/* Copyright 2021. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package controllers import ( "context" "github.com/Nerzal/gocloak/v7" "github.com/go-logr/logr" apierrs "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" keycloakv1alpha1 "git.zom.bi/images/keycloak-operator/api/v1alpha1" "git.zom.bi/images/keycloak-operator/controllers/keycloak" ) const ( // FinalizerName is the Name of our finalizer used by this package FinalizerName = "finalizer.keycloak.bitmask.me" ) // KeycloakRealmReconciler reconciles a KeycloakRealm object type KeycloakRealmReconciler struct { client.Client Keycloak *keycloak.Keycloak Log logr.Logger Scheme *runtime.Scheme } // +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms/status,verbs=get;update;patch // +kubebuilder:rbac:groups=keycloak.bitmask.me,resources=keycloakrealms/finalizers,verbs=update // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. // For more details, check Reconcile and its Result here: // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.7.0/pkg/reconcile func (r *KeycloakRealmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { log := r.Log.WithValues("keycloakrealm", req.NamespacedName) log.Info("reconciling") // We get the information from the CRD var realm keycloakv1alpha1.KeycloakRealm if err := r.Get(ctx, req.NamespacedName, &realm); err != nil { if apierrs.IsNotFound(err) { // Realm is already deleted via finalizer. return ctrl.Result{}, nil } } if !realm.ObjectMeta.DeletionTimestamp.IsZero() { // is in the process of being deleted if containsString(realm.ObjectMeta.Finalizers, FinalizerName) { // our finalizer is present, so lets handle any external dependency // We do not want to delete anything, so we just disable the realm. disabled := gocloak.RealmRepresentation{Realm: &realm.Spec.RealmName, Enabled: gocloak.BoolP(false)} err := r.Keycloak.UpdateRealm(ctx, disabled) if err != nil { // if fail to delete the external dependency here, return with error // so that it can be retried return ctrl.Result{}, err } // remove our finalizer from the list and update it. realm.ObjectMeta.Finalizers = removeString(realm.ObjectMeta.Finalizers, FinalizerName) if err := r.Update(ctx, &realm); err != nil { return ctrl.Result{}, err } log.Info("Deleted the realm") } // done return ctrl.Result{}, nil } // Its not being deleted, so we seize the moment to take ownership. if !containsString(realm.ObjectMeta.Finalizers, FinalizerName) { typeMeta := realm.TypeMeta realm.ObjectMeta.Finalizers = append(realm.ObjectMeta.Finalizers, FinalizerName) if err := r.Update(ctx, &realm); err != nil { return ctrl.Result{}, err } // restore the TypeMeta object as it is removed during Update, but need to be accessed later realm.TypeMeta = typeMeta } // Convert Realm keycloakRealm, err := ConvertToRealm(realm) if err != nil { log.Error(err, "Could not convert realm") return ctrl.Result{}, err } err = r.Keycloak.CreateRealm(ctx, keycloakRealm) if err != nil { // try updating instead err := r.Keycloak.UpdateRealm(ctx, keycloakRealm) if err != nil { log.Error(err, "Could not create/update realm") return ctrl.Result{}, err } log.Info("Updated the realm") return ctrl.Result{}, nil } realm.Status.Available = true r.Status().Update(ctx, &realm) log.Info("Successfully created realm") return ctrl.Result{}, nil } // SetupWithManager sets up the controller with the Manager. func (r *KeycloakRealmReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&keycloakv1alpha1.KeycloakRealm{}). Complete(r) }