Bugfixes

samply · Nov 9, 2023 · 466d13d · 466d13d
1 parent a203d47
commit 466d13d
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 13 deletions.
diff --git a/central/src/keycloak.rs b/central/src/keycloak.rs
@@ -49,7 +49,10 @@ async fn get_access_token_via_admin_login() -> reqwest::Result<String> {
         access_token: String,
     }
     CLIENT
-        .post("http://localhost:1337/realms/master/protocol/openid-connect/token")
+        .post(&format!(
+            "{}/realms/master/protocol/openid-connect/token",
+            if cfg!(test) { "http://localhost:1337"} else { "http://keycloak:8080" }
+        ))
         .form(&json!({
             "client_id": "admin-cli",
             "username": "admin",
@@ -117,11 +120,11 @@ fn client_configs_match(a: &Value, b: &Value) -> bool {
 
 fn generate_client(name: &str, oidc_client_config: &OIDCConfig, secret: &str) -> Value {
     let secret = (!oidc_client_config.is_public).then_some(secret);
-    let name = format!("{name}-{}", if oidc_client_config.is_public { "public" } else { "private" });
+    let id = format!("{name}-{}", if oidc_client_config.is_public { "public" } else { "private" });
     let mut json = json!({
-        "name": name,
-        "id": name,
-        "clientId": name,
+        "name": id,
+        "id": id,
+        "clientId": id,
         "redirectUris": oidc_client_config.redirect_urls,
         "publicClient": oidc_client_config.is_public,
         "defaultClientScopes": [
@@ -139,7 +142,7 @@ fn generate_client(name: &str, oidc_client_config: &OIDCConfig, secret: &str) ->
             "protocolMapper": "oidc-audience-mapper",
             "consentRequired": false,
             "config": {
-                "included.client.audience": name,
+                "included.client.audience": id,
                 "id.token.claim": "true",
                 "access.token.claim": "true"
             }
@@ -181,7 +184,7 @@ async fn test_create_client() -> reqwest::Result<()> {
     assert!(dbg!(compare_clients(&token, name, &client_config, &conf, &pw).await?));
 
     // private client
-    let client_config = OIDCConfig { is_public: true, redirect_urls: vec!["http://foo/bar".into()] };
+    let client_config = OIDCConfig { is_public: false, redirect_urls: vec!["http://foo/bar".into()] };
     let (SecretResult::Created(pw) | SecretResult::AlreadyExisted(pw)) = dbg!(post_client(&token, name, &client_config, &conf).await?) else {
         panic!("Not created or existed")
     };
@@ -230,20 +233,21 @@ async fn post_client(
             } else {
                 Ok(CLIENT
                     .put(&format!(
-                        "{}/admin/realms/{}/clients/{name}",
-                        conf.keycloak_url, conf.keycloak_realm
+                        "{}/admin/realms/{}/clients/{}",
+                        conf.keycloak_url, conf.keycloak_realm,
+                        conflicting_client.get("clientId").and_then(Value::as_str).expect("We have a valid client")
                     ))
                     .bearer_auth(token)
                     .json(&generated_client)
                     .send()
                     .await?
                     .status()
                     .is_success()
-                    .then_some(SecretResult::Created(secret))
+                    .then_some(SecretResult::AlreadyExisted(secret))
                     .expect("We know the client already exists so updating should be successful"))
             }
         }
-        s => unreachable!("Unexpected statuscode {s} while creating keycloak client"),
+        s => unreachable!("Unexpected statuscode {s} while creating keycloak client. {res:?}"),
     }
 }
 

diff --git a/dev/docker-compose.yaml b/dev/docker-compose.yaml
@@ -25,6 +25,8 @@ services:
       context: ../
       dockerfile: Dockerfile.central
     image: samply/secret-sync-central:latest
+    depends_on:
+      - keycloak
     environment:
       - BEAM_URL=http://proxy:8082
       - BEAM_ID=app2.proxy2.broker

diff --git a/dev/start.sh b/dev/start.sh
@@ -60,4 +60,8 @@ echo "Args: $args"
 
 export ARGS=$args
 
-docker compose down && docker compose up $compose_arg
+if [ "$1" = "-r" ]; then
+    docker compose down -t 1 local central && docker compose up local central -d $compose_arg && docker compose logs local central -f
+else 
+    docker compose down -t 1 && docker compose up -d $compose_arg && docker compose logs -f
+fi
diff --git a/local/src/main.rs b/local/src/main.rs
@@ -75,7 +75,7 @@ async fn main() -> ExitCode {
             Ok(SecretResult::AlreadyExisted(secret)) => {
                 cache.entry(name.to_string())
                     .and_modify(|v| {
-                        println!("{name} was cached with a wrong secret so it has been updated.");
+                        println!("{name} was cached but needed to be updated.");
                         *v = secret.clone()
                     }).or_insert_with(|| {
                         println!("{name} already existed but was not cached.");