chore: update gocloak

The update of gocloak allows a better config of the server url as the /auth is not autoamtically appended
Serviceware · May 17, 2023 · 33a385b · 33a385b
1 parent f1511bd
commit 33a385b
Show file tree

Hide file tree

Showing 14 changed files with 126 additions and 4,680 deletions.
diff --git a/.mockery.yaml b/.mockery.yaml
diff --git a/README.md b/README.md
@@ -46,7 +46,7 @@ Create a client in Keycloak which should be used by vault to access the client s
 
 ```
 provider "keycloak" {
-  url       = "https://auth.example.org"
+  url       = "https://auth.example.org/auth"
   client_id = "admin-cli"
 }
 
@@ -62,13 +62,13 @@ The plugin takes the credentials from the Keycloak provider.
 
 ### Configure connection
 > **Warning**
-> Currently this plugin supports only Keycloak below version 17 as the `/auth` part is implicitly appended to the server url
+> Currently this plugin supports only Keycloak below version 17
 
 Now, you can register a connection to Keycloak with:
 
 ```
 vault write keycloak-client-secrets/config/connection \
-    server_url="https://auth.example.org" \
+    server_url="https://auth.example.org/auth" \
     realm="master" \
     client_id="vault" \
     client_secret="secr3t"
@@ -80,7 +80,7 @@ or by using our [vaultkeycloak](https://registry.terraform.io/providers/Servicew
 resource "vaultkeycloak_secret_backend" "keycloak-client-secrets-config" {
   path = "keycloak-client-secrets"
   
-  server_url    = "https://auth.example.org"
+  server_url    = "https://auth.example.org/auth"
   realm         = "master"
   client_id     = "vault"
   client_secret = "secr3t"
@@ -124,7 +124,7 @@ make build && make start
 ```
 make enable
 vault write keycloak/config/connection \
-    server_url="http://localhost:8080" \
+    server_url="http://localhost:8080/auth" \
     realm="master" \
     client_id="vault" \
     client_secret="sec3t"

diff --git a/backend.go b/backend.go
@@ -5,21 +5,18 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/Nerzal/gocloak/v11"
+	"github.com/Nerzal/gocloak/v13"
+	"github.com/Serviceware/vault-plugin-secrets-keycloak/keycloakservice"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 
 	log "github.com/hashicorp/go-hclog"
 )
 
-type GoCloakFactory interface {
-	NewClient(ctx context.Context, connConfig connectionConfig) (gocloak.GoCloak, error)
-}
-
 type backend struct {
 	*framework.Backend
 
-	GocloakFactory GoCloakFactory
+	KeycloakServiceFactory keycloakservice.KeycloakServiceFactory
 
 	logger log.Logger
 }
@@ -61,7 +58,7 @@ func newBackend(conf *logical.BackendConfig) (*backend, error) {
 			b.paths(),
 		),
 	}
-	b.GocloakFactory = &DefaultGoCloakFactory{}
+	b.KeycloakServiceFactory = &GoCloakFactory{}
 	b.logger = conf.Logger
 	return b, nil
 }
@@ -73,10 +70,10 @@ func (b *backend) paths() []*framework.Path {
 	}
 }
 
-type DefaultGoCloakFactory struct {
+type GoCloakFactory struct {
 }
 
-func (b *DefaultGoCloakFactory) NewClient(ctx context.Context, connConfig connectionConfig) (gocloak.GoCloak, error) {
+func (b *GoCloakFactory) NewClient(ctx context.Context, connConfig keycloakservice.ConnectionConfig) (keycloakservice.KeycloakService, error) {
 
 	gocloakClient := gocloak.NewClient(connConfig.ServerUrl)
 

diff --git a/backend_test.go b/backend_test.go
@@ -6,7 +6,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/Nerzal/gocloak/v11"
+	"github.com/Nerzal/gocloak/v13"
 	"github.com/docker/go-connections/nat"
 	logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -28,12 +28,13 @@ func prepareKeycloakTestContainer(t *testing.T) (func(), string, string, string,
 
 	ctx := context.Background()
 	req := testcontainers.ContainerRequest{
-		Image:        "jboss/keycloak:15.1.1",
+		Image:        "jboss/keycloak:16.1.1",
 		ExposedPorts: []string{"8080/tcp"},
 		WaitingFor:   wait.ForHTTP("/").WithMethod("GET").WithPort(nat.Port("8080")).WithStartupTimeout(time.Second * 90),
 		Env: map[string]string{
 			"KEYCLOAK_USER":     keycloakUsername,
 			"KEYCLOAK_PASSWORD": keycloakPassword,
+			"DB_VENDOR":         "H2",
 		},
 	}
 
@@ -52,7 +53,7 @@ func prepareKeycloakTestContainer(t *testing.T) (func(), string, string, string,
 	if err != nil {
 		t.Fatal(err)
 	}
-	serverUrl := fmt.Sprintf("http://%s:%s", ip, port.Port())
+	serverUrl := fmt.Sprintf("http://%s:%s/auth", ip, port.Port())
 	keycloakCLient := gocloak.NewClient(serverUrl)
 
 	loginToken, err := keycloakCLient.Login(ctx, "admin-cli", "", "master", keycloakUsername, keycloakPassword)
@@ -86,7 +87,7 @@ func prepareKeycloakTestContainer(t *testing.T) (func(), string, string, string,
 
 	//serverUrl := "http://localhost:8080"
 	return func() {
-		defer keycloakC.Terminate(ctx)
+		keycloakC.Terminate(ctx)
 	}, serverUrl, realm, client_id, client_secret
 }
 

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/Serviceware/vault-plugin-secrets-keycloak
 go 1.20
 
 require (
-	github.com/Nerzal/gocloak/v11 v11.2.0
+	github.com/Nerzal/gocloak/v13 v13.5.0
 	github.com/docker/go-connections v0.4.0
 	github.com/go-resty/resty/v2 v2.7.0
 	github.com/golang-jwt/jwt/v4 v4.5.0

diff --git a/go.sum b/go.sum
@@ -121,8 +121,8 @@ github.com/Microsoft/hcsshim v0.9.7 h1:mKNHW/Xvv1aFH87Jb6ERDzXTJTLPlmzfZ28VBFD/b
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
-github.com/Nerzal/gocloak/v11 v11.2.0 h1:i67+hsEhSaolpJi1YKgwqH4dtSd8IdfHiEluxSEMm/U=
-github.com/Nerzal/gocloak/v11 v11.2.0/go.mod h1:vz59u7bBDKWoCdeTpY8i4LELtdwrLrIynAgPvO5ogQA=
+github.com/Nerzal/gocloak/v13 v13.5.0 h1:HlI0ZqZeSLUCAiWNmY7NRT3PtlwgY+aINkv5Da6H1Vw=
+github.com/Nerzal/gocloak/v13 v13.5.0/go.mod h1:rRBtEdh5N0+JlZZEsrfZcB2sRMZWbgSxI2EIv9jpJp4=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErIPzRrnogAXYwSoU7txA977LjDGrbkewJbg=
@@ -476,7 +476,6 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69
 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
@@ -952,7 +951,6 @@ github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJ
 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/openlyinc/pointy v1.1.2 h1:LywVV2BWC5Sp5v7FoP4bUD+2Yn5k0VNeRbU5vq9jUMY=
-github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU=
 github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU=
@@ -1213,7 +1211,6 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
@@ -1298,7 +1295,6 @@ golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
@@ -1397,7 +1393,6 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

diff --git a/gocloak_factory_mock.go b/gocloak_factory_mock.go
diff --git a/keycloakservice/keycloakservice.go b/keycloakservice/keycloakservice.go
@@ -0,0 +1,24 @@
+package keycloakservice
+
+import (
+	"context"
+
+	"github.com/Nerzal/gocloak/v13"
+)
+
+type ConnectionConfig struct {
+	ServerUrl    string
+	Realm        string
+	ClientId     string
+	ClientSecret string
+}
+
+type KeycloakService interface {
+	// defin the same methods as gocloak.GoCloak (only LoginClient, GetClients, GetClientSecret are used)
+	LoginClient(ctx context.Context, clientID string, clientSecret string, realm string) (*gocloak.JWT, error)
+	GetClients(ctx context.Context, token string, realm string, params gocloak.GetClientsParams) ([]*gocloak.Client, error)
+	GetClientSecret(ctx context.Context, token string, realm string, clientID string) (*gocloak.CredentialRepresentation, error)
+}
+type KeycloakServiceFactory interface {
+	NewClient(ctx context.Context, connConfig ConnectionConfig) (KeycloakService, error)
+}