2021-01-10 17:06:01 +01:00
|
|
|
/*
|
|
|
|
Copyright 2021.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package controllers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
2021-01-11 06:32:28 +01:00
|
|
|
"github.com/Nerzal/gocloak/v7"
|
2021-01-10 17:06:01 +01:00
|
|
|
"github.com/go-logr/logr"
|
2021-01-10 23:49:22 +01:00
|
|
|
apierrs "k8s.io/apimachinery/pkg/api/errors"
|
2021-01-10 17:06:01 +01:00
|
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
|
|
ctrl "sigs.k8s.io/controller-runtime"
|
|
|
|
"sigs.k8s.io/controller-runtime/pkg/client"
|
|
|
|
|
|
|
|
keycloakv1alpha1 "git.zom.bi/images/keycloak-operator/api/v1alpha1"
|
2021-01-10 23:49:22 +01:00
|
|
|
"git.zom.bi/images/keycloak-operator/controllers/keycloak"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
// FinalizerName is the Name of our finalizer used by this package
|
|
|
|
FinalizerName = "finalizer.keycloak.bitmask.me"
|
2021-01-10 17:06:01 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// KeycloakRealmReconciler reconciles a KeycloakRealm object
|
|
|
|
type KeycloakRealmReconciler struct {
|
|
|
|
client.Client
|
2021-01-10 23:49:22 +01:00
|
|
|
Keycloak *keycloak.Keycloak
|
|
|
|
Log logr.Logger
|
|
|
|
Scheme *runtime.Scheme
|
2021-01-10 17:06:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms,verbs=get;list;watch;create;update;patch;delete
|
|
|
|
// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms/status,verbs=get;update;patch
|
|
|
|
// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms/finalizers,verbs=update
|
|
|
|
|
|
|
|
// Reconcile is part of the main kubernetes reconciliation loop which aims to
|
|
|
|
// move the current state of the cluster closer to the desired state.
|
|
|
|
// For more details, check Reconcile and its Result here:
|
|
|
|
// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.7.0/pkg/reconcile
|
|
|
|
func (r *KeycloakRealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
|
2021-01-10 23:49:22 +01:00
|
|
|
log := r.Log.WithValues("keycloakrealm", req.NamespacedName)
|
|
|
|
|
|
|
|
log.Info("reconciling")
|
|
|
|
|
2021-01-11 06:32:28 +01:00
|
|
|
// We get the information from the CRD
|
2021-01-10 23:49:22 +01:00
|
|
|
var realm keycloakv1alpha1.KeycloakRealm
|
|
|
|
if err := r.Get(ctx, req.NamespacedName, &realm); err != nil {
|
|
|
|
if apierrs.IsNotFound(err) {
|
2021-01-11 06:32:28 +01:00
|
|
|
// Realm is already deleted via finalizer.
|
2021-01-10 23:49:22 +01:00
|
|
|
return ctrl.Result{}, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-11 06:32:28 +01:00
|
|
|
if !realm.ObjectMeta.DeletionTimestamp.IsZero() {
|
|
|
|
// is in the process of being deleted
|
|
|
|
if containsString(realm.ObjectMeta.Finalizers, FinalizerName) {
|
|
|
|
// our finalizer is present, so lets handle any external dependency
|
|
|
|
|
|
|
|
// We do not want to delete anything, so we just disable the realm.
|
|
|
|
disabled := gocloak.RealmRepresentation{Realm: &realm.Spec.RealmName, Enabled: gocloak.BoolP(false)}
|
|
|
|
err := r.Keycloak.UpdateRealm(ctx, disabled)
|
|
|
|
if err != nil {
|
|
|
|
// if fail to delete the external dependency here, return with error
|
|
|
|
// so that it can be retried
|
|
|
|
return ctrl.Result{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// remove our finalizer from the list and update it.
|
|
|
|
realm.ObjectMeta.Finalizers = removeString(realm.ObjectMeta.Finalizers, FinalizerName)
|
|
|
|
if err := r.Update(ctx, &realm); err != nil {
|
|
|
|
return ctrl.Result{}, err
|
|
|
|
}
|
|
|
|
log.Info("Deleted the realm")
|
|
|
|
}
|
|
|
|
|
|
|
|
// done
|
2021-01-10 23:49:22 +01:00
|
|
|
return ctrl.Result{}, nil
|
|
|
|
}
|
|
|
|
|
2021-01-11 06:32:28 +01:00
|
|
|
// Its not being deleted, so we seize the moment to take ownership.
|
|
|
|
if !containsString(realm.ObjectMeta.Finalizers, FinalizerName) {
|
|
|
|
typeMeta := realm.TypeMeta
|
|
|
|
realm.ObjectMeta.Finalizers = append(realm.ObjectMeta.Finalizers, FinalizerName)
|
|
|
|
if err := r.Update(ctx, &realm); err != nil {
|
|
|
|
return ctrl.Result{}, err
|
|
|
|
}
|
|
|
|
// restore the TypeMeta object as it is removed during Update, but need to be accessed later
|
|
|
|
realm.TypeMeta = typeMeta
|
|
|
|
}
|
|
|
|
|
|
|
|
// Convert Realm
|
|
|
|
keycloakRealm, err := ConvertToRealm(realm)
|
|
|
|
if err != nil {
|
|
|
|
log.Error(err, "Could not convert realm")
|
|
|
|
return ctrl.Result{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
err = r.Keycloak.CreateRealm(ctx, keycloakRealm)
|
|
|
|
if err != nil {
|
|
|
|
// try updating instead
|
|
|
|
err := r.Keycloak.UpdateRealm(ctx, keycloakRealm)
|
|
|
|
if err != nil {
|
|
|
|
log.Error(err, "Could not create/update realm")
|
|
|
|
return ctrl.Result{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Info("Updated the realm")
|
|
|
|
return ctrl.Result{}, nil
|
|
|
|
}
|
2021-01-10 17:06:01 +01:00
|
|
|
|
2021-01-10 23:49:22 +01:00
|
|
|
realm.Status.Available = true
|
|
|
|
r.Status().Update(ctx, &realm)
|
2021-01-11 06:32:28 +01:00
|
|
|
log.Info("Successfully created realm")
|
2021-01-10 17:06:01 +01:00
|
|
|
|
|
|
|
return ctrl.Result{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetupWithManager sets up the controller with the Manager.
|
|
|
|
func (r *KeycloakRealmReconciler) SetupWithManager(mgr ctrl.Manager) error {
|
|
|
|
return ctrl.NewControllerManagedBy(mgr).
|
|
|
|
For(&keycloakv1alpha1.KeycloakRealm{}).
|
|
|
|
Complete(r)
|
|
|
|
}
|