keycloak-operator/controllers/keycloakclient_controller.go

/*
Copyright 2021.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package controllers

import (
	"context"

	"github.com/Nerzal/gocloak/v7"
	"github.com/go-logr/logr"
	apierrs "k8s.io/apimachinery/pkg/api/errors"
	"k8s.io/apimachinery/pkg/runtime"
	ctrl "sigs.k8s.io/controller-runtime"
	"sigs.k8s.io/controller-runtime/pkg/client"

	keycloakv1alpha1 "git.zom.bi/images/keycloak-operator/api/v1alpha1"
	"git.zom.bi/images/keycloak-operator/controllers/keycloak"
)

// KeycloakClientReconciler reconciles a KeycloakClient object
type KeycloakClientReconciler struct {
	client.Client
	Keycloak *keycloak.Keycloak
	Log      logr.Logger
	Scheme   *runtime.Scheme
}

// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakclients,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakclients/status,verbs=get;update;patch
// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakclients/finalizers,verbs=update

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
// TODO(user): Modify the Reconcile function to compare the state specified by
// the KeycloakClient object against the actual cluster state, and then
// perform operations to make the cluster state reflect the state specified by
// the user.
//
// For more details, check Reconcile and its Result here:
// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.7.0/pkg/reconcile
func (r *KeycloakClientReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
	log := r.Log.WithValues("keycloakclient", req.NamespacedName)

	log.Info("reconciling")

	// We get the information from the CRD
	var client keycloakv1alpha1.KeycloakClient
	if err := r.Get(ctx, req.NamespacedName, &client); err != nil {
		if apierrs.IsNotFound(err) {
			// Client is already deleted via finalizer.
			return ctrl.Result{}, nil
		}
	}

	if !client.ObjectMeta.DeletionTimestamp.IsZero() {
		// is in the process of being deleted
		if containsString(client.ObjectMeta.Finalizers, FinalizerName) {
			// our finalizer is present, so lets handle any external dependency

			// We do not want to delete anything, so we just disable the client.
			disabled := gocloak.Client{ClientID: &client.Spec.ClientID, Enabled: gocloak.BoolP(false)}
			err := r.Keycloak.UpdateClient(ctx, client.Spec.RealmName, disabled)
			if err != nil {
				// if fail to delete the external dependency here, return with error
				// so that it can be retried
				return ctrl.Result{}, err
			}

			// remove our finalizer from the list and update it.
			client.ObjectMeta.Finalizers = removeString(client.ObjectMeta.Finalizers, FinalizerName)
			if err := r.Update(ctx, &client); err != nil {
				return ctrl.Result{}, err
			}
			log.Info("Deleted the client")
		}

		// done
		return ctrl.Result{}, nil
	}

	// Its not being deleted, so we seize the moment to take ownership.
	if !containsString(client.ObjectMeta.Finalizers, FinalizerName) {
		typeMeta := client.TypeMeta
		client.ObjectMeta.Finalizers = append(client.ObjectMeta.Finalizers, FinalizerName)
		if err := r.Update(ctx, &client); err != nil {
			return ctrl.Result{}, err
		}
		// restore the TypeMeta object as it is removed during Update, but need to be accessed later
		client.TypeMeta = typeMeta
	}

	// Convert Client
	keycloakClient, err := ConvertToClient(client)
	if err != nil {
		log.Error(err, "Could not convert client")
		return ctrl.Result{}, err
	}

	err = r.Keycloak.CreateClient(ctx, client.Spec.RealmName, keycloakClient)
	if err != nil {
		// try updating instead
		err := r.Keycloak.UpdateClient(ctx, client.Spec.RealmName, keycloakClient)
		if err != nil {
			log.Error(err, "Could not create/update client")
			return ctrl.Result{}, err
		}

		log.Info("Updated the client")
		return ctrl.Result{}, nil
	}

	client.Status.Available = true
	r.Status().Update(ctx, &client)
	log.Info("Successfully created client")

	return ctrl.Result{}, nil
}

// SetupWithManager sets up the controller with the Manager.
func (r *KeycloakClientReconciler) SetupWithManager(mgr ctrl.Manager) error {
	return ctrl.NewControllerManagedBy(mgr).
		For(&keycloakv1alpha1.KeycloakClient{}).
		Complete(r)
}