feat: newer keycloak and pulumi

pdevito3 · pdevito3 · commit 4cfb359e68b3 · 2024-10-26T17:11:33.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,7 +9,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## Unreleased
 
-* None yet!
+* Update keycloak image to quay
+* Update auth examples for new keycloak handling
+* Upgrade pulumi and keycloak setup
 
 ## [0.27.2] - 10/06/2024
 
diff --git a/Craftsman/Builders/Auth/UserPolicyHandlerBuilder.cs b/Craftsman/Builders/Auth/UserPolicyHandlerBuilder.cs
@@ -82,7 +82,7 @@ private async Task<string[]> GetRoles()
                 .Where(x => x.User.Identifier == nameIdentifier)
                 .Select(x => x.Role.Value)
                 .ToArray()
-            : Array.Empty<string>();
+            : [];
 
         if (roles.Length == 0)
             throw new NoRolesAssignedException();
diff --git a/Craftsman/Builders/AuthServer/ClientExtensionsBuilder.cs b/Craftsman/Builders/AuthServer/ClientExtensionsBuilder.cs
@@ -21,45 +21,62 @@ public void Create(string solutionDirectory, string projectBaseName)
 
     private static string GetFileText(string classNamespace)
     {
-        return @$"namespace {classNamespace};
+        // language=csharp
+        return $$"""
+                 namespace {{classNamespace}};
 
-using Pulumi;
-using Pulumi.Keycloak.OpenId;
+                 using Pulumi;
+                 using Pulumi.Keycloak.OpenId;
 
-public static class ClientExtensions
-{{
-    public static void ExtendDefaultScopes(this Client client, params Output<string>[] scopeNames)
-    {{
-        var defaultScopes = client.Name.Apply(clientName =>
-            new ClientDefaultScopes($""default-scopes-for-{{clientName}}"", new ClientDefaultScopesArgs()
-            {{
-                RealmId = client.RealmId,
-                ClientId = client.Id,
-                DefaultScopes =
-                {{
-                    ""openid"",
-                    ""profile"",
-                    ""email"",
-                    ""roles"",
-                    ""web-origins"",
-                    scopeNames,
-                }},
-            }})
-        );
-    }}
-    
-    public static void AddAudienceMapper(this Client client, string audience)
-    {{
-        var audienceMapper = client.Name.Apply(clientName =>
-            new AudienceProtocolMapper($""audienceMapper-{{clientName}}-{{audience}}"", new AudienceProtocolMapperArgs
-            {{
-                RealmId = client.RealmId,
-                ClientId = client.Id,
-                IncludedCustomAudience = audience,
-                Name = $""{{audience}}-Mapping""
-            }})
-        );
-    }}
-}}";
+                 public static class ClientExtensions
+                 {
+                     public static void ExtendDefaultScopes(this Client client, params string[] scopeNames)
+                     {
+                         var scopeList = new InputList<string>()
+                         {
+                             "openid",
+                             "profile",
+                             "email",
+                             "roles",
+                             "web-origins"
+                         };
+                         foreach (var scopeName in scopeNames)
+                         {
+                             scopeList.Add(scopeName);
+                         }
+                         
+                         var clientDefaultScopes = new ClientDefaultScopes($"client_default_scopes_{client.GetResourceName()}", new ClientDefaultScopesArgs
+                         {
+                             RealmId = client.RealmId,
+                             ClientId = client.Id,
+                             DefaultScopes = scopeList,
+                         });
+                     }
+                     
+                     public static void AddAudienceMapper(this Client client, string audience)
+                     {
+                         var audienceMapper = new AudienceProtocolMapper($"audience_mapper_{client.GetResourceName()}", new AudienceProtocolMapperArgs
+                         {
+                             RealmId = client.RealmId,
+                             ClientId = client.Id,
+                             IncludedCustomAudience = audience,
+                             Name = $"{audience}-Mapping"
+                         });
+                     }
+                     
+                     // example tenant mapper
+                     // public static void AddTenantMapper(this Client client)
+                     // {
+                     //     var userAttributeMapper = new UserAttributeProtocolMapper($"tenant_mapper_{client.GetResourceName()}", new()
+                     //     {
+                     //         RealmId = client.RealmId,
+                     //         ClientId = client.Id,
+                     //         Name = "tenant-mapper",
+                     //         UserAttribute = "organization-id",
+                     //         ClaimName = "organization_id"
+                     //     });
+                     // }
+                 }
+                 """;
     }
 }
diff --git a/Craftsman/Builders/AuthServer/RealmBuildBuilder.cs b/Craftsman/Builders/AuthServer/RealmBuildBuilder.cs
@@ -23,7 +23,7 @@ public void Create(string solutionDirectory, string projectBaseName, string temp
 
     private static string GetFileText(string classNamespace, string realmName, List<AuthServerTemplate.AuthClient> clients, string solutionDirectory, string projectBaseName)
     {
-        var realm = @$"var realm = new Realm(""{realmName}-realm"", new RealmArgs
+        var realm = @$"var realm = new Keycloak.Realm(""{realmName}-realm"", new Keycloak.RealmArgs
         {{
             RealmName = ""{realmName}"",
             RegistrationAllowed = true,
@@ -62,16 +62,16 @@ private static string GetFileText(string classNamespace, string realmName, List<
 using {extensionsClassPath.ClassNamespace};
 using {factoryClassPath.ClassNamespace};
 using Pulumi;
-using Pulumi.Keycloak;
 using Pulumi.Keycloak.Inputs;
+using Keycloak = Pulumi.Keycloak;
 
 class RealmBuild : Stack
 {{
     public RealmBuild()
     {{
         {realm}{scopesString}{clientsString}
         
-        var bob = new User(""bob"", new UserArgs
+        var bob = new Keycloak.User(""bob"", new Keycloak.UserArgs
         {{
             RealmId = realm.Id,
             Username = ""bob"",
@@ -86,7 +86,7 @@ public RealmBuild()
             }},
         }});
 
-        var alice = new User(""alice"", new UserArgs
+        var alice = new Keycloak.User(""alice"", new Keycloak.UserArgs
         {{
             RealmId = realm.Id,
             Username = ""alice"",
@@ -120,7 +120,10 @@ private static string GetNewClientString(AuthServerTemplate.AuthClient client)
         string redirectUris = GetRedirectUris(client);
         string webOrigins = GetCors(client.AllowedCorsOrigins);
 
-        var scopeStringList = client.Scopes.Select(scope => $@"{GetScopeVarName(scope)}.Name");
+        var scopeStringList = client.Scopes.Select(scope => 
+$"""
+"{scope}"
+""");
         var clientScopesToAdd = string.Join(",", scopeStringList);
         
         var mapperString = string.Join("", client.Scopes.Select(scope => $@"
diff --git a/Craftsman/Builders/Docker/DockerComposeBuilders.cs b/Craftsman/Builders/Docker/DockerComposeBuilders.cs
@@ -333,23 +333,19 @@ public void AddAuthServerToDockerCompose(string solutionDirectory, AuthServerTem
       - keycloak-data:/var/lib/postgresql/data
   
   keycloak:
-    image: sleighzy/keycloak:latest
+    image: quay.io/keycloak/keycloak:latest
     environment:
-      DB_VENDOR: POSTGRES
-      DB_ADDR: keycloakdb
-      DB_DATABASE: keycloak
-      DB_USER: keycloak
-      DB_PASSWORD: password
-      DB_SCHEMA: public
-      KEYCLOAK_USER: {template.Username}
-      KEYCLOAK_PASSWORD: {template.Password}
-      KEYCLOAK_HTTP_PORT: 8080
-      # Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, 
-      # and it shouldn't be used in production without knowledge. It is highly recommended that you read the 
-      # PostgreSQL JDBC driver documentation in order to use it.
-      #JDBC_PARAMS: ""ssl=true""
+      KC_DB: postgres
+      KC_DB_URL_HOST: keycloakdb
+      KC_DB_URL_DATABASE: keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: password
+      KEYCLOAK_ADMIN: {template.Username}
+      KEYCLOAK_ADMIN_PASSWORD: {template.Password}
     ports:
-      - {template.Port}:8080
+      - '{template.Port}:8080'
+    command:
+      - start-dev
     depends_on:
       - keycloakdb
 ";
diff --git a/Craftsman/Builders/Projects/AuthServerProjBuilder.cs b/Craftsman/Builders/Projects/AuthServerProjBuilder.cs
@@ -23,8 +23,7 @@ public static string ProjectFileText()
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include=""Pulumi"" Version=""3.*"" />
-    <PackageReference Include=""Pulumi.Keycloak"" Version=""4.11.0"" />
+    <PackageReference Include=""Pulumi.Keycloak"" Version=""5.3.5"" />
   </ItemGroup>
 
 </Project>";
diff --git a/Craftsman/Commands/NewExampleCommand.cs b/Craftsman/Commands/NewExampleCommand.cs
@@ -266,10 +266,10 @@ private static string ComplexTemplate(string name)
       AsValueObject: MonetaryAmount
   Environment:
       AuthSettings:
-        Authority: http://localhost:3255/auth/realms/DevRealm
+        Authority: http://localhost:3881/realms/DevRealm
         Audience: the_kitchen_company
-        AuthorizationUrl: http://localhost:3255/auth/realms/DevRealm/protocol/openid-connect/auth
-        TokenUrl: http://localhost:3255/auth/realms/DevRealm/protocol/openid-connect/token
+        AuthorizationUrl: http://localhost:3881/realms/DevRealm/protocol/openid-connect/auth
+        TokenUrl: http://localhost:3881/realms/DevRealm/protocol/openid-connect/token
         ClientId: recipe_management.swagger
         ClientSecret: 974d6f71-d41b-4601-9a7a-a33081f80687
       BrokerSettings:
@@ -303,7 +303,7 @@ private static string ComplexTemplate(string name)
 AuthServer:
   Name: KeycloakPulumi
   RealmName: DevRealm
-  Port: 3255
+  Port: 3881
   Clients:
     - Id: recipe_management.postman.machine
       Name: RecipeManagement Postman Machine
@@ -430,10 +430,10 @@ private static string AuthTemplate(string name)
       Type: DateOnly?
   Environment:
     AuthSettings:
-      Authority: http://localhost:3255/auth/realms/DevRealm
+      Authority: http://localhost:3881/realms/DevRealm
       Audience: the_kitchen_company
-      AuthorizationUrl: http://localhost:3255/auth/realms/DevRealm/protocol/openid-connect/auth
-      TokenUrl: http://localhost:3255/auth/realms/DevRealm/protocol/openid-connect/token
+      AuthorizationUrl: http://localhost:3881/realms/DevRealm/protocol/openid-connect/auth
+      TokenUrl: http://localhost:3881/realms/DevRealm/protocol/openid-connect/token
       ClientId: recipe_management.swagger
       ClientSecret: 974d6f71-d41b-4601-9a7a-a33081f80687";
     }
@@ -558,16 +558,16 @@ private static string AuthServerTemplate(string name)
       Type: DateOnly?
   Environment:
     AuthSettings:
-      Authority: http://localhost:3255/auth/realms/DevRealm
+      Authority: http://localhost:3881/realms/DevRealm
       Audience: the_kitchen_company
-      AuthorizationUrl: http://localhost:3255/auth/realms/DevRealm/protocol/openid-connect/auth
-      TokenUrl: http://localhost:3255/auth/realms/DevRealm/protocol/openid-connect/token
+      AuthorizationUrl: http://localhost:3881/realms/DevRealm/protocol/openid-connect/auth
+      TokenUrl: http://localhost:3881/realms/DevRealm/protocol/openid-connect/token
       ClientId: recipe_management.swagger
       ClientSecret: 974d6f71-d41b-4601-9a7a-a33081f80687
 AuthServer:
   Name: KeycloakPulumi
   RealmName: DevRealm
-  Port: 3255
+  Port: 3881
   Clients:
     - Id: recipe_management.postman.machine
       Name: RecipeManagement Postman Machine
