add roles

Author: gertd

plugins/jumpcloud/pkg/jc/jc.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/go-http-utils/headers"
 	"github.com/pkg/errors"
 	"github.com/samber/lo"
 	"google.golang.org/grpc/codes"
@@ -37,9 +38,9 @@ func NewJumpCloudClient(ctx context.Context, apiKey string) (*JumpCloudClient, e
 		apiKey:  apiKey,
 		baseURL: base,
 		headers: map[string]string{
-			"Content-Type": "application/json",
-			"Accept":       "application/json",
-			apiKeyHeader:   apiKey,
+			headers.ContentType: "application/json",
+			headers.Accept:      "application/json",
+			apiKeyHeader:        apiKey,
 		},
 		timeout: defaultConnectionTimeout,
 	}

plugins/keycloak/pkg/app/assets/transform_template.tmpl

@@ -39,6 +39,18 @@
       }
     }
   {{ end }}
+  {{ if eq $.type "role" }}
+    {
+      "id": "{{ $.id }}",
+      "type": "role",
+      "display_name": "{{ $.name }}",
+      "properties": {
+        {{ if .description }}
+        "description": "{{ $.description }}"
+        {{ end }}
+      }
+    }
+  {{ end }}
   ],
   "relations": [
   {{ if eq $.type "user" }}
@@ -69,5 +81,17 @@
     }
   {{ end }}
   {{ end }}
+  {{ if eq $.type "role" }}
+  {{ range $i, $user := $.users }}
+    {{ if $i }},{{ end }}
+    {
+      "object_type": "role",
+      "object_id": "{{ $.id }}",
+      "relation": "member",
+      "subject_type": "user",
+      "subject_id": "{{ $user.id }}"
+    }
+  {{ end }}
+  {{ end }}
   ]
 }

plugins/keycloak/pkg/app/fetch.go

@@ -12,6 +12,7 @@ import (
 type FetchCmd struct {
 	kc.KeycloakClientConfig
 	Groups bool `short:"g" help:"Retrieve keycloak groups" env:"KEYCLOAK_GROUPS" default:"false"`
+	Roles  bool `short:"r"  help:"Retrieve keycloak roles" env:"KEYCLOAK_ROLES" default:"false"`
 }
 
 func (cmd *FetchCmd) Run(ctx *cc.CommonCtx) error {
@@ -25,7 +26,7 @@ func (cmd *FetchCmd) Run(ctx *cc.CommonCtx) error {
 		return err
 	}
 
-	fetcher = fetcher.WithGroups(cmd.Groups)
+	fetcher = fetcher.WithGroups(cmd.Groups).WithRoles(cmd.Roles)
 
 	return fetcher.Fetch(ctx.Context, os.Stdout, common.NewErrorWriter(os.Stderr))
 }

plugins/keycloak/pkg/fetch/fetch.go

@@ -13,6 +13,7 @@ import (
 type Fetcher struct {
 	kcc    *kc.KeycloakClient
 	Groups bool
+	Roles  bool
 }
 
 func New(client *kc.KeycloakClient) (*Fetcher, error) {
@@ -26,6 +27,11 @@ func (f *Fetcher) WithGroups(groups bool) *Fetcher {
 	return f
 }
 
+func (f *Fetcher) WithRoles(roles bool) *Fetcher {
+	f.Roles = roles
+	return f
+}
+
 func (f *Fetcher) Fetch(ctx context.Context, outputWriter io.Writer, errorWriter common.ErrorWriter) error {
 	writer := js.NewJSONArrayWriter(outputWriter)
 	defer writer.Close()
@@ -63,10 +69,16 @@ func (f *Fetcher) Fetch(ctx context.Context, outputWriter io.Writer, errorWriter
 		}
 	}
 
+	if f.Roles {
+		if err := f.fetchRoles(ctx, writer, errorWriter); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
-func (f *Fetcher) fetchGroups(ctx context.Context,
+func (f *Fetcher) fetchGroups(ctx context.Context, //nolint:dupl
 	writer *js.JSONArrayWriter,
 	errorWriter common.ErrorWriter,
 ) error {
@@ -106,3 +118,44 @@ func (f *Fetcher) fetchGroups(ctx context.Context,
 
 	return nil
 }
+
+func (f *Fetcher) fetchRoles(ctx context.Context, //nolint:dupl
+	writer *js.JSONArrayWriter,
+	errorWriter common.ErrorWriter,
+) error {
+	roles, err := f.kcc.ListRoles(ctx)
+	if err != nil {
+		errorWriter.Error(err)
+		return err
+	}
+
+	for _, role := range roles {
+		role.Type = "role"
+		roleBytes, err := json.Marshal(role)
+		errorWriter.Error(err)
+
+		var obj map[string]any
+		if err := json.Unmarshal(roleBytes, &obj); err != nil {
+			errorWriter.Error(err)
+			continue
+		}
+
+		usersInRole, err := f.kcc.GetUsersOfRole(ctx, role.Name)
+		errorWriter.Error(err)
+
+		usersInRoleBytes, err := json.Marshal(usersInRole)
+		errorWriter.Error(err)
+
+		var users []map[string]any
+		if err := json.Unmarshal(usersInRoleBytes, &users); err != nil {
+			errorWriter.Error(err)
+		}
+
+		obj["users"] = users
+
+		err = writer.Write(obj)
+		errorWriter.Error(err)
+	}
+
+	return nil
+}

plugins/keycloak/pkg/kc/kc.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/go-http-utils/headers"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/pkg/errors"
 	"golang.org/x/oauth2"
@@ -56,9 +57,9 @@ func NewKeycloakClient(ctx context.Context, cfg *KeycloakClientConfig) (*Keycloa
 	}
 
 	headers := map[string]string{
-		"Content-Type":  "application/json",
-		"Accept":        "application/json",
-		"Authorization": "Bearer " + token.AccessToken,
+		headers.ContentType:   "application/json",
+		headers.Accept:        "application/json",
+		headers.Authorization: "Bearer " + token.AccessToken,
 	}
 
 	return &KeycloakClient{

plugins/keycloak/test/manifest.yaml

@@ -28,3 +28,9 @@ types:
     relations:
       ### display_name: group#member ###
       member: user | group#member
+
+  ### display_name: Role ###
+  role:
+    relations:
+      ### display_name: role#member ###
+      member: user | role#member