Improve naming in serverConfiguration in the Keycloak CRD (#10847)

operator/src/main/java/org/keycloak/operator/Constants.java

@@ -35,9 +35,9 @@ public final class Constants {
     );
 
     public static final Map<String, String> DEFAULT_DIST_CONFIG = Map.of(
-        "KC_HEALTH_ENABLED","true",
-        "KC_CACHE", "ispn",
-        "KC_CACHE_STACK", "kubernetes"
+        "health-enabled","true",
+        "cache", "ispn",
+        "cache-stack", "kubernetes"
     );
 
     // Init container

operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java

@@ -50,6 +50,8 @@ import java.util.Set;
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
 
+import static io.smallrye.config.common.utils.StringUtil.replaceNonAlphanumericByUnderscores;
+
 public class KeycloakDeployment extends OperatorManagedResource implements StatusUpdater<KeycloakStatusBuilder> {
 
     private final Config config;
@@ -474,7 +476,6 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
         List<ValueOrSecret> serverConfig = Constants.DEFAULT_DIST_CONFIG.entrySet().stream()
                 .map(e -> new ValueOrSecret(e.getKey(), e.getValue()))
                 .collect(Collectors.toList());
-        serverConfig.add(new ValueOrSecret("jgroups.dns.query", getName() + Constants.KEYCLOAK_DISCOVERY_SERVICE_SUFFIX +"." + getNamespace()));
 
         // merge with the CR; the values in CR take precedence
         if (keycloakCR.getSpec().getServerConfiguration() != null) {
@@ -486,7 +487,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
         serverConfigSecretsNames = new HashSet<>();
         List<EnvVar> envVars = serverConfig.stream()
                 .map(v -> {
-                    var envBuilder = new EnvVarBuilder().withName(v.getName());
+                    var envBuilder = new EnvVarBuilder().withName(getEnvVarName(v.getName()));
                     var secret = v.getSecret();
                     if (secret != null) {
                         envBuilder.withValueFrom(
@@ -523,6 +524,12 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
                         .endValueFrom()
                         .build());
 
+        envVars.add(
+                new EnvVarBuilder()
+                        .withName("jgroups.dns.query")
+                        .withValue(getName() + Constants.KEYCLOAK_DISCOVERY_SERVICE_SUFFIX +"." + getNamespace())
+                        .build());
+
         return envVars;
     }
 
@@ -578,4 +585,9 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
                 .withName(getName())
                 .rolling().restart();
     }
+
+    public static String getEnvVarName(String kcConfigName) {
+        // TODO make this use impl from Quarkus dist (Configuration.toEnvVarFormat)
+        return "KC_" + replaceNonAlphanumericByUnderscores(kcConfigName).toUpperCase();
+    }
 }

operator/src/main/resources/example-keycloak.yml

@@ -5,15 +5,15 @@ metadata:
 spec:
   instances: 1
   serverConfiguration:
-    - name: KC_DB
+    - name: db
       value: postgres
-    - name: KC_DB_URL_HOST
+    - name: db-url-host
       value: postgres-db
-    - name: KC_DB_USERNAME
+    - name: db-username
       secret:
         name: keycloak-db-secret
         key: username
-    - name: KC_DB_PASSWORD
+    - name: db-password
       secret:
         name: keycloak-db-secret
         key: password

operator/src/test/java/org/keycloak/operator/KeycloakDeploymentE2EIT.java

@@ -8,6 +8,7 @@ import org.awaitility.Awaitility;
 import org.junit.jupiter.api.Test;
 import org.keycloak.operator.utils.K8sUtils;
 import org.keycloak.operator.v2alpha1.KeycloakAdminSecret;
+import org.keycloak.operator.v2alpha1.KeycloakDeployment;
 import org.keycloak.operator.v2alpha1.KeycloakService;
 import org.keycloak.operator.v2alpha1.crds.Keycloak;
 import org.keycloak.operator.v2alpha1.crds.ValueOrSecret;
@@ -66,7 +67,7 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest {
             var deploymentName = kc.getMetadata().getName();
             deployKeycloak(k8sclient, kc, true);
 
-            final var dbConf = new ValueOrSecret("KC_DB_PASSWORD", "Ay Caramba!");
+            final var dbConf = new ValueOrSecret("db-password", "Ay Caramba!");
 
             kc.getSpec().setImage("quay.io/keycloak/non-existing-keycloak");
             kc.getSpec().getServerConfiguration().remove(dbConf);
@@ -80,7 +81,8 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest {
                                 .getSpec().getTemplate().getSpec().getContainers().get(0);
                         assertThat(c.getImage()).isEqualTo("quay.io/keycloak/non-existing-keycloak");
                         assertThat(c.getEnv().stream()
-                                .anyMatch(e -> e.getName().equals(dbConf.getName()) && e.getValue().equals(dbConf.getValue())))
+                                .anyMatch(e -> e.getName().equals(KeycloakDeployment.getEnvVarName(dbConf.getName()))
+                                        && e.getValue().equals(dbConf.getValue())))
                                 .isTrue();
                     });
 
@@ -94,8 +96,11 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest {
     public void testConfigInCRTakesPrecedence() {
         try {
             var kc = getDefaultKeycloakDeployment();
-            var health = new ValueOrSecret("KC_HEALTH_ENABLED", "false");
-            var e = new EnvVarBuilder().withName(health.getName()).withValue(health.getValue()).build();
+            var health = new ValueOrSecret("health-enabled", "false");
+            var e = new EnvVarBuilder()
+                    .withName(KeycloakDeployment.getEnvVarName(health.getName()))
+                    .withValue(health.getValue())
+                    .build();
             kc.getSpec().getServerConfiguration().add(health);
             deployKeycloak(k8sclient, kc, false);
 

operator/src/test/java/org/keycloak/operator/WatchedSecretsTestE2EIT.java

@@ -247,8 +247,8 @@ public class WatchedSecretsTestE2EIT extends ClusterOperatorTest {
     }
 
     private void hardcodeDBCredsInCR(Keycloak kc) {
-        var username = new ValueOrSecret("KC_DB_USERNAME", "postgres");
-        var password = new ValueOrSecret("KC_DB_PASSWORD", "testpassword");
+        var username = new ValueOrSecret("db-username", "postgres");
+        var password = new ValueOrSecret("db-password", "testpassword");
 
         kc.getSpec().getServerConfiguration().remove(username);
         kc.getSpec().getServerConfiguration().add(username);

operator/src/test/resources/correct-podtemplate-keycloak.yml

@@ -5,13 +5,13 @@ metadata:
 spec:
   instances: 1
   serverConfiguration:
-    - name: KC_DB
+    - name: db
       value: postgres
-    - name: KC_DB_URL_HOST
+    - name: db-url-host
       value: postgres-db
-    - name: KC_DB_USERNAME
+    - name: db-username
       value: postgres
-    - name: KC_DB_PASSWORD
+    - name: db-password
       value: testpassword
   hostname: example.com
   tlsSecret: INSECURE-DISABLE

operator/src/test/resources/empty-podtemplate-keycloak.yml

@@ -5,13 +5,13 @@ metadata:
 spec:
   instances: 1
   serverConfiguration:
-    - name: KC_DB
+    - name: db
       value: postgres
-    - name: KC_DB_URL_HOST
+    - name: db-url-host
       value: postgres-db
-    - name: KC_DB_USERNAME
+    - name: db-username
       value: postgres
-    - name: KC_DB_PASSWORD
+    - name: db-password
       value: testpassword
   hostname: example.com
   tlsSecret: INSECURE-DISABLE