feat: add ent storage support for client_credentials_claims

Add the client_credentials_claims field to the ent ORM schema and
update the storage client to persist and retrieve it. Also fix gci
import formatting in handlers_test.go.

Signed-off-by: Carles Arnal <carnalca@redhat.com>
Signed-off-by: Carles Arnal <carlesarnal92@gmail.com>

Author: carlesarnal

server/handlers_test.go

@@ -1077,7 +1077,7 @@ func TestHandleClientCredentials(t *testing.T) {
 		wantAccessTok           bool
 		wantIDToken             bool
 		wantUsername            string
-		wantGroups             []string
+		wantGroups              []string
 	}{
 		{
 			name:          "Basic grant, no scopes",
@@ -1118,17 +1118,17 @@ func TestHandleClientCredentials(t *testing.T) {
 			wantUsername:  "Test Client",
 		},
 		{
-			name:          "With groups scope and clientCredentialsClaims groups populated",
-			clientID:      "test",
-			clientSecret:  "barfoo",
+			name:         "With groups scope and clientCredentialsClaims groups populated",
+			clientID:     "test",
+			clientSecret: "barfoo",
 			clientCredentialsClaims: &storage.ClientCredentialsClaims{
 				Groups: []string{"admin-group", "dev-group"},
 			},
 			scopes:        "openid groups",
 			wantCode:      200,
 			wantAccessTok: true,
 			wantIDToken:   true,
-			wantGroups:   []string{"admin-group", "dev-group"},
+			wantGroups:    []string{"admin-group", "dev-group"},
 		},
 		{
 			name:          "With groups scope but no clientCredentialsClaims configured",
@@ -1179,10 +1179,10 @@ func TestHandleClientCredentials(t *testing.T) {
 
 			// Create a confidential client for testing.
 			err := s.storage.CreateClient(ctx, storage.Client{
-				ID:                     "test",
-				Secret:                 "barfoo",
-				RedirectURIs:           []string{"https://example.com/callback"},
-				Name:                   "Test Client",
+				ID:                      "test",
+				Secret:                  "barfoo",
+				RedirectURIs:            []string{"https://example.com/callback"},
+				Name:                    "Test Client",
 				ClientCredentialsClaims: tc.clientCredentialsClaims,
 			})
 			require.NoError(t, err)
@@ -1241,7 +1241,7 @@ func TestHandleClientCredentials(t *testing.T) {
 					var claims struct {
 						Name              string   `json:"name"`
 						PreferredUsername string   `json:"preferred_username"`
-						Groups           []string `json:"groups"`
+						Groups            []string `json:"groups"`
 					}
 					require.NoError(t, idToken.Claims(&claims))
 

storage/ent/client/client.go

@@ -8,7 +8,7 @@ import (
 
 // CreateClient saves provided oauth2 client settings into the database.
 func (d *Database) CreateClient(ctx context.Context, client storage.Client) error {
-	_, err := d.client.OAuth2Client.Create().
+	create := d.client.OAuth2Client.Create().
 		SetID(client.ID).
 		SetName(client.Name).
 		SetSecret(client.Secret).
@@ -17,8 +17,11 @@ func (d *Database) CreateClient(ctx context.Context, client storage.Client) erro
 		SetRedirectUris(client.RedirectURIs).
 		SetTrustedPeers(client.TrustedPeers).
 		SetAllowedConnectors(client.AllowedConnectors).
-		SetMfaChain(client.MFAChain).
-		Save(ctx)
+		SetMfaChain(client.MFAChain)
+	if client.ClientCredentialsClaims != nil {
+		create = create.SetClientCredentialsClaims(client.ClientCredentialsClaims)
+	}
+	_, err := create.Save(ctx)
 	if err != nil {
 		return convertDBError("create oauth2 client: %w", err)
 	}
@@ -74,16 +77,21 @@ func (d *Database) UpdateClient(ctx context.Context, id string, updater func(old
 		return rollback(tx, "update client updating: %w", err)
 	}
 
-	_, err = tx.OAuth2Client.UpdateOneID(newClient.ID).
+	update := tx.OAuth2Client.UpdateOneID(newClient.ID).
 		SetName(newClient.Name).
 		SetSecret(newClient.Secret).
 		SetPublic(newClient.Public).
 		SetLogoURL(newClient.LogoURL).
 		SetRedirectUris(newClient.RedirectURIs).
 		SetTrustedPeers(newClient.TrustedPeers).
 		SetAllowedConnectors(newClient.AllowedConnectors).
-		SetMfaChain(newClient.MFAChain).
-		Save(ctx)
+		SetMfaChain(newClient.MFAChain)
+	if newClient.ClientCredentialsClaims != nil {
+		update = update.SetClientCredentialsClaims(newClient.ClientCredentialsClaims)
+	} else {
+		update = update.ClearClientCredentialsClaims()
+	}
+	_, err = update.Save(ctx)
 	if err != nil {
 		return rollback(tx, "update client uploading: %w", err)
 	}

storage/ent/client/types.go

@@ -88,8 +88,9 @@ func toStorageClient(c *db.OAuth2Client) storage.Client {
 		Public:            c.Public,
 		Name:              c.Name,
 		LogoURL:           c.LogoURL,
-		AllowedConnectors: c.AllowedConnectors,
-		MFAChain:          c.MfaChain,
+		AllowedConnectors:      c.AllowedConnectors,
+		MFAChain:               c.MfaChain,
+		ClientCredentialsClaims: c.ClientCredentialsClaims,
 	}
 }