Add ldap-groups to sync ldap group

ChengYanJin · ChengYanJin · commit f396277d0e56 · 2024-05-03T18:40:45.000+02:00
diff --git a/src/main/java/com/scality/keycloak/groupFederationLink/GroupWithLinkLDAPStorageMapper.java b/src/main/java/com/scality/keycloak/groupFederationLink/GroupWithLinkLDAPStorageMapper.java
@@ -29,10 +29,12 @@ private EntityManager getEntityManager() {
     protected GroupModel createKcGroup(RealmModel realm, String ldapGroupName, GroupModel parentGroup) {
         GroupModel groupModel = super.createKcGroup(realm, ldapGroupName, parentGroup);
 
+        EntityManager em = getEntityManager();
         GroupFederationLinkEntity groupFederationLinkEntity = new GroupFederationLinkEntity();
         groupFederationLinkEntity.setGroupId(groupModel.getId());
         groupFederationLinkEntity.setFederationLink(ldapProvider.getModel().getId());
-        getEntityManager().persist(groupFederationLinkEntity);
+        em.persist(groupFederationLinkEntity);
+        em.flush();
 
         return groupModel;
     }
diff --git a/src/main/java/com/scality/keycloak/groupSync/GroupSyncAdminResource.java b/src/main/java/com/scality/keycloak/groupSync/GroupSyncAdminResource.java
@@ -0,0 +1,96 @@
+package com.scality.keycloak.groupSync;
+
+import java.util.HashMap;
+
+import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
+import org.jboss.logging.Logger;
+import org.jboss.resteasy.reactive.NoCache;
+import org.keycloak.component.ComponentModel;
+import org.keycloak.events.admin.OperationType;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.services.ErrorResponse;
+import org.keycloak.services.ServicesLogger;
+import org.keycloak.services.resources.KeycloakOpenAPI;
+import org.keycloak.services.resources.admin.AdminEventBuilder;
+import org.keycloak.services.resources.admin.UserStorageProviderResource;
+import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
+import org.keycloak.storage.UserStorageProvider;
+import org.keycloak.storage.ldap.LDAPStorageProvider;
+import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
+import org.keycloak.storage.user.SynchronizationResult;
+
+import jakarta.ws.rs.BadRequestException;
+import jakarta.ws.rs.NotFoundException;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.QueryParam;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+
+@Extension(name = KeycloakOpenAPI.Profiles.ADMIN, value = "")
+public class GroupSyncAdminResource {
+    protected static final Logger logger = Logger.getLogger(GroupSyncAdminResource.class);
+    protected final AdminPermissionEvaluator auth;
+    protected final KeycloakSession session;
+    protected final RealmModel realm;
+
+    public GroupSyncAdminResource(KeycloakSession session, AdminPermissionEvaluator auth,
+            AdminEventBuilder adminEvent) {
+        this.session = session;
+        this.auth = auth;
+        this.realm = session.getContext().getRealm();
+    }
+
+    /**
+     * Trigger sync of mapper data related to ldap mapper (roles, groups, ...)
+     *
+     * direction is "fedToKeycloak" or "keycloakToFed"
+     *
+     * @return
+     */
+    @POST
+    @Path("{parentId}/mappers/{id}/sync")
+    @NoCache
+    @Produces(MediaType.APPLICATION_JSON)
+    public SynchronizationResult syncMapperData(@PathParam("parentId") String parentId,
+            @PathParam("id") String mapperId, @QueryParam("direction") String direction) {
+        auth.users().requireManage();
+
+        ComponentModel parentModel = realm.getComponent(parentId);
+        if (parentModel == null)
+            throw new NotFoundException("Parent model not found");
+        ComponentModel mapperModel = realm.getComponent(mapperId);
+        if (mapperModel == null)
+            throw new NotFoundException("Mapper model not found");
+
+        LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class,
+                parentModel);
+        LDAPStorageMapper mapper = session.getProvider(LDAPStorageMapper.class, mapperModel);
+
+        ServicesLogger.LOGGER.syncingDataForMapper(mapperModel.getName(), mapperModel.getProviderId(), direction);
+
+        SynchronizationResult syncResult;
+        if ("fedToKeycloak".equals(direction)) {
+            try {
+                syncResult = mapper.syncDataFromFederationProviderToKeycloak(realm);
+            } catch (Exception e) {
+                String errorMsg = UserStorageProviderResource.getErrorCode(e);
+                throw ErrorResponse.error(errorMsg, Response.Status.BAD_REQUEST);
+            }
+        } else if ("keycloakToFed".equals(direction)) {
+            try {
+                syncResult = mapper.syncDataFromKeycloakToFederationProvider(realm);
+            } catch (Exception e) {
+                String errorMsg = UserStorageProviderResource.getErrorCode(e);
+                throw ErrorResponse.error(errorMsg, Response.Status.BAD_REQUEST);
+            }
+        } else {
+            throw new BadRequestException("Unknown direction: " + direction);
+        }
+
+        return syncResult;
+    }
+}
diff --git a/src/main/java/com/scality/keycloak/groupSync/GroupSyncAdminResourceProvider.java b/src/main/java/com/scality/keycloak/groupSync/GroupSyncAdminResourceProvider.java
@@ -0,0 +1,42 @@
+package com.scality.keycloak.groupSync;
+
+import org.keycloak.Config.Scope;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.RealmModel;
+import org.keycloak.services.resources.admin.AdminEventBuilder;
+import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
+import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
+import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
+
+public class GroupSyncAdminResourceProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
+
+    @Override
+    public AdminRealmResourceProvider create(KeycloakSession session) {
+        return this;
+    }
+
+    @Override
+    public void init(Scope config) {
+    }
+
+    @Override
+    public void postInit(KeycloakSessionFactory factory) {
+    }
+
+    @Override
+    public void close() {
+    }
+
+    @Override
+    public String getId() {
+        return "ldap-groups";
+    }
+
+    @Override
+    public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth,
+            AdminEventBuilder adminEvent) {
+        return new GroupSyncAdminResource(session, auth, adminEvent);
+    }
+
+}
diff --git a/src/main/java/org/keycloak/storage/ldap/mappers/membership/MembershipType.java b/src/main/java/org/keycloak/storage/ldap/mappers/membership/MembershipType.java
diff --git a/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory b/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory
@@ -1,2 +1,3 @@
 com.scality.keycloak.truststore.TruststoreAdminResourceProvider
 com.scality.keycloak.groupFederationLink.GroupWithLinkAdminResourceProvider
+com.scality.keycloak.groupSync.GroupSyncAdminResourceProvider

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`com.scality.keycloak.truststore.TruststoreAdminResourceProvider`
`2`	`2`	`com.scality.keycloak.groupFederationLink.GroupWithLinkAdminResourceProvider`
	`3`	`+com.scality.keycloak.groupSync.GroupSyncAdminResourceProvider`