Added Keycloak Admin-UI for configuring the OPA Policy Type

EOEPCA · Oct 2, 2024 · 09b8529 · 09b8529
1 parent 963a2b4
commit 09b8529
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 5 deletions.
diff --git a/build.gradle b/build.gradle
@@ -13,11 +13,10 @@
 
 plugins {
     id 'java'
-//    id "com.palantir.docker-compose" version "0.36.0"
 }
 
 group 'org.example'
-version '0.1-SNAPSHOT'
+version '0.3'
 
 def dockerRegistry = project.properties['dockerRegistry']
 def dockerRegistryPrefix = dockerRegistry ? dockerRegistry + '/' : ''

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
@@ -11,11 +11,17 @@
 
 # Dockerfile to create a Keycloak container with the plugin already installed
 
-FROM docker.io/bitnami/keycloak:latest
+# Tie to revision 24.0.5 for now in order to avoid having different Keycloak versions on different platforms.
+# Note: Image -r8 does not seem to work with Helm chart 21.4.4, so use -r0 for now.
+FROM docker.io/bitnami/keycloak:24.0.5-debian-12-r0
+#FROM docker.io/bitnami/keycloak:latest
 
 # Keycloak OPA adapter
 COPY build/libs/keycloak-opa-plugin-*.jar /opt/bitnami/keycloak/providers
 
+# Copy Keycloak Admin UI Theme into Container
+COPY src/main/docker/keycloak-admin-ui*.jar /opt/bitnami/keycloak/providers
+
 RUN mkdir /opt/bitnami/keycloak/conf/opa-policies
 
 RUN /opt/bitnami/keycloak/bin/kc.sh build

diff --git a/src/main/docker/keycloak-admin-ui-24.0.5-OPA.jar b/src/main/docker/keycloak-admin-ui-24.0.5-OPA.jar
diff --git a/src/main/java/de/werum/eo/keycloak/authorization/provider/opa/OpaPolicyProviderFactory.java b/src/main/java/de/werum/eo/keycloak/authorization/provider/opa/OpaPolicyProviderFactory.java
@@ -15,7 +15,9 @@
 
 import java.io.File;
 import java.net.URI;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import org.jboss.logging.Logger;
 import org.keycloak.Config;
@@ -92,6 +94,16 @@ public void init( Config.Scope config ) {
       System.out.println( "Property names: " + config.getPropertyNames() );
    }
 
+   @Override
+   public void onCreate(Policy policy, OpaPolicyRepresentation representation, AuthorizationProvider authorization) {
+      updatePolicy(policy, representation);
+   }
+
+   @Override
+   public void onUpdate(Policy policy, OpaPolicyRepresentation representation, AuthorizationProvider authorization) {
+      updatePolicy(policy, representation);
+   }
+
    @Override
    public void postInit( KeycloakSessionFactory factory ) {
 
@@ -113,4 +125,12 @@ public List<ProviderConfigProperty> getConfigMetadata( ) {
                   ProviderConfigProperty.STRING_TYPE, "${jboss.server.config.dir}/opa-policies"));
 //      return PolicyProviderFactory.super.getConfigMetadata();
    }
+
+   private void updatePolicy(Policy policy, OpaPolicyRepresentation representation) {
+      Map<String, String> config = new HashMap<>(policy.getConfig());
+
+      config.put("policyPath", representation.getPolicyPath());
+
+      policy.setConfig(config);
+   }
 }
diff --git a/src/main/java/de/werum/eo/keycloak/authorization/provider/opa/OpaPolicyRepresentation.java b/src/main/java/de/werum/eo/keycloak/authorization/provider/opa/OpaPolicyRepresentation.java
@@ -13,7 +13,7 @@
 
 package de.werum.eo.keycloak.authorization.provider.opa;
 
-import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
+import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
 
 /**
  * Policy representation for OPA-based policies.
@@ -22,7 +22,7 @@
  * @version SVN $Revision$ $Date$
  * @since
  */
-public class OpaPolicyRepresentation extends JSPolicyRepresentation/*AbstractPolicyRepresentation*/ { // TODO: Revert to AbstractPolicyRepresentation when UI is ready!
+public class OpaPolicyRepresentation extends AbstractPolicyRepresentation {
 
    private String policyPath;
 
@@ -38,4 +38,6 @@ public String getPolicyPath( ) {
    public void setPolicyPath( String policyPath ) {
       this.policyPath = policyPath;
    }
+
+
 }