/* Copyright 2021. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package controllers import ( "context" "github.com/Nerzal/gocloak/v7" "github.com/go-logr/logr" apierrs "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" keycloakv1alpha1 "git.zom.bi/images/keycloak-operator/api/v1alpha1" "git.zom.bi/images/keycloak-operator/controllers/keycloak" ) // KeycloakClientReconciler reconciles a KeycloakClient object type KeycloakClientReconciler struct { client.Client Keycloak *keycloak.Keycloak Log logr.Logger Scheme *runtime.Scheme } // +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakclients,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakclients/status,verbs=get;update;patch // +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakclients/finalizers,verbs=update // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. // TODO(user): Modify the Reconcile function to compare the state specified by // the KeycloakClient object against the actual cluster state, and then // perform operations to make the cluster state reflect the state specified by // the user. // // For more details, check Reconcile and its Result here: // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.7.0/pkg/reconcile func (r *KeycloakClientReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { log := r.Log.WithValues("keycloakclient", req.NamespacedName) log.Info("reconciling") // We get the information from the CRD var client keycloakv1alpha1.KeycloakClient if err := r.Get(ctx, req.NamespacedName, &client); err != nil { if apierrs.IsNotFound(err) { // Client is already deleted via finalizer. return ctrl.Result{}, nil } } if !client.ObjectMeta.DeletionTimestamp.IsZero() { // is in the process of being deleted if containsString(client.ObjectMeta.Finalizers, FinalizerName) { // our finalizer is present, so lets handle any external dependency // We do not want to delete anything, so we just disable the client. disabled := gocloak.Client{ClientID: &client.Spec.ClientID, Enabled: gocloak.BoolP(false)} err := r.Keycloak.UpdateClient(ctx, client.Spec.RealmName, disabled) if err != nil { // if fail to delete the external dependency here, return with error // so that it can be retried return ctrl.Result{}, err } // remove our finalizer from the list and update it. client.ObjectMeta.Finalizers = removeString(client.ObjectMeta.Finalizers, FinalizerName) if err := r.Update(ctx, &client); err != nil { return ctrl.Result{}, err } log.Info("Deleted the client") } // done return ctrl.Result{}, nil } // Its not being deleted, so we seize the moment to take ownership. if !containsString(client.ObjectMeta.Finalizers, FinalizerName) { typeMeta := client.TypeMeta client.ObjectMeta.Finalizers = append(client.ObjectMeta.Finalizers, FinalizerName) if err := r.Update(ctx, &client); err != nil { return ctrl.Result{}, err } // restore the TypeMeta object as it is removed during Update, but need to be accessed later client.TypeMeta = typeMeta } // Convert Client keycloakClient, err := ConvertToClient(client) if err != nil { log.Error(err, "Could not convert client") return ctrl.Result{}, err } err = r.Keycloak.CreateClient(ctx, client.Spec.RealmName, keycloakClient) if err != nil { // try updating instead err := r.Keycloak.UpdateClient(ctx, client.Spec.RealmName, keycloakClient) if err != nil { log.Error(err, "Could not create/update client") return ctrl.Result{}, err } log.Info("Updated the client") return ctrl.Result{}, nil } client.Status.Available = true r.Status().Update(ctx, &client) log.Info("Successfully created client") return ctrl.Result{}, nil } // SetupWithManager sets up the controller with the Manager. func (r *KeycloakClientReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&keycloakv1alpha1.KeycloakClient{}). Complete(r) }