libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Improve naming in serverConfiguration in the Keycloak CRD (#10847)

Browse source
This commit is contained in:
Václav Muzikář 2022-03-23 13:51:27 +01:00 committed by GitHub
parent 9c01d819cb
commit 7d6c6fff17
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 40 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
operator/src/main/java/org/keycloak/operator/Constants.java
View file

@ -35,9 +35,9 @@ public final class Constants {
); );
public static final Map<String, String> DEFAULT_DIST_CONFIG = Map.of( public static final Map<String, String> DEFAULT_DIST_CONFIG = Map.of(
"KC_HEALTH_ENABLED","true", "health-enabled","true",
"KC_CACHE", "ispn", "cache", "ispn",
"KC_CACHE_STACK", "kubernetes" "cache-stack", "kubernetes"
); );
// Init container // Init container

16
operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java
View file

@ -50,6 +50,8 @@ import java.util.Set;
import java.util.function.Consumer; import java.util.function.Consumer;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static io.smallrye.config.common.utils.StringUtil.replaceNonAlphanumericByUnderscores;
public class KeycloakDeployment extends OperatorManagedResource implements StatusUpdater<KeycloakStatusBuilder> { public class KeycloakDeployment extends OperatorManagedResource implements StatusUpdater<KeycloakStatusBuilder> {
private final Config config; private final Config config;
@ -474,7 +476,6 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
List<ValueOrSecret> serverConfig = Constants.DEFAULT_DIST_CONFIG.entrySet().stream() List<ValueOrSecret> serverConfig = Constants.DEFAULT_DIST_CONFIG.entrySet().stream()
.map(e -> new ValueOrSecret(e.getKey(), e.getValue())) .map(e -> new ValueOrSecret(e.getKey(), e.getValue()))
.collect(Collectors.toList()); .collect(Collectors.toList());
serverConfig.add(new ValueOrSecret("jgroups.dns.query", getName() + Constants.KEYCLOAK_DISCOVERY_SERVICE_SUFFIX +"." + getNamespace()));
// merge with the CR; the values in CR take precedence // merge with the CR; the values in CR take precedence
if (keycloakCR.getSpec().getServerConfiguration() != null) { if (keycloakCR.getSpec().getServerConfiguration() != null) {
@ -486,7 +487,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
serverConfigSecretsNames = new HashSet<>(); serverConfigSecretsNames = new HashSet<>();
List<EnvVar> envVars = serverConfig.stream() List<EnvVar> envVars = serverConfig.stream()
.map(v -> { .map(v -> {
var envBuilder = new EnvVarBuilder().withName(v.getName()); var envBuilder = new EnvVarBuilder().withName(getEnvVarName(v.getName()));
var secret = v.getSecret(); var secret = v.getSecret();
if (secret != null) { if (secret != null) {
envBuilder.withValueFrom( envBuilder.withValueFrom(
@ -523,6 +524,12 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
.endValueFrom() .endValueFrom()
.build()); .build());
envVars.add(
new EnvVarBuilder()
.withName("jgroups.dns.query")
.withValue(getName() + Constants.KEYCLOAK_DISCOVERY_SERVICE_SUFFIX +"." + getNamespace())
.build());
return envVars; return envVars;
} }
@ -578,4 +585,9 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
.withName(getName()) .withName(getName())
.rolling().restart(); .rolling().restart();
} }
public static String getEnvVarName(String kcConfigName) {
// TODO make this use impl from Quarkus dist (Configuration.toEnvVarFormat)
return "KC_" + replaceNonAlphanumericByUnderscores(kcConfigName).toUpperCase();
}
} }

8
operator/src/main/resources/example-keycloak.yml
View file

@ -5,15 +5,15 @@ metadata:
spec: spec:
instances: 1 instances: 1
serverConfiguration: serverConfiguration:
- name: KC_DB - name: db
value: postgres value: postgres
- name: KC_DB_URL_HOST - name: db-url-host
value: postgres-db value: postgres-db
- name: KC_DB_USERNAME - name: db-username
secret: secret:
name: keycloak-db-secret name: keycloak-db-secret
key: username key: username
- name: KC_DB_PASSWORD - name: db-password
secret: secret:
name: keycloak-db-secret name: keycloak-db-secret
key: password key: password

13
operator/src/test/java/org/keycloak/operator/KeycloakDeploymentE2EIT.java
View file

@ -8,6 +8,7 @@ import org.awaitility.Awaitility;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.keycloak.operator.utils.K8sUtils; import org.keycloak.operator.utils.K8sUtils;
import org.keycloak.operator.v2alpha1.KeycloakAdminSecret; import org.keycloak.operator.v2alpha1.KeycloakAdminSecret;
import org.keycloak.operator.v2alpha1.KeycloakDeployment;
import org.keycloak.operator.v2alpha1.KeycloakService; import org.keycloak.operator.v2alpha1.KeycloakService;
import org.keycloak.operator.v2alpha1.crds.Keycloak; import org.keycloak.operator.v2alpha1.crds.Keycloak;
import org.keycloak.operator.v2alpha1.crds.ValueOrSecret; import org.keycloak.operator.v2alpha1.crds.ValueOrSecret;
@ -66,7 +67,7 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest {
var deploymentName = kc.getMetadata().getName(); var deploymentName = kc.getMetadata().getName();
deployKeycloak(k8sclient, kc, true); deployKeycloak(k8sclient, kc, true);
final var dbConf = new ValueOrSecret("KC_DB_PASSWORD", "Ay Caramba!"); final var dbConf = new ValueOrSecret("db-password", "Ay Caramba!");
kc.getSpec().setImage("quay.io/keycloak/non-existing-keycloak"); kc.getSpec().setImage("quay.io/keycloak/non-existing-keycloak");
kc.getSpec().getServerConfiguration().remove(dbConf); kc.getSpec().getServerConfiguration().remove(dbConf);
@ -80,7 +81,8 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest {
.getSpec().getTemplate().getSpec().getContainers().get(0); .getSpec().getTemplate().getSpec().getContainers().get(0);
assertThat(c.getImage()).isEqualTo("quay.io/keycloak/non-existing-keycloak"); assertThat(c.getImage()).isEqualTo("quay.io/keycloak/non-existing-keycloak");
assertThat(c.getEnv().stream() assertThat(c.getEnv().stream()
.anyMatch(e -> e.getName().equals(dbConf.getName()) && e.getValue().equals(dbConf.getValue()))) .anyMatch(e -> e.getName().equals(KeycloakDeployment.getEnvVarName(dbConf.getName()))
&& e.getValue().equals(dbConf.getValue())))
.isTrue(); .isTrue();
}); });
@ -94,8 +96,11 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest {
public void testConfigInCRTakesPrecedence() { public void testConfigInCRTakesPrecedence() {
try { try {
var kc = getDefaultKeycloakDeployment(); var kc = getDefaultKeycloakDeployment();
var health = new ValueOrSecret("KC_HEALTH_ENABLED", "false"); var health = new ValueOrSecret("health-enabled", "false");
var e = new EnvVarBuilder().withName(health.getName()).withValue(health.getValue()).build(); var e = new EnvVarBuilder()
.withName(KeycloakDeployment.getEnvVarName(health.getName()))
.withValue(health.getValue())
.build();
kc.getSpec().getServerConfiguration().add(health); kc.getSpec().getServerConfiguration().add(health);
deployKeycloak(k8sclient, kc, false); deployKeycloak(k8sclient, kc, false);

4
operator/src/test/java/org/keycloak/operator/WatchedSecretsTestE2EIT.java
View file

@ -247,8 +247,8 @@ public class WatchedSecretsTestE2EIT extends ClusterOperatorTest {
} }
private void hardcodeDBCredsInCR(Keycloak kc) { private void hardcodeDBCredsInCR(Keycloak kc) {
var username = new ValueOrSecret("KC_DB_USERNAME", "postgres"); var username = new ValueOrSecret("db-username", "postgres");
var password = new ValueOrSecret("KC_DB_PASSWORD", "testpassword"); var password = new ValueOrSecret("db-password", "testpassword");
kc.getSpec().getServerConfiguration().remove(username); kc.getSpec().getServerConfiguration().remove(username);
kc.getSpec().getServerConfiguration().add(username); kc.getSpec().getServerConfiguration().add(username);

8
operator/src/test/resources/correct-podtemplate-keycloak.yml
View file

@ -5,13 +5,13 @@ metadata:
spec: spec:
instances: 1 instances: 1
serverConfiguration: serverConfiguration:
- name: KC_DB - name: db
value: postgres value: postgres
- name: KC_DB_URL_HOST - name: db-url-host
value: postgres-db value: postgres-db
- name: KC_DB_USERNAME - name: db-username
value: postgres value: postgres
- name: KC_DB_PASSWORD - name: db-password
value: testpassword value: testpassword
hostname: example.com hostname: example.com
tlsSecret: INSECURE-DISABLE tlsSecret: INSECURE-DISABLE

8
operator/src/test/resources/empty-podtemplate-keycloak.yml
View file

@ -5,13 +5,13 @@ metadata:
spec: spec:
instances: 1 instances: 1
serverConfiguration: serverConfiguration:
- name: KC_DB - name: db
value: postgres value: postgres
- name: KC_DB_URL_HOST - name: db-url-host
value: postgres-db value: postgres-db
- name: KC_DB_USERNAME - name: db-username
value: postgres value: postgres
- name: KC_DB_PASSWORD - name: db-password
value: testpassword value: testpassword
hostname: example.com hostname: example.com
tlsSecret: INSECURE-DISABLE tlsSecret: INSECURE-DISABLE