sharang
bb2c638fb4
internal/keycloak/ — Adapter interface with two implementations:
HTTPAdapter pgxpool-style real Admin API client with cached client-
credentials token (auto-refresh, 401 retry).
Mock in-process map for unit tests + dev convenience when
KEYCLOAK_ADMIN_URL is empty. Used by the eachStore harness.
Adapter contract (adapter.go):
CreateOrgAndInvite(ctx, InviteInput) (*InviteResult, error)
Creates a KC organization, an IT_ADMIN user, adds the user as a
member, triggers VERIFY_EMAIL + UPDATE_PASSWORD execute-actions
email. Atomic from the caller's PoV; partial failures surface as
typed errors (ErrOrgConflict, ErrUserConflict, ErrUnauthorized,
ErrUnavailable).
SyncClaims(ctx, userID, Claims) error
Pushes tenant_id / tenant_slug / org_roles / products / plan /
tenant_status into the user's KC attributes — the same shape the
realm's protocol mappers project into JWTs.
Health(ctx) error
Pings /admin/serverinfo; wired into readyz.
Wiring:
POST /v1/tenants now accepts admin_email + admin_name. When set, the
adapter creates the org and invites the user. Response wraps the
tenant with the new TenantCreated{tenant, invite_url} shape so dev
testers can use the action-token URL without waiting for the email.
KC failures DO NOT roll the tenant back — they emit a
keycloak.provision_failed audit event so the operator can resend.
Successful invites emit keycloak.invite_sent.
POST /v1/internal/keycloak/claims resolves a tenant's current claim
bundle. Lookup chain: body.tenant_id → body.tenant_slug →
body.user_attrs.tenant_id → body.user_attrs.tenant_slug. The realm's
protocol mapper calls this at token issuance, or operators on demand.
Config: KEYCLOAK_ADMIN_URL / REALM / CLIENT_ID / CLIENT_SECRET; empty
URL falls back to Mock for dev.
OpenAPI: TenantCreated + Claims schemas added; /v1/internal/keycloak/claims
documented. Contract test extended to cover the new endpoint.
Tests:
internal/keycloak/mock_test.go Mock semantics: conflict surfacing,
FailNext hook, SyncClaims persistence.
internal/server/keycloak_test.go KC provisioning end-to-end via
eachStore: invite_url returned,
mock records, invite_sent audit;
failure path emits provision_failed
but tenant still lands; claims
endpoint resolves via tenant_id /
tenant_slug / user_attrs / 404 / 400.
The real-KC integration test (against a testcontainers-spun KC 26)
lands in a follow-up — gating it behind KEYCLOAK_INTEGRATION=1 + a
slower nightly CI is cleaner than baking 30s+ of KC boot into every PR.
Refs: M4.3
51 lines
1.5 KiB
Go
51 lines
1.5 KiB
Go
package config
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"time"
|
|
)
|
|
|
|
type Config struct {
|
|
Env string // dev | stage | prod
|
|
Addr string // listen address, e.g. ":8090"
|
|
KeycloakIssuer string // e.g. http://localhost:8080/realms/breakpilot-dev
|
|
DatabaseURL string // postgres DSN (unused in skeleton; in-memory store)
|
|
|
|
// Keycloak Admin API — only used if KeycloakAdminURL is set. Empty
|
|
// values disable the adapter and tenant-registry falls back to the
|
|
// Mock (dev convenience).
|
|
KeycloakAdminURL string
|
|
KeycloakRealm string
|
|
KeycloakClientID string
|
|
KeycloakClientSecret string
|
|
KeycloakTimeout time.Duration
|
|
}
|
|
|
|
func Load() (*Config, error) {
|
|
env := getenv("APP_ENV", "dev")
|
|
if env != "dev" && env != "stage" && env != "prod" {
|
|
return nil, fmt.Errorf("invalid APP_ENV %q", env)
|
|
}
|
|
return &Config{
|
|
Env: env,
|
|
// :8090 — Keycloak owns :8080 in the dev stack.
|
|
Addr: getenv("ADDR", ":8090"),
|
|
KeycloakIssuer: getenv("KEYCLOAK_ISSUER", "http://localhost:8080/realms/breakpilot-dev"),
|
|
DatabaseURL: os.Getenv("DATABASE_URL"),
|
|
|
|
KeycloakAdminURL: os.Getenv("KEYCLOAK_ADMIN_URL"),
|
|
KeycloakRealm: getenv("KEYCLOAK_REALM", "breakpilot-dev"),
|
|
KeycloakClientID: os.Getenv("KEYCLOAK_CLIENT_ID"),
|
|
KeycloakClientSecret: os.Getenv("KEYCLOAK_CLIENT_SECRET"),
|
|
KeycloakTimeout: 10 * time.Second,
|
|
}, nil
|
|
}
|
|
|
|
func getenv(key, fallback string) string {
|
|
if v := os.Getenv(key); v != "" {
|
|
return v
|
|
}
|
|
return fallback
|
|
}
|