feat: Add support for list of attributes with the same key

Signed-off-by: Douglass Kirkley <doug.kirkley@gmail.com>

Author: zmotso

api/v1/keycloakclient_types.go

@@ -213,10 +213,17 @@ type ServiceAccount struct {
 	ClientRoles []UserClientRole `json:"clientRoles,omitempty"`
 
 	// Attributes is a map of service account attributes.
+	// Deprecated: Use AttributesV2 instead.
 	// +nullable
 	// +optional
 	Attributes map[string]string `json:"attributes,omitempty"`
 
+	// AttributesV2 is a map of service account attributes.
+	// this multi-value attributes
+	// +nullable
+	// +optional
+	AttributesV2 map[string][]string `json:"attributesV2,omitempty"`
+
 	// Groups is a list of groups assigned to service account
 	// +nullable
 	// +optional

api/v1/keycloakrealmuser_types.go

@@ -56,10 +56,17 @@ type KeycloakRealmUserSpec struct {
 	Groups []string `json:"groups,omitempty"`
 
 	// Attributes is a map of user attributes.
+	// Deprecated: Use AttributesV2 instead.
 	// +nullable
 	// +optional
 	Attributes map[string]string `json:"attributes,omitempty"`
 
+	// AttributesV2 is a map of service account attributes.
+	// this multi-value attributes
+	// +nullable
+	// +optional
+	AttributesV2 map[string][]string `json:"attributesV2,omitempty"`
+
 	// ReconciliationStrategy is a strategy for reconciliation. Possible values: full, create-only.
 	// Default value: full. If set to create-only, user will be created only if it does not exist. If user exists, it will not be updated.
 	// If set to full, user will be created if it does not exist, or updated if it exists.

api/v1/zz_generated.deepcopy.go

@@ -613,7 +613,19 @@ spec:
                   attributes:
                     additionalProperties:
                       type: string
-                    description: Attributes is a map of service account attributes.
+                    description: |-
+                      Attributes is a map of service account attributes.
+                      Deprecated: Use AttributesV2 instead.
+                    nullable: true
+                    type: object
+                  attributesV2:
+                    additionalProperties:
+                      items:
+                        type: string
+                      type: array
+                    description: |-
+                      AttributesV2 is a map of service account attributes.
+                      this multi-value attributes
                     nullable: true
                     type: object
                   clientRoles:

config/crd/bases/v1.edp.epam.com_keycloakclients.yaml

@@ -47,7 +47,19 @@ spec:
               attributes:
                 additionalProperties:
                   type: string
-                description: Attributes is a map of user attributes.
+                description: |-
+                  Attributes is a map of user attributes.
+                  Deprecated: Use AttributesV2 instead.
+                nullable: true
+                type: object
+              attributesV2:
+                additionalProperties:
+                  items:
+                    type: string
+                  type: array
+                description: |-
+                  AttributesV2 is a map of service account attributes.
+                  this multi-value attributes
                 nullable: true
                 type: object
               clientRoles:

config/crd/bases/v1.edp.epam.com_keycloakrealmusers.yaml

@@ -613,7 +613,19 @@ spec:
                   attributes:
                     additionalProperties:
                       type: string
-                    description: Attributes is a map of service account attributes.
+                    description: |-
+                      Attributes is a map of service account attributes.
+                      Deprecated: Use AttributesV2 instead.
+                    nullable: true
+                    type: object
+                  attributesV2:
+                    additionalProperties:
+                      items:
+                        type: string
+                      type: array
+                    description: |-
+                      AttributesV2 is a map of service account attributes.
+                      this multi-value attributes
                     nullable: true
                     type: object
                   clientRoles:

deploy-templates/crds/v1.edp.epam.com_keycloakclients.yaml

@@ -47,7 +47,19 @@ spec:
               attributes:
                 additionalProperties:
                   type: string
-                description: Attributes is a map of user attributes.
+                description: |-
+                  Attributes is a map of user attributes.
+                  Deprecated: Use AttributesV2 instead.
+                nullable: true
+                type: object
+              attributesV2:
+                additionalProperties:
+                  items:
+                    type: string
+                  type: array
+                description: |-
+                  AttributesV2 is a map of service account attributes.
+                  this multi-value attributes
                 nullable: true
                 type: object
               clientRoles:

deploy-templates/crds/v1.edp.epam.com_keycloakrealmusers.yaml

@@ -3394,7 +3394,16 @@ ServiceAccount is a service account configuration.
         <td><b>attributes</b></td>
         <td>map[string]string</td>
         <td>
-          Attributes is a map of service account attributes.<br/>
+          Attributes is a map of service account attributes.
+Deprecated: Use AttributesV2 instead.<br/>
+        </td>
+        <td>false</td>
+      </tr><tr>
+        <td><b>attributesV2</b></td>
+        <td>map[string][]string</td>
+        <td>
+          AttributesV2 is a map of service account attributes.
+this multi-value attributes<br/>
         </td>
         <td>false</td>
       </tr><tr>
@@ -6496,7 +6505,16 @@ KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser.
         <td><b>attributes</b></td>
         <td>map[string]string</td>
         <td>
-          Attributes is a map of user attributes.<br/>
+          Attributes is a map of user attributes.
+Deprecated: Use AttributesV2 instead.<br/>
+        </td>
+        <td>false</td>
+      </tr><tr>
+        <td><b>attributesV2</b></td>
+        <td>map[string][]string</td>
+        <td>
+          AttributesV2 is a map of service account attributes.
+this multi-value attributes<br/>
         </td>
         <td>false</td>
       </tr><tr>

docs/api.md

@@ -45,9 +45,9 @@ func (el *ServiceAccount) Serve(_ context.Context, keycloakClient *keycloakApi.K
 		}
 	}
 
-	if keycloakClient.Spec.ServiceAccount.Attributes != nil {
+	if keycloakClient.Spec.ServiceAccount.AttributesV2 != nil {
 		if err := el.keycloakApiClient.SetServiceAccountAttributes(realmName, keycloakClient.Status.ClientID,
-			keycloakClient.Spec.ServiceAccount.Attributes, addOnly); err != nil {
+			keycloakClient.Spec.ServiceAccount.AttributesV2, addOnly); err != nil {
 			return errors.Wrap(err, "unable to set service account attributes")
 		}
 	}

internal/controller/keycloakclient/chain/service_account.go

@@ -20,8 +20,8 @@ func TestServiceAccount_Serve(t *testing.T) {
 			},
 			ServiceAccount: &keycloakApi.ServiceAccount{
 				Enabled: true,
-				Attributes: map[string]string{
-					"foo": "bar",
+				AttributesV2: map[string][]string{
+					"foo": {"bar"},
 				},
 				ClientRoles: []keycloakApi.UserClientRole{
 					{
@@ -48,7 +48,7 @@ func TestServiceAccount_Serve(t *testing.T) {
 	apiClient.On("SyncServiceAccountGroups", realmName, kc.Status.ClientID,
 		kc.Spec.ServiceAccount.Groups, false).Return(nil)
 	apiClient.On("SetServiceAccountAttributes", realmName, kc.Status.ClientID,
-		kc.Spec.ServiceAccount.Attributes, false).Return(nil)
+		kc.Spec.ServiceAccount.AttributesV2, false).Return(nil)
 
 	sa := NewServiceAccount(apiClient)