keycloak user & groups

Author: gertd

plugins/keycloak/pkg/app/assets/transform_template.tmpl

@@ -9,75 +9,55 @@
     {
       "id": "{{ $.id }}",
       "type": "user",
-      "display_name": "{{ $.firstname }} {{ $.middlename -}} {{ $.lastname }}",
+      "display_name": "{{ $.firstName }} {{ $.lastName }}",
       "properties": {
-        "enabled": "{{ not $.account_locked }}",
+        "enabled": "{{ $.enabled }}",
         "email": "{{ $.email }}",
         "user_id": "{{ $.id }}",
         "username": "{{ $.username }}",
-        "manager": "{{ $.manager }}",
-        "organization": "{{ $.company }}",
-        "department": "{{ $.department }}",
-        "title": "{{ $.jobTitle }}",
-        {{ range $i, $attr := $.attributes }}
-        {{ if eq $attr.name "roles" }}
-        "{{ $attr.name }}": {{ splitList "," $attr.value | marshal }},
-        {{ else }}
-        "{{ $attr.name }}": "{{ $attr.value }}",
-        {{ end }}
-        {{ end }}
-        "status": "{{ $status }}"
-      },
-      "created_at": "{{ $.created }}"
+        "totp": "{{ $.totp }}"
+      }
     },
     {
       "id": "{{ $.email }}",
       "type": "identity",
-      "display_name": "{{ $.firstname }} {{ $.middlename -}} {{ $.lastname }} (email)"
+      "display_name": "{{ $.firstName }} {{ $.lastName }} (email)"
     },
     {
       "id": "{{ $.username }}",
       "type": "identity",
-      "display_name": "{{ $.firstname }} {{ $.middlename -}} {{ $.lastname }} (username)"
+      "display_name": "{{ $.firstName }} {{ $.lastName }} (username)"
     }
   {{ end }}
-  
-  {{ if eq $.type "user_group" }}
+  {{ if eq $.type "group" }}
     {
-      "id": "{{ $.name }}",
+      "id": "{{ $.id }}",
       "type": "group",
-      "display_name": "{{ $.name }}"
+      "display_name": "{{ $.name }}",
+      "properties": {
+        "path": "{{ $.path }}"
+      }
     }
   {{ end }}
   ],
   "relations": [
   {{ if eq $.type "user" }}
     {
-      "object_type": "user",
-      "object_id": "{{ $.id }}",
+      "object_type": "identity",
+      "object_id": "{{ $.email }}",
       "relation": "identifier",
-      "subject_type": "identity",
-      "subject_id": "{{ $.email }}"
+      "subject_type": "user",
+      "subject_id": "{{ $.id }}"
     },
     {
-      "object_type": "user",
-      "object_id": "{{ $.id }}",
+      "object_type": "identity",
+      "object_id": "{{ $.username }}",
       "relation": "identifier",
-      "subject_type": "identity",
-      "subject_id": "{{ $.username }}"
-    }
-    {{ if $.manager }}
-    ,{
-      "object_type": "user",
-      "object_id": "{{ $.id }}",
-      "relation": "manager",
       "subject_type": "user",
-      "subject_id": "{{ $.manager }}"
+      "subject_id": "{{ $.id }}"
     }
-    {{ end }}
   {{ end }}
-
-  {{ if eq $.type "user_group" }}
+  {{ if eq $.type "group" }}
   {{ range $i, $user := $.users }}
     {{ if $i }},{{ end }}
     {

plugins/keycloak/pkg/app/exec.go

@@ -14,7 +14,7 @@ type ExecCmd struct {
 }
 
 func (cmd *ExecCmd) Run(ctx *cc.CommonCtx) error {
-	gClient, err := kc.NewKeyCloudClient(ctx.Context, cmd.APIKey)
+	gClient, err := kc.NewKeycloakClient(ctx.Context, &cmd.KeycloakClientConfig)
 	if err != nil {
 		return err
 	}

plugins/keycloak/pkg/app/fetch.go

@@ -10,12 +10,12 @@ import (
 )
 
 type FetchCmd struct {
-	APIKey string `short:"k" help:"keycloak API Key" env:"KC_API_KEY" required:""`
-	Groups bool   `short:"g" help:"Retrieve keycloak groups" env:"KC_GROUPS" default:"false"`
+	kc.KeycloakClientConfig
+	Groups bool `short:"g" help:"Retrieve keycloak groups" env:"KEYCLOAK_GROUPS" default:"false"`
 }
 
 func (cmd *FetchCmd) Run(ctx *cc.CommonCtx) error {
-	kcClient, err := kc.NewKeyCloudClient(ctx.Context, cmd.APIKey)
+	kcClient, err := kc.NewKeycloakClient(ctx.Context, &cmd.KeycloakClientConfig)
 	if err != nil {
 		return err
 	}

plugins/keycloak/pkg/app/verify.go

@@ -11,7 +11,7 @@ type VerifyCmd struct {
 }
 
 func (v *VerifyCmd) Run(ctx *cc.CommonCtx) error {
-	gClient, err := kc.NewKeyCloudClient(ctx.Context, v.APIKey)
+	gClient, err := kc.NewKeycloakClient(ctx.Context, &v.KeycloakClientConfig)
 	if err != nil {
 		return err
 	}

plugins/keycloak/pkg/fetch/fetch.go

@@ -11,11 +11,11 @@ import (
 )
 
 type Fetcher struct {
-	kcc    *kc.KeyCloudClient
+	kcc    *kc.KeycloakClient
 	Groups bool
 }
 
-func New(client *kc.KeyCloudClient) (*Fetcher, error) {
+func New(client *kc.KeycloakClient) (*Fetcher, error) {
 	return &Fetcher{
 		kcc: client,
 	}, nil
@@ -36,9 +36,10 @@ func (f *Fetcher) Fetch(ctx context.Context, outputWriter io.Writer, errorWriter
 		return err
 	}
 
-	idLookup := map[string]*kc.BaseUser{}
+	idLookup := map[string]*kc.User{}
 
 	for _, user := range users {
+		user.Type = "user"
 		userBytes, err := json.Marshal(user)
 		if err != nil {
 			errorWriter.Error(err)
@@ -56,7 +57,7 @@ func (f *Fetcher) Fetch(ctx context.Context, outputWriter io.Writer, errorWriter
 			errorWriter.Error(err)
 		}
 
-		idLookup[user.ID] = &user.BaseUser
+		idLookup[user.ID] = user
 	}
 
 	if f.Groups {
@@ -71,15 +72,16 @@ func (f *Fetcher) Fetch(ctx context.Context, outputWriter io.Writer, errorWriter
 func (f *Fetcher) fetchGroups(ctx context.Context,
 	writer *js.JSONArrayWriter,
 	errorWriter common.ErrorWriter,
-	idLookup map[string]*kc.BaseUser,
+	idLookup map[string]*kc.User,
 ) error {
-	groups, err := f.kcc.ListGroups(ctx, kc.UserGroups)
+	groups, err := f.kcc.ListGroups(ctx)
 	if err != nil {
 		errorWriter.Error(err)
 		return err
 	}
 
 	for _, group := range groups {
+		group.Type = "group"
 		groupBytes, err := json.Marshal(group)
 		errorWriter.Error(err)
 
@@ -89,11 +91,10 @@ func (f *Fetcher) fetchGroups(ctx context.Context,
 			continue
 		}
 
-		usersInGroup, err := f.kcc.ExpandUsersInGroup(ctx, group.ID, idLookup)
+		usersInGroup, err := f.kcc.GetUsersOfGroup(ctx, group.ID)
 		errorWriter.Error(err)
 
 		usersInGroupBytes, err := json.Marshal(usersInGroup)
-
 		errorWriter.Error(err)
 
 		var users []map[string]any

plugins/keycloak/pkg/kc/group.go

@@ -1,12 +1,17 @@
 package kc
 
-const TypeGroup string = "group"
-
 type Group struct {
-	ID          string      `json:"id"`
-	Name        string      `json:"name"`
-	Type        string      `json:"type"`
-	Description string      `json:"description,omitempty"`
-	Email       string      `json:"email,omitempty"`
-	Attributes  interface{} `json:"attributes,omitempty"`
+	Type          string `json:"type"`
+	ID            string `json:"id"`
+	Name          string `json:"name"`
+	Path          string `json:"path"`
+	SubGroupCount int    `json:"subGroupCount"`
+	SubGroups     []any  `json:"subGroups"`
+	Access        struct {
+		View             bool `json:"view"`
+		ViewMembers      bool `json:"viewMembers"`
+		ManageMembers    bool `json:"manageMembers"`
+		Manage           bool `json:"manage"`
+		ManageMembership bool `json:"manageMembership"`
+	} `json:"access"`
 }