Use only plain hostname in Ingress (#30345)

Closes #30332

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
This commit is contained in:
Václav Muzikář 2024-06-12 08:54:54 +02:00 committed by GitHub
parent 375ea9da03
commit 0846181809
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 42 additions and 6 deletions

View file

@ -24,11 +24,14 @@ import io.javaoperatorsdk.operator.processing.dependent.kubernetes.CRUDKubernete
import io.javaoperatorsdk.operator.processing.dependent.kubernetes.KubernetesDependent; import io.javaoperatorsdk.operator.processing.dependent.kubernetes.KubernetesDependent;
import io.javaoperatorsdk.operator.processing.dependent.workflow.Condition; import io.javaoperatorsdk.operator.processing.dependent.workflow.Condition;
import io.quarkus.logging.Log;
import org.keycloak.operator.Constants; import org.keycloak.operator.Constants;
import org.keycloak.operator.Utils; import org.keycloak.operator.Utils;
import org.keycloak.operator.crds.v2alpha1.deployment.Keycloak; import org.keycloak.operator.crds.v2alpha1.deployment.Keycloak;
import org.keycloak.operator.crds.v2alpha1.deployment.spec.IngressSpec; import org.keycloak.operator.crds.v2alpha1.deployment.spec.IngressSpec;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap; import java.util.HashMap;
import java.util.Optional; import java.util.Optional;
@ -107,7 +110,17 @@ public class KeycloakIngressDependentResource extends CRUDKubernetesDependentRes
final var hostnameSpec = keycloak.getSpec().getHostnameSpec(); final var hostnameSpec = keycloak.getSpec().getHostnameSpec();
if (hostnameSpec != null && hostnameSpec.getHostname() != null) { if (hostnameSpec != null && hostnameSpec.getHostname() != null) {
ingress.getSpec().getRules().get(0).setHost(hostnameSpec.getHostname()); String hostname = hostnameSpec.getHostname();
try {
hostname = new URL(hostname).getHost();
Log.debug("Hostname is a URL, extracting host: " + hostname);
}
catch (MalformedURLException e) {
Log.debug("Hostname is not a URL, using as is: " + hostname);
}
ingress.getSpec().getRules().get(0).setHost(hostname);
} }
return ingress; return ingress;

View file

@ -41,7 +41,7 @@ public class IngressLogicTest {
static class MockKeycloakIngress { static class MockKeycloakIngress {
private static Keycloak getKeycloak(boolean tlsConfigured, IngressSpec ingressSpec) { private static Keycloak getKeycloak(boolean tlsConfigured, IngressSpec ingressSpec, String hostname) {
var kc = K8sUtils.getDefaultKeycloakDeployment(); var kc = K8sUtils.getDefaultKeycloakDeployment();
kc.getMetadata().setUid("this-is-a-fake-uid"); kc.getMetadata().setUid("this-is-a-fake-uid");
if (ingressSpec != null) { if (ingressSpec != null) {
@ -50,6 +50,9 @@ public class IngressLogicTest {
if (!tlsConfigured) { if (!tlsConfigured) {
kc.getSpec().getHttpSpec().setTlsSecret(null); kc.getSpec().getHttpSpec().setTlsSecret(null);
} }
if (hostname != null) {
kc.getSpec().getHostnameSpec().setHostname(hostname);
}
return kc; return kc;
} }
@ -58,10 +61,18 @@ public class IngressLogicTest {
} }
public static MockKeycloakIngress build(Boolean defaultIngressEnabled, boolean ingressExists, boolean ingressSpecDefined, boolean tlsConfigured) { public static MockKeycloakIngress build(Boolean defaultIngressEnabled, boolean ingressExists, boolean ingressSpecDefined, boolean tlsConfigured) {
return build(defaultIngressEnabled, ingressExists, ingressSpecDefined, tlsConfigured, null); return build(defaultIngressEnabled, ingressExists, ingressSpecDefined, tlsConfigured, null, null);
}
public static MockKeycloakIngress build(String hostname) {
return build(true, false, true, true, null, hostname);
} }
public static MockKeycloakIngress build(Boolean defaultIngressEnabled, boolean ingressExists, boolean ingressSpecDefined, boolean tlsConfigured, Map<String, String> annotations) { public static MockKeycloakIngress build(Boolean defaultIngressEnabled, boolean ingressExists, boolean ingressSpecDefined, boolean tlsConfigured, Map<String, String> annotations) {
return build(defaultIngressEnabled, ingressExists, ingressSpecDefined, tlsConfigured, annotations, null);
}
public static MockKeycloakIngress build(Boolean defaultIngressEnabled, boolean ingressExists, boolean ingressSpecDefined, boolean tlsConfigured, Map<String, String> annotations, String hostname) {
IngressSpec ingressSpec = null; IngressSpec ingressSpec = null;
if (ingressSpecDefined) { if (ingressSpecDefined) {
ingressSpec = new IngressSpec(); ingressSpec = new IngressSpec();
@ -72,7 +83,7 @@ public class IngressLogicTest {
ingressSpec.setAnnotations(annotations); ingressSpec.setAnnotations(annotations);
} }
} }
MockKeycloakIngress mock = new MockKeycloakIngress(tlsConfigured, ingressSpec); MockKeycloakIngress mock = new MockKeycloakIngress(tlsConfigured, ingressSpec, hostname);
mock.ingressExists = ingressExists; mock.ingressExists = ingressExists;
return mock; return mock;
} }
@ -82,8 +93,12 @@ public class IngressLogicTest {
private boolean deleted = false; private boolean deleted = false;
private Keycloak keycloak; private Keycloak keycloak;
public MockKeycloakIngress(boolean tlsConfigured, IngressSpec ingressSpec, String hostname) {
this.keycloak = getKeycloak(tlsConfigured, ingressSpec, hostname);
}
public MockKeycloakIngress(boolean tlsConfigured, IngressSpec ingressSpec) { public MockKeycloakIngress(boolean tlsConfigured, IngressSpec ingressSpec) {
this.keycloak = getKeycloak(tlsConfigured, ingressSpec); this(tlsConfigured, ingressSpec, null);
} }
public boolean reconciled() { public boolean reconciled() {
@ -101,7 +116,7 @@ public class IngressLogicTest {
} }
return Optional.empty(); return Optional.empty();
} }
return Optional.of(keycloakIngressDependentResource.desired(keycloak, null)); return Optional.of(keycloakIngressDependentResource.desired(keycloak, null));
} }
} }
@ -217,4 +232,12 @@ public class IngressLogicTest {
Ingress ingress = reconciled.map(Ingress.class::cast).orElseThrow(); Ingress ingress = reconciled.map(Ingress.class::cast).orElseThrow();
assertEquals("my-class", ingress.getSpec().getIngressClassName()); assertEquals("my-class", ingress.getSpec().getIngressClassName());
} }
@Test
public void testHostnameSanitizing() {
var kc = MockKeycloakIngress.build("https://my-other.example.com:443/my-path");
Optional<HasMetadata> reconciled = kc.getReconciledResource();
Ingress ingress = reconciled.map(Ingress.class::cast).orElseThrow();
assertEquals("my-other.example.com", ingress.getSpec().getRules().get(0).getHost());
}
} }