[CLOUDTRUST-7433] Fixes add/del attributes in IDP interface

Author: fperot74

pkg/idp/component.go

@@ -477,18 +477,18 @@ func (c *component) GetUsersWithAttribute(ctx context.Context, realmName string,
 func (c *component) AddUserAttributes(ctx context.Context, realmName string, userID string, attributes map[string][]string) error {
 	// For now, we don't check which attributes are allowed to be set. If needed, we should use UserProfile feature and
 	// check if annotations tell that the attribute is writable or not for the given interface.
-	return c.updateUser(ctx, realmName, userID, func(user kc.UserRepresentation) bool {
+	return c.updateUser(ctx, realmName, userID, func(user *kc.UserRepresentation) bool {
 		var updated = false
 		for attributeKey, attributeValues := range attributes {
-			if c.addUserAttribute(user, attributeKey, attributeValues) {
+			if c.addUserAttribute(ctx, user, attributeKey, attributeValues) {
 				updated = true
 			}
 		}
 		return updated
 	})
 }
 
-func (c *component) addUserAttribute(user kc.UserRepresentation, attributeKey string, attributeValues []string) bool {
+func (c *component) addUserAttribute(ctx context.Context, user *kc.UserRepresentation, attributeKey string, attributeValues []string) bool {
 	var key = kc.AttributeKey(attributeKey)
 	if user.Attributes == nil {
 		var attributes = make(kc.Attributes)
@@ -507,7 +507,7 @@ func (c *component) addUserAttribute(user kc.UserRepresentation, attributeKey st
 func (c *component) DeleteUserAttributes(ctx context.Context, realmName string, userID string, attributeKeys []string) error {
 	// For now, we don't check which attributes are allowed to be removed. If needed, we should use UserProfile feature and
 	// check if annotations tell that the attribute is writable or not for the given interface.
-	return c.updateUser(ctx, realmName, userID, func(user kc.UserRepresentation) bool {
+	return c.updateUser(ctx, realmName, userID, func(user *kc.UserRepresentation) bool {
 		var count = 0
 		for _, attributeKey := range attributeKeys {
 			var key = kc.AttributeKey(attributeKey)
@@ -523,7 +523,7 @@ func (c *component) DeleteUserAttributes(ctx context.Context, realmName string,
 	})
 }
 
-func (c *component) updateUser(ctx context.Context, realmName string, userID string, updateFunc func(user kc.UserRepresentation) bool) error {
+func (c *component) updateUser(ctx context.Context, realmName string, userID string, updateFunc func(user *kc.UserRepresentation) bool) error {
 	accessToken, err := c.tokenProvider.ProvideTokenForRealm(ctx, realmName)
 	if err != nil {
 		c.logger.Warn(ctx, "msg", "Failed to get OIDC token from keycloak", "err", err.Error())
@@ -534,7 +534,7 @@ func (c *component) updateUser(ctx context.Context, realmName string, userID str
 		c.logger.Warn(ctx, "msg", "Failed to get Keycloak user", "err", err.Error(), "realm", realmName, "user", userID)
 		return err
 	}
-	if updateFunc(user) {
+	if updateFunc(&user) {
 		err = overrideKeycloakError(c.keycloakIdpClient.UpdateUser(accessToken, realmName, userID, user), "attribute")
 		if err != nil {
 			c.logger.Warn(ctx, "msg", "Failed to update user from keycloak", "err", err.Error(), "realm", realmName, "user", userID)

pkg/idp/component_test.go

@@ -39,6 +39,27 @@ func ptrBool(value bool) *bool {
 	return &value
 }
 
+type hasSingleAttributeValue struct {
+	Key   string
+	Value string
+}
+
+func (h hasSingleAttributeValue) Matches(x any) bool {
+	var user, ok = x.(kc.UserRepresentation)
+	if !ok || user.Attributes == nil {
+		return false
+	}
+	var currValue = user.Attributes.Get(kc.AttributeKey(h.Key))
+	if len(currValue) != 1 {
+		return false
+	}
+	return currValue[0] == h.Value
+}
+
+func (h hasSingleAttributeValue) String() string {
+	return fmt.Sprintf("hasSingleAttributeValue{Key: %s, Value: %s}", h.Key, h.Value)
+}
+
 func createTestKcIdp() kc.IdentityProviderRepresentation {
 	return kc.IdentityProviderRepresentation{
 		AddReadTokenRoleOnCreate:  ptrBool(false),
@@ -922,22 +943,22 @@ func TestAddDeleteUserAttributes(t *testing.T) {
 		t.Run("Success adding first attribute", func(t *testing.T) {
 			mocks.tokenProvider.EXPECT().ProvideTokenForRealm(ctx, realmName).Return(accessToken, nil)
 			mocks.keycloakIdpClient.EXPECT().GetUser(accessToken, realmName, userID).Return(kc.UserRepresentation{Attributes: nil}, nil)
-			mocks.keycloakIdpClient.EXPECT().UpdateUser(accessToken, realmName, userID, gomock.Any()).Return(nil)
+			mocks.keycloakIdpClient.EXPECT().UpdateUser(accessToken, realmName, userID, hasSingleAttributeValue{Key: attribKey, Value: attribValue}).Return(nil)
 			err := idpComponent.AddUserAttributes(ctx, realmName, userID, map[string][]string{attribKey: {attribValue}})
 			assert.NoError(t, err)
 		})
 		t.Run("Success adding not yet existing attribute", func(t *testing.T) {
 			mocks.tokenProvider.EXPECT().ProvideTokenForRealm(ctx, realmName).Return(accessToken, nil)
 			mocks.keycloakIdpClient.EXPECT().GetUser(accessToken, realmName, userID).Return(kc.UserRepresentation{Attributes: &kc.Attributes{}}, nil)
-			mocks.keycloakIdpClient.EXPECT().UpdateUser(accessToken, realmName, userID, gomock.Any()).Return(nil)
+			mocks.keycloakIdpClient.EXPECT().UpdateUser(accessToken, realmName, userID, hasSingleAttributeValue{Key: attribKey, Value: attribValue}).Return(nil)
 			err := idpComponent.AddUserAttributes(ctx, realmName, userID, map[string][]string{attribKey: {attribValue}})
 			assert.NoError(t, err)
 		})
 		t.Run("Success adding existing attribute with different value", func(t *testing.T) {
 			kcUser := kc.UserRepresentation{Attributes: &kc.Attributes{kc.AttributeKey(attribKey): []string{"some-other-value"}}}
 			mocks.tokenProvider.EXPECT().ProvideTokenForRealm(ctx, realmName).Return(accessToken, nil)
 			mocks.keycloakIdpClient.EXPECT().GetUser(accessToken, realmName, userID).Return(kcUser, nil)
-			mocks.keycloakIdpClient.EXPECT().UpdateUser(accessToken, realmName, userID, gomock.Any()).Return(nil)
+			mocks.keycloakIdpClient.EXPECT().UpdateUser(accessToken, realmName, userID, hasSingleAttributeValue{Key: attribKey, Value: attribValue}).Return(nil)
 			err := idpComponent.AddUserAttributes(ctx, realmName, userID, map[string][]string{attribKey: {attribValue}})
 			assert.NoError(t, err)
 		})