Skip to content

Commit

Permalink
refactor: speed up audience mapper validation
Browse files Browse the repository at this point in the history 
Do not load all clients when validating client audience for audience
mappers. Instead, try to fetch the client in question directly.
  • Loading branch information
@sybereal
sybereal committed May 13, 2024
1 parent 3f6b75b commit 26e16c3
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 11 deletions.
12 changes: 2 additions & 10 deletions keycloak/openid_audience_protocol_mapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,18 +124,10 @@ func (keycloakClient *KeycloakClient) ValidateOpenIdAudienceProtocolMapper(ctx c
}

if mapper.IncludedClientAudience != "" {
clients, err := keycloakClient.listGenericClients(ctx, mapper.RealmId)
_, err = keycloakClient.GetGenericClientByClientId(ctx, mapper.RealmId, mapper.IncludedClientAudience)
if err != nil {
return err
return fmt.Errorf("validation error: %w", err)
}

for _, client := range clients {
if client.ClientId == mapper.IncludedClientAudience {
return nil
}
}

return fmt.Errorf("validation error: client %s does not exist", mapper.IncludedClientAudience)
}

return nil
Expand Down
2 changes: 1 addition & 1 deletion provider/resource_keycloak_openid_audience_protocol_mapper_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(t
Steps: []resource.TestStep{
{
Config: testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(clientId, mapperName),
ExpectError: regexp.MustCompile("validation error: client .+ does not exist"),
ExpectError: regexp.MustCompile("validation error: generic client with name \\S+ does not exist"),
},
},
})
Expand Down

0 comments on commit 26e16c3

Please sign in to comment.