refactor: speed up audience mapper validation (#961)

sybereal · web-flow · commit 0254dd0baa0b · 2025-01-23T13:40:04.000+01:00
Do not load all clients when validating client audience for audience
mappers. Instead, try to fetch the client in question directly.

Signed-off-by: Simon Engmann &lt;simon.engmann@sovity.de&gt;
diff --git a/keycloak/openid_audience_protocol_mapper.go b/keycloak/openid_audience_protocol_mapper.go
@@ -124,18 +124,10 @@ func (keycloakClient *KeycloakClient) ValidateOpenIdAudienceProtocolMapper(ctx c
 	}
 
 	if mapper.IncludedClientAudience != "" {
-		clients, err := keycloakClient.listGenericClients(ctx, mapper.RealmId)
+		_, err = keycloakClient.GetGenericClientByClientId(ctx, mapper.RealmId, mapper.IncludedClientAudience)
 		if err != nil {
-			return err
+			return fmt.Errorf("validation error: %w", err)
 		}
-
-		for _, client := range clients {
-			if client.ClientId == mapper.IncludedClientAudience {
-				return nil
-			}
-		}
-
-		return fmt.Errorf("validation error: client %s does not exist", mapper.IncludedClientAudience)
 	}
 
 	return nil
diff --git a/provider/resource_keycloak_openid_audience_protocol_mapper_test.go b/provider/resource_keycloak_openid_audience_protocol_mapper_test.go
@@ -233,7 +233,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(t
 		Steps: []resource.TestStep{
 			{
 				Config:      testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(clientId, mapperName),
-				ExpectError: regexp.MustCompile("validation error: client .+ does not exist"),
+				ExpectError: regexp.MustCompile("validation error: generic client with name \\S+ does not exist"),
 			},
 		},
 	})

Original file line number	Diff line number	Diff line change
`@@ -124,18 +124,10 @@ func (keycloakClient *KeycloakClient) ValidateOpenIdAudienceProtocolMapper(ctx c`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`if mapper.IncludedClientAudience != "" {`
`127`		`- clients, err := keycloakClient.listGenericClients(ctx, mapper.RealmId)`
	`127`	`+ _, err = keycloakClient.GetGenericClientByClientId(ctx, mapper.RealmId, mapper.IncludedClientAudience)`
`128`	`128`	`if err != nil {`
`129`		`- return err`
	`129`	`+ return fmt.Errorf("validation error: %w", err)`
`130`	`130`	`}`
`131`		`-`
`132`		`- for _, client := range clients {`
`133`		`- if client.ClientId == mapper.IncludedClientAudience {`
`134`		`- return nil`
`135`		`- }`
`136`		`- }`
`137`		`-`
`138`		`- return fmt.Errorf("validation error: client %s does not exist", mapper.IncludedClientAudience)`
`139`	`131`	`}`
`140`	`132`
`141`	`133`	`return nil`
Original file line number	Diff line number	Diff line change
`@@ -233,7 +233,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(t`
`233`	`233`	`Steps: []resource.TestStep{`
`234`	`234`	`{`
`235`	`235`	`Config: testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(clientId, mapperName),`
`236`		`- ExpectError: regexp.MustCompile("validation error: client .+ does not exist"),`
	`236`	`+ ExpectError: regexp.MustCompile("validation error: generic client with name \\S+ does not exist"),`
`237`	`237`	`},`
`238`	`238`	`},`
`239`	`239`	`})`