Merge pull request #277 from eclipse/revert
Revert "Merge pull request #273 from eclipse/sslrequired"pull/279/head
Anatolii Bazko
GitHub
commit
dccf8d2a1f
|
|
@ -630,8 +630,8 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
if err != nil {
|
||||
return reconcile.Result{}, err
|
||||
}
|
||||
err = ExecIntoPod(podToExec, pgCommand, "create Keycloak DB, user, privileges", instance.Namespace)
|
||||
if err == nil {
|
||||
provisioned := ExecIntoPod(podToExec, pgCommand, "create Keycloak DB, user, privileges", instance.Namespace)
|
||||
if provisioned {
|
||||
for {
|
||||
instance.Status.DbProvisoned = true
|
||||
if err := r.UpdateCheCRStatus(instance, "status: provisioned with DB and user", "true"); err != nil &&
|
||||
|
|
@ -809,7 +809,6 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
keycloakRealmClientStatus := instance.Status.KeycloakProvisoned
|
||||
if !keycloakRealmClientStatus {
|
||||
if err := r.CreateKeycloakResources(instance, request, deploy.KeycloakDeploymentName); err != nil {
|
||||
logrus.Error(err)
|
||||
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 5}, err
|
||||
}
|
||||
}
|
||||
|
|
@ -821,7 +820,6 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
openShiftIdentityProviderStatus := instance.Status.OpenShiftoAuthProvisioned
|
||||
if !openShiftIdentityProviderStatus {
|
||||
if err := r.CreateIdentityProviderItems(instance, request, cheFlavor, deploy.KeycloakDeploymentName, isOpenShift4); err != nil {
|
||||
logrus.Error(err)
|
||||
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 5}, err
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -106,8 +106,8 @@ func (r *ReconcileChe) CreateIdentityProviderItems(instance *orgv1.CheCluster, r
|
|||
logrus.Errorf("Failed to retrieve pod name. Further exec will fail")
|
||||
return err
|
||||
}
|
||||
err = ExecIntoPod(podToExec, openShiftIdentityProviderCommand, "create OpenShift identity provider", instance.Namespace)
|
||||
if err == nil {
|
||||
provisioned := ExecIntoPod(podToExec, openShiftIdentityProviderCommand, "create OpenShift identity provider", instance.Namespace)
|
||||
if provisioned {
|
||||
for {
|
||||
instance.Status.OpenShiftoAuthProvisioned = true
|
||||
if err := r.UpdateCheCRStatus(instance, "status: provisioned with OpenShift identity provider", "true"); err != nil &&
|
||||
|
|
@ -118,7 +118,7 @@ func (r *ReconcileChe) CreateIdentityProviderItems(instance *orgv1.CheCluster, r
|
|||
break
|
||||
}
|
||||
}
|
||||
return err
|
||||
return nil
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,8 @@ import (
|
|||
"sigs.k8s.io/controller-runtime/pkg/reconcile"
|
||||
)
|
||||
|
||||
func ExecIntoPod(podName string, provisionCommand string, reason string, ns string) error {
|
||||
func ExecIntoPod(podName string, provisionCommand string, reason string, ns string) (provisioned bool) {
|
||||
|
||||
command := []string{"/bin/bash", "-c", provisionCommand}
|
||||
logrus.Infof("Running exec to %s in pod %s", reason, podName)
|
||||
// print std if operator is run in debug mode (TODO)
|
||||
|
|
@ -27,39 +28,21 @@ func ExecIntoPod(podName string, provisionCommand string, reason string, ns stri
|
|||
if err != nil {
|
||||
logrus.Errorf("Error exec'ing into pod: %v: , command: %s", err, command)
|
||||
logrus.Errorf(stderr)
|
||||
return err
|
||||
return false
|
||||
}
|
||||
logrus.Info("Exec successfully completed")
|
||||
return nil
|
||||
return true
|
||||
}
|
||||
|
||||
func (r *ReconcileChe) CreateKeycloakResources(instance *orgv1.CheCluster, request reconcile.Request, deploymentName string) (err error) {
|
||||
command := deploy.GetSwitchSslRequiredToNoneCommand()
|
||||
podToExec, err := k8sclient.GetDeploymentPod(deploy.PostgresDeploymentName, instance.Namespace)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = ExecIntoPod(podToExec, command, "Set sslRequired=none for master realm.", instance.Namespace)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
podToExec, err = k8sclient.GetDeploymentPod(deploymentName, instance.Namespace)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
command = deploy.GetKeycloakReloadCommand(instance)
|
||||
err = ExecIntoPod(podToExec, command, "Reload keycloak", instance.Namespace)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cheHost := instance.Spec.Server.CheHost
|
||||
keycloakProvisionCommand := deploy.GetKeycloakProvisionCommand(instance, cheHost)
|
||||
err = ExecIntoPod(podToExec, keycloakProvisionCommand, "create realm, client and user", instance.Namespace)
|
||||
if err == nil {
|
||||
podToExec, err := k8sclient.GetDeploymentPod(deploymentName, instance.Namespace)
|
||||
if err != nil {
|
||||
logrus.Errorf("Failed to retrieve pod name. Further exec will fail")
|
||||
}
|
||||
provisioned := ExecIntoPod(podToExec, keycloakProvisionCommand, "create realm, client and user", instance.Namespace)
|
||||
if provisioned {
|
||||
instance, err := r.GetCR(request)
|
||||
if err != nil {
|
||||
if errors.IsNotFound(err) {
|
||||
|
|
|
|||
|
|
@ -53,10 +53,10 @@ func (r *ReconcileChe) ReconcileIdentityProvider(instance *orgv1.CheCluster, isO
|
|||
deleteOpenShiftIdentityProviderProvisionCommand := deploy.GetDeleteOpenShiftIdentityProviderProvisionCommand(instance, isOpenShift4)
|
||||
podToExec, err := k8sclient.GetDeploymentPod(keycloakDeployment.Name, instance.Namespace)
|
||||
if err != nil {
|
||||
return false, err
|
||||
logrus.Errorf("Failed to retrieve pod name. Further exec will fail")
|
||||
}
|
||||
err = ExecIntoPod(podToExec, deleteOpenShiftIdentityProviderProvisionCommand, "delete OpenShift identity provider", instance.Namespace)
|
||||
if err == nil {
|
||||
provisioned := ExecIntoPod(podToExec, deleteOpenShiftIdentityProviderProvisionCommand, "delete OpenShift identity provider", instance.Namespace)
|
||||
if provisioned {
|
||||
oAuthClient := &oauth.OAuthClient{}
|
||||
oAuthClientName := instance.Spec.Auth.OAuthClientName
|
||||
if err := r.client.Get(context.TODO(), types.NamespacedName{Name: oAuthClientName, Namespace: ""}, oAuthClient); err != nil {
|
||||
|
|
|
|||
|
|
@ -33,18 +33,6 @@ func GetPostgresProvisionCommand(identityProviderPostgresSecret string) (command
|
|||
return command
|
||||
}
|
||||
|
||||
func GetSwitchSslRequiredToNoneCommand() string {
|
||||
return "psql keycloak -c \"update REALM set ssl_required='NONE' where id = 'master'\""
|
||||
}
|
||||
|
||||
func GetKeycloakReloadCommand(cr *orgv1.CheCluster) string {
|
||||
jbossCli := "/opt/jboss/keycloak/bin/jboss-cli.sh"
|
||||
if DefaultCheFlavor(cr) == "codeready" {
|
||||
jbossCli = "/opt/eap/bin/jboss-cli.sh"
|
||||
}
|
||||
return jbossCli + " --connect command=:reload"
|
||||
}
|
||||
|
||||
func GetKeycloakProvisionCommand(cr *orgv1.CheCluster, cheHost string) (command string) {
|
||||
requiredActions := ""
|
||||
updateAdminPassword := cr.Spec.Auth.UpdateAdminPassword
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ $script config credentials --server http://0.0.0.0:8080/auth \
|
|||
--realm master \
|
||||
--user $keycloakAdminUserName \
|
||||
--password $keycloakAdminPassword \
|
||||
&& $script update realms/master -s sslRequired=none \
|
||||
&& $script get realms/$keycloakRealm; \
|
||||
if [ $? -eq 0 ]; then echo "Realm exists"; exit 0; fi \
|
||||
&& $script create realms -s realm='$keycloakRealm' \
|
||||
|
|
@ -32,4 +33,4 @@ if [ $? -eq 0 ]; then echo "Realm exists"; exit 0; fi \
|
|||
--cclientid broker \
|
||||
--rolename read-token \
|
||||
&& CLIENT_ID=$($script get clients -r '$keycloakRealm' -q clientId=broker | sed -n 's/.*"id" *: *"\([^"]\+\).*/\1/p') \
|
||||
&& $script update clients/$CLIENT_ID -r '$keycloakRealm' -s "defaultRoles+=read-token"
|
||||
&& $script update clients/$CLIENT_ID -r '$keycloakRealm' -s "defaultRoles+=read-token"
|
||||
Loading…
Reference in New Issue