From 759e2f05379ad78b19b45c3953ec9e5ea57c4c5f Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 6 Mar 2026 10:48:36 +0100 Subject: [PATCH] chore: remove purge option from Keycloack Since we introduced the role type, this is not needed anymore. Signed-off-by: William Phetsinorath Change-Id: Iac8edc636ed4a36e9931232dc1dc03d26a6a6964 --- plugins/keycloak/src/functions.ts | 53 +++++++++++-------------------- plugins/keycloak/src/infos.ts | 16 +--------- 2 files changed, 20 insertions(+), 49 deletions(-) diff --git a/plugins/keycloak/src/functions.ts b/plugins/keycloak/src/functions.ts index 54ce779c1..2aa566c6e 100644 --- a/plugins/keycloak/src/functions.ts +++ b/plugins/keycloak/src/functions.ts @@ -1,6 +1,6 @@ import type { AdminRole, Project, StepCall, UserEmail, ZoneObject, ProjectMemberPayload } from '@cpn-console/hooks' import type { ProjectRole } from '@cpn-console/shared' -import { generateRandomPassword, parseError, PluginResultBuilder, specificallyDisabled } from '@cpn-console/hooks' +import { generateRandomPassword, parseError, PluginResultBuilder } from '@cpn-console/hooks' import type GroupRepresentation from '@keycloak/keycloak-admin-client/lib/defs/groupRepresentation.js' import type ClientRepresentation from '@keycloak/keycloak-admin-client/lib/defs/clientRepresentation.js' import type { CustomGroup } from './group.js' @@ -60,12 +60,11 @@ export const deleteProject: StepCall = async ({ args: project }) => { } } -export const upsertProject: StepCall = async ({ args: project, config }) => { +export const upsertProject: StepCall = async ({ args: project }) => { const pluginResult = new PluginResultBuilder('Up-to-date') try { const kcClient = await getkcClient() const projectName = project.slug - const purge = config.keycloak?.purge const projectGroup = await getOrCreateProjectGroup(kcClient, projectName) const groupMembers = await kcClient.groups.listMembers({ id: projectGroup.id }) @@ -73,19 +72,15 @@ export const upsertProject: StepCall = async ({ args: project, config } await Promise.all([ ...groupMembers.map((member) => { if (!project.users.some(({ id }) => id === member.id)) { - if (specificallyDisabled(purge)) { - return kcClient.users.delFromGroup({ + return kcClient.users.delFromGroup({ // @ts-ignore id is present on user, bad typing in lib - id: member.id, - groupId: projectGroup.id, + id: member.id, + groupId: projectGroup.id, + }) + .catch((err) => { + pluginResult.addKoMessage(`Can't remove ${member.email} from keycloak project group`) + pluginResult.addExtra(`remove-${member.id}`, err) }) - .catch((err) => { - pluginResult.addKoMessage(`Can't remove ${member.email} from keycloak project group`) - pluginResult.addExtra(`remove-${member.id}`, err) - }) - } else { - console.warn(`User ${member.email} is not in project ${projectName} anymore, but purge is disabled`) - } } return undefined }), @@ -228,10 +223,9 @@ export const deleteZone: StepCall = async ({ args: zone }) => { } } -export const upsertAdminRole: StepCall = async ({ args: role, config }) => { +export const upsertAdminRole: StepCall = async ({ args: role }) => { if (!role.oidcGroup) return { status: { result: 'OK', message: 'No OIDC Group defined' } } const pluginResult = new PluginResultBuilder('Up-to-date') - const purge = config.keycloak?.purge try { const kcClient = await getkcClient() const group = await getOrCreateGroupByPath(kcClient, role.oidcGroup) @@ -240,18 +234,14 @@ export const upsertAdminRole: StepCall = async ({ args: role, config await Promise.all([ ...groupMembers.map((member) => { if (member.id && !role.members.some(({ id }) => id === member.id)) { - if (specificallyDisabled(purge)) { - return kcClient.users.delFromGroup({ - id: member.id, - groupId: group!.id!, + return kcClient.users.delFromGroup({ + id: member.id, + groupId: group!.id!, + }) + .catch((err) => { + pluginResult.addKoMessage(`Can't remove ${member.email} from keycloak admin group`) + pluginResult.addExtra(`remove-${member.id}`, err) }) - .catch((err) => { - pluginResult.addKoMessage(`Can't remove ${member.email} from keycloak admin group`) - pluginResult.addExtra(`remove-${member.id}`, err) - }) - } else { - console.warn(`User ${member.email} is not in admin role ${role.oidcGroup} anymore, but purge is disabled`) - } } return undefined }), @@ -386,9 +376,8 @@ export const deleteProjectRole: StepCall = async ({ args: role }) = } } -export const upsertProjectMember: StepCall = async ({ args: member, config }) => { +export const upsertProjectMember: StepCall = async ({ args: member }) => { const pluginResult = new PluginResultBuilder('Synced') - const purge = config.keycloak?.purge try { const kcClient = await getkcClient() @@ -410,11 +399,7 @@ export const upsertProjectMember: StepCall = async ({ args if (shouldBeMember && !isMember) { await kcClient.users.addToGroup({ id: member.userId, groupId: roleGroup.id }) } else if (!shouldBeMember && isMember) { - if (specificallyDisabled(purge)) { - await kcClient.users.delFromGroup({ id: member.userId, groupId: roleGroup.id }) - } else { - console.warn(`User ${member.email} is not in project ${member.project.slug} anymore, but purge is disabled`) - } + await kcClient.users.delFromGroup({ id: member.userId, groupId: roleGroup.id }) } } diff --git a/plugins/keycloak/src/infos.ts b/plugins/keycloak/src/infos.ts index 6162c251d..3b3980194 100644 --- a/plugins/keycloak/src/infos.ts +++ b/plugins/keycloak/src/infos.ts @@ -1,24 +1,10 @@ import type { ServiceInfos } from '@cpn-console/hooks' -import { DISABLED } from '@cpn-console/shared' const infos: ServiceInfos = { name: 'keycloak', title: 'Keycloak', config: { - global: [ - { - kind: 'switch', - key: 'purge', - initialValue: DISABLED, - permissions: { - admin: { read: true, write: true }, - user: { read: false, write: false }, - }, - title: 'Purger les utilisateurs non synchronisés', - value: DISABLED, - description: 'Purger les utilisateurs non synchronisés de Keycloak lors de la synchronisation', - }, - ], + global: [], project: [], }, }