From d6dcc1864e9ae089dac12f6259c629623c8f4017 Mon Sep 17 00:00:00 2001
From: Anatoliy Bazko <abazko@redhat.com>
Date: Wed, 27 May 2020 15:22:23 +0300
Subject: [PATCH] Revert "Merge pull request #273 from eclipse/sslrequired"

This reverts commit 1a274ab172656f6334f9f0e62b6cf9df0a1af983, reversing
changes made to a0f108dcacfe1f3c93ceb1b3423a87bb59463889.
---
 pkg/controller/che/che_controller.go |  6 ++---
 pkg/controller/che/create.go         |  6 ++---
 pkg/controller/che/exec.go           | 37 ++++++++--------------------
 pkg/controller/che/update.go         |  6 ++---
 pkg/deploy/exec_commands.go          | 12 ---------
 templates/keycloak_provision         |  3 ++-
 6 files changed, 20 insertions(+), 50 deletions(-)

diff --git a/pkg/controller/che/che_controller.go b/pkg/controller/che/che_controller.go
index ee419c276..e0bc46614 100644
--- a/pkg/controller/che/che_controller.go
+++ b/pkg/controller/che/che_controller.go
@@ -630,8 +630,8 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
 					if err != nil {
 						return reconcile.Result{}, err
 					}
-					err = ExecIntoPod(podToExec, pgCommand, "create Keycloak DB, user, privileges", instance.Namespace)
-					if err == nil {
+					provisioned := ExecIntoPod(podToExec, pgCommand, "create Keycloak DB, user, privileges", instance.Namespace)
+					if provisioned {
 						for {
 							instance.Status.DbProvisoned = true
 							if err := r.UpdateCheCRStatus(instance, "status: provisioned with DB and user", "true"); err != nil &&
@@ -809,7 +809,6 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
 				keycloakRealmClientStatus := instance.Status.KeycloakProvisoned
 				if !keycloakRealmClientStatus {
 					if err := r.CreateKeycloakResources(instance, request, deploy.KeycloakDeploymentName); err != nil {
-						logrus.Error(err)
 						return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 5}, err
 					}
 				}
@@ -821,7 +820,6 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
 					openShiftIdentityProviderStatus := instance.Status.OpenShiftoAuthProvisioned
 					if !openShiftIdentityProviderStatus {
 						if err := r.CreateIdentityProviderItems(instance, request, cheFlavor, deploy.KeycloakDeploymentName, isOpenShift4); err != nil {
-							logrus.Error(err)
 							return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 5}, err
 						}
 					}
diff --git a/pkg/controller/che/create.go b/pkg/controller/che/create.go
index bbae00868..8008e1118 100644
--- a/pkg/controller/che/create.go
+++ b/pkg/controller/che/create.go
@@ -106,8 +106,8 @@ func (r *ReconcileChe) CreateIdentityProviderItems(instance *orgv1.CheCluster, r
 			logrus.Errorf("Failed to retrieve pod name. Further exec will fail")
 			return err
 		}
-		err = ExecIntoPod(podToExec, openShiftIdentityProviderCommand, "create OpenShift identity provider", instance.Namespace)
-		if err == nil {
+		provisioned := ExecIntoPod(podToExec, openShiftIdentityProviderCommand, "create OpenShift identity provider", instance.Namespace)
+		if provisioned {
 			for {
 				instance.Status.OpenShiftoAuthProvisioned = true
 				if err := r.UpdateCheCRStatus(instance, "status: provisioned with OpenShift identity provider", "true"); err != nil &&
@@ -118,7 +118,7 @@ func (r *ReconcileChe) CreateIdentityProviderItems(instance *orgv1.CheCluster, r
 				break
 			}
 		}
-		return err
+		return nil
 	}
 	return nil
 }
diff --git a/pkg/controller/che/exec.go b/pkg/controller/che/exec.go
index 7ff64d62f..0f694a97d 100644
--- a/pkg/controller/che/exec.go
+++ b/pkg/controller/che/exec.go
@@ -19,7 +19,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
 
-func ExecIntoPod(podName string, provisionCommand string, reason string, ns string) error {
+func ExecIntoPod(podName string, provisionCommand string, reason string, ns string) (provisioned bool) {
+
 	command := []string{"/bin/bash", "-c", provisionCommand}
 	logrus.Infof("Running exec to %s in pod %s", reason, podName)
 	// print std if operator is run in debug mode (TODO)
@@ -27,39 +28,21 @@ func ExecIntoPod(podName string, provisionCommand string, reason string, ns stri
 	if err != nil {
 		logrus.Errorf("Error exec'ing into pod: %v: , command: %s", err, command)
 		logrus.Errorf(stderr)
-		return err
+		return false
 	}
 	logrus.Info("Exec successfully completed")
-	return nil
+	return true
 }
 
 func (r *ReconcileChe) CreateKeycloakResources(instance *orgv1.CheCluster, request reconcile.Request, deploymentName string) (err error) {
-	command := deploy.GetSwitchSslRequiredToNoneCommand()
-	podToExec, err := k8sclient.GetDeploymentPod(deploy.PostgresDeploymentName, instance.Namespace)
-	if err != nil {
-		return err
-	}
-
-	err = ExecIntoPod(podToExec, command, "Set sslRequired=none for master realm.", instance.Namespace)
-	if err != nil {
-		return err
-	}
-
-	podToExec, err = k8sclient.GetDeploymentPod(deploymentName, instance.Namespace)
-	if err != nil {
-		return err
-	}
-
-	command = deploy.GetKeycloakReloadCommand(instance)
-	err = ExecIntoPod(podToExec, command, "Reload keycloak", instance.Namespace)
-	if err != nil {
-		return err
-	}
-
 	cheHost := instance.Spec.Server.CheHost
 	keycloakProvisionCommand := deploy.GetKeycloakProvisionCommand(instance, cheHost)
-	err = ExecIntoPod(podToExec, keycloakProvisionCommand, "create realm, client and user", instance.Namespace)
-	if err == nil {
+	podToExec, err := k8sclient.GetDeploymentPod(deploymentName, instance.Namespace)
+	if err != nil {
+		logrus.Errorf("Failed to retrieve pod name. Further exec will fail")
+	}
+	provisioned := ExecIntoPod(podToExec, keycloakProvisionCommand, "create realm, client and user", instance.Namespace)
+	if provisioned {
 		instance, err := r.GetCR(request)
 		if err != nil {
 			if errors.IsNotFound(err) {
diff --git a/pkg/controller/che/update.go b/pkg/controller/che/update.go
index c0d418f00..aa8c55e3b 100644
--- a/pkg/controller/che/update.go
+++ b/pkg/controller/che/update.go
@@ -53,10 +53,10 @@ func (r *ReconcileChe) ReconcileIdentityProvider(instance *orgv1.CheCluster, isO
 		deleteOpenShiftIdentityProviderProvisionCommand := deploy.GetDeleteOpenShiftIdentityProviderProvisionCommand(instance, isOpenShift4)
 		podToExec, err := k8sclient.GetDeploymentPod(keycloakDeployment.Name, instance.Namespace)
 		if err != nil {
-			return false, err
+			logrus.Errorf("Failed to retrieve pod name. Further exec will fail")
 		}
-		err = ExecIntoPod(podToExec, deleteOpenShiftIdentityProviderProvisionCommand, "delete OpenShift identity provider", instance.Namespace)
-		if err == nil {
+		provisioned := ExecIntoPod(podToExec, deleteOpenShiftIdentityProviderProvisionCommand, "delete OpenShift identity provider", instance.Namespace)
+		if provisioned {
 			oAuthClient := &oauth.OAuthClient{}
 			oAuthClientName := instance.Spec.Auth.OAuthClientName
 			if err := r.client.Get(context.TODO(), types.NamespacedName{Name: oAuthClientName, Namespace: ""}, oAuthClient); err != nil {
diff --git a/pkg/deploy/exec_commands.go b/pkg/deploy/exec_commands.go
index 1bbe98968..fc762644f 100644
--- a/pkg/deploy/exec_commands.go
+++ b/pkg/deploy/exec_commands.go
@@ -33,18 +33,6 @@ func GetPostgresProvisionCommand(identityProviderPostgresSecret string) (command
 	return command
 }
 
-func GetSwitchSslRequiredToNoneCommand() string {
-	return "psql keycloak -c \"update REALM set ssl_required='NONE' where id = 'master'\""
-}
-
-func GetKeycloakReloadCommand(cr *orgv1.CheCluster) string {
-	jbossCli := "/opt/jboss/keycloak/bin/jboss-cli.sh"
-	if DefaultCheFlavor(cr) == "codeready" {
-		jbossCli = "/opt/eap/bin/jboss-cli.sh"
-	}
-	return jbossCli + " --connect command=:reload"
-}
-
 func GetKeycloakProvisionCommand(cr *orgv1.CheCluster, cheHost string) (command string) {
 	requiredActions := ""
 	updateAdminPassword := cr.Spec.Auth.UpdateAdminPassword
diff --git a/templates/keycloak_provision b/templates/keycloak_provision
index a8872a98d..e1ec81278 100644
--- a/templates/keycloak_provision
+++ b/templates/keycloak_provision
@@ -2,6 +2,7 @@ $script config credentials --server http://0.0.0.0:8080/auth \
                                         --realm master \
                                         --user $keycloakAdminUserName \
                                         --password $keycloakAdminPassword \
+&& $script update realms/master -s sslRequired=none \
 && $script get realms/$keycloakRealm; \
 if [ $? -eq 0 ]; then echo "Realm exists"; exit 0; fi \
 && $script create realms  -s realm='$keycloakRealm' \
@@ -32,4 +33,4 @@ if [ $? -eq 0 ]; then echo "Realm exists"; exit 0; fi \
                                         --cclientid broker \
                                         --rolename read-token \
 && CLIENT_ID=$($script get clients -r '$keycloakRealm' -q clientId=broker | sed -n 's/.*"id" *: *"\([^"]\+\).*/\1/p') \
-&& $script update clients/$CLIENT_ID -r '$keycloakRealm' -s "defaultRoles+=read-token"
+&& $script update clients/$CLIENT_ID -r '$keycloakRealm' -s "defaultRoles+=read-token"
\ No newline at end of file