Skip to content

Commit

Permalink
feat(seeding): adjust seeding configuration
Browse files Browse the repository at this point in the history 
Refs: #1172
  • Loading branch information
@Phil91
Phil91 committed Nov 25, 2024
1 parent d8c1ce2 commit 45bf0d5
Show file tree
Hide file tree
Showing 18 changed files with 516 additions and 414 deletions.
38 changes: 19 additions & 19 deletions src/keycloak/Keycloak.Seeding/BusinessLogic/AuthenticationFlowsUpdater.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@ public async Task UpdateAuthenticationFlows(CancellationToken cancellationToken)
await UpdateExistingAuthenticationFlows(topLevelCustomFlows, seedFlows, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
}

private async Task DeleteRedundantAuthenticationFlows(IEnumerable<AuthenticationFlow> topLevelCustomFlows, IEnumerable<AuthenticationFlowModel> seedFlows, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private async Task DeleteRedundantAuthenticationFlows(IEnumerable<AuthenticationFlow> topLevelCustomFlows, IEnumerable<AuthenticationFlowModel> seedFlows, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
foreach (var delete in topLevelCustomFlows.ExceptBy(seedFlows.Select(x => x.Alias), x => x.Alias)
.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowsConfigKey, ModificationType.Delete, x.Alias)))
.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlows, ModificationType.Delete, x.Alias)))

{
if (delete.Id == null)
Expand All @@ -69,15 +69,15 @@ private async Task DeleteRedundantAuthenticationFlows(IEnumerable<Authentication
}
}

private async Task AddMissingAuthenticationFlows(IEnumerable<AuthenticationFlow> topLevelCustomFlows, IEnumerable<AuthenticationFlowModel> seedFlows, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private async Task AddMissingAuthenticationFlows(IEnumerable<AuthenticationFlow> topLevelCustomFlows, IEnumerable<AuthenticationFlowModel> seedFlows, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
foreach (var addFlow in seedFlows.ExceptBy(topLevelCustomFlows.Select(x => x.Alias), x => x.Alias))
{
if (addFlow.Alias == null)
throw new ConflictException($"authenticationFlow.Alias is null {addFlow.Id} {addFlow.Description}");
if (addFlow.BuiltIn ?? false)
throw new ConflictException($"authenticationFlow.buildIn is true. flow cannot be added: {addFlow.Alias}");
if (seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowsConfigKey, ModificationType.Create, addFlow.Id))
if (seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlows, ModificationType.Create, addFlow.Alias))
{
await keycloak.CreateAuthenticationFlowAsync(_realm, CreateUpdateAuthenticationFlow(null, addFlow), cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
}
Expand All @@ -86,15 +86,15 @@ private async Task AddMissingAuthenticationFlows(IEnumerable<AuthenticationFlow>
}
}

private async Task UpdateExistingAuthenticationFlows(IEnumerable<AuthenticationFlow> topLevelCustomFlows, IEnumerable<AuthenticationFlowModel> seedFlows, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private async Task UpdateExistingAuthenticationFlows(IEnumerable<AuthenticationFlow> topLevelCustomFlows, IEnumerable<AuthenticationFlowModel> seedFlows, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
foreach (var (flow, seed) in topLevelCustomFlows
.Join(
seedFlows,
x => x.Alias,
x => x.Alias,
(flow, seed) => (Flow: flow, Seed: seed))
.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowsConfigKey, ModificationType.Update, x.Flow.Id)))
.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlows, ModificationType.Update, x.Flow.Alias)))
{
if (flow.Id == null)
throw new ConflictException($"authenticationFlow.id is null {flow.Alias} {flow.Description}");
Expand Down Expand Up @@ -125,7 +125,7 @@ private static bool CompareAuthenticationFlow(AuthenticationFlow flow, Authentic
flow.ProviderId == update.ProviderId &&
flow.TopLevel == update.TopLevel;

private async Task UpdateAuthenticationFlowExecutions(string alias, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private async Task UpdateAuthenticationFlowExecutions(string alias, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
var updateExecutions = seedDataHandler.GetAuthenticationExecutions(alias);
var executionNodes = ExecutionNode.Parse(await GetExecutions(alias, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None));
Expand All @@ -149,9 +149,9 @@ private bool CompareStructureRecursive(IReadOnlyList<ExecutionNode> executions,
(x.Node.Execution.AuthenticationFlow ?? false) == (x.Update.AuthenticatorFlow ?? false) &&
(!(x.Node.Execution.AuthenticationFlow ?? false) || CompareStructureRecursive(x.Node.Children, seedDataHandler.GetAuthenticationExecutions(x.Update.FlowAlias))));

private async Task DeleteExecutionsRecursive(IEnumerable<ExecutionNode> executionNodes, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private async Task DeleteExecutionsRecursive(IEnumerable<ExecutionNode> executionNodes, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
foreach (var executionNode in executionNodes.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowExecutionConfigKey, ModificationType.Delete, x.Execution.Id)))
foreach (var executionNode in executionNodes.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowExecution, ModificationType.Delete, x.Execution.Id)))
{
if (executionNode.Execution.AuthenticationFlow ?? false)
{
Expand All @@ -162,9 +162,9 @@ private async Task DeleteExecutionsRecursive(IEnumerable<ExecutionNode> executio
}
}

private async Task AddExecutionsRecursive(string? alias, IEnumerable<AuthenticationExecutionModel> seedExecutions, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private async Task AddExecutionsRecursive(string? alias, IEnumerable<AuthenticationExecutionModel> seedExecutions, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
foreach (var execution in seedExecutions.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowExecutionConfigKey, ModificationType.Delete, x.FlowAlias)))
foreach (var execution in seedExecutions.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowExecution, ModificationType.Delete, x.FlowAlias)))
{
await (execution.AuthenticatorFlow switch
{
Expand All @@ -180,12 +180,12 @@ async Task AddAuthenticationFlowExecutionRecursive(string updateAlias, Authentic
}
}

private async Task UpdateExecutionsRecursive(string alias, IReadOnlyCollection<ExecutionNode> executionNodes, IEnumerable<AuthenticationExecutionModel> seedExecutions, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private async Task UpdateExecutionsRecursive(string alias, IReadOnlyCollection<ExecutionNode> executionNodes, IEnumerable<AuthenticationExecutionModel> seedExecutions, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
if (executionNodes.Count != seedExecutions.Count())
throw new ArgumentException("number of elements in executionNodes doesn't match seedData");

foreach (var (executionNode, update) in executionNodes.Zip(seedExecutions).Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowExecutionConfigKey, ModificationType.Update, x.First.Execution.Id)))
foreach (var (executionNode, update) in executionNodes.Zip(seedExecutions).Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowExecution, ModificationType.Update, x.First.Execution.Id)))
{
if ((executionNode.Execution.AuthenticationFlow ?? false) != (update.AuthenticatorFlow ?? false))
throw new ArgumentException("execution.AuthenticatorFlow doesn't match seedData");
Expand Down Expand Up @@ -234,7 +234,7 @@ await UpdateExecutionsRecursive(
async Task UpdateAuthenticationExecution(ExecutionNode executionNode, AuthenticationExecutionModel update, CancellationToken ct)
{
var (isEqual, authenticatorConfig) = await CompareExecutions(executionNode.Execution, update, ct).ConfigureAwait(ConfigureAwaitOptions.None);
if (!isEqual && seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowExecutionConfigKey, ModificationType.Update, executionNode.Execution.Id))
if (!isEqual && seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticationFlowExecution, ModificationType.Update, executionNode.Execution.Id))
{
await keycloak.UpdateAuthenticationFlowExecutionsAsync(
_realm,
Expand All @@ -257,14 +257,14 @@ await keycloak.UpdateAuthenticationFlowExecutionsAsync(
}
}

private async Task UpdateAuthenticatorConfig(AuthenticationFlowExecution execution, AuthenticationExecutionModel update, AuthenticatorConfig? config, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private async Task UpdateAuthenticatorConfig(AuthenticationFlowExecution execution, AuthenticationExecutionModel update, AuthenticatorConfig? config, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
switch (execution.AuthenticationConfig, update.AuthenticatorConfig)
{
case (null, null):
break;

case (null, var _) when seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticatorConfigConfigKey, ModificationType.Create, execution.Id):
case (null, var _) when seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticatorConfig, ModificationType.Create, update.AuthenticatorConfig):
await keycloak.CreateAuthenticationExecutionConfigurationAsync(
_realm,
execution.Id!,
Expand All @@ -276,20 +276,20 @@ await keycloak.CreateAuthenticationExecutionConfigurationAsync(
cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
break;

case (var _, null) when seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticatorConfigConfigKey, ModificationType.Delete, execution.Id):
case (var _, null) when seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticatorConfig, ModificationType.Delete, update.AuthenticatorConfig):
await keycloak.DeleteAuthenticatorConfigurationAsync(
_realm,
execution.AuthenticationConfig,
cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
break;

case var (_, _) when seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticatorConfigConfigKey, ModificationType.Update, execution.Id):
case var (_, _) when seederConfig.ModificationAllowed(ConfigurationKeys.AuthenticatorConfig, ModificationType.Update, update.AuthenticatorConfig):
var updateConfig = seedDataHandler.GetAuthenticatorConfig(update.AuthenticatorConfig);
if (config == null)
throw new UnexpectedConditionException("authenticatorConfig is null");
config.Alias = update.AuthenticatorConfig;
config.Config = updateConfig.Config?.FilterNotNullValues().ToDictionary();
await keycloak.UpdateAuthenticatorConfigurationAsync(_realm, execution.AuthenticationConfig, config, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
await keycloak.UpdateAuthenticatorConfigurationAsync(_realm, execution.AuthenticationConfig!, config, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
break;
}
}
Expand Down
6 changes: 3 additions & 3 deletions src/keycloak/Keycloak.Seeding/BusinessLogic/ClientScopeMapperUpdater.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,15 +60,15 @@ public async Task UpdateClientScopeMapper(string instanceName, CancellationToken
}
}

private static async Task AddAndDeleteRoles(KeycloakClient keycloak, string realm, string clientScopeId, string clientId, IEnumerable<Role> roles, IEnumerable<Role> updateRoles, SeederConfiguration seederConfig, CancellationToken cancellationToken)
private static async Task AddAndDeleteRoles(KeycloakClient keycloak, string realm, string clientScopeId, string clientId, IEnumerable<Role> roles, IEnumerable<Role> updateRoles, KeycloakRealmSettings seederConfig, CancellationToken cancellationToken)
{
await updateRoles.ExceptBy(roles.Select(role => role.Name), roleModel => roleModel.Name)
.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.ClientScopesConfigKey, ModificationType.Create, x.Name))
.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.ClientScopes, ModificationType.Create, x.Name))
.IfAnyAwait(rolesToAdd =>
keycloak.AddClientRolesScopeMappingToClientAsync(realm, clientScopeId, clientId, rolesToAdd, cancellationToken)).ConfigureAwait(false);

await roles.ExceptBy(updateRoles.Select(roleModel => roleModel.Name), role => role.Name)
.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.ClientScopesConfigKey, ModificationType.Delete, x.Name))
.Where(x => seederConfig.ModificationAllowed(ConfigurationKeys.ClientScopes, ModificationType.Delete, x.Name))
.IfAnyAwait(rolesToDelete =>
keycloak.RemoveClientRolesFromClientScopeForClientAsync(realm, clientScopeId, clientId, rolesToDelete, cancellationToken)).ConfigureAwait(false);
}
Expand Down
Loading

0 comments on commit 45bf0d5

Please sign in to comment.