fix: various

2024-12-28 14:46:41 +00:00 · 2024-02-22 08:52:49 +01:00 · 2024-02-22 08:52:49 +01:00 · 17468a529f
commit 17468a529f
parent 40098a393d
13 changed files with 102 additions and 38 deletions
--- a/api/config/v1alpha1/keycloakconfig_types.go
+++ b/api/config/v1alpha1/keycloakconfig_types.go
@ -22,7 +22,7 @@ import (

 type KeycloakConfig struct {
 	Providers []KeycloakProvider `json:"providers"`
-	Default   string             `json:"default,omitempty"`
+	Default   string             `json:"default"`
 }

 type KeycloakProvider struct {
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,7 @@ go 1.21

 require (
 	github.com/Masterminds/semver/v3 v3.2.1
-	github.com/Nerzal/gocloak/v13 v13.8.0
+	github.com/Nerzal/gocloak/v13 v13.9.0
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/brittonhayes/glitter v0.2.0
 	github.com/cert-manager/cert-manager v1.13.3
@ -77,6 +77,7 @@ require (
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
--- a/go.sum
+++ b/go.sum
@ -11,8 +11,8 @@ github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF0
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
-github.com/Nerzal/gocloak/v13 v13.8.0 h1:7s9cK8X3vy8OIic+pG4POE9vGy02tSHkMhvWXv0P2m8=
-github.com/Nerzal/gocloak/v13 v13.8.0/go.mod h1:rRBtEdh5N0+JlZZEsrfZcB2sRMZWbgSxI2EIv9jpJp4=
+github.com/Nerzal/gocloak/v13 v13.9.0 h1:YWsJsdM5b0yhM2Ba3MLydiOlujkBry4TtdzfIzSVZhw=
+github.com/Nerzal/gocloak/v13 v13.9.0/go.mod h1:YYuDcXZ7K2zKECyVP7pPqjKxx2AzYSpKDj8d6GuyM10=
 github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
 github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
@ -131,6 +131,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
--- a/internal/controller/core/postgres_controller.go
+++ b/internal/controller/core/postgres_controller.go
@ -105,7 +105,7 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c

 	err = lshr.ObserveGenerationChange(ctx, r, patcher, &postgres)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}

 	var bucket lshcore.Bucket
--- a/internal/controller/core/tenant_controller.go
+++ b/internal/controller/core/tenant_controller.go
@ -77,27 +77,27 @@ func (r *TenantReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr

 	err = r.reconcileNamespace(ctx, &tenant)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}

 	err = r.reconcileTeapot(ctx, &tenant)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}

 	if lshr.IsImporting(&tenant) {
 		log.Info("Waiting for importation")
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}

 	mailbox, err := r.reconcileMailbox(ctx, &tenant)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}

 	realm, err := r.reconcileRealm(ctx, &tenant)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}

 	lshr.SetDependencyCondition(&tenant, mailbox, realm)
--- a/internal/controller/core/tenant_controller_teapot.go
+++ b/internal/controller/core/tenant_controller_teapot.go
@ -29,10 +29,10 @@ import (
 func (r *TenantReconciler) reconcileTeapot(ctx context.Context, tenant *lshcore.Tenant) error {
 	var service corev1.Service
 	service.Name = "lsh-teapot"
-	service.Namespace = tenant.Namespace
-	lshr.SetResourceNamespacedName(tenant, &service)
+	service.Namespace = tenant.Name
 	err := lshr.CreateOrPatch(ctx, r, &service, func() error {
 		lshr.ApplyLabels(tenant, &service, nil)
+		service.Spec.Type = corev1.ServiceTypeExternalName
 		service.Spec.ExternalName = "lsh-teapot.libresh-system.svc.cluster.local"
 		return controllerutil.SetControllerReference(tenant, &service, r.Scheme())
 	})
--- a/internal/controller/keycloak/realm_controller.go
+++ b/internal/controller/keycloak/realm_controller.go
@ -85,24 +85,13 @@ func (r *RealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 		})
 	}

-	var provider *configv1alpha1.KeycloakProvider
-
-	for _, p := range r.Config.Providers {
-		if len(realm.Spec.Provider) > 0 {
-			if realm.Spec.Provider == p.Name {
-				provider = &p
-			}
-		} else {
-			if r.Config.Default == p.Name {
-				provider = &p
-			}
-		}
-	}
-
+	provider := keycloak.GetProvider(r.Config, realm.Spec.Provider)
 	if provider == nil {
 		return internal.HandleError(ctx, r, patcher, &realm, errors.New("keycloak provider not provided"))
 	}

+	r.log.Info("Using provider " + provider.Name)
+
 	keycloakClient, err := keycloak.NewClientFromProvider(ctx, provider)
 	if err != nil {
 		return internal.HandleError(ctx, r, patcher, &realm, err)
@ -117,7 +106,7 @@ func (r *RealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 	if err != nil {
 		apiError := err.(*gocloak.APIError)
 		if apiError.Code == 404 && apiError.Message == "404 Not Found: Realm not found." {
-			log.Log.Info("Creating Realm")
+			log.Log.Info("Creating Realm " + realm.GetCurrentRealmName())
 			realmRepresentation := &gocloak.RealmRepresentation{}
 			MutateRealmRepresentation(realm, realmRepresentation)
 			_, err := keycloakClient.CreateRealm(ctx, keycloakClient.AccessToken(), *realmRepresentation)
@ -205,6 +194,8 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 		Enabled:  gocloak.BoolP(true),
 	}

+	fmt.Println(*user.Username)
+
 	getUsersParams := gocloak.GetUsersParams{
 		Username: user.Username,
 		Exact:    gocloak.BoolP(true),
@ -215,15 +206,23 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 		return err
 	}

+	fmt.Println(*user.Username)
+
+	for _, v := range users {
+		fmt.Println(*v.Username)
+	}
+
 	switch len(users) {
 	case 0:
 		r.log.Info(fmt.Sprintf("Creating realm user: %s", *user.Username))
+		fmt.Printf("%#v\n", user)
 		userID, err := keycloakClient.CreateUser(ctx, token, "master", user)
 		if err != nil {
 			return err
 		}
+		fmt.Println(user)
 		user.ID = gocloak.StringP(userID)
-		err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), *gocloak.BoolP(false))
+		err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), false)
 		if err != nil {
 			return err
 		}
@ -233,7 +232,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 		if err != nil {
 			apiError := err.(*gocloak.APIError)
 			if apiError.Code == 401 {
-				err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), *gocloak.BoolP(false))
+				err = keycloakClient.SetPassword(ctx, token, *user.ID, "master", string(secret.Data["password"]), false)
 				if err != nil {
 					return err
 				}
@ -245,7 +244,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 	}

 	getClientsParams := gocloak.GetClientsParams{
-		ClientID: gocloak.StringP(fmt.Sprintf("%s-realm", realm.Name)),
+		ClientID: gocloak.StringP(fmt.Sprintf("%s-realm", realm.GetRealmName())),
 	}
 	clients, err := keycloakClient.GetClients(ctx, token, "master", getClientsParams)
 	if err != nil {
@ -254,7 +253,7 @@ func (r *RealmReconciler) CreateOrUpdateRealmUser(ctx context.Context, keycloakC
 	}

 	if len(clients) != 1 {
-		return fmt.Errorf("multiple clients with clientID: %s", fmt.Sprintf("%s-realm", realm.Name))
+		return fmt.Errorf("multiple clients with clientID: %s", *getClientsParams.ClientID)
 	}

 	clientID := clients[0].ID
@ -602,7 +601,7 @@ func contains(s []string, str string) bool {
 }

 func MutateRealmRepresentation(realm keycloakv1alpha1.Realm, realmRepresentation *gocloak.RealmRepresentation) {
-	realmName := realm.GetName()
+	realmName := realm.GetRealmName()
 	realmRepresentation.Realm = &realmName

 	realmRepresentation.Enabled = gocloak.BoolP(!realm.Spec.Disable)
@ -640,7 +639,7 @@ func MutateRealmRepresentation(realm keycloakv1alpha1.Realm, realmRepresentation

 	// Following fields are only set at creation, modifications made in ui will prevail
 	if realmRepresentation.DisplayNameHTML == nil {
-		realmRepresentation.DisplayNameHTML = &realm.Name
+		realmRepresentation.DisplayNameHTML = &realmName
 	}

 	if realmRepresentation.ResetPasswordAllowed == nil {
--- a/internal/controller/portability/infrastructuremigration_controller.go
+++ b/internal/controller/portability/infrastructuremigration_controller.go
@ -63,6 +63,12 @@ func (r *InfrastructureMigrationReconciler) Reconcile(ctx context.Context, req c
 		return result.Unwrap()
 	}

+	if lshr.IsFinalizing(&infraMgrt) {
+		return lshr.Finalize(ctx, r, patcher, &infraMgrt, func() error {
+			return nil
+		})
+	}
+
 	c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
 		Namespace: infraMgrt.Spec.TargetRef.Namespace,
 		Name:      infraMgrt.Spec.TargetRef.Name,
--- a/internal/controller/portability/migration_controller.go
+++ b/internal/controller/portability/migration_controller.go
@ -61,6 +61,12 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		return result.Unwrap()
 	}

+	if lshr.IsFinalizing(&mgrt) {
+		return lshr.Finalize(ctx, r, patcher, &mgrt, func() error {
+			return nil
+		})
+	}
+
 	c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
 		Namespace: mgrt.Spec.TargetRef.Namespace,
 		Name:      mgrt.Spec.TargetRef.Name,
@ -92,6 +98,9 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		secret.Namespace = mgrt.Namespace
 		secret.Name = fmt.Sprintf("%s-dry-run.migration.portability.libre.sh", mgrt.Name)
 		err = lshr.CreateOrPatch(ctx, r, &secret, func() error {
+			if secret.Data == nil {
+				secret.Data = make(map[string][]byte)
+			}
 			secret.Data["app.json"] = manifestsResp.Application
 			for i, m := range manifestsResp.ExtraManifests {
 				secret.Data[fmt.Sprintf("manifest-%d.json", i)] = m
@ -163,7 +172,7 @@ func (r *MigrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 	clusterSecret := &corev1.Secret{}
 	err = r.Get(ctx, types.NamespacedName{Namespace: "libresh-system", Name: "cluster-settings"}, clusterSecret)
 	if err != nil {
-		return ctrl.Result{}, nil
+		return ctrl.Result{}, err
 	}

 	if clusterSecret.Data["CLUSTER_DOMAIN"] == nil {
--- a/internal/controller/portability/tenantmigration_controller.go
+++ b/internal/controller/portability/tenantmigration_controller.go
@ -71,6 +71,12 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		return result.Unwrap()
 	}

+	if lshr.IsFinalizing(&tenantMgrt) {
+		return lshr.Finalize(ctx, r, patcher, &tenantMgrt, func() error {
+			return nil
+		})
+	}
+
 	c, err := migration.NewWaderServiceClient(ctx, r, types.NamespacedName{
 		Namespace: tenantMgrt.Spec.TargetRef.Namespace,
 		Name:      tenantMgrt.Spec.TargetRef.Name,
@ -91,6 +97,9 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		secret.Namespace = "libresh-system"
 		secret.Name = fmt.Sprintf("%s-dry-run.tenant-migration.portability.libre.sh", tenantMgrt.Name)
 		err = lshr.CreateOrPatch(ctx, r, &secret, func() error {
+			if secret.Data == nil {
+				secret.Data = make(map[string][]byte)
+			}
 			secret.Data["tenant.json"] = t.Tenant
 			for i, m := range t.ExtraManifests {
 				secret.Data[fmt.Sprintf("manifest-%d.json", i)] = m
@ -151,9 +160,11 @@ func (r *TenantMigrationReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 	}
 	for _, a := range appList.Apps {
 		m := portabilityv1alpha1.Migration{}
-		m.Namespace = tenantMgrt.Name
+		m.Namespace = tenant.Name
 		m.Name = a.Name
+		m.Spec.Selectors = a.Selectors
 		m.Spec.Suspend = !tenantMgrt.Spec.Propagate
+		m.Spec.TargetRef = tenantMgrt.Spec.TargetRef
 		err = r.Create(ctx, &m)
 		if err != nil && !apierrors.IsAlreadyExists(err) {
 			return ctrl.Result{}, err
--- a/internal/controller/portability/wadertarget_controller.go
+++ b/internal/controller/portability/wadertarget_controller.go
@ -58,6 +58,12 @@ func (r *WaderTargetReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return result.Unwrap()
 	}

+	if lshr.IsFinalizing(&wtgt) {
+		return lshr.Finalize(ctx, r, patcher, &wtgt, func() error {
+			return nil
+		})
+	}
+
 	var caCert certv1.Certificate
 	lshr.SetResourceNamespacedName(&wtgt, &caCert, "ca")
 	err := lshr.CreateOrPatch(ctx, r, &caCert, func() error {
--- a/internal/controller/postgres/clonejob_controller.go
+++ b/internal/controller/postgres/clonejob_controller.go
@ -93,7 +93,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 			conditions.MarkFalse(&cloneJob, step.conditionType(), meta.ProgressingReason, "")
 		}
 		if err := r.patch(ctx, patcher, &cloneJob); err != nil {
-			return ctrl.Result{}, nil
+			return ctrl.Result{}, err
 		}
 	}

@ -122,7 +122,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		}
 		conditions.MarkTrue(&cloneJob, step.conditionType(), meta.SucceededReason, "")
 		if err := r.patch(ctx, patcher, &cloneJob); err != nil {
-			return ctrl.Result{}, nil
+			return ctrl.Result{}, err
 		}
 	}

@ -130,7 +130,7 @@ func (r *CloneJobReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		now := metav1.Now()
 		cloneJob.Status.CompletionTime = &now
 		if err := r.patch(ctx, patcher, &cloneJob); err != nil {
-			return ctrl.Result{}, nil
+			return ctrl.Result{}, err
 		}
 	}

--- a/pkg/keycloak/provider.go
+++ b/pkg/keycloak/provider.go
@ -0,0 +1,30 @@
+/*
+Copyright 2024 IndieHosters.
+
+Licensed under the EUPL, Version 1.2 or later (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package keycloak
+
+import (
+	configv1alpha1 "libre.sh/api/config/v1alpha1"
+)
+
+func GetProvider(config configv1alpha1.KeycloakConfig, name string) *configv1alpha1.KeycloakProvider {
+	for _, p := range config.Providers {
+		if name == p.Name || (name == "" && config.Default == p.Name) {
+			return &p
+		}
+	}
+	return nil
+}