in controllers/keycloakclient/chain/process_policy.go [26:79]
func (h *ProcessPolicy) Serve(ctx context.Context, keycloakClient *keycloakApi.KeycloakClient, realmName string) error {
log := ctrl.LoggerFrom(ctx)
if keycloakClient.Spec.Authorization == nil {
log.Info("Authorization settings are not specified")
return nil
}
clientID, err := h.keycloakApiClient.GetClientID(keycloakClient.Spec.ClientId, realmName)
if err != nil {
return fmt.Errorf("failed to get client id: %w", err)
}
existingPolicies, err := h.keycloakApiClient.GetPolicies(ctx, realmName, clientID)
if err != nil {
return fmt.Errorf("failed to get policies: %w", err)
}
for i := 0; i < len(keycloakClient.Spec.Authorization.Policies); i++ {
log.Info("Processing policy", policyLogKey, keycloakClient.Spec.Authorization.Policies[i].Name)
var policyRepresentation *gocloak.PolicyRepresentation
if policyRepresentation, err = h.toPolicyRepresentation(ctx, &keycloakClient.Spec.Authorization.Policies[i], clientID, realmName); err != nil {
return fmt.Errorf("failed to convert policy: %w", err)
}
existingPolicy, ok := existingPolicies[keycloakClient.Spec.Authorization.Policies[i].Name]
if ok {
policyRepresentation.ID = existingPolicy.ID
if err = h.keycloakApiClient.UpdatePolicy(ctx, realmName, clientID, *policyRepresentation); err != nil {
return fmt.Errorf("failed to update policy: %w", err)
}
log.Info("Policy updated", policyLogKey, keycloakClient.Spec.Authorization.Policies[i].Name)
delete(existingPolicies, keycloakClient.Spec.Authorization.Policies[i].Name)
continue
}
if _, err = h.keycloakApiClient.CreatePolicy(ctx, realmName, clientID, *policyRepresentation); err != nil {
return fmt.Errorf("failed to create policy: %w", err)
}
log.Info("Policy created", policyLogKey, keycloakClient.Spec.Authorization.Policies[i].Name)
}
if err = h.deletePolicies(ctx, existingPolicies, realmName, clientID); err != nil {
return err
}
return nil
}