WIP: User roles mapping #247

moritz31 · 2020-03-07T12:22:24Z

Hey mrparkers,

this is a draft of a user-roles-mapping resource which is based on @becjon works.
I've currently faced the issue that i'm not really sure what data.SetId does and if i set it to something combined it will try to retrive the user with that name instead of using user_id. Maybe you can tell why this happen. If i remove the read Function all is working like expected.

Added the resource in the provider Create and Delete Basic implementation finished

mrparkers · 2020-03-09T15:15:21Z

Hey @moritz31, nice progress so far.

data.SetId is used to give the resource a unique identifier which can be used to query for the resource in the future. In theory, the ID should contain all of the information that is needed for the provider to fetch this resource from Keycloak, so typically the ID is some strings separated by a forward slash. The ID should also be unique, meaning that no two instances of the same resource can use the same ID.

In most cases, a resource's ID will at least contain the unique ID of the resource on the Keycloak side, which is typically a guid. In your case, however, you aren't actually creating a new resource in Keycloak, but mapping two existing resources together. So you have a bit more flexibility in terms of what your ID can be.

If you'd like, you can take a look at the keycloak_group_roles resource for some inspiration.
This resource is very similar to the resource you're implementing - its associating roles with a group instead of a user. The ID I used here was ${realmId}/${groupId}, since this resource will only ever be used once per group, so I could assume that this combination would be unique for each instance of the resource, and it contains all of the information I need to perform a read operation.

Hopefully that clears some things up for you. Since the keycloak_group_roles resource will behave similarly to the resource you're trying to implement, feel free to borrow as much code / tests as you'd like for this resource.

languitar · 2020-03-20T12:57:51Z

Any chance to get this rolling? We would need this ;-)

mrparkers · 2020-06-28T21:52:48Z

This functionality has been implemented in #315

becjon and others added 10 commits February 13, 2020 15:46

adding user realm role assignment to user resource

97778f2

Merge branch 'master' into allow_for_mapping_roles_to_users

450c45b

Add access token lifespan to keycloak oidc client

605512c

Fix nitpicks

fccf41c

Merge remote-tracking branch 'upstream/master'

034e954

Merge branch 'master' into jonas-stuff

77cefdc

Commit basic skeleton

7baa625

Added the resource in the provider Create and Delete Basic implementation finished

Working delete and create with some basic tests

6b30d0f

First working draft with update delete and create working

d06ea43

Add new user and roles id

4841b0f

mrparkers mentioned this pull request Mar 11, 2020

allow for mapping roles to users and service accounts #152

Closed

mrparkers closed this Jun 28, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WIP: User roles mapping #247

WIP: User roles mapping #247

moritz31 commented Mar 7, 2020

mrparkers commented Mar 9, 2020

languitar commented Mar 20, 2020

mrparkers commented Jun 28, 2020

WIP: User roles mapping #247

WIP: User roles mapping #247

Conversation

moritz31 commented Mar 7, 2020

mrparkers commented Mar 9, 2020

languitar commented Mar 20, 2020

mrparkers commented Jun 28, 2020