fix: various

2024-12-28 14:46:41 +00:00 · 2024-02-22 08:52:49 +01:00 · 2024-02-22 08:52:49 +01:00 · 17468a529f
commit 17468a529f
parent 40098a393d
13 changed files with 102 additions and 38 deletions
--- a/api/config/v1alpha1/keycloakconfig_types.go
+++ b/api/config/v1alpha1/keycloakconfig_types.go
@ -22,7 +22,7 @@ import (
 type KeycloakConfig struct {
 	Providers []KeycloakProvider `json:"providers"`
-	Default   string             `json:"default,omitempty"`
+	Default   string             `json:"default"`
 }
 type KeycloakProvider struct {
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,7 @@ go 1.21
 require (
 	github.com/Masterminds/semver/v3 v3.2.1
-	github.com/Nerzal/gocloak/v13 v13.8.0
+	github.com/Nerzal/gocloak/v13 v13.9.0
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/brittonhayes/glitter v0.2.0
 	github.com/cert-manager/cert-manager v1.13.3
@ -77,6 +77,7 @@ require (
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
--- a/go.sum
+++ b/go.sum
@ -11,8 +11,8 @@ github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF0
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
-github.com/Nerzal/gocloak/v13 v13.8.0 h1:7s9cK8X3vy8OIic+pG4POE9vGy02tSHkMhvWXv0P2m8=
+github.com/Nerzal/gocloak/v13 v13.9.0 h1:YWsJsdM5b0yhM2Ba3MLydiOlujkBry4TtdzfIzSVZhw=
-github.com/Nerzal/gocloak/v13 v13.8.0/go.mod h1:rRBtEdh5N0+JlZZEsrfZcB2sRMZWbgSxI2EIv9jpJp4=
+github.com/Nerzal/gocloak/v13 v13.9.0/go.mod h1:YYuDcXZ7K2zKECyVP7pPqjKxx2AzYSpKDj8d6GuyM10=
 github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
 github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
@ -131,6 +131,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
 github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
--- a/internal/controller/core/postgres_controller.go
+++ b/internal/controller/core/postgres_controller.go
@ -105,7 +105,7 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	err = lshr.ObserveGenerationChange(ctx, r, patcher, &postgres)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}
 	var bucket lshcore.Bucket
--- a/internal/controller/core/tenant_controller.go
+++ b/internal/controller/core/tenant_controller.go
@ -77,27 +77,27 @@ func (r *TenantReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	err = r.reconcileNamespace(ctx, &tenant)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}
 	err = r.reconcileTeapot(ctx, &tenant)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}
 	if lshr.IsImporting(&tenant) {
 		log.Info("Waiting for importation")
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}
 	mailbox, err := r.reconcileMailbox(ctx, &tenant)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}
 	realm, err := r.reconcileRealm(ctx, &tenant)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}
 	lshr.SetDependencyCondition(&tenant, mailbox, realm)
--- a/internal/controller/core/tenant_controller_teapot.go
+++ b/internal/controller/core/tenant_controller_teapot.go
@ -29,10 +29,10 @@ import (
 func (r *TenantReconciler) reconcileTeapot(ctx context.Context, tenant *lshcore.Tenant) error {
 	var service corev1.Service
 	service.Name = "lsh-teapot"
-	service.Namespace = tenant.Namespace
+	service.Namespace = tenant.Name
 	lshr.SetResourceNamespacedName(tenant, &service)
 	err := lshr.CreateOrPatch(ctx, r, &service, func() error {
 		lshr.ApplyLabels(tenant, &service, nil)
 		service.Spec.Type = corev1.ServiceTypeExternalName
 		service.Spec.ExternalName = "lsh-teapot.libresh-system.svc.cluster.local"
 		return controllerutil.SetControllerReference(tenant, &service, r.Scheme())
 	})
--- a/internal/controller/keycloak/realm_controller.go
+++ b/internal/controller/keycloak/realm_controller.go
@ -85,24 +85,13 @@ func (r *RealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 		})
 	}
-	var provider *configv1alpha1.KeycloakProvider
+	provider := keycloak.GetProvider(r.Config, realm.Spec.Provider)
 	for _, p := range r.Config.Providers {
 		if len(realm.Spec.Provider) > 0 {
 			if realm.Spec.Provider == p.Name {
 				provider = &p
 			}
 		} else {
 			if r.Config.Default == p.Name {
 				provider = &p
 			}
 		}
 	}
 	if provider == nil {
 		return internal.HandleError(ctx, r, patcher, &realm, errors.New("keycloak provider not provided"))
 	}
 	r.log.Info("Using provider " + provider.Name)
 	keycloakClient, err := keycloak.NewClientFromProvider(ctx, provider)
 	if err != nil {
 		return internal.HandleError(ctx, r, patcher, &realm, err)
@ -117,7 +106,7 @@ func (r *RealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 	if err != nil {
 		apiError := err.(*gocloak.APIError)
 		if apiError.Code == 404 && apiError.Message == "404 Not Found: Realm not found." {
-			log.Log.Info("Creating Realm")
+			log.Log.Info("Creating Realm " + realm.GetCurrentRealmName())
 			realmRepresentation := &gocloak.RealmRepresentation{}
 			MutateRealmRepresentation(realm, realmRepresentation)
 			_, err := keycloakClient.CreateRealm(ctx, keycloakClient.AccessToken(), *realmRepresentation)
@ -205,6 +194,8 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 		Enabled:  gocloak.BoolP(true),
 	}
 	fmt.Println(*user.Username)
 	getUsersParams := gocloak.GetUsersParams{
 		Username: user.Username,
 		Exact:    gocloak.BoolP(true),
@ -215,15 +206,23 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 		return err
 	}
 	fmt.Println(*user.Username)
 	for _, v := range users {
 		fmt.Println(*v.Username)
 	}
 	switch len(users) {
 	case 0:
 		r.log.Info(fmt.Sprintf("Creating realm user: %s", *user.Username))
 		fmt.Printf("%#v\n", user)
 		userID, err := keycloakClient.CreateUser(ctx, token, "master", user)
 		if err != nil {
 			return err
 		}
 		fmt.Println(user)
 		user.ID = gocloak.StringP(userID)
-		err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), *gocloak.BoolP(false))
+		err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), false)
 		if err != nil {
 			return err
 		}
@ -233,7 +232,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 		if err != nil {
 			apiError := err.(*gocloak.APIError)
 			if apiError.Code == 401 {
-				err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), *gocloak.BoolP(false))
+				err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), false)
 				if err != nil {
 					return err
 				}
@ -245,7 +244,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 	}
 	getClientsParams := gocloak.GetClientsParams{
-		ClientID: gocloak.StringP(fmt.Sprintf("%s-realm", realm.Name)),
+		ClientID: gocloak.StringP(fmt.Sprintf("%s-realm", realm.GetRealmName())),
 	}
 	clients, err := keycloakClient.GetClients(ctx, token, "master", getClientsParams)
 	if err != nil {
@ -254,7 +253,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 	}
 	if len(clients) != 1 {
-		return fmt.Errorf("multiple clients with clientID: %s", fmt.Sprintf("%s-realm", realm.Name))
+		return fmt.Errorf("multiple clients with clientID: %s", *getClientsParams.ClientID)
 	}
 	clientID := clients[0].ID
@ -602,7 +601,7 @@ func contains(s []string, str string) bool {
 }
 func MutateRealmRepresentation(realm keycloakv1alpha1.Realm, realmRepresentation *gocloak.RealmRepresentation) {
-	realmName := realm.GetName()
+	realmName := realm.GetRealmName()
 	realmRepresentation.Realm = &realmName
 	realmRepresentation.Enabled = gocloak.BoolP(!realm.Spec.Disable)
@ -640,7 +639,7 @@ func MutateRealmRepresentation(realm keycloakv1alpha1.Realm, realmRepresentation
 	// Following fields are only set at creation, modifications made in ui will prevail
 	if realmRepresentation.DisplayNameHTML == nil {
-		realmRepresentation.DisplayNameHTML = &realm.Name
+		realmRepresentation.DisplayNameHTML = &realmName
 	}
 	if realmRepresentation.ResetPasswordAllowed == nil {
--- a/internal/controller/portability/infrastructuremigration_controller.go
+++ b/internal/controller/portability/infrastructuremigration_controller.go
@ -63,6 +63,12 @@ func (r *InfrastructureMigrationReconciler) Reconcile(ctx context.Context, req c
 		return result.Unwrap()
 	}
 	if lshr.IsFinalizing(&infraMgrt) {
 		return lshr.Finalize(ctx, r, patcher, &infraMgrt, func() error {
 			return nil
 		})
 	}
 	c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
 		Namespace: infraMgrt.Spec.TargetRef.Namespace,
 		Name:      infraMgrt.Spec.TargetRef.Name,
--- a/internal/controller/portability/migration_controller.go
+++ b/internal/controller/portability/migration_controller.go
@ -61,6 +61,12 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		return result.Unwrap()
 	}
 	if lshr.IsFinalizing(&mgrt) {
 		return lshr.Finalize(ctx, r, patcher, &mgrt, func() error {
 			return nil
 		})
 	}
 	c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
 		Namespace: mgrt.Spec.TargetRef.Namespace,
 		Name:      mgrt.Spec.TargetRef.Name,
@ -92,6 +98,9 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		secret.Namespace = mgrt.Namespace
 		secret.Name = fmt.Sprintf("%s-dry-run.migration.portability.libre.sh", mgrt.Name)
 		err = lshr.CreateOrPatch(ctx, r, &secret, func() error {
 			if secret.Data == nil {
 				secret.Data = make(map[string][]byte)
 			}
 			secret.Data["app.json"] = manifestsResp.Application
 			for i, m := range manifestsResp.ExtraManifests {
 				secret.Data[fmt.Sprintf("manifest-%d.json", i)] = m
@ -163,7 +172,7 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 	clusterSecret := &corev1.Secret{}
 	err = r.Get(ctx, types.NamespacedName{Namespace: "libresh-system", Name: "cluster-settings"}, clusterSecret)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}
 	if clusterSecret.Data["CLUSTER_DOMAIN"] == nil {
--- a/internal/controller/portability/tenantmigration_controller.go
+++ b/internal/controller/portability/tenantmigration_controller.go
@ -71,6 +71,12 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		return result.Unwrap()
 	}
 	if lshr.IsFinalizing(&tenantMgrt) {
 		return lshr.Finalize(ctx, r, patcher, &tenantMgrt, func() error {
 			return nil
 		})
 	}
 	c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
 		Namespace: tenantMgrt.Spec.TargetRef.Namespace,
 		Name:      tenantMgrt.Spec.TargetRef.Name,
@ -91,6 +97,9 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		secret.Namespace = "libresh-system"
 		secret.Name = fmt.Sprintf("%s-dry-run.tenant-migration.portability.libre.sh", tenantMgrt.Name)
 		err = lshr.CreateOrPatch(ctx, r, &secret, func() error {
 			if secret.Data == nil {
 				secret.Data = make(map[string][]byte)
 			}
 			secret.Data["tenant.json"] = t.Tenant
 			for i, m := range t.ExtraManifests {
 				secret.Data[fmt.Sprintf("manifest-%d.json", i)] = m
@ -151,9 +160,11 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 	}
 	for _, a := range appList.Apps {
 		m := portabilityv1alpha1.Migration{}
-		m.Namespace = tenantMgrt.Name
+		m.Namespace = tenant.Name
 		m.Name = a.Name
 		m.Spec.Selectors = a.Selectors
 		m.Spec.Suspend = !tenantMgrt.Spec.Propagate
 		m.Spec.TargetRef = tenantMgrt.Spec.TargetRef
 		err = r.Create(ctx, &m)
 		if err != nil && !apierrors.IsAlreadyExists(err) {
 			return ctrl.Result{}, err
--- a/internal/controller/portability/wadertarget_controller.go
+++ b/internal/controller/portability/wadertarget_controller.go
@ -58,6 +58,12 @@ func (r *WaderTargetReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return result.Unwrap()
 	}
 	if lshr.IsFinalizing(&wtgt) {
 		return lshr.Finalize(ctx, r, patcher, &wtgt, func() error {
 			return nil
 		})
 	}
 	var caCert certv1.Certificate
 	lshr.SetResourceNamespacedName(&wtgt, &caCert, "ca")
 	err := lshr.CreateOrPatch(ctx, r, &caCert, func() error {
--- a/internal/controller/postgres/clonejob_controller.go
+++ b/internal/controller/postgres/clonejob_controller.go
@ -93,7 +93,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 			conditions.MarkFalse(&cloneJob, step.conditionType(), meta.ProgressingReason, "")
 		}
 		if err := r.patch(ctx, patcher, &cloneJob); err != nil {
-			return ctrl.Result{}, nil
+			return ctrl.Result{}, err
 		}
 	}
@ -122,7 +122,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		}
 		conditions.MarkTrue(&cloneJob, step.conditionType(), meta.SucceededReason, "")
 		if err := r.patch(ctx, patcher, &cloneJob); err != nil {
-			return ctrl.Result{}, nil
+			return ctrl.Result{}, err
 		}
 	}
@ -130,7 +130,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		now := metav1.Now()
 		cloneJob.Status.CompletionTime = &now
 		if err := r.patch(ctx, patcher, &cloneJob); err != nil {
-			return ctrl.Result{}, nil
+			return ctrl.Result{}, err
 		}
 	}
--- a/pkg/keycloak/provider.go
+++ b/pkg/keycloak/provider.go
@ -0,0 +1,30 @@
 /*
 Copyright 2024 IndieHosters.
 Licensed under the EUPL, Version 1.2 or later (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package keycloak
 import (
 	configv1alpha1 "libre.sh/api/config/v1alpha1"
 )
 func GetProvider(config configv1alpha1.KeycloakConfig, name string) *configv1alpha1.KeycloakProvider {
 	for _, p := range config.Providers {
 		if name == p.Name || (name == "" && config.Default == p.Name) {
 			return &p
 		}
 	}
 	return nil
 }