Merge 5667a67 into b3c58c6

Gopkg.toml

@@ -27,11 +27,11 @@
 
 [[constraint]]
   name = "github.com/cloudtrust/common-service"
-  branch = "master"
+  branch = "ct-2320"
 
 [[constraint]]
   name = "github.com/cloudtrust/keycloak-client"
-  branch = "master"
+  branch = "ct-2320"
 
 [[constraint]]
   name = "github.com/go-kit/kit"

api/account/api.go

@@ -38,12 +38,13 @@ type CredentialRepresentation struct {
 
 // Configuration struct
 type Configuration struct {
-	EditingEnabled                    *bool   `json:"editing_enabled"`
-	ShowAuthenticatorsTab             *bool   `json:"show_authenticators_tab"`
-	ShowPasswordTab                   *bool   `json:"show_password_tab"`
-	ShowProfileTab                    *bool   `json:"show_profile_tab"`
-	ShowAccountDeletionButton         *bool   `json:"show_account_deletion_button"`
-	RedirectSuccessfulRegistrationURL *string `json:"redirect_successful_registration_url"`
+	EditingEnabled                    *bool           `json:"editing_enabled"`
+	ShowAuthenticatorsTab             *bool           `json:"show_authenticators_tab"`
+	ShowPasswordTab                   *bool           `json:"show_password_tab"`
+	ShowProfileTab                    *bool           `json:"show_profile_tab"`
+	ShowAccountDeletionButton         *bool           `json:"show_account_deletion_button"`
+	RedirectSuccessfulRegistrationURL *string         `json:"redirect_successful_registration_url"`
+	AvailableChecks                   map[string]bool `json:"available-checks"`
 }
 
 // UpdatePasswordBody is the definition of the expected body content of UpdatePassword method

api/account/swagger-api_account.yaml

@@ -259,6 +259,10 @@ components:
           type: boolean
         redirect_successful_registration_url:
           type: string
+        available-checks:
+          type: object
+          additionalProperties:
+            type: boolean
   securitySchemes:
     openId:
       type: openIdConnect

api/management/api.go

@@ -132,23 +132,26 @@ const (
 	BOConfKeyTeams     = "teams"
 )
 
-var allowedBoConfKeys = map[string]bool{BOConfKeyCustomers: true, BOConfKeyTeams: true}
+var (
+	allowedBoConfKeys    = map[string]bool{BOConfKeyCustomers: true, BOConfKeyTeams: true}
+	allowedAdminConfMode = map[string]bool{"trustID": true, "corporate": true}
+)
 
 // BackOfficeConfiguration type
 type BackOfficeConfiguration map[string]map[string][]string
 
 // RealmAdminConfiguration struct
 type RealmAdminConfiguration struct {
 	Mode            *string                   `json:"mode"`
-	AvailableChecks map[string]bool           `json:"available-checks,omitempty"`
-	Accreditations  []RealmAdminAccreditation `json:"accreditations,omitempty"`
+	AvailableChecks map[string]bool           `json:"available-checks"`
+	Accreditations  []RealmAdminAccreditation `json:"accreditations"`
 }
 
 // RealmAdminAccreditation struct
 type RealmAdminAccreditation struct {
-	Type      *string `json:"type,omitempty"`
-	Validity  *string `json:"validity,omitempty"`
-	Condition *string `json:"condition,omitempty"`
+	Type      *string `json:"type"`
+	Validity  *string `json:"validity"`
+	Condition *string `json:"condition"`
 }
 
 // FederatedIdentityRepresentation struct
@@ -389,6 +392,16 @@ func ConvertToKCFedID(fedID FederatedIdentityRepresentation) kc.FederatedIdentit
 	return kcFedID
 }
 
+// CreateDefaultRealmAdminConfiguration creates a default admin configuration
+func CreateDefaultRealmAdminConfiguration() RealmAdminConfiguration {
+	var mode = "corporate"
+	var checks = make(map[string]bool)
+	for _, key := range configuration.AvailableCheckKeys {
+		checks[key] = false
+	}
+	return RealmAdminConfiguration{Mode: &mode, AvailableChecks: checks, Accreditations: make([]RealmAdminAccreditation, 0)}
+}
+
 // ConvertRealmAdminConfigurationFromDBStruct converts a RealmAdminConfiguration from DB struct to API struct
 func ConvertRealmAdminConfigurationFromDBStruct(conf configuration.RealmAdminConfiguration) RealmAdminConfiguration {
 	return RealmAdminConfiguration{
@@ -426,7 +439,7 @@ func (rac *RealmAdminConfiguration) ConvertRealmAccreditationsToDBStruct() []con
 // ConvertRealmAccreditationsFromDBStruct converts an array of accreditation from DB struct to API struct
 func ConvertRealmAccreditationsFromDBStruct(accreds []configuration.RealmAdminAccreditation) []RealmAdminAccreditation {
 	if len(accreds) == 0 {
-		return nil
+		return make([]RealmAdminAccreditation, 0)
 	}
 	var res []RealmAdminAccreditation
 	for _, accred := range accreds {
@@ -525,9 +538,43 @@ func (config RealmCustomConfiguration) Validate() error {
 }
 
 // Validate is a validator for RealmAdminConfiguration
-func (config RealmAdminConfiguration) Validate() error {
+func (rac *RealmAdminConfiguration) Validate() error {
+	return validation.NewParameterValidator().
+		ValidateParameterIn("mode", rac.Mode, allowedAdminConfMode, true).
+		ValidateParameterFunc("available-checks", func() error {
+			if len(rac.AvailableChecks) > 0 {
+				for k := range rac.AvailableChecks {
+					if !validation.IsStringInSlice(configuration.AvailableCheckKeys, k) {
+						return errorhandler.CreateBadRequestError(constants.MsgErrInvalidParam + ".available-checks")
+					}
+				}
+			}
+			return nil
+		}).
+		ValidateParameterFunc("accreditations", func() error {
+			if len(rac.Accreditations) > 0 {
+				for _, accred := range rac.Accreditations {
+					if err := accred.Validate(); err != nil {
+						return err
+					}
+				}
+			}
+			return nil
+		}).
+		Status()
+}
+
+// Validate is a validator for RealmAdminAccreditation
+func (acc *RealmAdminAccreditation) Validate() error {
 	return validation.NewParameterValidator().
-		ValidateParameterRegExp("mode", config.Mode, RegExpName, true).
+		ValidateParameterLongDuration("validity", acc.Validity, true).
+		ValidateParameterNotNil("condition", acc.Condition).
+		ValidateParameterFunc("condition", func() error {
+			if !validation.IsStringInSlice(configuration.AvailableCheckKeys, *acc.Condition) {
+				return errorhandler.CreateBadRequestError(constants.MsgErrInvalidParam + ".condition")
+			}
+			return nil
+		}).
 		Status()
 }
 

api/management/api_test.go

@@ -294,8 +294,8 @@ func TestConvertRealmAdminConfiguration(t *testing.T) {
 		var config = configuration.RealmAdminConfiguration{}
 		var res = ConvertRealmAdminConfigurationFromDBStruct(config)
 		assert.Nil(t, res.Mode)
-		assert.Nil(t, res.AvailableChecks)
-		assert.Nil(t, res.Accreditations)
+		assert.Len(t, res.AvailableChecks, 0)
+		assert.Len(t, res.Accreditations, 0)
 		assert.Equal(t, config, res.ConvertToDBStruct())
 	})
 	t.Run("Empty struct", func(t *testing.T) {
@@ -481,14 +481,56 @@ func TestValidateRealmCustomConfiguration(t *testing.T) {
 	}
 }
 
-func TestValidateRealmAdminConfiguration(t *testing.T) {
-	var realmAdminConf = RealmAdminConfiguration{}
-
-	assert.NotNil(t, realmAdminConf.Validate())
+func createValidRealmAdminConfiguration() RealmAdminConfiguration {
+	var trustID = "trustID"
+	var value = "value"
+	var validity = "2y4m"
+	var condition = "IDNow"
+	var accred = RealmAdminAccreditation{Type: &value, Validity: &validity, Condition: &condition}
+	return RealmAdminConfiguration{
+		Mode:            &trustID,
+		AvailableChecks: map[string]bool{"IDNow": false, "physical-check": true},
+		Accreditations:  []RealmAdminAccreditation{accred},
+	}
+}
 
-	var mode = "any-value"
-	realmAdminConf.Mode = &mode
-	assert.Nil(t, realmAdminConf.Validate())
+func TestValidateRealmAdminConfiguration(t *testing.T) {
+	t.Run("Valid default configuration", func(t *testing.T) {
+		var conf = CreateDefaultRealmAdminConfiguration()
+		assert.Nil(t, conf.Validate())
+	})
+	t.Run("Valid configuration", func(t *testing.T) {
+		var realmAdminConf = createValidRealmAdminConfiguration()
+		assert.Nil(t, realmAdminConf.Validate())
+	})
+	t.Run("Missing mode", func(t *testing.T) {
+		var realmAdminConf = createValidRealmAdminConfiguration()
+		realmAdminConf.Mode = nil
+		assert.NotNil(t, realmAdminConf.Validate())
+	})
+	t.Run("Invalid mode", func(t *testing.T) {
+		var realmAdminConf = createValidRealmAdminConfiguration()
+		var invalid = "invalid"
+		realmAdminConf.Mode = &invalid
+		assert.NotNil(t, realmAdminConf.Validate())
+	})
+	t.Run("Invalid available checks", func(t *testing.T) {
+		var realmAdminConf = createValidRealmAdminConfiguration()
+		realmAdminConf.AvailableChecks["invalid-key"] = false
+		assert.NotNil(t, realmAdminConf.Validate())
+	})
+	t.Run("Invalid accreditation validity", func(t *testing.T) {
+		var realmAdminConf = createValidRealmAdminConfiguration()
+		var invalid = "2y4"
+		realmAdminConf.Accreditations[0].Validity = &invalid
+		assert.NotNil(t, realmAdminConf.Validate())
+	})
+	t.Run("Invalid accreditation condition", func(t *testing.T) {
+		var realmAdminConf = createValidRealmAdminConfiguration()
+		var invalid = "invalid-key"
+		realmAdminConf.Accreditations[0].Condition = &invalid
+		assert.NotNil(t, realmAdminConf.Validate())
+	})
 }
 
 func TestValidateRequiredAction(t *testing.T) {

internal/keycloakb/configdbmodule.go

@@ -99,15 +99,7 @@ func (c *configurationDBModule) StoreOrUpdateAdminConfiguration(context context.
 }
 
 func (c *configurationDBModule) GetAdminConfiguration(ctx context.Context, realmID string) (configuration.RealmAdminConfiguration, error) {
-	config, err := c.ConfigurationReaderDBModule.GetAdminConfiguration(ctx, realmID)
-
-	if err == sql.ErrNoRows {
-		return config, errorhandler.Error{
-			Status:  404,
-			Message: ComponentName + "." + msg.MsgErrNotConfigured + "." + msg.RealmAdminConfiguration + "." + realmID,
-		}
-	}
-	return config, err
+	return c.ConfigurationReaderDBModule.GetAdminConfiguration(ctx, realmID)
 }
 
 func (c *configurationDBModule) GetBackOfficeConfiguration(ctx context.Context, realmID string, groupNames []string) (dto.BackOfficeConfiguration, error) {

pkg/account/component.go

@@ -6,6 +6,8 @@ import (
 	"net/http"
 	"strings"
 
+	"github.com/cloudtrust/common-service/configuration"
+
 	cs "github.com/cloudtrust/common-service"
 	"github.com/cloudtrust/common-service/database"
 	errorhandler "github.com/cloudtrust/common-service/errors"
@@ -387,13 +389,20 @@ func (c *component) GetConfiguration(ctx context.Context, realmIDOverride string
 		return api.Configuration{}, err
 	}
 
+	var adminConfig configuration.RealmAdminConfiguration
+	adminConfig, err = c.configDBModule.GetAdminConfiguration(ctx, currentRealm)
+	if err != nil {
+		return api.Configuration{}, err
+	}
+
 	var apiConfig = api.Configuration{
 		EditingEnabled:                    config.APISelfAccountEditingEnabled,
 		ShowAuthenticatorsTab:             config.ShowAuthenticatorsTab,
 		ShowAccountDeletionButton:         config.ShowAccountDeletionButton,
 		ShowPasswordTab:                   config.ShowPasswordTab,
 		ShowProfileTab:                    config.ShowProfileTab,
 		RedirectSuccessfulRegistrationURL: config.RedirectSuccessfulRegistrationURL,
+		AvailableChecks:                   adminConfig.AvailableChecks,
 	}
 
 	if realmIDOverride != "" {