feat: Add the ability to manage Realm Attributes (#85)

Author: zmotso

.golangci.yaml

@@ -4,30 +4,9 @@ run:
   issues-exit-code: 1
   build-tags:
     - mytag
-  skip-dirs:
-    - "mocks"
-  skip-dirs-use-default: true
-  skip-files:
-    - "mock_.*\\.go"
 
   modules-download-mode: mod
-  allow-parallel-runners: false
-
-output:
-  format: colored-line-number
-  print-issued-lines: true
-
-  # print linter name in the end of issue text, default is true
-  print-linter-name: true
-
-  # make issues output unique by line, default is true
-  uniq-by-line: true
-
-  # add a prefix to the output file references; default is no prefix
-  path-prefix: ""
-
-  # sorts results by: filepath, line and column
-  sort-results: false
+  allow-parallel-runners: true
 
 
 # all available settings of specific linters
@@ -66,11 +45,6 @@ linters-settings:
     # default is false: such cases aren't reported by default.
     check-blank: false
 
-    # [deprecated] comma-separated list of pairs of the form pkg:regex
-    # the regex is used to ignore names within pkg. (default "fmt:.*").
-    # see https://github.com/kisielk/errcheck#the-deprecated-method for details
-    ignore: fmt:.*,io/ioutil:^Read.*
-
     #    # [deprecated] use exclude-functions instead.
     #    # path to a file containing a list of functions to exclude from checking
     #    # see https://github.com/kisielk/errcheck#excluding-functions for details
@@ -193,9 +167,9 @@ linters-settings:
     # By default list of stable checks is used.
     enabled-checks:
       - nestingReduce
-      - unnamedresult
       - ruleguard
       - truncateCmp
+      - unnamedResult
 
     # Which checks should be disabled; can't be combined with 'enabled-checks'; default is empty
     disabled-checks:
@@ -302,9 +276,6 @@ linters-settings:
     simplify: true
 
   gofumpt:
-    # Select the Go version to target. The default is `1.15`.
-    lang-version: "1.15"
-
     # Choose whether or not to use the extra rules that are disabled
     # by default
     extra-rules: false
@@ -420,9 +391,6 @@ linters-settings:
     checks: [ "all" ]
 
   govet:
-    # report about shadowed variables
-    check-shadowing: true
-
     # settings per analyzer
     settings:
       printf: # analyzer name, run `go tool vet help` to see all analyzers
@@ -458,6 +426,7 @@ linters-settings:
       - nilness
       - printf
       - reflectvaluecompare
+      - shadow
       - shift
       - sigchanyzer
       - sortslice
@@ -771,9 +740,8 @@ linters:
     - errchkjson
     - errname
     - errorlint
-    - execinquery
     - exhaustive
-    - exportloopref
+    - copyloopvar
     - forbidigo
     - gci
     - goconst
@@ -785,19 +753,13 @@ linters:
     - ineffassign
     - typecheck
     - revive
-    - megacheck
     - decorder
     - forcetypeassert
     - funlen
     - gochecknoinits
     - wrapcheck
     - wsl
     - unused
-
-  disabled:
-    - exhaustruct
-    - contextcheck #Disabled due to issue https://github.com/golangci/golangci-lint/issues/2649.
-    - bodyclose #Disabled due to issue https://github.com/timakin/bodyclose/issues/30
   fast: false
 
 issues:
@@ -836,6 +798,10 @@ issues:
         - cyclop
         - funlen
       text: 'Reconcile'
+  exclude-files:
+    - "mock_.*\\.go"
+  exclude-dirs:
+    - "mocks"
 
   # Independently of option `exclude` we use default exclude patterns,
   # it can be disabled by this option. To list all

Makefile

@@ -139,7 +139,7 @@ helm-docs: helmdocs	## generate helm docs
 GOLANGCILINT = ${CURRENT_DIR}/bin/golangci-lint
 .PHONY: golangci-lint
 golangci-lint: ## Download golangci-lint locally if necessary.
-	$(call go-get-tool,$(GOLANGCILINT),github.com/golangci/golangci-lint/cmd/golangci-lint,v1.55.2)
+	$(call go-get-tool,$(GOLANGCILINT),github.com/golangci/golangci-lint/cmd/golangci-lint,v1.62.0)
 
 .PHONY: install
 install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
@@ -218,4 +218,4 @@ mocks: mockery
 MOCKERY = $(LOCALBIN)/mockery
 .PHONY: mockery
 mockery: ## Download mockery locally if necessary.
-	$(call go-get-tool,$(MOCKERY),github.com/vektra/mockery/v2,v2.43.0)
+	$(call go-get-tool,$(MOCKERY),github.com/vektra/mockery/v2,v2.46.3)

api/common/realm.go

@@ -1,3 +1,4 @@
+// +kubebuilder:object:generate=true
 package common
 
 // TokenSettings is the configuration for tokens in the realm.
@@ -53,3 +54,108 @@ type TokenSettings struct {
 	// +kubebuilder:default=43200
 	ActionTokenGeneratedByAdminLifespan int `json:"actionTokenGeneratedByAdminLifespan,omitempty"`
 }
+
+// UserProfileConfig defines the configuration for user profile in the realm.
+type UserProfileConfig struct {
+	// UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration.
+	// Empty value means that unmanaged attributes are disabled.
+	// Possible values:
+	// ENABLED - unmanaged attributes are allowed.
+	// ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API.
+	// ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API.
+	// +optional
+	UnmanagedAttributePolicy string `json:"unmanagedAttributePolicy,omitempty"`
+
+	// Attributes specifies the list of user profile attributes.
+	Attributes []UserProfileAttribute `json:"attributes,omitempty"`
+
+	// Groups specifies the list of user profile groups.
+	Groups []UserProfileGroup `json:"groups,omitempty"`
+}
+
+type UserProfileAttribute struct {
+	// Name of the user attribute, used to uniquely identify an attribute.
+	// +required
+	Name string `json:"name"`
+
+	// Display name for the attribute.
+	DisplayName string `json:"displayName,omitempty"`
+
+	// Group to which the attribute belongs.
+	Group string `json:"group,omitempty"`
+
+	// Multivalued specifies if this attribute supports multiple values.
+	// This setting is an indicator and does not enable any validation
+	Multivalued bool `json:"multivalued,omitempty"`
+
+	// Permissions specifies the permissions for the attribute.
+	Permissions *UserProfileAttributePermissions `json:"permissions,omitempty"`
+
+	// Required indicates that the attribute must be set by users and administrators.
+	Required *UserProfileAttributeRequired `json:"required,omitempty"`
+
+	// Selector specifies the scopes for which the attribute is available.
+	Selector *UserProfileAttributeSelector `json:"selector,omitempty"`
+
+	// Annotations specifies the annotations for the attribute.
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// Validations specifies the validations for the attribute.
+	Validations map[string]map[string]UserProfileAttributeValidation `json:"validations,omitempty"`
+}
+
+type UserProfileAttributeValidation struct {
+	// +optional
+	StringVal string `json:"stringVal,omitempty"`
+
+	// +optional
+	// +nullable
+	MapVal map[string]string `json:"mapVal,omitempty"`
+
+	// +optional
+	IntVal int `json:"intVal,omitempty"`
+
+	// +optional
+	// +nullable
+	SliceVal []string `json:"sliceVal,omitempty"`
+}
+
+type UserProfileAttributePermissions struct {
+	// Edit specifies who can edit the attribute.
+	Edit []string `json:"edit,omitempty"`
+
+	// View specifies who can view the attribute.
+	View []string `json:"view,omitempty"`
+}
+
+// UserProfileAttributeRequired defines model for UserProfileAttributeRequired.
+type UserProfileAttributeRequired struct {
+	// Roles specifies the roles for whom the attribute is required.
+	Roles []string `json:"roles,omitempty"`
+
+	// Scopes specifies the scopes when the attribute is required.
+	Scopes []string `json:"scopes,omitempty"`
+}
+
+// UserProfileAttributeSelector defines model for UserProfileAttributeSelector.
+type UserProfileAttributeSelector struct {
+	// Scopes specifies the scopes for which the attribute is available.
+	Scopes []string `json:"scopes,omitempty"`
+}
+
+type UserProfileGroup struct {
+	// Name is unique name of the group.
+	// +required
+	Name string `json:"name"`
+
+	// Annotations specifies the annotations for the group.
+	// +optional
+	// nullable
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// DisplayDescription specifies a user-friendly name for the group that should be used when rendering a group of attributes in user-facing forms.
+	DisplayDescription string `json:"displayDescription,omitempty"`
+
+	// DisplayHeader specifies a text that should be used as a header when rendering user-facing forms.
+	DisplayHeader string `json:"displayHeader,omitempty"`
+}

api/common/ref.go

@@ -18,10 +18,12 @@ type RealmRef struct {
 	Name string `json:"name,omitempty"`
 }
 
+// +kubebuilder:object:generate=false
 type HasRealmRef interface {
 	GetRealmRef() RealmRef
 }
 
+// +kubebuilder:object:generate=false
 type HasKeycloakRef interface {
 	GetKeycloakRef() KeycloakRef
 }