in pkg/client/keycloak/adapter/gocloak_adapter_sync_entity_roles.go [10:51]
func (a GoCloakAdapter) syncEntityRealmRoles(
entityID string,
realm string,
claimedRealmRoles []string,
currentRealmRoles *[]gocloak.Role,
addRoleFunc func(ctx context.Context, token, realm, entityID string, roles []gocloak.Role) error,
delRoleFunc func(ctx context.Context, token, realm, entityID string, roles []gocloak.Role) error,
) error {
currentRealmRoleMap := a.makeCurrentEntityRoles(currentRealmRoles)
claimedRoleMap := a.makeClimedEntityRoles(claimedRealmRoles)
realmRolesToAdd, err := a.makeEntityRolesToAdd(realm, claimedRealmRoles, currentRealmRoleMap)
if err != nil {
return err
}
if len(realmRolesToAdd) > 0 {
if err := addRoleFunc(context.Background(), a.token.AccessToken, realm, entityID,
realmRolesToAdd); err != nil {
return errors.Wrapf(err, "unable to add realm roles to entity, realm: %s, entity id: %s, roles: %v",
realm, entityID, realmRolesToAdd)
}
}
realmRolesToDelete := make([]gocloak.Role, 0, len(currentRealmRoleMap))
for currentRoleName, role := range currentRealmRoleMap {
if _, ok := claimedRoleMap[currentRoleName]; !ok {
realmRolesToDelete = append(realmRolesToDelete, role)
}
}
if len(realmRolesToDelete) > 0 {
if err := delRoleFunc(context.Background(), a.token.AccessToken, realm, entityID,
realmRolesToDelete); err != nil {
return errors.Wrapf(err, "unable to delete realm roles from group, realm: %s, entity id: %s, roles: %v",
realm, entityID, realmRolesToDelete)
}
}
return nil
}