mirror of
https://forge.liiib.re/indiehost/libre.sh/libre.sh.git
synced 2024-12-28 14:46:41 +00:00
fix: various
This commit is contained in:
parent
40098a393d
commit
17468a529f
13 changed files with 102 additions and 38 deletions
|
@ -22,7 +22,7 @@ import (
|
|||
|
||||
type KeycloakConfig struct {
|
||||
Providers []KeycloakProvider `json:"providers"`
|
||||
Default string `json:"default,omitempty"`
|
||||
Default string `json:"default"`
|
||||
}
|
||||
|
||||
type KeycloakProvider struct {
|
||||
|
|
3
go.mod
3
go.mod
|
@ -4,7 +4,7 @@ go 1.21
|
|||
|
||||
require (
|
||||
github.com/Masterminds/semver/v3 v3.2.1
|
||||
github.com/Nerzal/gocloak/v13 v13.8.0
|
||||
github.com/Nerzal/gocloak/v13 v13.9.0
|
||||
github.com/PuerkitoBio/goquery v1.8.1
|
||||
github.com/brittonhayes/glitter v0.2.0
|
||||
github.com/cert-manager/cert-manager v1.13.3
|
||||
|
@ -77,6 +77,7 @@ require (
|
|||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
|
||||
github.com/gogo/protobuf v1.3.2 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
|
||||
github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/golang/protobuf v1.5.3 // indirect
|
||||
github.com/google/btree v1.1.2 // indirect
|
||||
|
|
6
go.sum
6
go.sum
|
@ -11,8 +11,8 @@ github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF0
|
|||
github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
|
||||
github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
|
||||
github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
|
||||
github.com/Nerzal/gocloak/v13 v13.8.0 h1:7s9cK8X3vy8OIic+pG4POE9vGy02tSHkMhvWXv0P2m8=
|
||||
github.com/Nerzal/gocloak/v13 v13.8.0/go.mod h1:rRBtEdh5N0+JlZZEsrfZcB2sRMZWbgSxI2EIv9jpJp4=
|
||||
github.com/Nerzal/gocloak/v13 v13.9.0 h1:YWsJsdM5b0yhM2Ba3MLydiOlujkBry4TtdzfIzSVZhw=
|
||||
github.com/Nerzal/gocloak/v13 v13.9.0/go.mod h1:YYuDcXZ7K2zKECyVP7pPqjKxx2AzYSpKDj8d6GuyM10=
|
||||
github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
|
||||
github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
|
||||
github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
|
||||
|
@ -131,6 +131,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
|
|||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
|
||||
github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
|
|
|
@ -105,7 +105,7 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
|
|||
|
||||
err = lshr.ObserveGenerationChange(ctx, r, patcher, &postgres)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
var bucket lshcore.Bucket
|
||||
|
|
|
@ -77,27 +77,27 @@ func (r *TenantReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
|
|||
|
||||
err = r.reconcileNamespace(ctx, &tenant)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
err = r.reconcileTeapot(ctx, &tenant)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
if lshr.IsImporting(&tenant) {
|
||||
log.Info("Waiting for importation")
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
mailbox, err := r.reconcileMailbox(ctx, &tenant)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
realm, err := r.reconcileRealm(ctx, &tenant)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
lshr.SetDependencyCondition(&tenant, mailbox, realm)
|
||||
|
|
|
@ -29,10 +29,10 @@ import (
|
|||
func (r *TenantReconciler) reconcileTeapot(ctx context.Context, tenant *lshcore.Tenant) error {
|
||||
var service corev1.Service
|
||||
service.Name = "lsh-teapot"
|
||||
service.Namespace = tenant.Namespace
|
||||
lshr.SetResourceNamespacedName(tenant, &service)
|
||||
service.Namespace = tenant.Name
|
||||
err := lshr.CreateOrPatch(ctx, r, &service, func() error {
|
||||
lshr.ApplyLabels(tenant, &service, nil)
|
||||
service.Spec.Type = corev1.ServiceTypeExternalName
|
||||
service.Spec.ExternalName = "lsh-teapot.libresh-system.svc.cluster.local"
|
||||
return controllerutil.SetControllerReference(tenant, &service, r.Scheme())
|
||||
})
|
||||
|
|
|
@ -85,24 +85,13 @@ func (r *RealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
|
|||
})
|
||||
}
|
||||
|
||||
var provider *configv1alpha1.KeycloakProvider
|
||||
|
||||
for _, p := range r.Config.Providers {
|
||||
if len(realm.Spec.Provider) > 0 {
|
||||
if realm.Spec.Provider == p.Name {
|
||||
provider = &p
|
||||
}
|
||||
} else {
|
||||
if r.Config.Default == p.Name {
|
||||
provider = &p
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider := keycloak.GetProvider(r.Config, realm.Spec.Provider)
|
||||
if provider == nil {
|
||||
return internal.HandleError(ctx, r, patcher, &realm, errors.New("keycloak provider not provided"))
|
||||
}
|
||||
|
||||
r.log.Info("Using provider " + provider.Name)
|
||||
|
||||
keycloakClient, err := keycloak.NewClientFromProvider(ctx, provider)
|
||||
if err != nil {
|
||||
return internal.HandleError(ctx, r, patcher, &realm, err)
|
||||
|
@ -117,7 +106,7 @@ func (r *RealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
|
|||
if err != nil {
|
||||
apiError := err.(*gocloak.APIError)
|
||||
if apiError.Code == 404 && apiError.Message == "404 Not Found: Realm not found." {
|
||||
log.Log.Info("Creating Realm")
|
||||
log.Log.Info("Creating Realm " + realm.GetCurrentRealmName())
|
||||
realmRepresentation := &gocloak.RealmRepresentation{}
|
||||
MutateRealmRepresentation(realm, realmRepresentation)
|
||||
_, err := keycloakClient.CreateRealm(ctx, keycloakClient.AccessToken(), *realmRepresentation)
|
||||
|
@ -205,6 +194,8 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
|
|||
Enabled: gocloak.BoolP(true),
|
||||
}
|
||||
|
||||
fmt.Println(*user.Username)
|
||||
|
||||
getUsersParams := gocloak.GetUsersParams{
|
||||
Username: user.Username,
|
||||
Exact: gocloak.BoolP(true),
|
||||
|
@ -215,15 +206,23 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
|
|||
return err
|
||||
}
|
||||
|
||||
fmt.Println(*user.Username)
|
||||
|
||||
for _, v := range users {
|
||||
fmt.Println(*v.Username)
|
||||
}
|
||||
|
||||
switch len(users) {
|
||||
case 0:
|
||||
r.log.Info(fmt.Sprintf("Creating realm user: %s", *user.Username))
|
||||
fmt.Printf("%#v\n", user)
|
||||
userID, err := keycloakClient.CreateUser(ctx, token, "master", user)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Println(user)
|
||||
user.ID = gocloak.StringP(userID)
|
||||
err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), *gocloak.BoolP(false))
|
||||
err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -233,7 +232,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
|
|||
if err != nil {
|
||||
apiError := err.(*gocloak.APIError)
|
||||
if apiError.Code == 401 {
|
||||
err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), *gocloak.BoolP(false))
|
||||
err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -245,7 +244,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
|
|||
}
|
||||
|
||||
getClientsParams := gocloak.GetClientsParams{
|
||||
ClientID: gocloak.StringP(fmt.Sprintf("%s-realm", realm.Name)),
|
||||
ClientID: gocloak.StringP(fmt.Sprintf("%s-realm", realm.GetRealmName())),
|
||||
}
|
||||
clients, err := keycloakClient.GetClients(ctx, token, "master", getClientsParams)
|
||||
if err != nil {
|
||||
|
@ -254,7 +253,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
|
|||
}
|
||||
|
||||
if len(clients) != 1 {
|
||||
return fmt.Errorf("multiple clients with clientID: %s", fmt.Sprintf("%s-realm", realm.Name))
|
||||
return fmt.Errorf("multiple clients with clientID: %s", *getClientsParams.ClientID)
|
||||
}
|
||||
|
||||
clientID := clients[0].ID
|
||||
|
@ -602,7 +601,7 @@ func contains(s []string, str string) bool {
|
|||
}
|
||||
|
||||
func MutateRealmRepresentation(realm keycloakv1alpha1.Realm, realmRepresentation *gocloak.RealmRepresentation) {
|
||||
realmName := realm.GetName()
|
||||
realmName := realm.GetRealmName()
|
||||
realmRepresentation.Realm = &realmName
|
||||
|
||||
realmRepresentation.Enabled = gocloak.BoolP(!realm.Spec.Disable)
|
||||
|
@ -640,7 +639,7 @@ func MutateRealmRepresentation(realm keycloakv1alpha1.Realm, realmRepresentation
|
|||
|
||||
// Following fields are only set at creation, modifications made in ui will prevail
|
||||
if realmRepresentation.DisplayNameHTML == nil {
|
||||
realmRepresentation.DisplayNameHTML = &realm.Name
|
||||
realmRepresentation.DisplayNameHTML = &realmName
|
||||
}
|
||||
|
||||
if realmRepresentation.ResetPasswordAllowed == nil {
|
||||
|
|
|
@ -63,6 +63,12 @@ func (r *InfrastructureMigrationReconciler) Reconcile(ctx context.Context, req c
|
|||
return result.Unwrap()
|
||||
}
|
||||
|
||||
if lshr.IsFinalizing(&infraMgrt) {
|
||||
return lshr.Finalize(ctx, r, patcher, &infraMgrt, func() error {
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
|
||||
Namespace: infraMgrt.Spec.TargetRef.Namespace,
|
||||
Name: infraMgrt.Spec.TargetRef.Name,
|
||||
|
|
|
@ -61,6 +61,12 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
|
|||
return result.Unwrap()
|
||||
}
|
||||
|
||||
if lshr.IsFinalizing(&mgrt) {
|
||||
return lshr.Finalize(ctx, r, patcher, &mgrt, func() error {
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
|
||||
Namespace: mgrt.Spec.TargetRef.Namespace,
|
||||
Name: mgrt.Spec.TargetRef.Name,
|
||||
|
@ -92,6 +98,9 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
|
|||
secret.Namespace = mgrt.Namespace
|
||||
secret.Name = fmt.Sprintf("%s-dry-run.migration.portability.libre.sh", mgrt.Name)
|
||||
err = lshr.CreateOrPatch(ctx, r, &secret, func() error {
|
||||
if secret.Data == nil {
|
||||
secret.Data = make(map[string][]byte)
|
||||
}
|
||||
secret.Data["app.json"] = manifestsResp.Application
|
||||
for i, m := range manifestsResp.ExtraManifests {
|
||||
secret.Data[fmt.Sprintf("manifest-%d.json", i)] = m
|
||||
|
@ -163,7 +172,7 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
|
|||
clusterSecret := &corev1.Secret{}
|
||||
err = r.Get(ctx, types.NamespacedName{Namespace: "libresh-system", Name: "cluster-settings"}, clusterSecret)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
if clusterSecret.Data["CLUSTER_DOMAIN"] == nil {
|
||||
|
|
|
@ -71,6 +71,12 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
|
|||
return result.Unwrap()
|
||||
}
|
||||
|
||||
if lshr.IsFinalizing(&tenantMgrt) {
|
||||
return lshr.Finalize(ctx, r, patcher, &tenantMgrt, func() error {
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
|
||||
Namespace: tenantMgrt.Spec.TargetRef.Namespace,
|
||||
Name: tenantMgrt.Spec.TargetRef.Name,
|
||||
|
@ -91,6 +97,9 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
|
|||
secret.Namespace = "libresh-system"
|
||||
secret.Name = fmt.Sprintf("%s-dry-run.tenant-migration.portability.libre.sh", tenantMgrt.Name)
|
||||
err = lshr.CreateOrPatch(ctx, r, &secret, func() error {
|
||||
if secret.Data == nil {
|
||||
secret.Data = make(map[string][]byte)
|
||||
}
|
||||
secret.Data["tenant.json"] = t.Tenant
|
||||
for i, m := range t.ExtraManifests {
|
||||
secret.Data[fmt.Sprintf("manifest-%d.json", i)] = m
|
||||
|
@ -151,9 +160,11 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
|
|||
}
|
||||
for _, a := range appList.Apps {
|
||||
m := portabilityv1alpha1.Migration{}
|
||||
m.Namespace = tenantMgrt.Name
|
||||
m.Namespace = tenant.Name
|
||||
m.Name = a.Name
|
||||
m.Spec.Selectors = a.Selectors
|
||||
m.Spec.Suspend = !tenantMgrt.Spec.Propagate
|
||||
m.Spec.TargetRef = tenantMgrt.Spec.TargetRef
|
||||
err = r.Create(ctx, &m)
|
||||
if err != nil && !apierrors.IsAlreadyExists(err) {
|
||||
return ctrl.Result{}, err
|
||||
|
|
|
@ -58,6 +58,12 @@ func (r *WaderTargetReconciler) Reconcile(ctx context.Context, req ctrl.Request)
|
|||
return result.Unwrap()
|
||||
}
|
||||
|
||||
if lshr.IsFinalizing(&wtgt) {
|
||||
return lshr.Finalize(ctx, r, patcher, &wtgt, func() error {
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
var caCert certv1.Certificate
|
||||
lshr.SetResourceNamespacedName(&wtgt, &caCert, "ca")
|
||||
err := lshr.CreateOrPatch(ctx, r, &caCert, func() error {
|
||||
|
|
|
@ -93,7 +93,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
|
|||
conditions.MarkFalse(&cloneJob, step.conditionType(), meta.ProgressingReason, "")
|
||||
}
|
||||
if err := r.patch(ctx, patcher, &cloneJob); err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -122,7 +122,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
|
|||
}
|
||||
conditions.MarkTrue(&cloneJob, step.conditionType(), meta.SucceededReason, "")
|
||||
if err := r.patch(ctx, patcher, &cloneJob); err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -130,7 +130,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
|
|||
now := metav1.Now()
|
||||
cloneJob.Status.CompletionTime = &now
|
||||
if err := r.patch(ctx, patcher, &cloneJob); err != nil {
|
||||
return ctrl.Result{}, nil
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
}
|
||||
|
||||
|
|
30
pkg/keycloak/provider.go
Normal file
30
pkg/keycloak/provider.go
Normal file
|
@ -0,0 +1,30 @@
|
|||
/*
|
||||
Copyright 2024 IndieHosters.
|
||||
|
||||
Licensed under the EUPL, Version 1.2 or later (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package keycloak
|
||||
|
||||
import (
|
||||
configv1alpha1 "libre.sh/api/config/v1alpha1"
|
||||
)
|
||||
|
||||
func GetProvider(config configv1alpha1.KeycloakConfig, name string) *configv1alpha1.KeycloakProvider {
|
||||
for _, p := range config.Providers {
|
||||
if name == p.Name || (name == "" && config.Default == p.Name) {
|
||||
return &p
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
Loading…
Reference in a new issue