Skip to content
Snippets Groups Projects
Commit f9f81fde authored by OZGCloud's avatar OZGCloud
Browse files

OZG-3961 OZG-4082 create Secret for User if password not exists(PoC)

parent 33522bef
No related branches found
No related tags found
No related merge requests found
...@@ -47,13 +47,6 @@ class KeycloakClientService { ...@@ -47,13 +47,6 @@ class KeycloakClientService {
() -> createClient(spec, namespace)); () -> createClient(spec, namespace));
} }
void createClient(OzgKeycloakClientSpec spec, String realm) {
ClientRepresentation clientRepresentation = mapper.map(spec);
String realClientId = remoteService.createClient(clientRepresentation, realm);
addOrUpdateClientRoles(spec, realm, realClientId);
}
void updateClient(ClientRepresentation existingClient, OzgKeycloakClientSpec spec, String realm) { void updateClient(ClientRepresentation existingClient, OzgKeycloakClientSpec spec, String realm) {
ClientRepresentation clientRepresentation = mapper.update(existingClient, spec); ClientRepresentation clientRepresentation = mapper.update(existingClient, spec);
remoteService.updateClient(clientRepresentation, realm); remoteService.updateClient(clientRepresentation, realm);
...@@ -61,6 +54,13 @@ class KeycloakClientService { ...@@ -61,6 +54,13 @@ class KeycloakClientService {
addOrUpdateClientRoles(spec, realm, existingClient.getId()); addOrUpdateClientRoles(spec, realm, existingClient.getId());
} }
void createClient(OzgKeycloakClientSpec spec, String realm) {
ClientRepresentation clientRepresentation = mapper.map(spec);
String realClientId = remoteService.createClient(clientRepresentation, realm);
addOrUpdateClientRoles(spec, realm, realClientId);
}
void addOrUpdateClientRoles(OzgKeycloakClientSpec spec, String realm, String realClientId) { void addOrUpdateClientRoles(OzgKeycloakClientSpec spec, String realm, String realClientId) {
spec.getClientRoles().forEach( spec.getClientRoles().forEach(
roleSpec -> genericRemoteService.getClientRole(roleSpec.getName(), realClientId, realm) roleSpec -> genericRemoteService.getClientRole(roleSpec.getName(), realClientId, realm)
......
...@@ -24,7 +24,10 @@ ...@@ -24,7 +24,10 @@
package de.ozgcloud.operator.keycloak.user; package de.ozgcloud.operator.keycloak.user;
import java.util.Arrays; import java.util.Arrays;
import java.util.Map;
import java.util.Objects;
import java.util.Optional; import java.util.Optional;
import java.util.logging.Level;
import org.keycloak.admin.client.CreatedResponseUtil; import org.keycloak.admin.client.CreatedResponseUtil;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
...@@ -38,12 +41,22 @@ import org.springframework.stereotype.Component; ...@@ -38,12 +41,22 @@ import org.springframework.stereotype.Component;
import de.ozgcloud.operator.keycloak.KeycloakException; import de.ozgcloud.operator.keycloak.KeycloakException;
import de.ozgcloud.operator.keycloak.KeycloakGenericRemoteService; import de.ozgcloud.operator.keycloak.KeycloakGenericRemoteService;
import de.ozgcloud.operator.keycloak.KeycloakResultParser; import de.ozgcloud.operator.keycloak.KeycloakResultParser;
import io.fabric8.kubernetes.api.model.Secret;
import io.fabric8.kubernetes.api.model.SecretBuilder;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.dsl.Resource;
import lombok.extern.java.Log;
@Log
@Component @Component
class KeycloakUserRemoteService { class KeycloakUserRemoteService {
private static final String SECRET_PASSWORD_FIELD = "password";
@Autowired @Autowired
private Keycloak keycloak; private Keycloak keycloak;
@Autowired
private KubernetesClient kubernetesClient;
@Autowired @Autowired
private KeycloakGenericRemoteService keycloakGenericRemoteService; private KeycloakGenericRemoteService keycloakGenericRemoteService;
...@@ -99,4 +112,38 @@ class KeycloakUserRemoteService { ...@@ -99,4 +112,38 @@ class KeycloakUserRemoteService {
void addClientRoleToUser(RoleRepresentation clientRole, RealmResource realmResource, String userId, ClientRepresentation appClient) { void addClientRoleToUser(RoleRepresentation clientRole, RealmResource realmResource, String userId, ClientRepresentation appClient) {
realmResource.users().get(userId).roles().clientLevel(appClient.getId()).add(Arrays.asList(clientRole)); realmResource.users().get(userId).roles().clientLevel(appClient.getId()).add(Arrays.asList(clientRole));
} }
// PoC
public String createSecret(OzgKeycloakUserSpec userSpec, String namespace) {
log.log(Level.INFO, "Create secret for user...");
var secretName = userSpec.getKeycloakUser().getUsername() + "-credentials";
var secret = getSecret(secretName, namespace);
if (Objects.isNull(secret.get())) {
log.log(Level.INFO, "...secret does not exist, create one...");
kubernetesClient.secrets().inNamespace(namespace).create(buildSecret());
log.log(Level.INFO, "...secret created in " + namespace + " for user " + userSpec.getKeycloakUser().getUsername());
log.log(Level.INFO, "...load created secret...");
var createdSecret = getSecret(secretName, namespace);
var newPassword = getPassword(createdSecret);
log.log(Level.INFO, "return password from created secret:" + newPassword);
return newPassword;
}
var password = getPassword(secret);
log.log(Level.INFO, "secret exists, return password:" + password);
return password;
}
private Resource<Secret> getSecret(String secretName, String namespace) {
return kubernetesClient.secrets().inNamespace(namespace).withName(secretName);
}
private Secret buildSecret() {
return new SecretBuilder().withData(Map.of(SECRET_PASSWORD_FIELD, "Y9nk43yrQ_zzIPpfFU-I")).build();
}
private String getPassword(Resource<Secret> secret) {
return secret.get().getData().get(SECRET_PASSWORD_FIELD);
}
//
} }
\ No newline at end of file
...@@ -24,10 +24,15 @@ ...@@ -24,10 +24,15 @@
package de.ozgcloud.operator.keycloak.user; package de.ozgcloud.operator.keycloak.user;
import java.util.Optional; import java.util.Optional;
import java.util.logging.Level;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import lombok.extern.java.Log;
@Log
@Component @Component
class KeycloakUserService { class KeycloakUserService {
...@@ -38,6 +43,13 @@ class KeycloakUserService { ...@@ -38,6 +43,13 @@ class KeycloakUserService {
private KeycloakUserMapper userMapper; private KeycloakUserMapper userMapper;
public void createOrUpdateUser(OzgKeycloakUserSpec userSpec, String namespace) { public void createOrUpdateUser(OzgKeycloakUserSpec userSpec, String namespace) {
if (!StringUtils.hasLength(userSpec.getKeycloakUser().getPassword())) {
log.log(Level.INFO, "User has no password, create secret...");
var password = remoteService.createSecret(userSpec, namespace);
log.log(Level.INFO, "set password: " + password + " to user...");
userSpec.getKeycloakUser().setPassword(password);
}
log.log(Level.INFO, "proceed");
remoteService.getUserByName(userSpec.getKeycloakUser().getUsername(), namespace) remoteService.getUserByName(userSpec.getKeycloakUser().getUsername(), namespace)
.ifPresentOrElse(existingUser -> remoteService.updateUser(userMapper.update(existingUser, userSpec), namespace), .ifPresentOrElse(existingUser -> remoteService.updateUser(userMapper.update(existingUser, userSpec), namespace),
() -> remoteService.createUser(userMapper.map(userSpec), namespace)); () -> remoteService.createUser(userMapper.map(userSpec), namespace));
......
...@@ -54,6 +54,7 @@ import org.mockito.Spy; ...@@ -54,6 +54,7 @@ import org.mockito.Spy;
import de.ozgcloud.operator.keycloak.KeycloakException; import de.ozgcloud.operator.keycloak.KeycloakException;
import de.ozgcloud.operator.keycloak.KeycloakGenericRemoteService; import de.ozgcloud.operator.keycloak.KeycloakGenericRemoteService;
import io.fabric8.kubernetes.client.KubernetesClient;
class KeycloakUserRemoteServiceTest { class KeycloakUserRemoteServiceTest {
...@@ -91,6 +92,8 @@ class KeycloakUserRemoteServiceTest { ...@@ -91,6 +92,8 @@ class KeycloakUserRemoteServiceTest {
private RoleMappingResource roleMappingResource; private RoleMappingResource roleMappingResource;
@Mock @Mock
private UserRepresentation userRepresentation; private UserRepresentation userRepresentation;
@Mock
private KubernetesClient kubernetesClient;
@Nested @Nested
class TestCreateUser { class TestCreateUser {
......
...@@ -28,6 +28,7 @@ import static org.mockito.Mockito.*; ...@@ -28,6 +28,7 @@ import static org.mockito.Mockito.*;
import java.util.Optional; import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
...@@ -71,6 +72,18 @@ class KeycloakUserServiceTest { ...@@ -71,6 +72,18 @@ class KeycloakUserServiceTest {
verify(userRemoteService).getUserByName(eq(userRepresentation.getUsername()), eq(TEST_NAMESPACE)); verify(userRemoteService).getUserByName(eq(userRepresentation.getUsername()), eq(TEST_NAMESPACE));
} }
@Test
void shouldCreateSecretIfPasswordIsNotSet() {
when(userRemoteService.createSecret(any(), any())).thenReturn("TestPassword");
var testUser = OzgKeycloakUserSpecTestFactory.createBuilder()
.keycloakUser(KeycloakUserSpecUserTestFactory.createBuiler().password(StringUtils.EMPTY).build()).build();
userService.createOrUpdateUser(testUser, TEST_NAMESPACE);
verify(userRemoteService).createSecret(testUser, TEST_NAMESPACE);
}
@Test @Test
void shouldCreateUserIfNotExists() { void shouldCreateUserIfNotExists() {
when(userRemoteService.getUserByName(OzgKeycloakUserSpecTestFactory.KEYCLOAK_USER.getUsername(), TEST_NAMESPACE)) when(userRemoteService.getUserByName(OzgKeycloakUserSpecTestFactory.KEYCLOAK_USER.getUsername(), TEST_NAMESPACE))
......
...@@ -34,7 +34,7 @@ class OzgKeycloakUserSpecTestFactory { ...@@ -34,7 +34,7 @@ class OzgKeycloakUserSpecTestFactory {
return createBuilder().build(); return createBuilder().build();
} }
private static OzgKeycloakUserSpecBuilder createBuilder() { public static OzgKeycloakUserSpecBuilder createBuilder() {
return OzgKeycloakUserSpec.builder() return OzgKeycloakUserSpec.builder()
.keycloakUser(KEYCLOAK_USER); .keycloakUser(KEYCLOAK_USER);
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment