From a7fb85a4f678a22aa48b799936be0992f3cc45e1 Mon Sep 17 00:00:00 2001 From: Dominik Schmidt Date: Tue, 18 Feb 2025 02:20:28 +0100 Subject: [PATCH] feat: add option to resolve groups for users in Keycloak --- .../keycloak/keycloak_entity_resolution.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/service/entityresolution/keycloak/keycloak_entity_resolution.go b/service/entityresolution/keycloak/keycloak_entity_resolution.go index 14a5caf4e8..0069af079a 100644 --- a/service/entityresolution/keycloak/keycloak_entity_resolution.go +++ b/service/entityresolution/keycloak/keycloak_entity_resolution.go @@ -49,6 +49,7 @@ type KeycloakConfig struct { LegacyKeycloak bool `mapstructure:"legacykeycloak" json:"legacykeycloak" default:"false"` SubGroups bool `mapstructure:"subgroups" json:"subgroups" default:"false"` InferID InferredIdentityConfig `mapstructure:"inferid,omitempty" json:"inferid,omitempty"` + GetGroups bool `mapstructure:"getgroups" json:"getgroups" default:"false"` } func RegisterKeycloakERS(config serviceregistry.ServiceConfig, logger *logger.Logger) (*KeycloakEntityResolutionService, serviceregistry.HandlerServer) { @@ -202,6 +203,21 @@ func EntityResolution(ctx context.Context, logger.Debug("user found", slog.String("user", *user.ID), slog.String("entity", ident.String())) logger.Debug("user", slog.Any("details", user)) logger.Debug("user", slog.Any("attributes", user.Attributes)) + + if kcConfig.GetGroups { + groups, err := connector.client.GetUserGroups(ctx, connector.token.AccessToken, kcConfig.Realm, *user.ID, gocloak.GetGroupsParams{}) + if err != nil { + return entityresolution.ResolveEntitiesResponse{}, + connect.NewError(connect.CodeInternal, ErrGetRetrievalFailed) + } + + groupStrs := []string{} + for _, group := range groups { + groupStrs = append(groupStrs, *group.Name) + } + user.Groups = &groupStrs + } + keycloakEntities = append(keycloakEntities, user) default: logger.Error("no user found for", slog.Any("entity", ident))