feat: Add support for list of attributes with the same key

Signed-off-by: Douglass Kirkley <doug.kirkley@gmail.com>

Author: dougkirkley

api/common/attributes.go

@@ -0,0 +1,93 @@
+package common
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserAttributes is a map of user attributes. It supports both string and []string values for attributes.
+// +kubebuilder:validation:Type=object
+// +kubebuilder:pruning:PreserveUnknownFields
+type UserAttributes map[string][]string
+
+// UnmarshalJSON implements json.Unmarshaler.
+func (a *UserAttributes) UnmarshalJSON(data []byte) error {
+	var raw map[string]interface{}
+	if err := json.Unmarshal(data, &raw); err != nil {
+		return err
+	}
+
+	if *a == nil {
+		*a = make(UserAttributes)
+	}
+
+	result := *a
+
+	for k, v := range raw {
+		switch value := v.(type) {
+		case string:
+			result[k] = []string{value}
+		case []interface{}:
+			var strSlice []string
+
+			for _, item := range value {
+				if str, ok := item.(string); ok {
+					strSlice = append(strSlice, str)
+				} else {
+					return fmt.Errorf("attribute '%s' contains a non-string value in the list", k)
+				}
+			}
+
+			result[k] = strSlice
+		default:
+			return fmt.Errorf("unsupported type for attribute '%s': %T", k, v)
+		}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements json.Marshaler.
+func (a *UserAttributes) MarshalJSON() ([]byte, error) {
+	result := make(map[string]interface{})
+
+	for k, v := range *a {
+		if len(v) == 1 {
+			result[k] = v[0]
+		} else {
+			result[k] = v
+		}
+	}
+
+	return json.Marshal(result)
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (a *UserAttributes) DeepCopyInto(out *UserAttributes) {
+	if *a == nil {
+		*out = nil
+		return
+	}
+	*out = make(UserAttributes, len(*a))
+	for key, val := range *a {
+		if val == nil {
+			(*out)[key] = nil
+		} else {
+			// Create a new slice and copy the elements.
+			inVal := val
+			outVal := make([]string, len(inVal))
+			copy(outVal, inVal)
+			(*out)[key] = outVal
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAttributes.
+func (a *UserAttributes) DeepCopy() *UserAttributes {
+	if a == nil {
+		return nil
+	}
+	out := new(UserAttributes)
+	a.DeepCopyInto(out)
+	return out
+}

api/v1/keycloakclient_types.go

@@ -209,7 +209,7 @@ type ServiceAccount struct {
 	// Attributes is a map of service account attributes.
 	// +nullable
 	// +optional
-	Attributes map[string]string `json:"attributes,omitempty"`
+	Attributes common.UserAttributes `json:"attributes,omitempty"`
 
 	// Groups is a list of groups assigned to service account
 	// +nullable

api/v1/keycloakrealmuser_types.go

@@ -58,7 +58,7 @@ type KeycloakRealmUserSpec struct {
 	// Attributes is a map of user attributes.
 	// +nullable
 	// +optional
-	Attributes map[string]string `json:"attributes,omitempty"`
+	Attributes common.UserAttributes `json:"attributes,omitempty"`
 
 	// ReconciliationStrategy is a strategy for reconciliation. Possible values: full, create-only.
 	// Default value: full. If set to create-only, user will be created only if it does not exist. If user exists, it will not be updated.

api/v1/zz_generated.deepcopy.go

@@ -587,11 +587,10 @@ spec:
                 nullable: true
                 properties:
                   attributes:
-                    additionalProperties:
-                      type: string
                     description: Attributes is a map of service account attributes.
                     nullable: true
                     type: object
+                    x-kubernetes-preserve-unknown-fields: true
                   clientRoles:
                     description: ClientRoles is a list of client roles assigned to
                       service account.

config/crd/bases/v1.edp.epam.com_keycloakclients.yaml

@@ -45,11 +45,10 @@ spec:
             description: KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser.
             properties:
               attributes:
-                additionalProperties:
-                  type: string
                 description: Attributes is a map of user attributes.
                 nullable: true
                 type: object
+                x-kubernetes-preserve-unknown-fields: true
               clientRoles:
                 description: ClientRoles is a list of client roles assigned to user.
                 items:

config/crd/bases/v1.edp.epam.com_keycloakrealmusers.yaml

@@ -587,11 +587,10 @@ spec:
                 nullable: true
                 properties:
                   attributes:
-                    additionalProperties:
-                      type: string
                     description: Attributes is a map of service account attributes.
                     nullable: true
                     type: object
+                    x-kubernetes-preserve-unknown-fields: true
                   clientRoles:
                     description: ClientRoles is a list of client roles assigned to
                       service account.

deploy-templates/crds/v1.edp.epam.com_keycloakclients.yaml

@@ -45,11 +45,10 @@ spec:
             description: KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser.
             properties:
               attributes:
-                additionalProperties:
-                  type: string
                 description: Attributes is a map of user attributes.
                 nullable: true
                 type: object
+                x-kubernetes-preserve-unknown-fields: true
               clientRoles:
                 description: ClientRoles is a list of client roles assigned to user.
                 items:

deploy-templates/crds/v1.edp.epam.com_keycloakrealmusers.yaml

@@ -3342,7 +3342,7 @@ ServiceAccount is a service account configuration.
     </thead>
     <tbody><tr>
         <td><b>attributes</b></td>
-        <td>map[string]string</td>
+        <td>object</td>
         <td>
           Attributes is a map of service account attributes.<br/>
         </td>
@@ -6367,7 +6367,7 @@ KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser.
         <td>true</td>
       </tr><tr>
         <td><b>attributes</b></td>
-        <td>map[string]string</td>
+        <td>object</td>
         <td>
           Attributes is a map of user attributes.<br/>
         </td>

docs/api.md

@@ -20,8 +20,8 @@ func TestServiceAccount_Serve(t *testing.T) {
 			},
 			ServiceAccount: &keycloakApi.ServiceAccount{
 				Enabled: true,
-				Attributes: map[string]string{
-					"foo": "bar",
+				Attributes: common.UserAttributes{
+					"foo": {"bar"},
 				},
 				ClientRoles: []keycloakApi.ClientRole{
 					{