Changeset View
Changeset View
Standalone View
Standalone View
lib/puppet/type/keycloak_identity_provider.rb
require_relative '../../puppet_x/keycloak/type' | require_relative '../../puppet_x/keycloak/type' | ||||
require_relative '../../puppet_x/keycloak/array_property' | require_relative '../../puppet_x/keycloak/array_property' | ||||
require_relative '../../puppet_x/keycloak/integer_property' | |||||
Puppet::Type.newtype(:keycloak_identity_provider) do | Puppet::Type.newtype(:keycloak_identity_provider) do | ||||
desc <<-DESC | desc <<-DESC | ||||
Manage Keycloak identity providers | Manage Keycloak identity providers | ||||
@example Add CILogon identity provider to test realm | @example Add CILogon identity provider to test realm | ||||
keycloak_identity_provider { 'cilogon on test': | keycloak_identity_provider { 'cilogon on test': | ||||
ensure => 'present', | ensure => 'present', | ||||
display_name => 'CILogon', | display_name => 'CILogon', | ||||
Show All 35 Lines | @example Add CILogon identity provider to test realm | ||||
end | end | ||||
newproperty(:display_name) do | newproperty(:display_name) do | ||||
desc 'displayName' | desc 'displayName' | ||||
end | end | ||||
newparam(:provider_id) do | newparam(:provider_id) do | ||||
desc 'providerId' | desc 'providerId' | ||||
newvalues('oidc') | newvalues('oidc', 'keycloak-oidc') | ||||
defaultto 'oidc' | defaultto 'oidc' | ||||
munge { |v| v } | munge { |v| v } | ||||
end | end | ||||
newproperty(:enabled, boolean: true) do | newproperty(:enabled, boolean: true) do | ||||
desc 'enabled' | desc 'enabled' | ||||
newvalues(:true, :false) | newvalues(:true, :false) | ||||
defaultto :true | defaultto :true | ||||
Show All 31 Lines | @example Add CILogon identity provider to test realm | ||||
end | end | ||||
newproperty(:link_only, boolean: true) do | newproperty(:link_only, boolean: true) do | ||||
desc 'linkOnly' | desc 'linkOnly' | ||||
newvalues(:true, :false) | newvalues(:true, :false) | ||||
defaultto :false | defaultto :false | ||||
end | end | ||||
newproperty(:gui_order, parent: PuppetX::Keycloak::IntegerProperty) do | |||||
desc 'guiOrder' | |||||
munge { |v| v.to_s } | |||||
end | |||||
newproperty(:first_broker_login_flow_alias) do | newproperty(:first_broker_login_flow_alias) do | ||||
desc 'firstBrokerLoginFlowAlias' | desc 'firstBrokerLoginFlowAlias' | ||||
defaultto 'first broker login' | defaultto 'first broker login' | ||||
munge { |v| v } | munge { |v| v } | ||||
end | end | ||||
newproperty(:post_broker_login_flow_alias) do | newproperty(:post_broker_login_flow_alias) do | ||||
desc 'postBrokerLoginFlowAlias' | desc 'postBrokerLoginFlowAlias' | ||||
munge { |v| v } | munge { |v| v } | ||||
end | end | ||||
newproperty(:sync_mode) do | |||||
desc 'syncMode' | |||||
defaultto 'IMPORT' | |||||
newvalues('IMPORT', 'LEGACY', 'FORCE') | |||||
munge { |v| v } | |||||
end | |||||
# BEGIN: oidc | # BEGIN: oidc | ||||
newproperty(:hide_on_login_page, boolean: true) do | newproperty(:hide_on_login_page, boolean: true) do | ||||
desc 'hideOnLoginPage' | desc 'hideOnLoginPage' | ||||
newvalues(:true, :false) | newvalues(:true, :false) | ||||
defaultto :false | defaultto :false | ||||
end | end | ||||
▲ Show 20 Lines • Show All 65 Lines • ▼ Show 20 Lines | @example Add CILogon identity provider to test realm | ||||
end | end | ||||
newproperty(:use_jwks_url, boolean: true) do | newproperty(:use_jwks_url, boolean: true) do | ||||
desc 'useJwksUrl' | desc 'useJwksUrl' | ||||
newvalues(:true, :false) | newvalues(:true, :false) | ||||
defaultto :true | defaultto :true | ||||
end | end | ||||
newproperty(:jwks_url) do | |||||
desc 'jwksUrl' | |||||
munge { |v| v } | |||||
end | |||||
newproperty(:login_hint, boolean: true) do | newproperty(:login_hint, boolean: true) do | ||||
desc 'loginHint' | desc 'loginHint' | ||||
newvalues(:true, :false) | newvalues(:true, :false) | ||||
defaultto :false | defaultto :false | ||||
end | end | ||||
newproperty(:authorization_url) do | newproperty(:authorization_url) do | ||||
desc 'authorizationUrl' | desc 'authorizationUrl' | ||||
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines | [ | ||||
], | ], | ||||
] | ] | ||||
end | end | ||||
validate do | validate do | ||||
if self[:realm].nil? | if self[:realm].nil? | ||||
raise Puppet::Error, 'realm is required' | raise Puppet::Error, 'realm is required' | ||||
end | end | ||||
if self[:ensure].to_s == 'present' && self[:provider_id] == 'oidc' | if self[:ensure].to_s == 'present' && ['oidc', 'keycloak-oidc'].include?(self[:provider_id]) | ||||
if self[:authorization_url].nil? | if self[:authorization_url].nil? | ||||
raise Puppet::Error, 'authorization_url is required' | raise Puppet::Error, 'authorization_url is required' | ||||
end | end | ||||
if self[:token_url].nil? | if self[:token_url].nil? | ||||
raise Puppet::Error, 'token_url is required' | raise Puppet::Error, 'token_url is required' | ||||
end | end | ||||
if self[:client_id].nil? | if self[:client_id].nil? | ||||
raise Puppet::Error, 'client_id is required' | raise Puppet::Error, 'client_id is required' | ||||
end | end | ||||
if self[:client_secret].nil? | if self[:client_secret].nil? | ||||
raise Puppet::Error, 'client_secret is required' | raise Puppet::Error, 'client_secret is required' | ||||
end | end | ||||
end | end | ||||
end | end | ||||
autorequire(:keycloak_flow) do | |||||
requires = [] | |||||
catalog.resources.each do |resource| | |||||
next unless resource.class.to_s == 'Puppet::Type::Keycloak_flow' | |||||
next if self[:realm] != resource[:realm] | |||||
if self[:first_broker_login_flow_alias] == resource[:alias] | |||||
requires << resource.name | |||||
end | |||||
if self[:post_broker_login_flow_alias] == resource[:alias] | |||||
requires << resource.name | |||||
end | |||||
end | |||||
requires | |||||
end | |||||
end | end |