libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Use the entire podTemplateSpec to spawn the realm-import job

Browse source
This commit is contained in:
andreaTP 2022-05-05 18:48:03 +01:00 committed by Pedro Igor
parent 8e1f67b0c4
commit 76f83f0ab2
4 changed files with 34 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java
View file

@ -134,6 +134,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
if (overlayTemplate.getSpec() != null && if (overlayTemplate.getSpec() != null &&
overlayTemplate.getSpec().getContainers() != null && overlayTemplate.getSpec().getContainers() != null &&
overlayTemplate.getSpec().getContainers().size() > 0 &&
overlayTemplate.getSpec().getContainers().get(0) != null && overlayTemplate.getSpec().getContainers().get(0) != null &&
overlayTemplate.getSpec().getContainers().get(0).getName() != null) { overlayTemplate.getSpec().getContainers().get(0).getName() != null) {
status.addWarningMessage("The name of the keycloak container cannot be modified"); status.addWarningMessage("The name of the keycloak container cannot be modified");
@ -141,6 +142,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
if (overlayTemplate.getSpec() != null && if (overlayTemplate.getSpec() != null &&
overlayTemplate.getSpec().getContainers() != null && overlayTemplate.getSpec().getContainers() != null &&
overlayTemplate.getSpec().getContainers().size() > 0 &&
overlayTemplate.getSpec().getContainers().get(0) != null && overlayTemplate.getSpec().getContainers().get(0) != null &&
overlayTemplate.getSpec().getContainers().get(0).getImage() != null) { overlayTemplate.getSpec().getContainers().get(0).getImage() != null) {
status.addWarningMessage("The image of the keycloak container cannot be modified using podTemplate"); status.addWarningMessage("The image of the keycloak container cannot be modified using podTemplate");

40
operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakRealmImportJob.java
View file

@ -18,6 +18,7 @@ package org.keycloak.operator.v2alpha1;
import io.fabric8.kubernetes.api.model.Container; import io.fabric8.kubernetes.api.model.Container;
import io.fabric8.kubernetes.api.model.HasMetadata; import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.PodTemplateSpec;
import io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder; import io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder;
import io.fabric8.kubernetes.api.model.Volume; import io.fabric8.kubernetes.api.model.Volume;
import io.fabric8.kubernetes.api.model.VolumeBuilder; import io.fabric8.kubernetes.api.model.VolumeBuilder;
@ -86,20 +87,16 @@ public class KeycloakRealmImportJob extends OperatorManagedResource {
.get(); .get();
} }
private Job buildJob(Container keycloakContainer, List<Volume> volumes) { private Job buildJob(PodTemplateSpec keycloakPodTemplate) {
keycloakPodTemplate.getSpec().setRestartPolicy("Never");
return new JobBuilder() return new JobBuilder()
.withNewMetadata() .withNewMetadata()
.withName(getName()) .withName(getName())
.withNamespace(getNamespace()) .withNamespace(getNamespace())
.endMetadata() .endMetadata()
.withNewSpec() .withNewSpec()
.withNewTemplate() .withTemplate(keycloakPodTemplate)
.withNewSpec()
.withContainers(keycloakContainer)
.withVolumes(volumes)
.withRestartPolicy("Never")
.endSpec()
.endTemplate()
.endSpec() .endSpec()
.build(); .build();
} }
@ -114,25 +111,18 @@ public class KeycloakRealmImportJob extends OperatorManagedResource {
} }
private Job createImportJob() { private Job createImportJob() {
var keycloakContainer = buildKeycloakJobContainer(); var keycloakPodTemplate = this
var volumes = this.existingDeployment.getSpec().getTemplate().getSpec().getVolumes();
volumes.add(buildSecretVolume());
var importJob = buildJob(keycloakContainer, volumes);
return importJob;
}
private Container buildKeycloakJobContainer() {
var keycloakContainer =
this
.existingDeployment .existingDeployment
.getSpec() .getSpec()
.getTemplate() .getTemplate();
.getSpec()
.getContainers()
.get(0);
buildKeycloakJobContainer(keycloakPodTemplate.getSpec().getContainers().get(0));
keycloakPodTemplate.getSpec().getVolumes().add(buildSecretVolume());
return buildJob(keycloakPodTemplate);
}
private void buildKeycloakJobContainer(Container keycloakContainer) {
var importMntPath = "/mnt/realm-import/"; var importMntPath = "/mnt/realm-import/";
var command = List.of("/bin/bash"); var command = List.of("/bin/bash");
@ -158,8 +148,6 @@ public class KeycloakRealmImportJob extends OperatorManagedResource {
// Disable probes since we are not really starting the server // Disable probes since we are not really starting the server
keycloakContainer.setReadinessProbe(null); keycloakContainer.setReadinessProbe(null);
keycloakContainer.setLivenessProbe(null); keycloakContainer.setLivenessProbe(null);
return keycloakContainer;
} }

4
operator/src/test/java/org/keycloak/operator/ClusteringE2EIT.java
View file

@ -50,7 +50,7 @@ public class ClusteringE2EIT extends ClusterOperatorTest {
.untilAsserted(() -> CRAssert.assertKeycloakStatusCondition(crSelector.get(), KeycloakStatusCondition.READY, false)); .untilAsserted(() -> CRAssert.assertKeycloakStatusCondition(crSelector.get(), KeycloakStatusCondition.READY, false));
Awaitility.await() Awaitility.await()
.atMost(Duration.ofSeconds(5)) .atMost(Duration.ofSeconds(60))
.ignoreExceptions() .ignoreExceptions()
.untilAsserted(() -> assertThat(kcPodsSelector.list().getItems().size()).isEqualTo(3)); .untilAsserted(() -> assertThat(kcPodsSelector.list().getItems().size()).isEqualTo(3));
@ -118,6 +118,8 @@ public class ClusteringE2EIT extends ClusterOperatorTest {
Log.info("Checking Keycloak is stable."); Log.info("Checking Keycloak is stable.");
CRAssert.assertKeycloakStatusCondition(crSelector.get(), KeycloakStatusCondition.READY, true); CRAssert.assertKeycloakStatusCondition(crSelector.get(), KeycloakStatusCondition.READY, true);
}); });
// Remove the completed pod for the job
realmImportSelector.delete();
Log.info("Testing the Keycloak Cluster"); Log.info("Testing the Keycloak Cluster");
Awaitility.await().atMost(5, MINUTES).ignoreExceptions().untilAsserted(() -> { Awaitility.await().atMost(5, MINUTES).ignoreExceptions().untilAsserted(() -> {

16
operator/src/test/java/org/keycloak/operator/RealmImportE2EIT.java
View file

@ -1,5 +1,7 @@
package org.keycloak.operator; package org.keycloak.operator;
import io.fabric8.kubernetes.api.model.LocalObjectReferenceBuilder;
import io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder;
import io.quarkus.logging.Log; import io.quarkus.logging.Log;
import io.quarkus.test.junit.QuarkusTest; import io.quarkus.test.junit.QuarkusTest;
import org.awaitility.Awaitility; import org.awaitility.Awaitility;
@ -7,6 +9,7 @@ import org.junit.jupiter.api.Test;
import org.keycloak.operator.utils.CRAssert; import org.keycloak.operator.utils.CRAssert;
import org.keycloak.operator.v2alpha1.KeycloakService; import org.keycloak.operator.v2alpha1.KeycloakService;
import org.keycloak.operator.v2alpha1.crds.KeycloakRealmImport; import org.keycloak.operator.v2alpha1.crds.KeycloakRealmImport;
import org.keycloak.operator.v2alpha1.crds.keycloakspec.Unsupported;
import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.MINUTES;
import static java.util.concurrent.TimeUnit.SECONDS; import static java.util.concurrent.TimeUnit.SECONDS;
@ -25,7 +28,14 @@ public class RealmImportE2EIT extends ClusterOperatorTest {
@Test @Test
public void testWorkingRealmImport() { public void testWorkingRealmImport() {
// Arrange // Arrange
deployKeycloak(k8sclient, getDefaultKeycloakDeployment(), false); var kc = getDefaultKeycloakDeployment();
var podTemplate = new PodTemplateSpecBuilder()
.withNewSpec()
.withImagePullSecrets(new LocalObjectReferenceBuilder().withName("my-empty-secret").build())
.endSpec()
.build();
kc.getSpec().setUnsupported(new Unsupported(podTemplate));
deployKeycloak(k8sclient, kc, false);
// Act // Act
k8sclient.load(getClass().getResourceAsStream("/example-realm.yaml")).inNamespace(namespace).createOrReplace(); k8sclient.load(getClass().getResourceAsStream("/example-realm.yaml")).inNamespace(namespace).createOrReplace();
@ -54,6 +64,10 @@ public class RealmImportE2EIT extends ClusterOperatorTest {
CRAssert.assertKeycloakRealmImportStatusCondition(crSelector.get(), STARTED, false); CRAssert.assertKeycloakRealmImportStatusCondition(crSelector.get(), STARTED, false);
CRAssert.assertKeycloakRealmImportStatusCondition(crSelector.get(), HAS_ERRORS, false); CRAssert.assertKeycloakRealmImportStatusCondition(crSelector.get(), HAS_ERRORS, false);
}); });
var job = k8sclient.batch().v1().jobs().inNamespace(namespace).withName("example-count0-kc").get();
assertThat(job.getSpec().getTemplate().getSpec().getImagePullSecrets().size()).isEqualTo(1);
assertThat(job.getSpec().getTemplate().getSpec().getImagePullSecrets().get(0).getName()).isEqualTo("my-empty-secret");
var service = new KeycloakService(k8sclient, getDefaultKeycloakDeployment()); var service = new KeycloakService(k8sclient, getDefaultKeycloakDeployment());
String url = String url =
"https://" + service.getName() + "." + namespace + ":" + KEYCLOAK_HTTPS_PORT + "/realms/count0"; "https://" + service.getName() + "." + namespace + ":" + KEYCLOAK_HTTPS_PORT + "/realms/count0";