in pkg/client/keycloak/adapter/gocloak_adapter_sync_entity_roles.go [53:96]
func (a GoCloakAdapter) syncOneEntityClientRole(
realm,
entityID,
clientID string,
claimedRoles []string,
currentRoles map[string]*gocloak.ClientMappingsRepresentation,
addRoleFunc func(ctx context.Context, token, realm, clientID, entityID string, roles []gocloak.Role) error,
delRoleFunc func(ctx context.Context, token, realm, clientID, entityID string, roles []gocloak.Role) error,
) error {
CID, err := a.GetClientID(clientID, realm)
if err != nil {
return errors.Wrapf(err, "unable to get client id, realm: %s, clientID %s", realm, clientID)
}
currentClientRoles := a.makeCurrentClientRoles(clientID, currentRoles)
claimedClientRoles := a.makeClaimedClientRoles(claimedRoles)
rolesToAdd, err := a.makeClientRolesToAdd(realm, CID, currentClientRoles, claimedClientRoles)
if err != nil {
return err
}
if len(rolesToAdd) > 0 {
if err := addRoleFunc(context.Background(), a.token.AccessToken, realm, CID, entityID, rolesToAdd); err != nil {
return errors.Wrapf(err, "unable to add realm role to entity, realm: %s, clientID: %s, entityID: %s", realm, CID, entityID)
}
}
rolesToDelete := make([]gocloak.Role, 0, len(currentClientRoles))
for k, v := range currentClientRoles {
if _, ok := claimedClientRoles[k]; !ok {
rolesToDelete = append(rolesToDelete, *v)
}
}
if len(rolesToDelete) > 0 {
if err := delRoleFunc(context.Background(), a.token.AccessToken, realm, CID, entityID, rolesToDelete); err != nil {
return errors.Wrapf(err, "unable to del client role from entity, realm: %s, clientID: %s, entityID: %s", realm, CID, entityID)
}
}
return nil
}