Add Realm ressource

2021-01-10 17:06:01 +01:00 · 2021-01-10 17:06:01 +01:00 · 720a47fd86
parent 19936251d0
commit 720a47fd86
17 changed files with 493 additions and 0 deletions
--- a/5
+++ b/5
@ -2,6 +2,11 @@ domain: bitmask.me
 layout: go.kubebuilder.io/v3
 projectName: keycloak-operator
 repo: git.zom.bi/images/keycloak-operator
+resources:
+- crdVersion: v1
+  group: keycloak
+  kind: KeycloakRealm
+  version: v1alpha1
 version: 3-alpha
 plugins:
  manifests.sdk.operatorframework.io/v2: {}
--- a/README.md
+++ b/README.md
@ -5,4 +5,5 @@ scaffolded with
 ```console
 operator-sdk init --domain=bitmask.me --repo=git.zom.bi/images/keycloak-operator
 # Edit Manager options to watch all namespaces (Namespace: "")
+operator-sdk create api --group=keycloak --version=v1alpha1 --kind=KeycloakRealm
 ```
--- a/api/v1alpha1/groupversion_info.go
+++ b/api/v1alpha1/groupversion_info.go
@ -0,0 +1,36 @@
+/*
+Copyright 2021.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the keycloak v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=keycloak.bitmask.me
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "keycloak.bitmask.me", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
--- a/api/v1alpha1/keycloakrealm_types.go
+++ b/api/v1alpha1/keycloakrealm_types.go
@ -0,0 +1,64 @@
+/*
+Copyright 2021.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// KeycloakRealmSpec defines the desired state of KeycloakRealm
+type KeycloakRealmSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of KeycloakRealm. Edit KeycloakRealm_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+
+// KeycloakRealmStatus defines the observed state of KeycloakRealm
+type KeycloakRealmStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// KeycloakRealm is the Schema for the keycloakrealms API
+type KeycloakRealm struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   KeycloakRealmSpec   `json:"spec,omitempty"`
+	Status KeycloakRealmStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// KeycloakRealmList contains a list of KeycloakRealm
+type KeycloakRealmList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []KeycloakRealm `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&KeycloakRealm{}, &KeycloakRealmList{})
+}
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@ -0,0 +1,114 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2021.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KeycloakRealm) DeepCopyInto(out *KeycloakRealm) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakRealm.
+func (in *KeycloakRealm) DeepCopy() *KeycloakRealm {
+	if in == nil {
+		return nil
+	}
+	out := new(KeycloakRealm)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *KeycloakRealm) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KeycloakRealmList) DeepCopyInto(out *KeycloakRealmList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]KeycloakRealm, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakRealmList.
+func (in *KeycloakRealmList) DeepCopy() *KeycloakRealmList {
+	if in == nil {
+		return nil
+	}
+	out := new(KeycloakRealmList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *KeycloakRealmList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KeycloakRealmSpec) DeepCopyInto(out *KeycloakRealmSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakRealmSpec.
+func (in *KeycloakRealmSpec) DeepCopy() *KeycloakRealmSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(KeycloakRealmSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KeycloakRealmStatus) DeepCopyInto(out *KeycloakRealmStatus) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakRealmStatus.
+func (in *KeycloakRealmStatus) DeepCopy() *KeycloakRealmStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(KeycloakRealmStatus)
+	in.DeepCopyInto(out)
+	return out
+}
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@ -0,0 +1,21 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/keycloak.bitmask.me_keycloakrealms.yaml
+# +kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_keycloakrealms.yaml
+# +kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_keycloakrealms.yaml
+# +kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml
--- a/config/crd/kustomizeconfig.yaml
+++ b/config/crd/kustomizeconfig.yaml
@ -0,0 +1,19 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  version: v1
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhook/clientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations
--- a/config/crd/patches/cainjection_in_keycloakrealms.yaml
+++ b/config/crd/patches/cainjection_in_keycloakrealms.yaml
@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: keycloakrealms.keycloak.bitmask.me
--- a/config/crd/patches/webhook_in_keycloakrealms.yaml
+++ b/config/crd/patches/webhook_in_keycloakrealms.yaml
@ -0,0 +1,14 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: keycloakrealms.keycloak.bitmask.me
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
--- a/config/rbac/keycloakrealm_editor_role.yaml
+++ b/config/rbac/keycloakrealm_editor_role.yaml
@ -0,0 +1,24 @@
+# permissions for end users to edit keycloakrealms.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: keycloakrealm-editor-role
+rules:
+- apiGroups:
+  - keycloak.bitmask.me
+  resources:
+  - keycloakrealms
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - keycloak.bitmask.me
+  resources:
+  - keycloakrealms/status
+  verbs:
+  - get
--- a/config/rbac/keycloakrealm_viewer_role.yaml
+++ b/config/rbac/keycloakrealm_viewer_role.yaml
@ -0,0 +1,20 @@
+# permissions for end users to view keycloakrealms.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: keycloakrealm-viewer-role
+rules:
+- apiGroups:
+  - keycloak.bitmask.me
+  resources:
+  - keycloakrealms
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - keycloak.bitmask.me
+  resources:
+  - keycloakrealms/status
+  verbs:
+  - get
--- a/config/samples/keycloak_v1alpha1_keycloakrealm.yaml
+++ b/config/samples/keycloak_v1alpha1_keycloakrealm.yaml
@ -0,0 +1,7 @@
+apiVersion: keycloak.bitmask.me/v1alpha1
+kind: KeycloakRealm
+metadata:
+  name: keycloakrealm-sample
+spec:
+  # Add fields here
+  foo: bar
--- a/config/samples/kustomization.yaml
+++ b/config/samples/kustomization.yaml
@ -0,0 +1,4 @@
+## Append samples you want in your CSV to this file as resources ##
+resources:
+- keycloak_v1alpha1_keycloakrealm.yaml
+# +kubebuilder:scaffold:manifestskustomizesamples
--- a/controllers/keycloakrealm_controller.go
+++ b/controllers/keycloakrealm_controller.go
@ -0,0 +1,63 @@
+/*
+Copyright 2021.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"context"
+
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	keycloakv1alpha1 "git.zom.bi/images/keycloak-operator/api/v1alpha1"
+)
+
+// KeycloakRealmReconciler reconciles a KeycloakRealm object
+type KeycloakRealmReconciler struct {
+	client.Client
+	Log    logr.Logger
+	Scheme *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms/finalizers,verbs=update
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the KeycloakRealm object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.7.0/pkg/reconcile
+func (r *KeycloakRealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	_ = r.Log.WithValues("keycloakrealm", req.NamespacedName)
+
+	// your logic here
+
+	return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *KeycloakRealmReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&keycloakv1alpha1.KeycloakRealm{}).
+		Complete(r)
+}
--- a/controllers/suite_test.go
+++ b/controllers/suite_test.go
@ -0,0 +1,79 @@
+/*
+Copyright 2021.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"path/filepath"
+	"testing"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	"sigs.k8s.io/controller-runtime/pkg/envtest/printer"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+
+	keycloakv1alpha1 "git.zom.bi/images/keycloak-operator/api/v1alpha1"
+	// +kubebuilder:scaffold:imports
+)
+
+// These tests use Ginkgo (BDD-style Go testing framework). Refer to
+// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
+
+var cfg *rest.Config
+var k8sClient client.Client
+var testEnv *envtest.Environment
+
+func TestAPIs(t *testing.T) {
+	RegisterFailHandler(Fail)
+
+	RunSpecsWithDefaultAndCustomReporters(t,
+		"Controller Suite",
+		[]Reporter{printer.NewlineReporter{}})
+}
+
+var _ = BeforeSuite(func() {
+	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
+
+	By("bootstrapping test environment")
+	testEnv = &envtest.Environment{
+		CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")},
+	}
+
+	cfg, err := testEnv.Start()
+	Expect(err).NotTo(HaveOccurred())
+	Expect(cfg).NotTo(BeNil())
+
+	err = keycloakv1alpha1.AddToScheme(scheme.Scheme)
+	Expect(err).NotTo(HaveOccurred())
+
+	// +kubebuilder:scaffold:scheme
+
+	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
+	Expect(err).NotTo(HaveOccurred())
+	Expect(k8sClient).NotTo(BeNil())
+
+}, 60)
+
+var _ = AfterSuite(func() {
+	By("tearing down the test environment")
+	err := testEnv.Stop()
+	Expect(err).NotTo(HaveOccurred())
+})
--- a/go.mod
+++ b/go.mod
@ -3,6 +3,9 @@ module git.zom.bi/images/keycloak-operator
 go 1.15

 require (
+	github.com/go-logr/logr v0.3.0
+	github.com/onsi/ginkgo v1.14.1
+	github.com/onsi/gomega v1.10.2
 	k8s.io/apimachinery v0.19.2
 	k8s.io/client-go v0.19.2
 	sigs.k8s.io/controller-runtime v0.7.0
--- a/main.go
+++ b/main.go
@ -30,6 +30,9 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+
+	keycloakv1alpha1 "git.zom.bi/images/keycloak-operator/api/v1alpha1"
+	"git.zom.bi/images/keycloak-operator/controllers"
 	// +kubebuilder:scaffold:imports
 )

@ -41,6 +44,7 @@ var (
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))

+	utilruntime.Must(keycloakv1alpha1.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }

@ -75,6 +79,14 @@ func main() {
 		os.Exit(1)
 	}

+	if err = (&controllers.KeycloakRealmReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("controllers").WithName("KeycloakRealm"),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "KeycloakRealm")
+		os.Exit(1)
+	}
 	// +kubebuilder:scaffold:builder

 	if err := mgr.AddHealthzCheck("health", healthz.Ping); err != nil {