diff --git a/REFERENCE.md b/REFERENCE.md index b41cb73a..c32d3716 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1837,6 +1837,12 @@ Valid values: `true`, `false` multivalued +##### `aggregate_attrs` + +Valid values: `true`, `false` + +aggregate.attrs + ##### `protocol` Valid values: `openid-connect`, `saml` @@ -3124,6 +3130,12 @@ Valid values: `true`, `false` multivalued +##### `aggregate_attrs` + +Valid values: `true`, `false` + +aggregate.attrs + ##### `protocol` Valid values: `openid-connect`, `saml` diff --git a/lib/puppet/provider/keycloak_client_protocol_mapper/kcadm.rb b/lib/puppet/provider/keycloak_client_protocol_mapper/kcadm.rb index b3e28d7e..4c376809 100644 --- a/lib/puppet/provider/keycloak_client_protocol_mapper/kcadm.rb +++ b/lib/puppet/provider/keycloak_client_protocol_mapper/kcadm.rb @@ -76,6 +76,7 @@ def self.instances protocol_mapper[:single] = d['config']['single'].to_s.to_sym end protocol_mapper[:multivalued] = d['config']['multivalued'].to_s.to_sym if d['config']['multivalued'] + protocol_mapper[:aggregate_attrs] = d['config']['aggregate.attrs'].to_s.to_sym if d['config']['aggregate.attrs'] protocol_mappers << new(protocol_mapper) end end @@ -144,6 +145,9 @@ def create if resource[:multivalued] data[:config][:multivalued] = resource[:multivalued].to_s end + if resource[:aggregate_attrs] + data[:config][:'aggregate.attrs'] = resource[:aggregate_attrs].to_s + end t = Tempfile.new('keycloak_protocol_mapper') t.write(JSON.pretty_generate(data)) @@ -233,6 +237,9 @@ def flush if resource[:multivalued] config[:multivalued] = resource[:multivalued].to_s end + if resource[:aggregate_attrs] + config[:'aggregate.attrs'] = resource[:aggregate_attrs].to_s + end data[:config] = config unless config.empty? t = Tempfile.new('keycloak_protocol_mapper') diff --git a/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb b/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb index ee033c9a..467ded73 100644 --- a/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb +++ b/lib/puppet/provider/keycloak_protocol_mapper/kcadm.rb @@ -74,6 +74,7 @@ def self.instances protocol_mapper[:single] = d['config']['single'].to_s.to_sym end protocol_mapper[:multivalued] = d['config']['multivalued'].to_s.to_sym if d['config']['multivalued'] + protocol_mapper[:aggregate_attrs] = d['config']['aggregate.attrs'].to_s.to_sym if d['config']['aggregate.attrs'] protocol_mappers << new(protocol_mapper) end end @@ -140,6 +141,9 @@ def create if resource[:multivalued] data[:config][:multivalued] = resource[:multivalued].to_s end + if resource[:aggregate_attrs] + data[:config][:'aggregate.attrs'] = resource[:aggregate_attrs].to_s + end t = Tempfile.new('keycloak_protocol_mapper') t.write(JSON.pretty_generate(data)) @@ -227,6 +231,9 @@ def flush if resource[:multivalued] config[:multivalued] = resource[:multivalued].to_s end + if resource[:aggregate_attrs] + config[:'aggregate.attrs'] = resource[:aggregate_attrs].to_s + end data[:config] = config unless config.empty? t = Tempfile.new('keycloak_protocol_mapper') diff --git a/lib/puppet/type/keycloak_client_protocol_mapper.rb b/lib/puppet/type/keycloak_client_protocol_mapper.rb index 20d3b748..f11f3d09 100644 --- a/lib/puppet/type/keycloak_client_protocol_mapper.rb +++ b/lib/puppet/type/keycloak_client_protocol_mapper.rb @@ -208,6 +208,11 @@ newvalues(:true, :false) end + newproperty(:aggregate_attrs, boolean: true) do + desc 'aggregate.attrs' + newvalues(:true, :false) + end + newproperty(:included_client_audience) do desc 'included.client.audience Required for `type` of `oidc-audience-mapper`' end diff --git a/lib/puppet/type/keycloak_protocol_mapper.rb b/lib/puppet/type/keycloak_protocol_mapper.rb index b06dfd71..96019b57 100644 --- a/lib/puppet/type/keycloak_protocol_mapper.rb +++ b/lib/puppet/type/keycloak_protocol_mapper.rb @@ -206,6 +206,11 @@ newvalues(:true, :false) end + newproperty(:aggregate_attrs, boolean: true) do + desc 'aggregate.attrs' + newvalues(:true, :false) + end + newproperty(:included_client_audience) do desc 'included.client.audience Required for `type` of `oidc-audience-mapper`' end diff --git a/spec/acceptance/7_client_protocol_mapper_spec.rb b/spec/acceptance/7_client_protocol_mapper_spec.rb index 9e34578f..668fa1c4 100644 --- a/spec/acceptance/7_client_protocol_mapper_spec.rb +++ b/spec/acceptance/7_client_protocol_mapper_spec.rb @@ -35,6 +35,12 @@ class { 'keycloak': } multivalued => true, usermodel_client_role_mapping_client_id => 'test.foo.bar', } + keycloak_client_protocol_mapper { 'role mapper AA for test.foo.bar on test': + type => 'oidc-usermodel-client-role-mapper', + claim_name => 'permissions', + aggregate_attrs => true, + usermodel_client_role_mapping_client_id => 'test.foo.bar', + } PUPPET_PP apply_manifest(pp, catch_failures: true) @@ -94,6 +100,17 @@ class { 'keycloak': } expect(mapper['config']['usermodel.clientRoleMapping.clientId']).to eq('test.foo.bar') end end + + it 'has created protocol mapper AA type=oidc-usermodel-client-role-mapper' do + on hosts, '/opt/keycloak/bin/kcadm-wrapper.sh get clients/test.foo.bar/protocol-mappers/models -r test' do + data = JSON.parse(stdout) + mapper = data.select { |d| d['name'] == 'role mapper AA' }[0] + expect(mapper['protocolMapper']).to eq('oidc-usermodel-client-role-mapper') + expect(mapper['config']['claim.name']).to eq('permissions') + expect(mapper['config']['aggregate.attrs']).to eq('true') + expect(mapper['config']['usermodel.clientRoleMapping.clientId']).to eq('test.foo.bar') + end + end end context 'when updates protocol_mapper' do diff --git a/spec/unit/puppet/type/keycloak_client_protocol_mapper_spec.rb b/spec/unit/puppet/type/keycloak_client_protocol_mapper_spec.rb index fa0285dc..2fa1e87c 100644 --- a/spec/unit/puppet/type/keycloak_client_protocol_mapper_spec.rb +++ b/spec/unit/puppet/type/keycloak_client_protocol_mapper_spec.rb @@ -370,6 +370,27 @@ }.to raise_error(%r{foo}) end + it 'accepts value for aggregate_attrs' do + config[:'aggregate.attrs'] = false + expect(resource[:aggregate_attrs]).to eq(:false) + end + + it 'accepts value for aggregate_attrs string' do + config[:'aggregate.attrs'] = 'false' + expect(resource[:aggregate_attrs]).to eq(:false) + end + + it 'has default for aggregate_attrs' do + expect(resource[:aggregate_attrs]).to be_nil + end + + it 'does not accept invalid value for aggregate_attrs' do + config[:'aggregate.attrs'] = 'foo' + expect { + resource + }.to raise_error(%r{foo}) + end + it 'accepts script' do config[:protocol] = 'saml' config[:type] = 'script-foo.js' diff --git a/spec/unit/puppet/type/keycloak_protocol_mapper_spec.rb b/spec/unit/puppet/type/keycloak_protocol_mapper_spec.rb index c8517aaf..76a44959 100644 --- a/spec/unit/puppet/type/keycloak_protocol_mapper_spec.rb +++ b/spec/unit/puppet/type/keycloak_protocol_mapper_spec.rb @@ -362,6 +362,27 @@ }.to raise_error(%r{foo}) end + it 'accepts value for aggregate_attrs' do + config[:'aggregate.attrs'] = false + expect(resource[:aggregate_attrs]).to eq(:false) + end + + it 'accepts value for aggregate_attrs string' do + config[:'aggregate.attrs'] = 'false' + expect(resource[:aggregate_attrs]).to eq(:false) + end + + it 'has default for aggregate_attrs' do + expect(resource[:aggregate_attrs]).to be_nil + end + + it 'does not accept invalid value for aggregate_attrs' do + config[:'aggregate.attrs'] = 'foo' + expect { + resource + }.to raise_error(%r{foo}) + end + it 'accepts script' do config[:protocol] = 'saml' config[:type] = 'script-foo.js'