From 0254dd0baa0be4f8271ba607810a38d2f8a5256d Mon Sep 17 00:00:00 2001 From: Simon Engmann Date: Thu, 23 Jan 2025 13:40:04 +0100 Subject: [PATCH] refactor: speed up audience mapper validation (#961) Do not load all clients when validating client audience for audience mappers. Instead, try to fetch the client in question directly. Signed-off-by: Simon Engmann --- keycloak/openid_audience_protocol_mapper.go | 12 ++---------- ..._keycloak_openid_audience_protocol_mapper_test.go | 2 +- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/keycloak/openid_audience_protocol_mapper.go b/keycloak/openid_audience_protocol_mapper.go index 656fe99c1..c6ead139b 100644 --- a/keycloak/openid_audience_protocol_mapper.go +++ b/keycloak/openid_audience_protocol_mapper.go @@ -124,18 +124,10 @@ func (keycloakClient *KeycloakClient) ValidateOpenIdAudienceProtocolMapper(ctx c } if mapper.IncludedClientAudience != "" { - clients, err := keycloakClient.listGenericClients(ctx, mapper.RealmId) + _, err = keycloakClient.GetGenericClientByClientId(ctx, mapper.RealmId, mapper.IncludedClientAudience) if err != nil { - return err + return fmt.Errorf("validation error: %w", err) } - - for _, client := range clients { - if client.ClientId == mapper.IncludedClientAudience { - return nil - } - } - - return fmt.Errorf("validation error: client %s does not exist", mapper.IncludedClientAudience) } return nil diff --git a/provider/resource_keycloak_openid_audience_protocol_mapper_test.go b/provider/resource_keycloak_openid_audience_protocol_mapper_test.go index 20836ddfe..c75cba119 100644 --- a/provider/resource_keycloak_openid_audience_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_audience_protocol_mapper_test.go @@ -233,7 +233,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(t Steps: []resource.TestStep{ { Config: testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(clientId, mapperName), - ExpectError: regexp.MustCompile("validation error: client .+ does not exist"), + ExpectError: regexp.MustCompile("validation error: generic client with name \\S+ does not exist"), }, }, })