From 46f35f633b2f8654bed317e8e4a7da331d10e82a Mon Sep 17 00:00:00 2001 From: Thomas Darimont Date: Fri, 3 Jan 2025 13:57:47 +0100 Subject: [PATCH] Code cleanups (#1050) - Avoid usage of deprecated Go APIs - Fix broken links - Fix linter issues (docker compose, editor config) - Fix typos Fixes #1049 --- .editorconfig | 2 +- .goreleaser.yml | 2 +- README.md | 2 +- docker-compose.yml | 2 +- docs/data-sources/client_description_converter.md | 12 +++++++----- .../openid_client_service_account_user.md | 2 +- docs/data-sources/user.md | 2 +- docs/resources/custom_user_federation.md | 2 +- docs/resources/group.md | 2 +- docs/resources/group_memberships.md | 2 +- ...ntity_provider_token_exchange_scope_permission.md | 2 +- docs/resources/ldap_group_mapper.md | 2 +- docs/resources/ldap_role_mapper.md | 2 +- docs/resources/oidc_google_identity_provider.md | 4 ++-- docs/resources/oidc_identity_provider.md | 6 +++--- docs/resources/openid_audience_protocol_mapper.md | 2 +- docs/resources/openid_client.md | 2 +- .../openid_user_property_protocol_mapper.md | 2 +- .../openid_user_session_note_protocol_mapper.md | 2 +- docs/resources/realm.md | 8 ++++---- docs/resources/role.md | 2 +- docs/resources/saml_identity_provider.md | 4 ++-- docs/resources/user.md | 2 +- keycloak/authentication_execution.go | 6 +++--- keycloak/authentication_execution_config.go | 10 +++++----- keycloak/authentication_subflow.go | 2 +- keycloak/generic_client_description_converter.go | 2 +- keycloak/group.go | 9 ++++----- keycloak/keycloak_client.go | 12 ++++++------ keycloak/ldap_full_name_mapper.go | 4 ++-- keycloak/ldap_user_federation.go | 2 +- keycloak/openid_client_authorization_permission.go | 6 +++--- keycloak/openid_client_authorization_policy.go | 2 +- keycloak/openid_client_authorization_resource.go | 2 +- keycloak/role_mapping_types.go | 8 ++++---- keycloak/user.go | 2 +- keycloak/util.go | 2 +- provider/extra_config.go | 2 +- ...ntity_provider_token_exchange_scope_permission.go | 2 +- ...ce_keycloak_oidc_google_identity_provider_test.go | 2 +- ...ce_keycloak_openid_client_optional_scopes_test.go | 2 +- provider/resource_keycloak_realm.go | 2 +- provider/resource_keycloak_role.go | 2 +- provider/resource_keycloak_user_test.go | 4 ++-- provider/role_mapping_helpers.go | 4 ++-- 45 files changed, 80 insertions(+), 79 deletions(-) diff --git a/.editorconfig b/.editorconfig index 8edf18ff1..1a76392f9 100644 --- a/.editorconfig +++ b/.editorconfig @@ -9,6 +9,6 @@ charset = utf-8 trim_trailing_whitespace = true insert_final_newline = true -[{*.yml, *.tf}] +[{*.yml,*.tf}] indent_style = space indent_size = 2 diff --git a/.goreleaser.yml b/.goreleaser.yml index 8402b84dd..9f94cdfb3 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -47,7 +47,7 @@ signs: - artifacts: checksum args: # if you are using this is a GitHub action or some other automated pipeline, you - # need to pass the batch flag to indicate its not interactive. + # need to pass the batch flag to indicate it's not interactive. - "--batch" - "--local-user" - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key diff --git a/README.md b/README.md index d54faece8..b23d432f4 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ build you can use the `linux_amd64` build as long as `libc6-compat` is installed ## Development This project requires Go 1.22 and Terraform 1.4.1. -This project uses [Go Modules](https://github.com/golang/go/wiki/Modules) for dependency management, which allows this project to exist outside of an existing GOPATH. +This project uses [Go Modules](https://github.com/golang/go/wiki/Modules) for dependency management, which allows this project to exist outside an existing GOPATH. After cloning the repository, you can build the project by running `make build`. diff --git a/docker-compose.yml b/docker-compose.yml index 2dcadc6cb..1852b712f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,7 +37,7 @@ services: # Enable for remote java debugging # - PREPEND_JAVA_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8787 ports: - - 8080:8080 + - "8080:8080" # Enable for remote java debugging # - 8787:8787 volumes: diff --git a/docs/data-sources/client_description_converter.md b/docs/data-sources/client_description_converter.md index 237b620ed..3a7e60293 100644 --- a/docs/data-sources/client_description_converter.md +++ b/docs/data-sources/client_description_converter.md @@ -62,9 +62,11 @@ resource "keycloak_saml_client" "saml_client" { ## Attributes Reference The exported attributes for this data source are a combination of the attributes for the [`keycloak_openid_client`][2] -and [`keycloak_saml_client`][3] resources. You can also refer to the [ClientRepresentation][4] Javadocs for more details. +and [`keycloak_saml_client`][3] resources. You can also refer to the [ClientRepresentation Javadocs][4] or [API docs][5] for more details. + +[1]: https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html +[2]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/openid_client +[3]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/saml_client +[4]: https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/representations/idm/ClientRepresentation.html +[5]: https://www.keycloak.org/docs-api/latest/rest-api/index.html#ClientRepresentation -[1]: https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html -[2]: providers/keycloak/keycloak/latest/docs/resources/openid_client -[3]: providers/keycloak/keycloak/latest/docs/resources/saml_client -[4]: https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html diff --git a/docs/data-sources/openid_client_service_account_user.md b/docs/data-sources/openid_client_service_account_user.md index 240d3373e..aa115057c 100644 --- a/docs/data-sources/openid_client_service_account_user.md +++ b/docs/data-sources/openid_client_service_account_user.md @@ -59,6 +59,6 @@ resource "keycloak_user_roles" "service_account_user_roles" { `email` - (Computed) The service account user's email. `first_name` - (Computed) The service account user's first name. `last_name` - (Computed) The service account user's last name. -`enabled` - (Computed) Whether or not the service account user is enabled. +`enabled` - (Computed) Whether the service account user is enabled. `attributes` - (Computed) The service account user's attributes. `federated_identity` - (Computed) This attribute exists in order to adhere to the spec of a Keycloak user, but a service account user will never have a federated identity, so this will always be `null`. diff --git a/docs/data-sources/user.md b/docs/data-sources/user.md index fa90a67c4..94ccfb2a8 100644 --- a/docs/data-sources/user.md +++ b/docs/data-sources/user.md @@ -41,4 +41,4 @@ output "keycloak_user_id" { - `federated_identity` - (Computed) The user's federated identities, if applicable. This block has the following schema: - `identity_provider` - (Computed) The name of the identity provider - `user_id` - (Computed) The ID of the user defined in the identity provider - - `user_name` - (Computed) The user name of the user defined in the identity provider + - `user_name` - (Computed) The username of the user defined in the identity provider diff --git a/docs/resources/custom_user_federation.md b/docs/resources/custom_user_federation.md index 1b3aea43e..e639022c6 100644 --- a/docs/resources/custom_user_federation.md +++ b/docs/resources/custom_user_federation.md @@ -43,7 +43,7 @@ resource "keycloak_custom_user_federation" "custom_user_federation" { - `parent_id` - (Optional) Must be set to the realms' `internal_id` when it differs from the realm. This can happen when existing resources are imported into the state. - `full_sync_period` - (Optional) How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync. - `changed_sync_period` - (Optional) How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync. -- `config` - (Optional) The provider configuration handed over to your custom user federation provider. In order to add multivalue settings, use `##` to seperate the values. +- `config` - (Optional) The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values. ## Import diff --git a/docs/resources/group.md b/docs/resources/group.md index 629140e9d..1e31cae12 100644 --- a/docs/resources/group.md +++ b/docs/resources/group.md @@ -49,7 +49,7 @@ resource "keycloak_group" "child_group_with_optional_attributes" { - `realm_id` - (Required) The realm this group exists in. - `parent_id` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level. - `name` - (Required) The name of the group. -- `attributes` - (Optional) A map representing attributes for the group. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars +- `attributes` - (Optional) A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars ## Attributes Reference diff --git a/docs/resources/group_memberships.md b/docs/resources/group_memberships.md index 7b3a1f819..7ddd99f6b 100644 --- a/docs/resources/group_memberships.md +++ b/docs/resources/group_memberships.md @@ -59,4 +59,4 @@ resource "keycloak_group_memberships" "group_members" { This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist on the server. -[1]: providers/keycloak/keycloak/latest/docs/resources/group_memberships +[1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships diff --git a/docs/resources/identity_provider_token_exchange_scope_permission.md b/docs/resources/identity_provider_token_exchange_scope_permission.md index 06ac40502..4d527cceb 100644 --- a/docs/resources/identity_provider_token_exchange_scope_permission.md +++ b/docs/resources/identity_provider_token_exchange_scope_permission.md @@ -18,7 +18,7 @@ When enabling Identity Provider Permissions, Keycloak does several things automa The only thing that is missing is a policy set on the permission. As the policy lives within the context of the realm-management client, you cannot create a policy resource and link to from with your _.tf_ file. This would also cause an implicit cycle dependency. Thus, the only way to manage this in terraform is to create and manage the policy internally from within this terraform resource itself. -At the moment only a client policy type is supported. The client policy will automatically be created for the clients parameter. +At the moment only a client policy type is supported. The client policy will automatically be created for the `clients` parameter. ## Example Usage diff --git a/docs/resources/ldap_group_mapper.md b/docs/resources/ldap_group_mapper.md index a4aad0698..c55042bd5 100644 --- a/docs/resources/ldap_group_mapper.md +++ b/docs/resources/ldap_group_mapper.md @@ -65,7 +65,7 @@ resource "keycloak_ldap_group_mapper" "ldap_group_mapper" { - `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings. - `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. - `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. -- `groups_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. +- `groups_ldap_filter` - (Optional) When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`. - `mode` - (Optional) Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. diff --git a/docs/resources/ldap_role_mapper.md b/docs/resources/ldap_role_mapper.md index fb7525cd1..ab942e3a9 100644 --- a/docs/resources/ldap_role_mapper.md +++ b/docs/resources/ldap_role_mapper.md @@ -63,7 +63,7 @@ resource "keycloak_ldap_role_mapper" "ldap_role_mapper" { - `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings. - `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. - `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. -- `roles_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`. +- `roles_ldap_filter` - (Optional) When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`. - `mode` - (Optional) Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`. - `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`. - `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when diff --git a/docs/resources/oidc_google_identity_provider.md b/docs/resources/oidc_google_identity_provider.md index d9d189c5b..136a4e984 100644 --- a/docs/resources/oidc_google_identity_provider.md +++ b/docs/resources/oidc_google_identity_provider.md @@ -38,7 +38,7 @@ resource "keycloak_oidc_google_identity_provider" "google" { - `enabled` - (Optional) When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`. - `store_token` - (Optional) When `true`, tokens will be stored after authenticating users. Defaults to `true`. - `add_read_token_role_on_create` - (Optional) When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. -- `link_only` - (Optional) When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. +- `link_only` - (Optional) When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. - `trust_email` - (Optional) When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. - `first_broker_login_flow_alias` - (Optional) The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`. - `post_broker_login_flow_alias` - (Optional) The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. @@ -68,4 +68,4 @@ Example: ```bash $ terraform import keycloak_oidc_google_identity_provider.google.google_identity_provider my-realm/my-google-idp -``` \ No newline at end of file +``` diff --git a/docs/resources/oidc_identity_provider.md b/docs/resources/oidc_identity_provider.md index 2c49edaed..b0d3ec21c 100644 --- a/docs/resources/oidc_identity_provider.md +++ b/docs/resources/oidc_identity_provider.md @@ -33,7 +33,7 @@ resource "keycloak_oidc_identity_provider" "realm_identity_provider" { ## Argument Reference - `realm` - (Required) The name of the realm. This is unique across Keycloak. -- `alias` - (Required) The alias uniquely identifies an identity provider and it is also used to build the redirect uri. +- `alias` - (Required) The alias uniquely identifies an identity provider, and it is also used to build the redirect uri. - `authorization_url` - (Required) The Authorization Url. - `client_id` - (Required) The client or client identifier registered within the identity provider. - `client_secret` - (Required) The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. @@ -42,7 +42,7 @@ resource "keycloak_oidc_identity_provider" "realm_identity_provider" { - `enabled` - (Optional) When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`. - `store_token` - (Optional) When `true`, tokens will be stored after authenticating users. Defaults to `true`. - `add_read_token_role_on_create` - (Optional) When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. -- `link_only` - (Optional) When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. +- `link_only` - (Optional) When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. - `trust_email` - (Optional) When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. - `first_broker_login_flow_alias` - (Optional) The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`. - `post_broker_login_flow_alias` - (Optional) The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. @@ -54,7 +54,7 @@ resource "keycloak_oidc_identity_provider" "realm_identity_provider" { - `issuer` - (Optional) The issuer identifier for the issuer of the response. If not provided, no validation will be performed. - `disable_user_info` - (Optional) When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`. - `hide_on_login_page` - (Optional) When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`. -- `logout_url` - (Optional) The Logout URL is the end session endpoint to use to logout user from external identity provider. +- `logout_url` - (Optional) The Logout URL is the end session endpoint to use to sign-out the user from external identity provider. - `login_hint` - (Optional) Pass login hint to identity provider. - `ui_locales` - (Optional) Pass current locale to identity provider. Defaults to `false`. - `accepts_prompt_none_forward_from_client` (Optional) When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`. diff --git a/docs/resources/openid_audience_protocol_mapper.md b/docs/resources/openid_audience_protocol_mapper.md index 24eb8112c..f8bb3242d 100644 --- a/docs/resources/openid_audience_protocol_mapper.md +++ b/docs/resources/openid_audience_protocol_mapper.md @@ -6,7 +6,7 @@ page_title: "keycloak_openid_audience_protocol_mapper Resource" Allows for creating and managing audience protocol mappers within Keycloak. -Audience protocol mappers allow you add audiences to the `aud` claim within issued tokens. The audience can be a custom +Audience protocol mappers allow you to add audiences to the `aud` claim within issued tokens. The audience can be a custom string, or it can be mapped to the ID of a pre-existing client. ## Example Usage (Client) diff --git a/docs/resources/openid_client.md b/docs/resources/openid_client.md index 6fc3eef1b..7d399f247 100644 --- a/docs/resources/openid_client.md +++ b/docs/resources/openid_client.md @@ -68,7 +68,7 @@ resource "keycloak_openid_client" "openid_client" { wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` is set to `true`. - `valid_post_logout_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful logout. -- `web_origins` - (Optional) A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`." +- `web_origins` - (Optional) A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`. - `root_url` - (Optional) When specified, this URL is prepended to any relative URLs found within `valid_redirect_uris`, `web_origins`, and `admin_url`. NOTE: Due to limitations in the Keycloak API, when the `root_url` attribute is used, the `valid_redirect_uris`, `web_origins`, and `admin_url` attributes will be required. - `admin_url` - (Optional) URL to the admin interface of the client. - `base_url` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client. diff --git a/docs/resources/openid_user_property_protocol_mapper.md b/docs/resources/openid_user_property_protocol_mapper.md index 91be752ec..d1d977bd1 100644 --- a/docs/resources/openid_user_property_protocol_mapper.md +++ b/docs/resources/openid_user_property_protocol_mapper.md @@ -70,7 +70,7 @@ resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper" - `realm_id` - (Required) The realm this protocol mapper exists within. - `name` - (Required) The display name of this protocol mapper in the GUI. -- `user_property` - (Required) The built in user property (such as email) to map a claim for. +- `user_property` - (Required) The built-in user property (such as email) to map a claim for. - `claim_name` - (Required) The name of the claim to insert into a token. - `client_id` - (Optional) The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - `client_scope_id` - (Optional) The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to. diff --git a/docs/resources/openid_user_session_note_protocol_mapper.md b/docs/resources/openid_user_session_note_protocol_mapper.md index 4e899e116..57948da58 100644 --- a/docs/resources/openid_user_session_note_protocol_mapper.md +++ b/docs/resources/openid_user_session_note_protocol_mapper.md @@ -75,7 +75,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_ - `client_id` - (Optional) The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. - `client_scope_id` - (Optional) The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. - `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. -- `session_note` - (Optional) String value being the name of stored user session note within the UserSessionModel.note map. +- `session_note` - (Optional) String value being the name of stored user session note within the `UserSessionModel.note` map. - `session_note_label` - (Optional) **Deprecated** Use `session_note` instead. - `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. - `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. diff --git a/docs/resources/realm.md b/docs/resources/realm.md index 374c5345d..82dc30cd5 100644 --- a/docs/resources/realm.md +++ b/docs/resources/realm.md @@ -229,12 +229,12 @@ the "Authentication" section of the realm configuration UI. These top level attr Each of these attributes are blocks with the following attributes: -- `relying_party_entity_name` - (Optional) A human readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. +- `relying_party_entity_name` - (Optional) A human-readable server name for the WebAuthn Relying Party. Defaults to `keycloak`. - `relying_party_id` - (Optional) The WebAuthn relying party ID. - `signature_algorithms` - (Optional) A set of signature algorithms that should be used for the authentication assertion. Valid options at the time these docs were written are `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512`, and `RS1`. - `attestation_conveyance_preference` - (Optional) The preference of how to generate a WebAuthn attestation statement. Valid options are `not specified`, `none`, `indirect`, `direct`, or `enterprise`. Defaults to `not specified`. - `authenticator_attachment` - (Optional) The acceptable attachment pattern for the WebAuthn authenticator. Valid options are `not specified`, `platform`, or `cross-platform`. Defaults to `not specified`. -- `require_resident_key` - (Optional) Specifies whether or not a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. +- `require_resident_key` - (Optional) Specifies whether a public key should be created to represent the resident key. Valid options are `not specified`, `Yes`, or `No`. Defaults to `not specified`. - `user_verification_requirement` - (Optional) Specifies the policy for verifying a user logging in via WebAuthn. Valid options are `not specified`, `required`, `preferred`, or `discouraged`. Defaults to `not specified`. - `create_timeout` - (Optional) The timeout value for creating a user's public key credential in seconds. When set to `0`, this timeout option is not adapted. Defaults to `0`. - `avoid_same_authenticator_register` - (Optional) When `true`, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to `false`. @@ -242,8 +242,8 @@ Each of these attributes are blocks with the following attributes: ## Default Client Scopes -- `default_default_client_scopes` - (Optional) A list of default default client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default default client-scopes. -- `default_optional_client_scopes` - (Optional) A list of default optional client scopes to be used for client definitions. Defaults to `[]` or keycloak's built-in default optional client-scopes. +- `default_default_client_scopes` - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`. +- `default_optional_client_scopes` - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`. ## Import diff --git a/docs/resources/role.md b/docs/resources/role.md index 8553c43aa..e67e9e9dc 100644 --- a/docs/resources/role.md +++ b/docs/resources/role.md @@ -6,7 +6,7 @@ page_title: "keycloak_role Resource" Allows for creating and managing roles within Keycloak. -Roles allow you define privileges within Keycloak and map them to users and groups. +Roles allow you to define privileges within Keycloak and map them to users and groups. ## Example Usage (Realm role) diff --git a/docs/resources/saml_identity_provider.md b/docs/resources/saml_identity_provider.md index f4ec6bc3f..0bb051847 100644 --- a/docs/resources/saml_identity_provider.md +++ b/docs/resources/saml_identity_provider.md @@ -43,7 +43,7 @@ resource "keycloak_saml_identity_provider" "realm_saml_identity_provider" { - `store_token` - (Optional) When `true`, tokens will be stored after authenticating users. Defaults to `true`. - `add_read_token_role_on_create` - (Optional) When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. - `trust_email` - (Optional) When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. -- `link_only` - (Optional) When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. +- `link_only` - (Optional) When `true`, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to `false`. - `hide_on_login_page` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter. - `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`. - `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty. @@ -54,7 +54,7 @@ resource "keycloak_saml_identity_provider" "realm_saml_identity_provider" { - `backchannel_supported` - (Optional) Does the external IDP support backchannel logout?. Defaults to `false`. - `provider_id` - (Optional) The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation. - `name_id_policy_format` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty. -- `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.. +- `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - `post_binding_authn_request` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - `post_binding_logout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used. - `want_assertions_signed` - (Optional) Indicates whether this service provider expects a signed Assertion. diff --git a/docs/resources/user.md b/docs/resources/user.md index 3ed787df0..d8f79a620 100644 --- a/docs/resources/user.md +++ b/docs/resources/user.md @@ -66,7 +66,7 @@ resource "keycloak_user" "user_with_initial_password" { - `federated_identity` - (Optional) When specified, the user will be linked to a federated identity provider. Refer to the [federated user example](https://github.com/keycloak/terraform-provider-keycloak/blob/master/example/federated_user_example.tf) for more details. - `identity_provider` - (Required) The name of the identity provider - `user_id` - (Required) The ID of the user defined in the identity provider - - `user_name` - (Required) The user name of the user defined in the identity provider + - `user_name` - (Required) The username of the user defined in the identity provider - `import` - (Optional) When `true`, the user with the specified `username` is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as `admin`. Note, that the user will not be removed during destruction if `import` is `true`. ## Import diff --git a/keycloak/authentication_execution.go b/keycloak/authentication_execution.go index 6a1af7fb3..4b464ce45 100644 --- a/keycloak/authentication_execution.go +++ b/keycloak/authentication_execution.go @@ -7,7 +7,7 @@ import ( ) // this is only used when creating an execution on a flow. -// other fields can be provided to the API but they are ignored +// other fields can be provided to the API, but they are ignored // POST /realms/${realmId}/authentication/flows/${flowAlias}/executions/execution type authenticationExecutionCreate struct { Provider string `json:"provider"` //authenticator of the execution @@ -21,7 +21,7 @@ type authenticationExecutionRequirementUpdate struct { Priority int `json:"priority,omitempty"` } -// this type is returned by GET /realms/${realmId}/authentication/flows/${flowAlias}/executions +// AuthenticationExecution is returned by GET /realms/${realmId}/authentication/flows/${flowAlias}/executions type AuthenticationExecution struct { Id string `json:"id"` RealmId string `json:"-"` @@ -35,7 +35,7 @@ type AuthenticationExecution struct { Requirement string `json:"requirement"` } -// another model is used for GET /realms/${realmId}/authentication/executions/${executionId}, but I am going to try to avoid using this API +// AuthenticationExecutionInfo is used for GET /realms/${realmId}/authentication/executions/${executionId}, but I am going to try to avoid using this API type AuthenticationExecutionInfo struct { Id string `json:"id"` RealmId string `json:"-"` diff --git a/keycloak/authentication_execution_config.go b/keycloak/authentication_execution_config.go index 14030dcdf..d5ec04437 100644 --- a/keycloak/authentication_execution_config.go +++ b/keycloak/authentication_execution_config.go @@ -5,7 +5,7 @@ import ( "fmt" ) -// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authenticatorconfigrepresentation +// AuthenticationExecutionConfig https://www.keycloak.org/docs-api/latest/rest-api/index.html#AuthenticatorConfigRepresentation type AuthenticationExecutionConfig struct { RealmId string `json:"-"` ExecutionId string `json:"-"` @@ -14,7 +14,7 @@ type AuthenticationExecutionConfig struct { Config map[string]string `json:"config"` } -// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_newexecutionconfig +// NewAuthenticationExecutionConfig creates a new AuthenticationExecutionConfig func (keycloakClient *KeycloakClient) NewAuthenticationExecutionConfig(ctx context.Context, config *AuthenticationExecutionConfig) (string, error) { _, location, err := keycloakClient.post(ctx, fmt.Sprintf("/realms/%s/authentication/executions/%s/config", config.RealmId, config.ExecutionId), config) if err != nil { @@ -23,17 +23,17 @@ func (keycloakClient *KeycloakClient) NewAuthenticationExecutionConfig(ctx conte return getIdFromLocationHeader(location), nil } -// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_getauthenticatorconfig +// GetAuthenticationExecutionConfig https://www.keycloak.org/docs-api/latest/rest-api/index.html#_get_adminrealmsrealmauthenticationconfigid func (keycloakClient *KeycloakClient) GetAuthenticationExecutionConfig(ctx context.Context, config *AuthenticationExecutionConfig) error { return keycloakClient.get(ctx, fmt.Sprintf("/realms/%s/authentication/config/%s", config.RealmId, config.Id), config, nil) } -// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_updateauthenticatorconfig +// UpdateAuthenticationExecutionConfig https://www.keycloak.org/docs-api/latest/rest-api/index.html#_put_adminrealmsrealmauthenticationconfigid func (keycloakClient *KeycloakClient) UpdateAuthenticationExecutionConfig(ctx context.Context, config *AuthenticationExecutionConfig) error { return keycloakClient.put(ctx, fmt.Sprintf("/realms/%s/authentication/config/%s", config.RealmId, config.Id), config) } -// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_removeauthenticatorconfig +// DeleteAuthenticationExecutionConfig https://www.keycloak.org/docs-api/latest/rest-api/index.html#_delete_adminrealmsrealmauthenticationconfigid func (keycloakClient *KeycloakClient) DeleteAuthenticationExecutionConfig(ctx context.Context, config *AuthenticationExecutionConfig) error { return keycloakClient.delete(ctx, fmt.Sprintf("/realms/%s/authentication/config/%s", config.RealmId, config.Id), nil) } diff --git a/keycloak/authentication_subflow.go b/keycloak/authentication_subflow.go index 9f7a8c01f..61f63f718 100644 --- a/keycloak/authentication_subflow.go +++ b/keycloak/authentication_subflow.go @@ -13,7 +13,7 @@ type AuthenticationSubFlow struct { ParentFlowAlias string `json:"-"` ProviderId string `json:"providerId"` // "basic-flow" or "client-flow" or form-flow see /keycloak/server-spi/src/main/java/org/keycloak/models/AuthenticationFlowModel.java TopLevel bool `json:"topLevel"` // should only be false if this is a subflow - BuiltIn bool `json:"builtIn"` // this controls whether or not this flow can be edited from the console. it can be updated, but this provider will only set it to `true` + BuiltIn bool `json:"builtIn"` // this controls whether this flow can be edited from the console. it can be updated, but this provider will only set it to `true` Description string `json:"description"` //execution part Authenticator string `json:"-"` //can be any authenticator see /auth/admin/master/console/#/server-info/providers (not limited to the authenticator spi section) for example could also be part of the form-action spi diff --git a/keycloak/generic_client_description_converter.go b/keycloak/generic_client_description_converter.go index f08bdac62..18cf35abe 100644 --- a/keycloak/generic_client_description_converter.go +++ b/keycloak/generic_client_description_converter.go @@ -6,7 +6,7 @@ import ( "fmt" ) -// https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html +// GenericClientRepresentation https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/representations/idm/ClientRepresentation.html type GenericClientRepresentation struct { Access map[string]string `json:"access"` AdminUrl string `json:"adminUrl"` diff --git a/keycloak/group.go b/keycloak/group.go index 30d4170a5..eb2f0896c 100644 --- a/keycloak/group.go +++ b/keycloak/group.go @@ -69,10 +69,9 @@ func (keycloakClient *KeycloakClient) ValidateGroupMembers(usernames []interface return nil } -/* - * Top level groups are created via POST /realms/${realm_id}/groups - * Child groups are created via POST /realms/${realm_id}/groups/${parent_id}/children - */ +// NewGroup creates a new group based on the following rules: +// Top level groups are created via POST /realms/${realm_id}/groups +// Child groups are created via POST /realms/${realm_id}/groups/${parent_id}/children func (keycloakClient *KeycloakClient) NewGroup(ctx context.Context, group *Group) error { var createGroupUrl string @@ -208,7 +207,7 @@ func (keycloakClient *KeycloakClient) ListGroupsWithName(ctx context.Context, re func (keycloakClient *KeycloakClient) GetGroupMembers(ctx context.Context, realmId, groupId string) ([]*User, error) { var users []*User - var first, pagination int = 0, 50 + var first, pagination = 0, 50 var iterationUsers []*User for ok := true; ok; ok = len(iterationUsers) > 0 { diff --git a/keycloak/keycloak_client.go b/keycloak/keycloak_client.go index 425370831..ced2b93c6 100644 --- a/keycloak/keycloak_client.go +++ b/keycloak/keycloak_client.go @@ -8,7 +8,7 @@ import ( "encoding/json" "fmt" "github.com/hashicorp/terraform-plugin-log/tflog" - "io/ioutil" + "io" "net/http" "net/http/cookiejar" "net/url" @@ -144,7 +144,7 @@ func (keycloakClient *KeycloakClient) login(ctx context.Context) error { defer accessTokenResponse.Body.Close() - body, _ := ioutil.ReadAll(accessTokenResponse.Body) + body, _ := io.ReadAll(accessTokenResponse.Body) tflog.Debug(ctx, "Login response", map[string]interface{}{ "response": string(body), @@ -232,7 +232,7 @@ func (keycloakClient *KeycloakClient) Refresh(ctx context.Context) error { defer refreshTokenResponse.Body.Close() - body, _ := ioutil.ReadAll(refreshTokenResponse.Body) + body, _ := io.ReadAll(refreshTokenResponse.Body) tflog.Debug(ctx, "Refresh response", map[string]interface{}{ "response": string(body), @@ -320,7 +320,7 @@ func (keycloakClient *KeycloakClient) sendRequest(ctx context.Context, request * } if body != nil { - request.Body = ioutil.NopCloser(bytes.NewReader(body)) + request.Body = io.NopCloser(bytes.NewReader(body)) requestLogArgs["body"] = string(body) } @@ -348,7 +348,7 @@ func (keycloakClient *KeycloakClient) sendRequest(ctx context.Context, request * keycloakClient.addRequestHeaders(request) if body != nil { - request.Body = ioutil.NopCloser(bytes.NewReader(body)) + request.Body = io.NopCloser(bytes.NewReader(body)) } response, err = keycloakClient.httpClient.Do(request) if err != nil { @@ -358,7 +358,7 @@ func (keycloakClient *KeycloakClient) sendRequest(ctx context.Context, request * defer response.Body.Close() - responseBody, err := ioutil.ReadAll(response.Body) + responseBody, err := io.ReadAll(response.Body) if err != nil { return nil, "", err } diff --git a/keycloak/ldap_full_name_mapper.go b/keycloak/ldap_full_name_mapper.go index c9449b221..e6d402189 100644 --- a/keycloak/ldap_full_name_mapper.go +++ b/keycloak/ldap_full_name_mapper.go @@ -61,13 +61,13 @@ func convertFromComponentToLdapFullNameMapper(component *component, realmId stri }, nil } -// the keycloak api client is passed in order to fetch the ldap provider for writable validation +// ValidateLdapFullNameMapper the keycloak api client is passed in order to fetch the ldap provider for writable validation func (keycloakClient *KeycloakClient) ValidateLdapFullNameMapper(ctx context.Context, mapper *LdapFullNameMapper) error { if mapper.ReadOnly && mapper.WriteOnly { return fmt.Errorf("validation error: ldap full name mapper cannot be both read only and write only") } - // the mapper can't be write only if the ldap provider is not writable + // the mapper can't be write-only if the ldap provider is not writable if mapper.WriteOnly { ldapUserFederation, err := keycloakClient.GetLdapUserFederation(ctx, mapper.RealmId, mapper.LdapUserFederationId) if err != nil { diff --git a/keycloak/ldap_user_federation.go b/keycloak/ldap_user_federation.go index e8e7ca817..f05a64bed 100644 --- a/keycloak/ldap_user_federation.go +++ b/keycloak/ldap_user_federation.go @@ -17,7 +17,7 @@ type LdapUserFederation struct { ImportEnabled bool EditMode string // can be "READ_ONLY", "WRITABLE", or "UNSYNCED" - SyncRegistrations bool // I think this field controls whether or not BatchSizeForSync, FullSyncPeriod, and ChangedSyncPeriod are needed + SyncRegistrations bool // I think this field controls whether BatchSizeForSync, FullSyncPeriod, and ChangedSyncPeriod are needed Vendor string // can be "other", "edirectory", "ad", "rhds", or "tivoli". honestly I don't think this field actually does anything UsernameLDAPAttribute string diff --git a/keycloak/openid_client_authorization_permission.go b/keycloak/openid_client_authorization_permission.go index 4d6e1e14c..593f1a1c1 100644 --- a/keycloak/openid_client_authorization_permission.go +++ b/keycloak/openid_client_authorization_permission.go @@ -27,9 +27,9 @@ func (keycloakClient *KeycloakClient) GetOpenidClientAuthorizationPermission(ctx Id: id, } - policies := []OpenidClientAuthorizationPolicy{} - resources := []OpenidClientAuthorizationResource{} - scopes := []OpenidClientAuthorizationScope{} + var policies []OpenidClientAuthorizationPolicy + var resources []OpenidClientAuthorizationResource + var scopes []OpenidClientAuthorizationScope err := keycloakClient.get(ctx, fmt.Sprintf("/realms/%s/clients/%s/authz/resource-server/permission/%s", realm, resourceServerId, id), &permission, nil) if err != nil { diff --git a/keycloak/openid_client_authorization_policy.go b/keycloak/openid_client_authorization_policy.go index 5724dc27b..e0e5f50b2 100644 --- a/keycloak/openid_client_authorization_policy.go +++ b/keycloak/openid_client_authorization_policy.go @@ -20,7 +20,7 @@ type OpenidClientAuthorizationPolicy struct { } func (keycloakClient *KeycloakClient) GetClientAuthorizationPolicyByName(ctx context.Context, realmId, resourceServerId, name string) (*OpenidClientAuthorizationPolicy, error) { - policies := []OpenidClientAuthorizationPolicy{} + var policies []OpenidClientAuthorizationPolicy params := map[string]string{"name": name} err := keycloakClient.get(ctx, fmt.Sprintf("/realms/%s/clients/%s/authz/resource-server/policy", realmId, resourceServerId), &policies, params) if err != nil { diff --git a/keycloak/openid_client_authorization_resource.go b/keycloak/openid_client_authorization_resource.go index b1acefa42..e24d9eccb 100644 --- a/keycloak/openid_client_authorization_resource.go +++ b/keycloak/openid_client_authorization_resource.go @@ -45,7 +45,7 @@ func (keycloakClient *KeycloakClient) GetOpenidClientAuthorizationResource(ctx c } func (keycloakClient *KeycloakClient) GetOpenidClientAuthorizationResourceByName(ctx context.Context, realmId, resourceServerId, name string) (*OpenidClientAuthorizationResource, error) { - resources := []OpenidClientAuthorizationResource{} + var resources []OpenidClientAuthorizationResource params := map[string]string{"name": name} err := keycloakClient.get(ctx, fmt.Sprintf("/realms/%s/clients/%s/authz/resource-server/resource", realmId, resourceServerId), &resources, params) if err != nil { diff --git a/keycloak/role_mapping_types.go b/keycloak/role_mapping_types.go index fe748973d..96651c849 100644 --- a/keycloak/role_mapping_types.go +++ b/keycloak/role_mapping_types.go @@ -1,14 +1,14 @@ package keycloak -// struct for the MappingRepresentation -// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_mappingsrepresentation +// RoleMapping struct for the MappingRepresentation +// https://www.keycloak.org/docs-api/latest/rest-api/index.html#MappingsRepresentation type RoleMapping struct { ClientMappings map[string]*ClientRoleMapping `json:"clientMappings"` RealmMappings []*Role `json:"realmMappings"` } -// struct for the ClientMappingRepresentation -// https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientmappingsrepresentation +// ClientRoleMapping struct for the ClientMappingRepresentation +// https://www.keycloak.org/docs-api/latest/rest-api/index.html#ClientMappingsRepresentation type ClientRoleMapping struct { Client string `json:"client"` Id string `json:"id"` diff --git a/keycloak/user.go b/keycloak/user.go index 434bd5c2f..83234f2a1 100644 --- a/keycloak/user.go +++ b/keycloak/user.go @@ -148,7 +148,7 @@ func (keycloakClient *KeycloakClient) GetUserByUsername(ctx context.Context, rea return nil, err } - // more than one user could be returned so we need to search through all of the results and return the correct one + // more than one user could be returned so we need to search through all results and return the correct one // ex: foo and foo-user could both exist, but searching for "foo" will return both for _, user := range users { if user.Username == username { diff --git a/keycloak/util.go b/keycloak/util.go index c9c9e4b9e..6540f20c6 100644 --- a/keycloak/util.go +++ b/keycloak/util.go @@ -23,7 +23,7 @@ func getMillisecondsFromDurationString(s string) (string, error) { return strconv.Itoa(int(duration.Seconds() * 1000)), nil } -// Converts a string representing milliseconds from Keycloak API to a duration string used by the provider +// GetDurationStringFromMilliseconds converts a string representing milliseconds from Keycloak API to a duration string used by the provider // Ex: "3600000" => "1h0m0s" func GetDurationStringFromMilliseconds(milliseconds string) (string, error) { ms, err := strconv.Atoi(milliseconds) diff --git a/provider/extra_config.go b/provider/extra_config.go index a778af0ee..4031605ff 100644 --- a/provider/extra_config.go +++ b/provider/extra_config.go @@ -55,7 +55,7 @@ func setExtraConfigData(data *schema.ResourceData, extraConfig map[string]interf data.Set("extra_config", newExtraConfig) } -// validateExtraConfig takes a reflect value type to check its JSON schema in order to validate that extra_config +// validateExtraConfig takes a reflect.Value type to check its JSON schema in order to validate that extra_config // doesn't contain any attributes that could have been specified within the official schema func validateExtraConfig(reflectValue reflect.Value) schema.SchemaValidateDiagFunc { return func(v interface{}, path cty.Path) diag.Diagnostics { diff --git a/provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go b/provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go index 02754d0d2..e60591eff 100644 --- a/provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go +++ b/provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go @@ -2,6 +2,7 @@ package provider import ( "context" + "crypto/rand" "encoding/hex" "errors" "fmt" @@ -10,7 +11,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/keycloak/terraform-provider-keycloak/keycloak" - "math/rand" "strings" ) diff --git a/provider/resource_keycloak_oidc_google_identity_provider_test.go b/provider/resource_keycloak_oidc_google_identity_provider_test.go index 27782aaea..baae43948 100644 --- a/provider/resource_keycloak_oidc_google_identity_provider_test.go +++ b/provider/resource_keycloak_oidc_google_identity_provider_test.go @@ -13,7 +13,7 @@ import ( ) /* - note: we cannot use parallel tests for this resource as only one instance of a google identity provider can be created + note: we cannot use parallel tests for this resource as only one instance of a Google identity provider can be created for a realm. */ diff --git a/provider/resource_keycloak_openid_client_optional_scopes_test.go b/provider/resource_keycloak_openid_client_optional_scopes_test.go index 3efa1da63..2225473c7 100644 --- a/provider/resource_keycloak_openid_client_optional_scopes_test.go +++ b/provider/resource_keycloak_openid_client_optional_scopes_test.go @@ -141,7 +141,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateClientAccessType(t *testi }) } -// if a optional client scope is manually detached from a client with optional scopes controlled by this resource, terraform should add it again +// if an optional client scope is manually detached from a client with optional scopes controlled by this resource, terraform should add it again func TestAccKeycloakOpenidClientOptionalScopes_authoritativeAdd(t *testing.T) { t.Parallel() client := acctest.RandomWithPrefix("tf-acc") diff --git a/provider/resource_keycloak_realm.go b/provider/resource_keycloak_realm.go index ff994a5d5..badeba995 100644 --- a/provider/resource_keycloak_realm.go +++ b/provider/resource_keycloak_realm.go @@ -1402,7 +1402,7 @@ func resourceKeycloakRealmRead(ctx context.Context, data *schema.ResourceData, m return handleNotFoundError(ctx, err, data) } - // we can't trust the API to set this field correctly since it just responds with "**********" this implies a 'password only' change will not detected + // we can't trust the API to set this field correctly since it just responds with "**********" this implies a 'password only' change will not be detected if smtpPassword, ok := getRealmSMTPPasswordFromData(data); ok { realm.SmtpServer.Password = smtpPassword } diff --git a/provider/resource_keycloak_role.go b/provider/resource_keycloak_role.go index 122cc57d6..6994f9196 100644 --- a/provider/resource_keycloak_role.go +++ b/provider/resource_keycloak_role.go @@ -248,7 +248,7 @@ func resourceKeycloakRoleUpdate(ctx context.Context, data *schema.ResourceData, // at this point we have two slices: // `keycloakCompositesToRemove` should be removed from the role's list of composites - // `tfCompositeIds` should be added to the role's list of composites. all of the roles that exist on both sides have already been removed + // `tfCompositeIds` should be added to the role's list of composites. All the roles that exist on both sides have already been removed if len(keycloakCompositesToRemove) != 0 { err = keycloakClient.RemoveCompositesFromRole(ctx, role, keycloakCompositesToRemove) diff --git a/provider/resource_keycloak_user_test.go b/provider/resource_keycloak_user_test.go index 0e11e8021..87e2ea085 100644 --- a/provider/resource_keycloak_user_test.go +++ b/provider/resource_keycloak_user_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "github.com/keycloak/terraform-provider-keycloak/keycloak" - "io/ioutil" + "io" "net/http" "net/url" "os" @@ -433,7 +433,7 @@ func testAccCheckKeycloakUserInitialPasswordLogin(username, password, clientId s defer response.Body.Close() if response.StatusCode != http.StatusOK { - body, _ := ioutil.ReadAll(response.Body) + body, _ := io.ReadAll(response.Body) return fmt.Errorf("user with username %s cannot login with password %s\n body: %s", username, password, string(body)) } diff --git a/provider/role_mapping_helpers.go b/provider/role_mapping_helpers.go index 8c19c4bf2..569de64cf 100644 --- a/provider/role_mapping_helpers.go +++ b/provider/role_mapping_helpers.go @@ -6,7 +6,7 @@ import ( ) // a struct that represents the "desired" state configured via terraform -// the key for 'clientRoles' is keycloak's client-id (the uuid, not to be confused with the OAuth Client Id) +// the key for 'clientRoles' is keycloak's client-id (the uuid, not to be confused with the OAuth `Client Id`) type roleMapping struct { clientRoles map[string][]*keycloak.Role realmRoles []*keycloak.Role @@ -115,7 +115,7 @@ func roleExists(roles []*keycloak.Role, role *keycloak.Role) bool { return false } -// calculate the set difference: returns `a \ b`, i.e. every role that exist in a, but not in b +// calculate the set difference: returns `a \ b`, i.e. every role that exist in `a`, but not in `b` func minusRoles(a, b []*keycloak.Role) []*keycloak.Role { var aWithoutB []*keycloak.Role