From 3c26d1dfc3caaf604397ad0d75934704d14bd717 Mon Sep 17 00:00:00 2001 From: Sebastian Laskawiec Date: Thu, 17 Dec 2020 16:08:17 +0100 Subject: [PATCH] Revert "KEYCLOAK-16488 Add AuthZ settings to client CRD" This reverts commit d5fb27b4d916b178758b01d109d0f28c96f82ba1. --- .../keycloak.org_keycloakclients_crd.yaml | 342 ----------------- .../crds/keycloak.org_keycloakrealms_crd.yaml | 356 ------------------ .../keycloak/v1alpha1/keycloakclient_types.go | 147 -------- .../v1alpha1/zz_generated.deepcopy.go | 159 -------- test/e2e/keycloak_client_test.go | 99 ++--- 5 files changed, 23 insertions(+), 1080 deletions(-) diff --git a/deploy/crds/keycloak.org_keycloakclients_crd.yaml b/deploy/crds/keycloak.org_keycloakclients_crd.yaml index 61bf703af..07b12d6aa 100644 --- a/deploy/crds/keycloak.org_keycloakclients_crd.yaml +++ b/deploy/crds/keycloak.org_keycloakclients_crd.yaml @@ -47,348 +47,6 @@ spec: type: string description: Client Attributes. type: object - authorizationServicesEnabled: - description: True if fine-grained authorization support is enabled - for this client. - type: boolean - authorizationSettings: - description: Authorization settings for this resource server. - properties: - allowRemoteResourceManagement: - description: True if resources should be managed remotely by - the resource server. - type: boolean - clientId: - description: Client ID. - type: string - decisionStrategy: - description: The decision strategy dictates how permissions - are evaluated and how a final decision is obtained. 'Affirmative' - means that at least one permission must evaluate to a positive - decision in order to grant access to a resource and its scopes. - 'Unanimous' means that all permissions must evaluate to a - positive decision in order for the final decision to be also - positive. - type: string - id: - description: ID. - type: string - name: - description: Name. - type: string - policies: - description: Policies. - items: - properties: - config: - additionalProperties: - type: string - description: Config. - type: object - decisionStrategy: - description: The decision strategy dictates how the policies - associated with a given permission are evaluated and - how a final decision is obtained. 'Affirmative' means - that at least one policy must evaluate to a positive - decision in order for the final decision to be also - positive. 'Unanimous' means that all policies must evaluate - to a positive decision in order for the final decision - to be also positive. 'Consensus' means that the number - of positive decisions must be greater than the number - of negative decisions. If the number of positive and - negative is the same, the final decision will be negative. - type: string - description: - description: A description for this policy. - type: string - id: - description: ID. - type: string - logic: - description: The logic dictates how the policy decision - should be made. If 'Positive', the resulting effect - (permit or deny) obtained during the evaluation of this - policy will be used to perform a decision. If 'Negative', - the resulting effect will be negated, in other words, - a permit becomes a deny and vice-versa. - type: string - name: - description: The name of this policy. - type: string - owner: - description: Owner. - type: string - policies: - description: Policies. - items: - type: string - type: array - resources: - description: Resources. - items: - type: string - type: array - resourcesData: - description: Resources Data. - items: - properties: - _id: - description: ID. - type: string - attributes: - additionalProperties: - type: string - description: The attributes associated with the - resource. - type: object - displayName: - description: A unique name for this resource. The - name can be used to uniquely identify a resource, - useful when querying for a specific resource. - type: string - icon_uri: - description: An URI pointing to an icon. - type: string - name: - description: A unique name for this resource. The - name can be used to uniquely identify a resource, - useful when querying for a specific resource. - type: string - ownerManagedAccess: - description: True if the access to this resource - can be managed by the resource owner. - type: boolean - scopes: - description: The scopes associated with this resource. - items: {} - type: array - type: - description: The type of this resource. It can be - used to group different resource instances with - the same type. - type: string - uris: - description: Set of URIs which are protected by - resource. - items: - type: string - type: array - type: object - type: array - scopes: - description: Scopes. - items: - type: string - type: array - scopesData: - description: Scopes Data. - items: - properties: - displayName: - description: A unique name for this scope. The name - can be used to uniquely identify a scope, useful - when querying for a specific scope. - type: string - iconUri: - description: An URI pointing to an icon. - type: string - id: - description: ID. - type: string - name: - description: A unique name for this scope. The name - can be used to uniquely identify a scope, useful - when querying for a specific scope. - type: string - policies: - description: Policies. - items: {} - type: array - resources: - description: Resources. - items: - properties: - _id: - description: ID. - type: string - attributes: - additionalProperties: - type: string - description: The attributes associated with - the resource. - type: object - displayName: - description: A unique name for this resource. - The name can be used to uniquely identify - a resource, useful when querying for a specific - resource. - type: string - icon_uri: - description: An URI pointing to an icon. - type: string - name: - description: A unique name for this resource. - The name can be used to uniquely identify - a resource, useful when querying for a specific - resource. - type: string - ownerManagedAccess: - description: True if the access to this resource - can be managed by the resource owner. - type: boolean - scopes: - description: The scopes associated with this - resource. - items: {} - type: array - type: - description: The type of this resource. It - can be used to group different resource - instances with the same type. - type: string - uris: - description: Set of URIs which are protected - by resource. - items: - type: string - type: array - type: object - type: array - type: object - type: array - type: - description: Type. - type: string - type: object - type: array - policyEnforcementMode: - description: The policy enforcement mode dictates how policies - are enforced when evaluating authorization requests. 'Enforcing' - means requests are denied by default even when there is no - policy associated with a given resource. 'Permissive' means - requests are allowed even when there is no policy associated - with a given resource. 'Disabled' completely disables the - evaluation of policies and allows access to any resource. - type: string - resources: - description: Resources. - items: - properties: - _id: - description: ID. - type: string - attributes: - additionalProperties: - type: string - description: The attributes associated with the resource. - type: object - displayName: - description: A unique name for this resource. The name - can be used to uniquely identify a resource, useful - when querying for a specific resource. - type: string - icon_uri: - description: An URI pointing to an icon. - type: string - name: - description: A unique name for this resource. The name - can be used to uniquely identify a resource, useful - when querying for a specific resource. - type: string - ownerManagedAccess: - description: True if the access to this resource can be - managed by the resource owner. - type: boolean - scopes: - description: The scopes associated with this resource. - items: {} - type: array - type: - description: The type of this resource. It can be used - to group different resource instances with the same - type. - type: string - uris: - description: Set of URIs which are protected by resource. - items: - type: string - type: array - type: object - type: array - scopes: - description: Authorization Scopes. - items: - properties: - displayName: - description: A unique name for this scope. The name can - be used to uniquely identify a scope, useful when querying - for a specific scope. - type: string - iconUri: - description: An URI pointing to an icon. - type: string - id: - description: ID. - type: string - name: - description: A unique name for this scope. The name can - be used to uniquely identify a scope, useful when querying - for a specific scope. - type: string - policies: - description: Policies. - items: {} - type: array - resources: - description: Resources. - items: - properties: - _id: - description: ID. - type: string - attributes: - additionalProperties: - type: string - description: The attributes associated with the - resource. - type: object - displayName: - description: A unique name for this resource. The - name can be used to uniquely identify a resource, - useful when querying for a specific resource. - type: string - icon_uri: - description: An URI pointing to an icon. - type: string - name: - description: A unique name for this resource. The - name can be used to uniquely identify a resource, - useful when querying for a specific resource. - type: string - ownerManagedAccess: - description: True if the access to this resource - can be managed by the resource owner. - type: boolean - scopes: - description: The scopes associated with this resource. - items: {} - type: array - type: - description: The type of this resource. It can be - used to group different resource instances with - the same type. - type: string - uris: - description: Set of URIs which are protected by - resource. - items: - type: string - type: array - type: object - type: array - type: object - type: array - type: object baseUrl: description: Application base URL. type: string diff --git a/deploy/crds/keycloak.org_keycloakrealms_crd.yaml b/deploy/crds/keycloak.org_keycloakrealms_crd.yaml index faa0699db..cff2beca5 100644 --- a/deploy/crds/keycloak.org_keycloakrealms_crd.yaml +++ b/deploy/crds/keycloak.org_keycloakrealms_crd.yaml @@ -224,362 +224,6 @@ spec: type: string description: Client Attributes. type: object - authorizationServicesEnabled: - description: True if fine-grained authorization support is - enabled for this client. - type: boolean - authorizationSettings: - description: Authorization settings for this resource server. - properties: - allowRemoteResourceManagement: - description: True if resources should be managed remotely - by the resource server. - type: boolean - clientId: - description: Client ID. - type: string - decisionStrategy: - description: The decision strategy dictates how permissions - are evaluated and how a final decision is obtained. - 'Affirmative' means that at least one permission must - evaluate to a positive decision in order to grant access - to a resource and its scopes. 'Unanimous' means that - all permissions must evaluate to a positive decision - in order for the final decision to be also positive. - type: string - id: - description: ID. - type: string - name: - description: Name. - type: string - policies: - description: Policies. - items: - properties: - config: - additionalProperties: - type: string - description: Config. - type: object - decisionStrategy: - description: The decision strategy dictates how - the policies associated with a given permission - are evaluated and how a final decision is obtained. - 'Affirmative' means that at least one policy must - evaluate to a positive decision in order for the - final decision to be also positive. 'Unanimous' - means that all policies must evaluate to a positive - decision in order for the final decision to be - also positive. 'Consensus' means that the number - of positive decisions must be greater than the - number of negative decisions. If the number of - positive and negative is the same, the final decision - will be negative. - type: string - description: - description: A description for this policy. - type: string - id: - description: ID. - type: string - logic: - description: The logic dictates how the policy decision - should be made. If 'Positive', the resulting effect - (permit or deny) obtained during the evaluation - of this policy will be used to perform a decision. - If 'Negative', the resulting effect will be negated, - in other words, a permit becomes a deny and vice-versa. - type: string - name: - description: The name of this policy. - type: string - owner: - description: Owner. - type: string - policies: - description: Policies. - items: - type: string - type: array - resources: - description: Resources. - items: - type: string - type: array - resourcesData: - description: Resources Data. - items: - properties: - _id: - description: ID. - type: string - attributes: - additionalProperties: - type: string - description: The attributes associated with - the resource. - type: object - displayName: - description: A unique name for this resource. - The name can be used to uniquely identify - a resource, useful when querying for a specific - resource. - type: string - icon_uri: - description: An URI pointing to an icon. - type: string - name: - description: A unique name for this resource. - The name can be used to uniquely identify - a resource, useful when querying for a specific - resource. - type: string - ownerManagedAccess: - description: True if the access to this resource - can be managed by the resource owner. - type: boolean - scopes: - description: The scopes associated with this - resource. - items: {} - type: array - type: - description: The type of this resource. It - can be used to group different resource - instances with the same type. - type: string - uris: - description: Set of URIs which are protected - by resource. - items: - type: string - type: array - type: object - type: array - scopes: - description: Scopes. - items: - type: string - type: array - scopesData: - description: Scopes Data. - items: - properties: - displayName: - description: A unique name for this scope. - The name can be used to uniquely identify - a scope, useful when querying for a specific - scope. - type: string - iconUri: - description: An URI pointing to an icon. - type: string - id: - description: ID. - type: string - name: - description: A unique name for this scope. - The name can be used to uniquely identify - a scope, useful when querying for a specific - scope. - type: string - policies: - description: Policies. - items: {} - type: array - resources: - description: Resources. - items: - properties: - _id: - description: ID. - type: string - attributes: - additionalProperties: - type: string - description: The attributes associated - with the resource. - type: object - displayName: - description: A unique name for this - resource. The name can be used to - uniquely identify a resource, useful - when querying for a specific resource. - type: string - icon_uri: - description: An URI pointing to an icon. - type: string - name: - description: A unique name for this - resource. The name can be used to - uniquely identify a resource, useful - when querying for a specific resource. - type: string - ownerManagedAccess: - description: True if the access to this - resource can be managed by the resource - owner. - type: boolean - scopes: - description: The scopes associated with - this resource. - items: {} - type: array - type: - description: The type of this resource. - It can be used to group different - resource instances with the same type. - type: string - uris: - description: Set of URIs which are protected - by resource. - items: - type: string - type: array - type: object - type: array - type: object - type: array - type: - description: Type. - type: string - type: object - type: array - policyEnforcementMode: - description: The policy enforcement mode dictates how - policies are enforced when evaluating authorization - requests. 'Enforcing' means requests are denied by default - even when there is no policy associated with a given - resource. 'Permissive' means requests are allowed even - when there is no policy associated with a given resource. - 'Disabled' completely disables the evaluation of policies - and allows access to any resource. - type: string - resources: - description: Resources. - items: - properties: - _id: - description: ID. - type: string - attributes: - additionalProperties: - type: string - description: The attributes associated with the - resource. - type: object - displayName: - description: A unique name for this resource. The - name can be used to uniquely identify a resource, - useful when querying for a specific resource. - type: string - icon_uri: - description: An URI pointing to an icon. - type: string - name: - description: A unique name for this resource. The - name can be used to uniquely identify a resource, - useful when querying for a specific resource. - type: string - ownerManagedAccess: - description: True if the access to this resource - can be managed by the resource owner. - type: boolean - scopes: - description: The scopes associated with this resource. - items: {} - type: array - type: - description: The type of this resource. It can be - used to group different resource instances with - the same type. - type: string - uris: - description: Set of URIs which are protected by - resource. - items: - type: string - type: array - type: object - type: array - scopes: - description: Authorization Scopes. - items: - properties: - displayName: - description: A unique name for this scope. The name - can be used to uniquely identify a scope, useful - when querying for a specific scope. - type: string - iconUri: - description: An URI pointing to an icon. - type: string - id: - description: ID. - type: string - name: - description: A unique name for this scope. The name - can be used to uniquely identify a scope, useful - when querying for a specific scope. - type: string - policies: - description: Policies. - items: {} - type: array - resources: - description: Resources. - items: - properties: - _id: - description: ID. - type: string - attributes: - additionalProperties: - type: string - description: The attributes associated with - the resource. - type: object - displayName: - description: A unique name for this resource. - The name can be used to uniquely identify - a resource, useful when querying for a specific - resource. - type: string - icon_uri: - description: An URI pointing to an icon. - type: string - name: - description: A unique name for this resource. - The name can be used to uniquely identify - a resource, useful when querying for a specific - resource. - type: string - ownerManagedAccess: - description: True if the access to this resource - can be managed by the resource owner. - type: boolean - scopes: - description: The scopes associated with this - resource. - items: {} - type: array - type: - description: The type of this resource. It - can be used to group different resource - instances with the same type. - type: string - uris: - description: Set of URIs which are protected - by resource. - items: - type: string - type: array - type: object - type: array - type: object - type: array - type: object baseUrl: description: Application base URL. type: string diff --git a/pkg/apis/keycloak/v1alpha1/keycloakclient_types.go b/pkg/apis/keycloak/v1alpha1/keycloakclient_types.go index 4e7710698..8b3292146 100644 --- a/pkg/apis/keycloak/v1alpha1/keycloakclient_types.go +++ b/pkg/apis/keycloak/v1alpha1/keycloakclient_types.go @@ -123,12 +123,6 @@ type KeycloakAPIClient struct { // assertions for this client. // +optional DefaultClientScopes []string `json:"defaultClientScopes,omitempty"` - // True if fine-grained authorization support is enabled for this client. - // +optional - AuthorizationServicesEnabled bool `json:"authorizationServicesEnabled,omitempty"` - // Authorization settings for this resource server. - // +optional - AuthorizationSettings *KeycloakResourceServer `json:"authorizationSettings,omitempty"` } type KeycloakProtocolMapper struct { @@ -155,147 +149,6 @@ type KeycloakProtocolMapper struct { Config map[string]string `json:"config,omitempty"` } -type KeycloakResourceServer struct { - // True if resources should be managed remotely by the resource server. - // +optional - AllowRemoteResourceManagement bool `json:"allowRemoteResourceManagement,omitempty"` - // Client ID. - // +optional - ClientID string `json:"clientId,omitempty"` - // The decision strategy dictates how permissions are evaluated and how a - // final decision is obtained. 'Affirmative' means that at least one - // permission must evaluate to a positive decision in order to grant access - // to a resource and its scopes. 'Unanimous' means that all permissions must - // evaluate to a positive decision in order for the final decision to be also positive. - // +optional - DecisionStrategy string `json:"decisionStrategy,omitempty"` - // ID. - // +optional - ID string `json:"id,omitempty"` - // Name. - // +optional - Name string `json:"name,omitempty"` - // Policies. - // +optional - Policies []KeycloakPolicy `json:"policies,omitempty"` - // The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. - // 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. - // 'Permissive' means requests are allowed even when there is no policy associated with a given resource. - // 'Disabled' completely disables the evaluation of policies and allows access to any resource. - // +optional - PolicyEnforcementMode string `json:"policyEnforcementMode,omitempty"` - // Resources. - // +optional - Resources []KeycloakResource `json:"resources,omitempty"` - // Authorization Scopes. - // +optional - Scopes []KeycloakScope `json:"scopes,omitempty"` -} - -type KeycloakPolicy struct { - // Config. - // +optional - Config map[string]string `json:"config,omitempty"` - // The decision strategy dictates how the policies associated with a given permission are evaluated and how - // a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive - // decision in order for the final decision to be also positive. 'Unanimous' means that all policies must - // evaluate to a positive decision in order for the final decision to be also positive. 'Consensus' means - // that the number of positive decisions must be greater than the number of negative decisions. If the number - // of positive and negative is the same, the final decision will be negative. - // +optional - DecisionStrategy string `json:"decisionStrategy,omitempty"` - // A description for this policy. - // +optional - Description string `json:"description,omitempty"` - // ID. - // +optional - ID string `json:"id,omitempty"` - // The logic dictates how the policy decision should be made. If 'Positive', the resulting effect - // (permit or deny) obtained during the evaluation of this policy will be used to perform a decision. - // If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa. - // +optional - Logic string `json:"logic,omitempty"` - // The name of this policy. - // +optional - Name string `json:"name,omitempty"` - // Owner. - // +optional - Owner string `json:"owner,omitempty"` - // Policies. - // +optional - Policies []string `json:"policies,omitempty"` - // Resources. - // +optional - Resources []string `json:"resources,omitempty"` - // Resources Data. - // +optional - ResourcesData []KeycloakResource `json:"resourcesData,omitempty"` - // Scopes. - // +optional - Scopes []string `json:"scopes,omitempty"` - // Scopes Data. - // +optional - ScopesData []KeycloakScope `json:"scopesData,omitempty"` - // Type. - // +optional - Type string `json:"type,omitempty"` -} - -type KeycloakResource struct { - // ID. - // +optional - ID string `json:"_id,omitempty"` - // The attributes associated with the resource. - // +optional - Attributes map[string]string `json:"attributes,omitempty"` - // A unique name for this resource. The name can be used to uniquely identify a resource, useful when - // querying for a specific resource. - // +optional - DisplayName string `json:"displayName,omitempty"` - // An URI pointing to an icon. - // +optional - IconURI string `json:"icon_uri,omitempty"` - // A unique name for this resource. The name can be used to uniquely identify a resource, useful when - // querying for a specific resource. - // +optional - Name string `json:"name,omitempty"` - // True if the access to this resource can be managed by the resource owner. - // +optional - OwnerManagedAccess bool `json:"ownerManagedAccess,omitempty"` - // The scopes associated with this resource. - // +optional - Scopes []KeycloakScope `json:"scopes,omitempty"` - // The type of this resource. It can be used to group different resource instances with the same type. - // +optional - Type string `json:"type,omitempty"` - // Set of URIs which are protected by resource. - // +optional - Uris []string `json:"uris,omitempty"` -} - -type KeycloakScope struct { - // A unique name for this scope. The name can be used to uniquely identify a scope, useful when querying - // for a specific scope. - // +optional - DisplayName string `json:"displayName,omitempty"` - // An URI pointing to an icon. - // +optional - IconURI string `json:"iconUri,omitempty"` - // ID. - // +optional - ID string `json:"id,omitempty"` - // A unique name for this scope. The name can be used to uniquely identify a scope, useful when querying - // for a specific scope. - // +optional - Name string `json:"name,omitempty"` - // Policies. - // +optional - Policies []KeycloakPolicy `json:"policies,omitempty"` - // Resources. - // +optional - Resources []KeycloakResource `json:"resources,omitempty"` -} - // KeycloakClientStatus defines the observed state of KeycloakClient // +k8s:openapi-gen=true type KeycloakClientStatus struct { diff --git a/pkg/apis/keycloak/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/keycloak/v1alpha1/zz_generated.deepcopy.go index f191aad2c..f4d0a3354 100644 --- a/pkg/apis/keycloak/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/keycloak/v1alpha1/zz_generated.deepcopy.go @@ -297,11 +297,6 @@ func (in *KeycloakAPIClient) DeepCopyInto(out *KeycloakAPIClient) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.AuthorizationSettings != nil { - in, out := &in.AuthorizationSettings, &out.AuthorizationSettings - *out = new(KeycloakResourceServer) - (*in).DeepCopyInto(*out) - } return } @@ -1023,58 +1018,6 @@ func (in *KeycloakList) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeycloakPolicy) DeepCopyInto(out *KeycloakPolicy) { - *out = *in - if in.Config != nil { - in, out := &in.Config, &out.Config - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Policies != nil { - in, out := &in.Policies, &out.Policies - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ResourcesData != nil { - in, out := &in.ResourcesData, &out.ResourcesData - *out = make([]KeycloakResource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ScopesData != nil { - in, out := &in.ScopesData, &out.ScopesData - *out = make([]KeycloakScope, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakPolicy. -func (in *KeycloakPolicy) DeepCopy() *KeycloakPolicy { - if in == nil { - return nil - } - out := new(KeycloakPolicy) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KeycloakProtocolMapper) DeepCopyInto(out *KeycloakProtocolMapper) { *out = *in @@ -1227,108 +1170,6 @@ func (in *KeycloakRealmStatus) DeepCopy() *KeycloakRealmStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeycloakResource) DeepCopyInto(out *KeycloakResource) { - *out = *in - if in.Attributes != nil { - in, out := &in.Attributes, &out.Attributes - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]KeycloakScope, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Uris != nil { - in, out := &in.Uris, &out.Uris - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakResource. -func (in *KeycloakResource) DeepCopy() *KeycloakResource { - if in == nil { - return nil - } - out := new(KeycloakResource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeycloakResourceServer) DeepCopyInto(out *KeycloakResourceServer) { - *out = *in - if in.Policies != nil { - in, out := &in.Policies, &out.Policies - *out = make([]KeycloakPolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]KeycloakResource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]KeycloakScope, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakResourceServer. -func (in *KeycloakResourceServer) DeepCopy() *KeycloakResourceServer { - if in == nil { - return nil - } - out := new(KeycloakResourceServer) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeycloakScope) DeepCopyInto(out *KeycloakScope) { - *out = *in - if in.Policies != nil { - in, out := &in.Policies, &out.Policies - *out = make([]KeycloakPolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]KeycloakResource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakScope. -func (in *KeycloakScope) DeepCopy() *KeycloakScope { - if in == nil { - return nil - } - out := new(KeycloakScope) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KeycloakSpec) DeepCopyInto(out *KeycloakSpec) { *out = *in diff --git a/test/e2e/keycloak_client_test.go b/test/e2e/keycloak_client_test.go index 03d72cb35..73091830a 100644 --- a/test/e2e/keycloak_client_test.go +++ b/test/e2e/keycloak_client_test.go @@ -11,11 +11,6 @@ import ( const ( clientName = "test-client" externalClientName = "test-client-external" - roleName = "test-client-role" - scopeName = "test-client-scope" - resourceName = "test-client-resource" - policyName = "test-client-policy" - permissionName = "test-client-permission" ) func NewKeycloakClientsCRDTestStruct() *CRDTestStruct { @@ -64,77 +59,29 @@ func getKeycloakClientCR(namespace string, external bool) *keycloakv1alpha1.Keyc MatchLabels: labels, }, Client: &keycloakv1alpha1.KeycloakAPIClient{ - ID: id, - ClientID: id, - Secret: id, - Name: id, - SurrogateAuthRequired: false, - Enabled: true, - BaseURL: "https://operator-test.url/client-base-url", - AdminURL: "https://operator-test.url/client-admin-url", - RootURL: "https://operator-test.url/client-root-url", - Description: "Client used within operator tests", - WebOrigins: []string{"https://operator-test.url"}, - BearerOnly: false, - ConsentRequired: false, - StandardFlowEnabled: true, - ImplicitFlowEnabled: false, - DirectAccessGrantsEnabled: true, - ServiceAccountsEnabled: true, - PublicClient: false, - FrontchannelLogout: false, - Protocol: "openid-connect", - FullScopeAllowed: true, - NodeReRegistrationTimeout: -1, - DefaultClientScopes: []string{"profile"}, - OptionalClientScopes: []string{"microprofile-jwt"}, - DefaultRoles: []string{roleName}, - ClientAuthenticatorType: "client-secret", - AuthorizationServicesEnabled: true, - AuthorizationSettings: &keycloakv1alpha1.KeycloakResourceServer{ - AllowRemoteResourceManagement: false, - DecisionStrategy: "AFFIRMATIVE", - Policies: []keycloakv1alpha1.KeycloakPolicy{{ - ID: policyName, - Name: policyName, - Description: policyName, - Type: "role", - Logic: "POSITIVE", - DecisionStrategy: "UNANIMOUS", - Config: map[string]string{ - "roles": "[{\"id\":\"" + id + "/" + roleName + "\",\"required\":true}]", - }, - }, - { - ID: permissionName, - Name: permissionName, - Description: permissionName, - Type: "scope", - Logic: "POSITIVE", - DecisionStrategy: "UNANIMOUS", - Config: map[string]string{ - "resources": "[\"" + resourceName + "\"]", - "scopes": "[\"" + scopeName + "\"]", - "applyPolicies": "[\"" + policyName + "\"]", - }, - }}, - PolicyEnforcementMode: "ENFORCING", - Resources: []keycloakv1alpha1.KeycloakResource{{ - ID: resourceName, - DisplayName: resourceName, - Name: resourceName, - OwnerManagedAccess: false, - Scopes: []keycloakv1alpha1.KeycloakScope{{ - Name: scopeName, - }}, - Uris: []string{resourceName + "/*"}, - }}, - Scopes: []keycloakv1alpha1.KeycloakScope{{ - ID: scopeName, - Name: scopeName, - DisplayName: scopeName, - }}, - }, + ID: id, + ClientID: id, + Name: id, + SurrogateAuthRequired: false, + Enabled: true, + BaseURL: "https://operator-test.url/client-base-url", + AdminURL: "https://operator-test.url/client-admin-url", + RootURL: "https://operator-test.url/client-root-url", + Description: "Client used within operator tests", + WebOrigins: []string{"https://operator-test.url"}, + BearerOnly: false, + ConsentRequired: false, + StandardFlowEnabled: true, + ImplicitFlowEnabled: false, + DirectAccessGrantsEnabled: true, + ServiceAccountsEnabled: false, + PublicClient: true, + FrontchannelLogout: false, + Protocol: "openid-connect", + FullScopeAllowed: true, + NodeReRegistrationTimeout: -1, + DefaultClientScopes: []string{"profile"}, + OptionalClientScopes: []string{"microprofile-jwt"}, }, }, }