Merge pull request #135 from vshn/keycloak/internal_admin

Add external admin account
vshn · Mar 4, 2024 · 9d2837b · 9d2837b
2 parents 65fa607 + e5349a6
commit 9d2837b
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 13 deletions.
diff --git a/apis/vshn/v1/dbaas_vshn_keycloak.go b/apis/vshn/v1/dbaas_vshn_keycloak.go
@@ -85,8 +85,8 @@ type VSHNKeycloakServiceSpec struct {
 	// +kubebuilder:default="/"
 	RelativePath string `json:"relativePath,omitempty"`
 
-	// +kubebuilder:validation:Enum="23.0.5-202402021353-44-af6cea11"
-	// +kubebuilder:default="23.0.5-202402021353-44-af6cea11"
+	// +kubebuilder:validation:Enum="23"
+	// +kubebuilder:default="23"
 
 	// Version contains supported version of keycloak.
 	// Multiple versions are supported. The latest version 23 is the default version.

diff --git a/crds/vshn.appcat.vshn.io_vshnkeycloaks.yaml b/crds/vshn.appcat.vshn.io_vshnkeycloaks.yaml
@@ -3725,10 +3725,10 @@ spec:
                             - guaranteed
                           type: string
                         version:
-                          default: 23.0.5-202402021353-44-af6cea11
+                          default: "23"
                           description: Version contains supported version of keycloak. Multiple versions are supported. The latest version 23 is the default version.
                           enum:
-                            - 23.0.5-202402021353-44-af6cea11
+                            - "23"
                           type: string
                       type: object
                       default: {}

diff --git a/crds/vshn.appcat.vshn.io_xvshnkeycloaks.yaml b/crds/vshn.appcat.vshn.io_xvshnkeycloaks.yaml
@@ -5957,12 +5957,12 @@ spec:
                         - guaranteed
                         type: string
                       version:
-                        default: 23.0.5-202402021353-44-af6cea11
+                        default: "23"
                         description: Version contains supported version of keycloak.
                           Multiple versions are supported. The latest version 23 is
                           the default version.
                         enum:
-                        - 23.0.5-202402021353-44-af6cea11
+                        - "23"
                         type: string
                     type: object
                   size:

diff --git a/pkg/comp-functions/functions/common/maintenance/maintenance.go b/pkg/comp-functions/functions/common/maintenance/maintenance.go
@@ -337,7 +337,7 @@ func SetReleaseVersion(ctx context.Context, version string, desiredValues map[st
 
 	if observedVersion.GTE(desiredVersion) {
 		// In case the overved tag is valid and greater than the desired version, keep the observed version
-		return observedVersion.String(), unstructured.SetNestedField(desiredValues, tag, fields...)
+		return tag, unstructured.SetNestedField(desiredValues, tag, fields...)
 	}
 	// In case the observed tag is smaller than the desired version,  then set the version from the claim
 	return version, unstructured.SetNestedField(desiredValues, version, fields...)

diff --git a/pkg/comp-functions/functions/vshnkeycloak/deploy.go b/pkg/comp-functions/functions/vshnkeycloak/deploy.go
@@ -27,9 +27,13 @@ import (
 )
 
 const (
-	pgInstanceNameSuffix          = "-pg"
-	pgSecretName                  = "pg-creds"
-	adminPWSecretField            = "password"
+	pgInstanceNameSuffix = "-pg"
+	pgSecretName         = "pg-creds"
+	// Each instance has two admin accounts by default.
+	// One that's exposed to the user and one that's kept internally.
+	// The internal one is used for scripts within the keycloak image to handle various configurations.
+	internalAdminPWSecretField    = "internalAdminPassword"
+	adminPWSecretField            = "adminPassword"
 	adminPWConnectionDetailsField = "KEYCLOAK_PASSWORD"
 	adminConnectionDetailsField   = "KEYCLOAK_USERNAME"
 	hostConnectionDetailsField    = "KEYCLOAK_HOST"
@@ -91,7 +95,7 @@ func DeployKeycloak(ctx context.Context, svc *runtime.ServiceRuntime) *xfnproto.
 
 	svc.Log.Info("Adding release")
 
-	adminSecret, err := common.AddCredentialsSecret(comp, svc, []string{adminPWSecretField})
+	adminSecret, err := common.AddCredentialsSecret(comp, svc, []string{internalAdminPWSecretField, adminPWSecretField})
 	if err != nil {
 		return runtime.NewWarningResult(fmt.Sprintf("cannot generate admin secret: %s", err))
 	}
@@ -237,10 +241,23 @@ func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VS
 	extraEnvMap := []map[string]any{
 		{
 			"name":  "KEYCLOAK_ADMIN",
-			"value": "admin",
+			"value": "internaladmin",
 		},
 		{
 			"name": "KEYCLOAK_ADMIN_PASSWORD",
+			"valueFrom": map[string]any{
+				"secretKeyRef": map[string]any{
+					"name": adminSecret,
+					"key":  internalAdminPWSecretField,
+				},
+			},
+		},
+		{
+			"name":  "KEYCLOAK_MANAGED",
+			"value": "admin",
+		},
+		{
+			"name": "KEYCLOAK_MANAGED_PASSWORD",
 			"valueFrom": map[string]any{
 				"secretKeyRef": map[string]any{
 					"name": adminSecret,

diff --git a/pkg/maintenance/keycloak.go b/pkg/maintenance/keycloak.go
@@ -35,5 +35,5 @@ func (m *Keycloak) DoMaintenance(ctx context.Context) error {
 
 	valuesPath := helm.NewValuePath("image", "tag")
 
-	return patcher.DoMaintenance(ctx, keycloakURL, valuesPath, helm.SemVerPatchesOnly(false))
+	return patcher.DoMaintenance(ctx, keycloakURL, valuesPath, helm.SemVerPatchesOnly(true))
 }