forked from tazjin/terraform-provider-keycloak
-
Notifications
You must be signed in to change notification settings - Fork 0
/
realm.go
102 lines (84 loc) · 3.96 KB
/
realm.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package keycloak
import (
"fmt"
)
// The available keys of the SMTP server map are not documented in Keycloak's API docs.
type SmtpServer map[string]interface{}
// Representation of top-level realm keys. According to the Keycloak documentation other keys than top-level keys will
// be ignored on realm updates, which is why they are not included here.
// http://www.keycloak.org/docs-api/3.1/rest-api/index.html#_realmrepresentation
type Realm struct {
// General realm settings
Id string `json:"id"`
Realm string `json:"realm"`
Enabled bool `json:"enabled"`
// Optional realm settings
SslRequired string `json:"sslRequired,omitempty"` // valid values are ALL, NONE or EXTERNAL
DisplayName string `json:"displayName,omitempty"`
SupportedLocales []string `json:"supportedLocales,omitempty"`
DefaultRoles []string `json:"defaultRoles,omitempty"`
SmtpServer *SmtpServer `json:"smtpServer,omitempty"`
AccountTheme string `json:"accountTheme,omitempty"`
AdminTheme string `json:"adminTheme,omitempty"`
EmailTheme string `json:"emailTheme,omitempty"`
LoginTheme string `json:"loginTheme,omitempty"`
InternationalizationEnabled *bool `json:"internationalizationEnabled,omitempty"`
RegistrationAllowed *bool `json:"registrationAllowed,omitempty"`
RegistrationEmailAsUsername *bool `json:"registrationEmailAsUsername,omitempty"`
RememberMe *bool `json:"rememberMe,omitempty"`
VerifyEmail *bool `json:"verifyEmail,omitempty"`
ResetPasswordAllowed *bool `json:"resetPasswordAllowed,omitempty"`
EditUsernameAllowed *bool `json:"editUsernameAllowed,omitempty"`
BruteForceProtected *bool `json:"bruteForceProtected,omitempty"`
// Token & session settings
AccessTokenLifespan *int `json:"accessTokenLifespan,omitempty"`
AccessTokenLifespanForImplicitFlow *int `json:"accessTokenLifespanForImplicitFlow,omitempty"`
SsoSessionIdleTimeout *int `json:"ssoSessionIdleTimeout,omitempty"`
SsoSessionMaxLifespan *int `json:"ssoSessionMaxLifespan,omitempty"`
OfflineSessionIdleTimeout *int `json:"offlineSessionIdleTimeout,omitempty"`
AccessCodeLifespan *int `json:"accessCodeLifespan,omitempty"`
AccessCodeLifespanUserAction *int `json:"accessCodeLifespanUserAction,omitempty"`
AccessCodeLifespanLogin *int `json:"accessCodeLifespanLogin,omitempty"`
MaxFailureWaitSeconds *int `json:"maxFailureWaitSeconds,omitempty"`
MinimumQuickLoginWaitSeconds *int `json:"minimumQuickLoginWaitSeconds,omitempty"`
WaitIncrementSeconds *int `json:"waitIncrementSeconds,omitempty"`
QuickLoginCheckMilliSeconds *int `json:"quickLoginCheckMilliSeconds,omitempty"`
MaxDeltaTimeSeconds *int `json:"maxDeltaTimeSeconds,omitempty"`
FailureFactor *int `json:"failureFactor,omitempty"`
}
const (
realmsUri = "%s/auth/admin/realms"
realmUri = "%s/auth/admin/realms/%s"
)
func (c *KeycloakClient) GetRealm(id string) (*Realm, error) {
url := fmt.Sprintf(realmUri, c.url, id)
var r Realm
err := c.get(url, &r)
return &r, err
}
// This "imports" (i.e. creates) a realm from a realm representation.
func (c *KeycloakClient) CreateRealm(r *Realm) (*Realm, error) {
url := fmt.Sprintf(realmsUri, c.url)
realmLocation, err := c.post(url, *r)
if err != nil {
return nil, err
}
// For some reason, keycloak authorizes all the realms you can see at the
// beginning of the session, so if you create a new realm you will get a
// 403 trying to access it. Need to re-auth
err = c.Login()
if err != nil {
return nil, err
}
var createdRealm Realm
err = c.get(realmLocation, &createdRealm)
return &createdRealm, err
}
func (c *KeycloakClient) UpdateRealm(r *Realm) error {
url := fmt.Sprintf(realmUri, c.url, r.Id)
return c.put(url, *r)
}
func (c *KeycloakClient) DeleteRealm(id string) error {
url := fmt.Sprintf(realmUri, c.url, id)
return c.delete(url, nil)
}