Fix goupID

cloudtrust · Jan 17, 2020 · d17a782 · d17a782
1 parent 0a083c6
commit d17a782
Show file tree

Hide file tree

Showing 10 changed files with 117 additions and 314 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/api/management/api.go b/api/management/api.go
@@ -282,11 +282,11 @@ func ConvertToAPIAuthorizations(authorizations []dto.Authorization) Authorizatio
 			matrix[*authz.Action][*authz.TargetRealmID] = make(map[string]struct{})
 		}
 
-		if authz.TargetGroupID == nil {
+		if authz.TargetGroupName == nil {
 			continue
 		}
 
-		matrix[*authz.Action][*authz.TargetRealmID][*authz.TargetGroupID] = struct{}{}
+		matrix[*authz.Action][*authz.TargetRealmID][*authz.TargetGroupName] = struct{}{}
 	}
 
 	return AuthorizationsRepresentation{
@@ -307,9 +307,9 @@ func ConvertToDBAuthorizations(realmID, groupID string, apiAuthorizations Author
 		if len(u) == 0 {
 			var act = string(action)
 			authorizations = append(authorizations, dto.Authorization{
-				RealmID: &realmID,
-				GroupID: &groupID,
-				Action:  &act,
+				RealmID:   &realmID,
+				GroupName: &groupID,
+				Action:    &act,
 			})
 			continue
 		}
@@ -320,23 +320,23 @@ func ConvertToDBAuthorizations(realmID, groupID string, apiAuthorizations Author
 				var targetRealm = string(targeteRealmID)
 				authorizations = append(authorizations, dto.Authorization{
 					RealmID:       &realmID,
-					GroupID:       &groupID,
+					GroupName:     &groupID,
 					Action:        &act,
 					TargetRealmID: &targetRealm,
 				})
 				continue
 			}
 
-			for targetGroupID := range v {
+			for targetGroupName := range v {
 				var act = string(action)
 				var targetRealm = string(targeteRealmID)
-				var targetGroup = string(targetGroupID)
+				var targetGroup = string(targetGroupName)
 				authorizations = append(authorizations, dto.Authorization{
-					RealmID:       &realmID,
-					GroupID:       &groupID,
-					Action:        &act,
-					TargetRealmID: &targetRealm,
-					TargetGroupID: &targetGroup,
+					RealmID:         &realmID,
+					GroupName:       &groupID,
+					Action:          &act,
+					TargetRealmID:   &targetRealm,
+					TargetGroupName: &targetGroup,
 				})
 			}
 		}
@@ -398,7 +398,7 @@ func (user UserRepresentation) Validate() error {
 	if user.Groups != nil {
 		for _, groupID := range *(user.Groups) {
 			if !matchesRegExp(groupID, RegExpID) {
-				return errors.New(internal.MsgErrInvalidParam + "." + internal.GroupID)
+				return errors.New(internal.MsgErrInvalidParam + "." + internal.GroupName)
 			}
 		}
 	}
@@ -442,7 +442,7 @@ func (role RoleRepresentation) Validate() error {
 // Validate is a validator for GroupRepresentation
 func (group GroupRepresentation) Validate() error {
 	if group.ID != nil && !matchesRegExp(*group.ID, RegExpID) {
-		return errors.New(internal.MsgErrInvalidParam + "." + internal.GroupID)
+		return errors.New(internal.MsgErrInvalidParam + "." + internal.GroupName)
 	}
 
 	if group.Name != nil && !matchesRegExp(*group.Name, RegExpName) {

diff --git a/internal/dto/authorization.go b/internal/dto/authorization.go
@@ -2,9 +2,9 @@ package dto
 
 // Authorization struct
 type Authorization struct {
-	RealmID       *string `json:"realm_id"`
-	GroupID       *string `json:"group_id"`
-	Action        *string `json:"action"`
-	TargetRealmID *string `json:"target_realm_id,omitempty"`
-	TargetGroupID *string `json:"target_group_id,omitempty"`
+	RealmID         *string `json:"realm_id"`
+	GroupName       *string `json:"group_id"`
+	Action          *string `json:"action"`
+	TargetRealmID   *string `json:"target_realm_id,omitempty"`
+	TargetGroupName *string `json:"target_group_name,omitempty"`
 }
diff --git a/internal/keycloakb/authorizationutil.go b/internal/keycloakb/authorizationutil.go
@@ -5,95 +5,23 @@ import (
 
 	api "github.com/cloudtrust/keycloak-bridge/api/management"
 	"github.com/cloudtrust/keycloak-bridge/internal/dto"
-	kc "github.com/cloudtrust/keycloak-client"
 )
 
-// TranslateGroupIDIntoGroupName convert the groupID of the provided Authorization array in GroupName
-func TranslateGroupIDIntoGroupName(origin []dto.Authorization, groups []kc.GroupRepresentation) []dto.Authorization {
-	// Build a mapping groupID -> groupName
-	var groupIDMapping = make(map[string]string)
-	groupIDMapping["*"] = "*"
-
-	for _, group := range groups {
-		groupIDMapping[*group.Id] = *group.Name
-	}
-
-	// Translate targetGroupId to targetGroupName
-	var translatedAuthorizations = []dto.Authorization{}
-
-	for _, auth := range origin {
-		var targetGroup *string
-
-		if auth.TargetGroupID != nil {
-			v, ok := groupIDMapping[*auth.TargetGroupID]
-
-			// Invalid values are ignored
-			if !ok {
-				continue
-			}
-
-			var groupName = string(v)
-			targetGroup = &groupName
-		}
-
-		translatedAuthorizations = append(translatedAuthorizations, dto.Authorization{
-			RealmID:       auth.RealmID,
-			GroupID:       auth.GroupID,
-			Action:        auth.Action,
-			TargetRealmID: auth.TargetRealmID,
-			TargetGroupID: targetGroup,
-		})
-	}
-
-	return translatedAuthorizations
-}
-
-// TranslateGroupNameIntoGroupID convert the groupNAme of the provided Authorization array in GroupID
-func TranslateGroupNameIntoGroupID(origin []dto.Authorization, mapper map[string]map[string]string) []dto.Authorization {
-	// Convert groupName into groupID
-	var convertedAuthorizations = []dto.Authorization{}
-	for _, authz := range origin {
-		var targetGroupIDPtr *string
-
-		if authz.TargetRealmID != nil && authz.TargetGroupID != nil {
-			targetGroupID, ok := mapper[*authz.TargetRealmID][*authz.TargetGroupID]
-
-			// Invalid values are ignored
-			if !ok {
-				continue
-			}
-
-			copyGroupID := string(targetGroupID)
-			targetGroupIDPtr = &copyGroupID
-		}
-
-		convertedAuthorizations = append(convertedAuthorizations, dto.Authorization{
-			RealmID:       authz.RealmID,
-			GroupID:       authz.GroupID,
-			Action:        authz.Action,
-			TargetRealmID: authz.TargetRealmID,
-			TargetGroupID: targetGroupIDPtr,
-		})
-	}
-
-	return convertedAuthorizations
-}
-
 // Validate the content of the provided array. Returns an error if any issue is detected
-func Validate(authorizations []dto.Authorization, allowedTargetRealmsAndGroupIDs map[string]map[string]string) error {
+func Validate(authorizations []dto.Authorization, allowedTargetRealmsAndGroupNames map[string]map[string]struct{}) error {
 	for _, auth := range authorizations {
 		// Check TargetRealm
 		if auth.TargetRealmID != nil {
-			_, ok := allowedTargetRealmsAndGroupIDs[*auth.TargetRealmID]
+			_, ok := allowedTargetRealmsAndGroupNames[*auth.TargetRealmID]
 
 			if !ok {
 				return errors.New("Invalid target realm")
 			}
 		}
 
-		// Check TargetGroupID
-		if auth.TargetGroupID != nil {
-			_, ok := allowedTargetRealmsAndGroupIDs[*auth.TargetRealmID][*auth.TargetGroupID]
+		// Check TargetGroupName
+		if auth.TargetGroupName != nil {
+			_, ok := allowedTargetRealmsAndGroupNames[*auth.TargetRealmID][*auth.TargetGroupName]
 
 			if !ok {
 				return errors.New("Invalid target group")
@@ -111,10 +39,10 @@ func Validate(authorizations []dto.Authorization, allowedTargetRealmsAndGroupIDs
 				return errors.New("If '*' is used as targetRealm, no other rules for this action are allowed")
 			}
 
-			// Check if * as targetGroupId, there is no other targetGroupID rule
+			// Check if * as targetGroupName, there is no other targetGroupName rule
 			for targetGroup := range v {
 				if targetGroup == "*" && len(v) != 1 {
-					return errors.New("If '*' is used as targetGroupId, no other rules are allowed")
+					return errors.New("If '*' is used as targetGroupName, no other rules are allowed")
 				}
 			}
 		}