feat: Add Scopes to KeycloakClient Authorization spec (#41)

[dougkirkley]

Pull Request Template

Description

When using the new Authorization field for KeycloakClient (Thanks for adding that feature), if the permission is scoped based, then the scope needs to exist in the Authorization Scopes for the Client.

Fixes #41

Type of change

• [ ] Bug fix (non-breaking change which fixes an issue)
• [X] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)

How Has This Been Tested?

Checklist:

• [x] I have performed a self-review of my own code
• [ ] I have commented my code, particularly in hard-to-understand areas
• [x] I have made corresponding changes to the documentation
• [ ] My changes generate no new warnings
• [x] I have added tests that prove my fix is effective or that my feature works
• [x] New and existing unit tests pass locally with my changes
• [x] Pull Request contain one commit. I squash my commits

[zmotso]

For some reason, mockery v2.38.0 isn't working with the go 1.22 version. We use go 1.20 for this operator. To not play with go versions - please try docker run -v "$PWD":/src -w /src vektra/mockery:v2.38.0 instead of make mocks.

[dougkirkley]

Seems like it's not just mockery, so I'll have to download the older go version to get the CRDs all updated.

[dougkirkley]

Currently trying to get all my mocks added and running into some issues. No idea where the first code block is coming from, because that function signature is not in the client interface

CreateScope(context.backgroundCtx,string,string,string,gocloak.ScopeRepresentation)
                0: context.backgroundCtx{emptyCtx:context.emptyCtx{}}
                1: "token"
                2: "rl"
                3: "cl"
                4: gocloak.ScopeRepresentation{DisplayName:(*string)(nil), IconURI:(*string)(nil), ID:(*string)(nil), Name:(*string)(0x1400004ce20), Policies:(*[]gocloak.PolicyRepresentation)(nil), Resources:(*[]gocloak.ResourceRepresentation)(nil)}

        The closest call I have is: 

        CreateScope(string,string,string,string,string)
                0: "mock.Anything"
                1: "token"
                2: "rl"
                3: "clid1"
                4: "token-exchange"

[zmotso]

Ensure you create mocks by mocks.NewMockClient(t).

Test example:

func TestProcessScope_Serve(t *testing.T) {
    m := mocks.NewMockClient(t)
    m.On("GetClientID", "test", "realm").Return("clientID", nil)
    m.On("GetScopes", mock.Anything, "realm", "clientID").Return(nil, nil)
    m.On("CreateScope", mock.Anything, "realm", "clientID", "scope").Return(nil, nil)

    h := NewProcessScope(m)
    kc := &keycloakApi.KeycloakClient{
        Spec: keycloakApi.KeycloakClientSpec{
            ClientId: "test",
            Authorization: &keycloakApi.Authorization{
                Scopes: []string{"scope"},
            },
        },
    }

    err := h.Serve(context.Background(), kc, "realm")
    require.NoError(t, err)
}

[dougkirkley]

Okay, I was just copying the test from TestGoCloakAdapter_AddDefaultScopeToClient originally.

[dougkirkley]

@zmotso I figured out the testing, thanks for pointing me to the actual chain testing, I was trying to add it to the adapter tests.

[dougkirkley]

@zmotso This is ready for review now

[zmotso]

@SergK Please check this PR. We can merge it.

[dougkirkley]

Not sure why the commit message check is failing, it looks right to me

[SergK]

@dougkirkley yep issue is on our side, I will align PR title to our pipelines, and later we will fix CI in a proper way

[SergK]

@dougkirkley Thank you for contribution, we'll fix CI on our side