adds the http service port if enabled (#22155)

Closes #22131
2023-08-10 12:01:57 -04:00 · 2023-08-10 12:01:57 -04:00 · c18475fc57
commit c18475fc57
parent 1d444ff862
4 changed files with 34 additions and 20 deletions
--- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeployment.java
+++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeployment.java
@ -232,7 +232,7 @@ public class KeycloakDeployment extends OperatorManagedResource<StatefulSet> {
        // probes
        var tlsConfigured = isTlsConfigured(keycloakCR);
        var protocol = !tlsConfigured ? "HTTP" : "HTTPS";
-        var kcPort = KeycloakServiceDependentResource.getServicePort(keycloakCR);
+        var kcPort = KeycloakServiceDependentResource.getServicePort(tlsConfigured, keycloakCR);

        // Relative path ends with '/'
        var kcRelativePath = Optional.ofNullable(readConfigurationValue(Constants.KEYCLOAK_HTTP_RELATIVE_PATH_KEY))
--- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakIngress.java
+++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakIngress.java
@ -55,11 +55,12 @@ public class KeycloakIngress extends OperatorManagedResource {
    }

    private Ingress newIngress() {
-        var port = KeycloakServiceDependentResource.getServicePort(keycloak);
-        var annotations = new HashMap<String, String>();
-
        // set default annotations
-        if (isTlsConfigured(keycloak)) {
+        var annotations = new HashMap<String, String>();
+        boolean tlsConfigured = isTlsConfigured(keycloak);
+        var port = KeycloakServiceDependentResource.getServicePort(tlsConfigured, keycloak);
+
+        if (tlsConfigured) {
            annotations.put("nginx.ingress.kubernetes.io/backend-protocol", "HTTPS");
            annotations.put("route.openshift.io/termination", "passthrough");
        } else {
--- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakServiceDependentResource.java
+++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakServiceDependentResource.java
@ -59,15 +59,20 @@ public class KeycloakServiceDependentResource extends CRUDKubernetesDependentRes
    }

    private ServiceSpec getServiceSpec(Keycloak keycloak) {
-        String name = isTlsConfigured(keycloak) ? Constants.KEYCLOAK_HTTPS_PORT_NAME : Constants.KEYCLOAK_HTTP_PORT_NAME;
-        return new ServiceSpecBuilder()
-              .addNewPort()
-              .withPort(getServicePort(keycloak))
-              .withName(name)
-              .withProtocol(Constants.KEYCLOAK_SERVICE_PROTOCOL)
-              .endPort()
-              .withSelector(OperatorManagedResource.allInstanceLabels(keycloak))
-              .build();
+        var builder = new ServiceSpecBuilder().withSelector(OperatorManagedResource.allInstanceLabels(keycloak));
+
+        boolean tlsConfigured = isTlsConfigured(keycloak);
+        Optional<HttpSpec> httpSpec = Optional.ofNullable(keycloak.getSpec().getHttpSpec());
+        boolean httpEnabled = httpSpec.map(HttpSpec::getHttpEnabled).orElse(false);
+        if (!tlsConfigured || httpEnabled) {
+            builder.addNewPort().withPort(getServicePort(false, keycloak)).withName(Constants.KEYCLOAK_HTTP_PORT_NAME)
+                    .withProtocol(Constants.KEYCLOAK_SERVICE_PROTOCOL).endPort();
+        }
+        if (tlsConfigured) {
+            builder.addNewPort().withPort(getServicePort(true, keycloak)).withName(Constants.KEYCLOAK_HTTPS_PORT_NAME)
+                    .withProtocol(Constants.KEYCLOAK_SERVICE_PROTOCOL).endPort();
+        }
+        return builder.build();
    }

    @Override
@ -87,12 +92,11 @@ public class KeycloakServiceDependentResource extends CRUDKubernetesDependentRes
        return keycloak.getMetadata().getName() + Constants.KEYCLOAK_SERVICE_SUFFIX;
    }

-    public static int getServicePort(Keycloak keycloak) {
-        // we assume HTTP when TLS is not configured
-        if (!isTlsConfigured(keycloak)) {
-            return Optional.ofNullable(keycloak.getSpec().getHttpSpec()).map(HttpSpec::getHttpPort).orElse(Constants.KEYCLOAK_HTTP_PORT);
-        } else {
-            return Optional.ofNullable(keycloak.getSpec().getHttpSpec()).map(HttpSpec::getHttpsPort).orElse(Constants.KEYCLOAK_HTTPS_PORT);
+    public static int getServicePort(boolean tls, Keycloak keycloak) {
+        Optional<HttpSpec> httpSpec = Optional.ofNullable(keycloak.getSpec().getHttpSpec());
+        if (tls) {
+            return httpSpec.map(HttpSpec::getHttpsPort).orElse(Constants.KEYCLOAK_HTTPS_PORT);
        }
+        return httpSpec.map(HttpSpec::getHttpPort).orElse(Constants.KEYCLOAK_HTTP_PORT);
    }
 }
--- a/operator/src/test/java/org/keycloak/operator/testsuite/integration/KeycloakDeploymentTest.java
+++ b/operator/src/test/java/org/keycloak/operator/testsuite/integration/KeycloakDeploymentTest.java
@ -277,6 +277,15 @@ public class KeycloakDeploymentTest extends BaseOperatorTest {
        assertKeycloakAccessibleViaService(kc, false, Constants.KEYCLOAK_HTTP_PORT);
    }

+    @Test
+    public void testHttpEnabledWithTls() {
+        var kc = getTestKeycloakDeployment(true);
+        kc.getSpec().getHttpSpec().setHttpEnabled(true);
+        deployKeycloak(k8sclient, kc, true);
+
+        assertKeycloakAccessibleViaService(kc, false, Constants.KEYCLOAK_HTTP_PORT);
+    }
+
    @Test
    public void testHostnameStrict() {
        var kc = getTestKeycloakDeployment(true);