From 33f580daa47642f2660f5587603ce3893a8f6c8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=A1clav=20Muzik=C3=A1=C5=99?= Date: Wed, 10 Apr 2024 18:56:47 +0200 Subject: [PATCH] Hostname v2 for Operator (#28599) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes #27728 Signed-off-by: Václav Muzikář --- .../operator/advanced-configuration.adoc | 7 +++---- .../controllers/KeycloakDistConfigurator.java | 3 ++- .../deployment/spec/HostnameSpec.java | 21 ++++++++++++++----- .../integration/KeycloakDeploymentTest.java | 3 --- .../unit/KeycloakDistConfiguratorTest.java | 2 ++ .../test-serialization-keycloak-cr.yml | 1 + 6 files changed, 24 insertions(+), 13 deletions(-) diff --git a/docs/guides/operator/advanced-configuration.adoc b/docs/guides/operator/advanced-configuration.adoc index c4b874c342..e0572e5ef0 100644 --- a/docs/guides/operator/advanced-configuration.adoc +++ b/docs/guides/operator/advanced-configuration.adoc @@ -44,10 +44,10 @@ spec: httpsPort: 8543 tlsSecret: my-tls-secret hostname: - hostname: my-hostname - admin: my-admin-hostname + hostname: https://my-hostname.tld + admin: https://my-hostname.tld/admin strict: false - strictBackchannel: false + backchannelDynamic: true features: enabled: - docker @@ -168,7 +168,6 @@ spec: httpEnabled: true hostname: strict: false - strictBackchannel: false ---- === Resource requirements diff --git a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDistConfigurator.java b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDistConfigurator.java index 50d5d73bde..b35304800e 100644 --- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDistConfigurator.java +++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDistConfigurator.java @@ -91,7 +91,8 @@ public class KeycloakDistConfigurator { .mapOption("hostname-admin", HostnameSpec::getAdmin) .mapOption("hostname-admin-url", HostnameSpec::getAdminUrl) .mapOption("hostname-strict", HostnameSpec::isStrict) - .mapOption("hostname-strict-backchannel", HostnameSpec::isStrictBackchannel); + .mapOption("hostname-strict-backchannel", HostnameSpec::isStrictBackchannel) + .mapOption("hostname-backchannel-dynamic", HostnameSpec::isBackchannelDynamic); } void configureFeatures() { diff --git a/operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/spec/HostnameSpec.java b/operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/spec/HostnameSpec.java index 87e142b73e..97be1e064b 100644 --- a/operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/spec/HostnameSpec.java +++ b/operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/spec/HostnameSpec.java @@ -27,21 +27,24 @@ import java.io.Serializable; @Buildable(editableEnabled = false, builderPackage = "io.fabric8.kubernetes.api.builder") public class HostnameSpec implements Serializable { - @JsonPropertyDescription("Hostname for the Keycloak server.") + @JsonPropertyDescription("Hostname for the Keycloak server. Applicable for Hostname v1 and v2.") private String hostname; - @JsonPropertyDescription("The hostname for accessing the administration console.") + @JsonPropertyDescription("The hostname for accessing the administration console. Applicable for Hostname v1 and v2.") private String admin; - @JsonPropertyDescription("Set the base URL for accessing the administration console, including scheme, host, port and path") + @JsonPropertyDescription("DEPRECATED. Sets the base URL for accessing the administration console, including scheme, host, port and path. Applicable for Hostname v1.") private String adminUrl; - @JsonPropertyDescription("Disables dynamically resolving the hostname from request headers.") + @JsonPropertyDescription("Disables dynamically resolving the hostname from request headers. Applicable for Hostname v1 and v2.") private Boolean strict; - @JsonPropertyDescription("By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications.") + @JsonPropertyDescription("DEPRECATED. By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. Applicable for Hostname v1.") private Boolean strictBackchannel; + @JsonPropertyDescription("Enables dynamic resolving of backchannel URLs, including hostname, scheme, port and context path. Set to true if your application accesses Keycloak via a private network. Applicable for Hostname v2.") + private Boolean backchannelDynamic; + public String getHostname() { return hostname; } @@ -81,4 +84,12 @@ public class HostnameSpec implements Serializable { public void setStrictBackchannel(Boolean strictBackchannel) { this.strictBackchannel = strictBackchannel; } + + public Boolean isBackchannelDynamic() { + return backchannelDynamic; + } + + public void setBackchannelDynamic(Boolean backchannelDynamic) { + this.backchannelDynamic = backchannelDynamic; + } } \ No newline at end of file diff --git a/operator/src/test/java/org/keycloak/operator/testsuite/integration/KeycloakDeploymentTest.java b/operator/src/test/java/org/keycloak/operator/testsuite/integration/KeycloakDeploymentTest.java index 87c97681da..0dcef53317 100644 --- a/operator/src/test/java/org/keycloak/operator/testsuite/integration/KeycloakDeploymentTest.java +++ b/operator/src/test/java/org/keycloak/operator/testsuite/integration/KeycloakDeploymentTest.java @@ -325,7 +325,6 @@ public class KeycloakDeploymentTest extends BaseOperatorTest { var kc = getTestKeycloakDeployment(true); var hostnameSpec = new HostnameSpecBuilder() .withStrict(false) - .withStrictBackchannel(false) .build(); kc.getSpec().setHostnameSpec(hostnameSpec); @@ -354,7 +353,6 @@ public class KeycloakDeploymentTest extends BaseOperatorTest { var hostnameSpec = new HostnameSpecBuilder() .withStrict(false) - .withStrictBackchannel(false) .build(); kc.getSpec().setHostnameSpec(hostnameSpec); @@ -375,7 +373,6 @@ public class KeycloakDeploymentTest extends BaseOperatorTest { var hostnameSpec = new HostnameSpecBuilder() .withStrict(false) - .withStrictBackchannel(false) .build(); kc.getSpec().setHostnameSpec(hostnameSpec); diff --git a/operator/src/test/java/org/keycloak/operator/testsuite/unit/KeycloakDistConfiguratorTest.java b/operator/src/test/java/org/keycloak/operator/testsuite/unit/KeycloakDistConfiguratorTest.java index aed62eadf6..302adfe8ad 100644 --- a/operator/src/test/java/org/keycloak/operator/testsuite/unit/KeycloakDistConfiguratorTest.java +++ b/operator/src/test/java/org/keycloak/operator/testsuite/unit/KeycloakDistConfiguratorTest.java @@ -116,6 +116,7 @@ public class KeycloakDistConfiguratorTest { "hostname-admin-url", "https://www.my-admin-hostname.org:8448/something", "hostname-strict", "true", "hostname-strict-backchannel", "true", + "hostname-backchannel-dynamic", "true", "hostname-admin", "my-admin-hostname" ); @@ -133,6 +134,7 @@ public class KeycloakDistConfiguratorTest { assertEnvVarNotPresent(envVars, "KC_HOSTNAME_ADMIN_URL"); assertEnvVarNotPresent(envVars, "KC_HOSTNAME_STRICT"); assertEnvVarNotPresent(envVars, "KC_HOSTNAME_STRICT_BACKCHANNEL"); + assertEnvVarNotPresent(envVars, "KC_HOSTNAME_BACKCHANNEL_DYNAMIC"); } @Test diff --git a/operator/src/test/resources/test-serialization-keycloak-cr.yml b/operator/src/test/resources/test-serialization-keycloak-cr.yml index 22a622418a..f370f8c6e1 100644 --- a/operator/src/test/resources/test-serialization-keycloak-cr.yml +++ b/operator/src/test/resources/test-serialization-keycloak-cr.yml @@ -43,6 +43,7 @@ spec: adminUrl: https://www.my-admin-hostname.org:8448/something strict: true strictBackchannel: true + backchannelDynamic: true cache: configMapFile: name: my-config-map