Merge pull request 'OZG-4881 - update user toggle' (#13) from...

Merge pull request 'OZG-4881 - update user toggle' (#13) from OZG-4881-keycloak-passwort-reset-fix into master

Reviewed-on: https://git.ozg-sh.de/ozgcloud-devops/operator/pulls/13

ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserService.java

@@ -26,6 +26,7 @@ package de.ozgcloud.operator.keycloak.user;
 import java.util.Optional;
 
 import org.apache.commons.lang3.StringUtils;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.springframework.stereotype.Component;
 
 import lombok.RequiredArgsConstructor;
@@ -42,14 +43,28 @@ class KeycloakUserService {
 
 	public void createOrUpdateUser(OzgCloudKeycloakUserSpec userSpec, String namespace) {
 
+		createAndSetUserPasswordIfNotExists(userSpec, namespace);
+
+		remoteService.getUserByName(userSpec.getKeycloakUser().getUsername(), namespace)
+				.ifPresentOrElse(existingUser -> updateUser(userSpec, namespace, existingUser),
+						() -> createUser(userSpec, namespace));
+	}
+
+	void createAndSetUserPasswordIfNotExists(OzgCloudKeycloakUserSpec userSpec, String namespace) {
 		if (userHasNoPassword(userSpec, namespace)) {
 			var secret = userSecretService.getOrCreateClusterSecret(userSpec, namespace);
 			userSpec.getKeycloakUser().setPassword(userSecretService.getPasswordFromSecret(secret));
 		}
+	}
 
-		remoteService.getUserByName(userSpec.getKeycloakUser().getUsername(), namespace)
-				.ifPresentOrElse(existingUser -> remoteService.updateUser(userMapper.update(existingUser, userSpec), namespace),
-						() -> remoteService.createUser(userMapper.map(userSpec), namespace));
+	void updateUser(OzgCloudKeycloakUserSpec userSpec, String namespace, UserRepresentation existingUser) {
+		if (userSpec.isUpdateUser()) {
+			remoteService.updateUser(userMapper.update(existingUser, userSpec), namespace);
+		}
+	}
+
+	void createUser(OzgCloudKeycloakUserSpec userSpec, String namespace) {
+		remoteService.createUser(userMapper.map(userSpec), namespace);
 	}
 
 	boolean userHasNoPassword(OzgCloudKeycloakUserSpec userSpec, String namespace) {

ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/user/OzgCloudKeycloakUserSpec.java

@@ -48,6 +48,9 @@ class OzgCloudKeycloakUserSpec {
 	@JsonProperty("keep_after_delete")
 	private boolean keepAfterDelete;
 
+	@JsonProperty("update_user")
+	private boolean updateUser;
+
 	@JsonProperty("keycloak_user")
 	private KeycloakUserSpecUser keycloakUser;
 

ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakLivelTest.java

@@ -23,8 +23,12 @@
  */
 package de.ozgcloud.operator.keycloak.user;
 
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 import org.apache.commons.lang3.reflect.FieldUtils;
 import org.junit.jupiter.api.Disabled;
@@ -35,13 +39,22 @@ import org.keycloak.representations.idm.UserRepresentation;
 import org.mockito.InjectMocks;
 import org.mockito.Spy;
 
+import de.ozgcloud.operator.keycloak.KeycloakGenericRemoteService;
+
 @Disabled("Should only be used manually")
 class KeycloakLivelTest {
 
+	private static final String TESTNAMESPACE = "by-torsten-dev";
+	private static final String TESTUSERNAME = "hans";
+
 	@Spy
 	@InjectMocks
 	private KeycloakUserRemoteService userRemoteService;
 
+	@Spy
+	@InjectMocks
+	private KeycloakGenericRemoteService keycloakGenericRemoteService;
+
 	@Test
 	void testReal() throws IllegalAccessException {
 		Keycloak kc = KeycloakBuilder.builder()
@@ -56,15 +69,26 @@ class KeycloakLivelTest {
 		FieldUtils.writeField(userRemoteService, "keycloak", kc, true);
 //		when(keycloakClient.getKeycloak()).thenReturn(kc);
 
-		userRemoteService.createUser(createUser(), "by-torsten-ozgcloud-keycloak-operator-dev");
+//		userRemoteService.createUser(createUser(), "by-torsten-dev");
+
+		Optional<UserRepresentation> user = userRemoteService.getUserByName(TESTUSERNAME, TESTNAMESPACE);
+		assertThat(user).isPresent();
+		UserRepresentation u = user.get();
+		u.setCredentials(Collections.emptyList());
+		u.setEmail("updated-hans@glueck.local");
+		userRemoteService.updateUser(u, TESTNAMESPACE);
 	}
 
 	private UserRepresentation createUser() {
 		UserRepresentation u = new UserRepresentation();
-		u.setUsername("hans");
+		u.setUsername(TESTUSERNAME);
 		u.setGroups(List.of("Bauamt"));
 		u.setClientRoles(Map.of("alfa", List.of("VERWALTUNG_USER")));
+		u.setEnabled(true);
+		u.setEmail("hans@glueck.local1");
+		u.setClientRoles(Collections.emptyMap());
 
+//		u.setCredentials();
 		return u;
 	}
 }

ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserServiceTest.java

@@ -39,7 +39,6 @@ import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import org.mockito.Spy;
 
 import io.fabric8.kubernetes.api.model.Secret;
@@ -72,35 +71,58 @@ class KeycloakUserServiceTest {
 		@Captor
 		private ArgumentCaptor<OzgCloudKeycloakUserSpec> ozgCloudKeycloakUserSpecCaptor;
 
-		private final OzgCloudKeycloakUserSpec userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
+		@Test
+		void shouldCallCreateAndSetUserPasswordIfNotExists() {
+			OzgCloudKeycloakUserSpec userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
 
-		@DisplayName("user has no password")
-		@Nested
-		class TestOnUserHasNoPassword {
+			service.createOrUpdateUser(userSpec, TEST_NAMESPACE);
 
-			@BeforeEach
-			void mock() {
-				doReturn(true).when(service).userHasNoPassword(any(), eq(TEST_NAMESPACE));
+			verify(service).createAndSetUserPasswordIfNotExists(userSpec, TEST_NAMESPACE);
 		}
 
 		@Test
-			void shouldGetOrCreateClusterSecret() {
+		void shouldCallUserRemoteServiceGetUserByName() {
+			OzgCloudKeycloakUserSpec userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
+
 			service.createOrUpdateUser(userSpec, TEST_NAMESPACE);
 
-				verify(userSecretService).getOrCreateClusterSecret(userSpec, TEST_NAMESPACE);
+			verify(remoteService).getUserByName(KeycloakUserSpecUserTestFactory.USERNAME, TEST_NAMESPACE);
 		}
 
 		@Test
-			void shouldUpdateUserPassword() {
-				var userWithoutPassword = OzgCloudKeycloakUserSpecTestFactory.createBuilder()
-						.keycloakUser(KeycloakUserSpecUserTestFactory.createBuiler().password(StringUtils.EMPTY).build()).build();
-				when(userSecretService.getPasswordFromSecret(any())).thenReturn(KeycloakUserSpecUserTestFactory.PASSWORD);
+		void shouldCallCreateUserIfNotExists() {
+			var userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
+			when(remoteService.getUserByName(KeycloakUserSpecUserTestFactory.USERNAME, TEST_NAMESPACE))
+					.thenReturn(Optional.empty());
 
-				service.createOrUpdateUser(userWithoutPassword, TEST_NAMESPACE);
+			service.createOrUpdateUser(userSpec, TEST_NAMESPACE);
 
-				verify(userMapper).map(ozgCloudKeycloakUserSpecCaptor.capture());
-				assertThat(ozgCloudKeycloakUserSpecCaptor.getValue().getKeycloakUser().getPassword()).isEqualTo(KeycloakUserSpecUserTestFactory.PASSWORD);
+			verify(service).createUser(userSpec, TEST_NAMESPACE);
 		}
+
+		@Test
+		void shouldCallUpdateUserIfAlreadyExists() {
+			var userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
+			var remoteUser = UserRepresentationTestFactory.create();
+			when(remoteService.getUserByName(KeycloakUserSpecUserTestFactory.USERNAME, TEST_NAMESPACE))
+					.thenReturn(Optional.of(remoteUser));
+
+			service.createOrUpdateUser(userSpec, TEST_NAMESPACE);
+
+			verify(service).updateUser(userSpec, TEST_NAMESPACE, remoteUser);
+		}
+	}
+
+	@Nested
+	class TestCreateAndSetUserPasswordIfNotExists {
+
+		@Test
+		void shouldCallUserHasNoPassword() {
+			OzgCloudKeycloakUserSpec userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
+
+			service.createAndSetUserPasswordIfNotExists(userSpec, TEST_NAMESPACE);
+
+			verify(service).userHasNoPassword(userSpec, TEST_NAMESPACE);
 		}
 
 		@DisplayName("on user has password")
@@ -114,57 +136,54 @@ class KeycloakUserServiceTest {
 
 			@Test
 			void shouldNotReadSecretFromCluster() {
-				service.createOrUpdateUser(userSpec, TEST_NAMESPACE);
+				OzgCloudKeycloakUserSpec userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
 
-				verify(userSecretService, never()).create(userSpec, TEST_NAMESPACE);
-			}
-		}
+				service.createAndSetUserPasswordIfNotExists(userSpec, TEST_NAMESPACE);
 
-		@Test
-		void shouldCallUserHasNoPassword() {
-			service.createOrUpdateUser(userSpec, TEST_NAMESPACE);
-
-			verify(service).userHasNoPassword(userSpec, TEST_NAMESPACE);
+				verify(userSecretService, never()).getOrCreateClusterSecret(userSpec, TEST_NAMESPACE);
 			}
 
 			@Test
-		void shouldCallUserMapper() {
-			service.createOrUpdateUser(userSpec, TEST_NAMESPACE);
+			void shouldNotCallUserSecretServiceGetOrCreateClusterSecret() {
+				OzgCloudKeycloakUserSpec userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
 
-			verify(userMapper).map(userSpec);
-		}
+				service.createAndSetUserPasswordIfNotExists(userSpec, TEST_NAMESPACE);
 
-		@Test
-		void shouldCallUserRemoteServiceGetUserByName() {
-			var userRepresentation = UserRepresentationTestFactory.create();
+				verify(userSecretService, never()).getPasswordFromSecret(any(Secret.class));
+			}
+		}
 
-			service.createOrUpdateUser(userSpec, TEST_NAMESPACE);
+		@DisplayName("user has no password")
+		@Nested
+		class TestOnUserHasNoPassword {
 
-			verify(remoteService).getUserByName(userRepresentation.getUsername(), TEST_NAMESPACE);
+			@BeforeEach
+			void mock() {
+				doReturn(true).when(service).userHasNoPassword(any(), eq(TEST_NAMESPACE));
 			}
 
 			@Test
-		void shouldCreateUserIfNotExists() {
-			when(remoteService.getUserByName(KeycloakUserSpecUserTestFactory.USERNAME, TEST_NAMESPACE))
-					.thenReturn(Optional.empty());
-			when(userMapper.map(any())).thenReturn(Mockito.mock(UserRepresentation.class));
+			void shouldGetOrCreateClusterSecret() {
+				OzgCloudKeycloakUserSpec userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
 
-			service.createOrUpdateUser(OzgCloudKeycloakUserSpecTestFactory.create(), TEST_NAMESPACE);
+				service.createAndSetUserPasswordIfNotExists(userSpec, TEST_NAMESPACE);
 
-			verify(remoteService).createUser(any(UserRepresentation.class), eq(TEST_NAMESPACE));
+				verify(userSecretService).getOrCreateClusterSecret(userSpec, TEST_NAMESPACE);
 			}
 
 			@Test
-		void shouldUpdateUserIfExists() {
-			var userRepresentation = Mockito.mock(UserRepresentation.class);
-			when(remoteService.getUserByName(KeycloakUserSpecUserTestFactory.USERNAME, TEST_NAMESPACE))
-					.thenReturn(Optional.of(userRepresentation));
-			when(userMapper.update(eq(userRepresentation), any())).thenReturn(userRepresentation);
+			void shouldUpdateUserPassword() {
+				String NEWPASSWORD = "NewPassword";
+				var userWithoutPassword = OzgCloudKeycloakUserSpecTestFactory.createBuilder()
+						.keycloakUser(KeycloakUserSpecUserTestFactory.createBuiler().password(StringUtils.EMPTY).build()).build();
+				when(userSecretService.getPasswordFromSecret(any())).thenReturn(NEWPASSWORD);
 
-			service.createOrUpdateUser(OzgCloudKeycloakUserSpecTestFactory.create(), TEST_NAMESPACE);
+				service.createAndSetUserPasswordIfNotExists(userWithoutPassword, TEST_NAMESPACE);
 
-			verify(remoteService).updateUser(userRepresentation, TEST_NAMESPACE);
+				assertThat(userWithoutPassword.getKeycloakUser().getPassword()).isEqualTo(NEWPASSWORD);
+			}
 		}
+
 	}
 
 	@DisplayName("Test user has no password")
@@ -197,6 +216,46 @@ class KeycloakUserServiceTest {
 		}
 	}
 
+	@Nested
+	class TestCreateUser {
+
+		@Test
+		void shouldCallRemoteServiceCreateUser() {
+			var userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
+			UserRepresentation userRepresentation = UserRepresentationTestFactory.create();
+			when(userMapper.map(userSpec)).thenReturn(userRepresentation);
+
+			service.createUser(userSpec, TEST_NAMESPACE);
+
+			verify(remoteService).createUser(userRepresentation, TEST_NAMESPACE);
+		}
+	}
+
+	@Nested
+	class TestUpdateUser {
+
+		@Test
+		void shouldUpdateUserIfEnabled() {
+			var userSpec = OzgCloudKeycloakUserSpecTestFactory.create();
+			UserRepresentation userRepresentation = UserRepresentationTestFactory.create();
+			when(userMapper.update(userRepresentation, userSpec)).thenReturn(userRepresentation);
+
+			service.updateUser(userSpec, TEST_NAMESPACE, userRepresentation);
+
+			verify(remoteService).updateUser(any(UserRepresentation.class), eq(TEST_NAMESPACE));
+		}
+
+		@Test
+		void shouldNotUpdateUserIfDisabled() {
+			var userSpec = OzgCloudKeycloakUserSpecTestFactory.createBuilder()
+					.updateUser(false).build();
+
+			service.updateUser(userSpec, TEST_NAMESPACE, UserRepresentationTestFactory.create());
+
+			verify(remoteService, never()).updateUser(null, TEST_NAMESPACE);
+		}
+	}
+
 	@Nested
 	class TestDeleteUser {
 

ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/user/OzgCloudKeycloakUserSpecTestFactory.java

@@ -27,12 +27,15 @@ import de.ozgcloud.operator.keycloak.user.OzgCloudKeycloakUserSpec.OzgCloudKeycl
 
 public class OzgCloudKeycloakUserSpecTestFactory {
 
+	public static final boolean UPDATE_USER = true;
+
 	public static OzgCloudKeycloakUserSpec create() {
 		return createBuilder().build();
 	}
 
 	public static OzgCloudKeycloakUserSpecBuilder createBuilder() {
 		return OzgCloudKeycloakUserSpec.builder()
+				.updateUser(UPDATE_USER)
 				.keycloakUser(KeycloakUserSpecUserTestFactory.create());
 	}
 }