github.com/cloudtrust/common-service"
-  version = "v2.0.1"
+  branch = "ct-2375"
 
 [[constraint]]
   name = "github.com/cloudtrust/keycloak-client"
-  version = "v1.2.10"
+  branch = "ct-2375"
 
 [[constraint]]
   name = "github.com/go-kit/kit"

api/management/api.go

@@ -137,6 +137,20 @@ var allowedBoConfKeys = map[string]bool{BOConfKeyCustomers: true, BOConfKeyTeams
 // BackOfficeConfiguration type
 type BackOfficeConfiguration map[string]map[string][]string
 
+// RealmAdminConfiguration struct
+type RealmAdminConfiguration struct {
+	Mode            *string                   `json:"mode"`
+	AvailableChecks map[string]bool           `json:"available-checks,omitempty"`
+	Accreditations  []RealmAdminAccreditation `json:"accreditations,omitempty"`
+}
+
+// RealmAdminAccreditation struct
+type RealmAdminAccreditation struct {
+	Type      *string `json:"type,omitempty"`
+	Validity  *string `json:"validity,omitempty"`
+	Condition *string `json:"condition,omitempty"`
+}
+
 // FederatedIdentityRepresentation struct
 type FederatedIdentityRepresentation struct {
 	UserID   *string `json:"userID,omitempty"`
@@ -392,6 +406,56 @@ func ConvertToKCFedID(fedID FederatedIdentityRepresentation) kc.FederatedIdentit
 	return kcFedID
 }
 
+// ConvertRealmAdminConfigurationFromDBStruct converts a RealmAdminConfiguration from DB struct to API struct
+func ConvertRealmAdminConfigurationFromDBStruct(conf configuration.RealmAdminConfiguration) RealmAdminConfiguration {
+	return RealmAdminConfiguration{
+		Mode:            conf.Mode,
+		AvailableChecks: conf.AvailableChecks,
+		Accreditations:  ConvertRealmAccreditationsFromDBStruct(conf.Accreditations),
+	}
+}
+
+// ConvertToDBStruct converts a realm admin configuration into its database version
+func (rac *RealmAdminConfiguration) ConvertToDBStruct() configuration.RealmAdminConfiguration {
+	return configuration.RealmAdminConfiguration{
+		Mode:            rac.Mode,
+		AvailableChecks: rac.AvailableChecks,
+		Accreditations:  rac.ConvertRealmAccreditationsToDBStruct(),
+	}
+}
+
+// ConvertRealmAccreditationsToDBStruct converts a slice of realm admin accreditation into its database version
+func (rac *RealmAdminConfiguration) ConvertRealmAccreditationsToDBStruct() []configuration.RealmAdminAccreditation {
+	if len(rac.Accreditations) == 0 {
+		return nil
+	}
+	var res []configuration.RealmAdminAccreditation
+	for _, accred := range rac.Accreditations {
+		res = append(res, configuration.RealmAdminAccreditation{
+			Type:      accred.Type,
+			Validity:  accred.Validity,
+			Condition: accred.Condition,
+		})
+	}
+	return res
+}
+
+// ConvertRealmAccreditationsFromDBStruct converts an array of accreditation from DB struct to API struct
+func ConvertRealmAccreditationsFromDBStruct(accreds []configuration.RealmAdminAccreditation) []RealmAdminAccreditation {
+	if len(accreds) == 0 {
+		return nil
+	}
+	var res []RealmAdminAccreditation
+	for _, accred := range accreds {
+		res = append(res, RealmAdminAccreditation{
+			Type:      accred.Type,
+			Validity:  accred.Validity,
+			Condition: accred.Condition,
+		})
+	}
+	return res
+}
+
 // Validators
 
 // NewBackOfficeConfigurationFromJSON creates and validates a new BackOfficeConfiguration from a JSON value
@@ -477,6 +541,13 @@ func (config RealmCustomConfiguration) Validate() error {
 		Status()
 }
 
+// Validate is a validator for RealmAdminConfiguration
+func (config RealmAdminConfiguration) Validate() error {
+	return validation.NewParameterValidator().
+		ValidateParameterRegExp("mode", config.Mode, RegExpName, true).
+		Status()
+}
+
 // Validate is a validator for RequiredAction
 func (requiredAction RequiredAction) Validate() error {
 	if requiredAction != "" {

api/management/api_test.go

@@ -287,6 +287,43 @@ func TestFederatedIdentityRepresentation(t *testing.T) {
 	})
 }
 
+func TestConvertRealmAdminConfiguration(t *testing.T) {
+	t.Run("Empty struct", func(t *testing.T) {
+		var config = configuration.RealmAdminConfiguration{}
+		var res = ConvertRealmAdminConfigurationFromDBStruct(config)
+		assert.Nil(t, res.Mode)
+		assert.Nil(t, res.AvailableChecks)
+		assert.Nil(t, res.Accreditations)
+		assert.Equal(t, config, res.ConvertToDBStruct())
+	})
+	t.Run("Empty struct", func(t *testing.T) {
+		var mode = "mode"
+		var typeValue = "type"
+		var condition = "condition"
+		var validity = "2y"
+		var accred = configuration.RealmAdminAccreditation{
+			Type:      &typeValue,
+			Condition: &condition,
+			Validity:  &validity,
+		}
+		var config = configuration.RealmAdminConfiguration{
+			Mode:            &mode,
+			AvailableChecks: map[string]bool{"true": true, "false": false},
+			Accreditations:  []configuration.RealmAdminAccreditation{accred},
+		}
+		var res = ConvertRealmAdminConfigurationFromDBStruct(config)
+		assert.Equal(t, mode, *res.Mode)
+		assert.Len(t, res.AvailableChecks, 2)
+		assert.True(t, res.AvailableChecks["true"])
+		assert.False(t, res.AvailableChecks["false"])
+		assert.Len(t, res.Accreditations, 1)
+		assert.Equal(t, typeValue, *res.Accreditations[0].Type)
+		assert.Equal(t, condition, *res.Accreditations[0].Condition)
+		assert.Equal(t, validity, *res.Accreditations[0].Validity)
+		assert.Equal(t, config, res.ConvertToDBStruct())
+	})
+}
+
 func TestNewBackOfficeConfigurationFromJSON(t *testing.T) {
 	t.Run("Invalid JSON", func(t *testing.T) {
 		var _, err = NewBackOfficeConfigurationFromJSON(`{"shop":{"shelves":{"articles":{"books": [1, 2, 3], "chairs": [4, 5, 6]}}}}`)
@@ -442,14 +479,29 @@ func TestValidateRealmCustomConfiguration(t *testing.T) {
 	}
 }
 
+func TestValidateRealmAdminConfiguration(t *testing.T) {
+	var realmAdminConf = RealmAdminConfiguration{}
+
+	assert.NotNil(t, realmAdminConf.Validate())
+
+	var mode = "any-value"
+	realmAdminConf.Mode = &mode
+	assert.Nil(t, realmAdminConf.Validate())
+}
+
 func TestValidateRequiredAction(t *testing.T) {
-	{
+	t.Run("Valid required action", func(t *testing.T) {
 		action := createValidRequiredAction()
 		assert.Nil(t, action.Validate())
-	}
-
-	action := RequiredAction("^")
-	assert.NotNil(t, action.Validate())
+	})
+	t.Run("Invalid required action", func(t *testing.T) {
+		action := RequiredAction("^")
+		assert.NotNil(t, action.Validate())
+	})
+	t.Run("Empty required action", func(t *testing.T) {
+		action := RequiredAction("")
+		assert.Nil(t, action.Validate())
+	})
 }
 
 func createValidUserRepresentation() UserRepresentation {

api/management/swagger-api_management.yaml

@@ -968,6 +968,46 @@ paths:
           description: successful operation
         400:
           description: invalid information provided  (invalid client identifier or redirect URI not allowed for this client)
+  /realms/{realm}/admin-configuration:
+    get:
+      tags:
+      - Configuration
+      summary: Get the current admin configuration
+      parameters:
+      - name: realm
+        in: path
+        description: realm name (not id!)
+        required: true
+        schema:
+          type: string
+      responses:
+        200:
+          description: successful operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AdminConfiguration'
+    put:
+      tags:
+      - Configuration
+      summary: Update the admin configuration for the given realm
+      parameters:
+      - name: realm
+        in: path
+        description: realm name (not id!)
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AdminConfiguration'
+      responses:
+        200:
+          description: successful operation
+        400:
+          description: invalid information provided
   /realms/{realm}/backoffice-configuration:
     get:
       tags:
@@ -1245,6 +1285,26 @@ components:
           type: string
         redirect_successful_registration_url:
           type: string
+    AdminConfiguration:
+      type: object
+      properties:
+        mode:
+          type: string
+        available-checks:
+          type: object
+          additionalProperties:
+            type: boolean
+        accreditations:
+          type: array
+          items:
+            type: object
+            properties:
+              type:
+                type: string
+              validity:
+                type: string
+              condition:
+                type: string
     BackOfficeConfiguration:
       type: object
       additionalProperties:

cmd/keycloakb/keycloak_bridge.go

@@ -584,6 +584,8 @@ func main() {
 
 			GetRealmCustomConfiguration:    prepareEndpoint(management.MakeGetRealmCustomConfigurationEndpoint(keycloakComponent), "get_realm_custom_config_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]),
 			UpdateRealmCustomConfiguration: prepareEndpoint(management.MakeUpdateRealmCustomConfigurationEndpoint(keycloakComponent), "update_realm_custom_config_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]),
+			GetRealmAdminConfiguration:     prepareEndpoint(management.MakeGetRealmAdminConfigurationEndpoint(keycloakComponent), "get_realm_admin_config_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]),
+			UpdateRealmAdminConfiguration:  prepareEndpoint(management.MakeUpdateRealmAdminConfigurationEndpoint(keycloakComponent), "update_realm_admin_config_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]),
 
 			GetRealmBackOfficeConfiguration:     prepareEndpoint(management.MakeGetRealmBackOfficeConfigurationEndpoint(keycloakComponent), "get_realm_back_office_config_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]),
 			UpdateRealmBackOfficeConfiguration:  prepareEndpoint(management.MakeUpdateRealmBackOfficeConfigurationEndpoint(keycloakComponent), "update_realm_back_office_config_endpoint", influxMetrics, managementLogger, tracer, rateLimit["management"]),
@@ -835,6 +837,8 @@ func main() {
 
 		var getRealmCustomConfigurationHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.GetRealmCustomConfiguration)
 		var updateRealmCustomConfigurationHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.UpdateRealmCustomConfiguration)
+		var getRealmAdminConfigurationHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.GetRealmAdminConfiguration)
+		var updateRealmAdminConfigurationHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.UpdateRealmAdminConfiguration)
 
 		var getRealmBackOfficeConfigurationHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.GetRealmBackOfficeConfiguration)
 		var updateRealmBackOfficeConfigurationHandler = configureManagementHandler(keycloakb.ComponentName, ComponentID, idGenerator, keycloakClient, audienceRequired, tracer, logger)(managementEndpoints.UpdateRealmBackOfficeConfiguration)
@@ -904,6 +908,8 @@ func main() {
 		// custom configuration per realm
 		managementSubroute.Path("/realms/{realm}/configuration").Methods("GET").Handler(getRealmCustomConfigurationHandler)
 		managementSubroute.Path("/realms/{realm}/configuration").Methods("PUT").Handler(updateRealmCustomConfigurationHandler)
+		managementSubroute.Path("/realms/{realm}/admin-configuration").Methods("GET").Handler(getRealmAdminConfigurationHandler)
+		managementSubroute.Path("/realms/{realm}/admin-configuration").Methods("PUT").Handler(updateRealmAdminConfigurationHandler)
 
 		managementSubroute.Path("/realms/{realm}/backoffice-configuration/groups").Methods("GET").Handler(getRealmBackOfficeConfigurationHandler)
 		managementSubroute.Path("/realms/{realm}/backoffice-configuration/groups").Methods("PUT").Handler(updateRealmBackOfficeConfigurationHandler)