init keycloak in e2e test (#16)

* init keycloak in e2e test * add helm repo * try to install realms * fixes headers * wait for ready * add all ressources to e2e test * add optional back * add optionals back * add missing optional * forgot generate * try with omitempty * make user available if equal * fixes linting * make group ready
pascal-sochacki · Jan 23, 2023 · 3face30 · 3face30
1 parent 9d374c8
commit 3face30
Show file tree

Hide file tree

Showing 10 changed files with 82 additions and 71 deletions.
diff --git a/apis/v1alpha1/client_types.go b/apis/v1alpha1/client_types.go
@@ -30,61 +30,59 @@ import (
 type ClientParameters struct {
 	Realm string `json:"Realm"`
 	// +kubebuilder:validation:Enum=saml;openid-connect
-	Protocol string `json:"Protocol"`
+	Protocol string `json:"Protocol,omitempty"`
 	// +optional
-	Description *string `json:"Description"`
+	Description *string `json:"Description,omitempty"`
 	// +optional
-	Name *string `json:"Name"`
+	Name *string `json:"Name,omitempty"`
 	// +optional
 	// +kubebuilder:validation:Pattern=`^https?:\/\/.+$`
-	RootUrl *string `json:"RootUrl"`
+	RootUrl *string `json:"RootUrl,omitempty"`
 	// +optional
 	// +kubebuilder:validation:Pattern=`^https?:\/\/.+$`
-	HomeUrl *string `json:"HomeUrl"`
+	HomeUrl *string `json:"HomeUrl,omitempty"`
 	// +optional
-	ValidRedirectUris *[]string `json:"ValidRedirectUris"`
+	ValidRedirectUris *[]string `json:"ValidRedirectUris,omitempty"`
 	// +optional
-	ValidPostLogoutUris *[]string `json:"ValidPostLogoutUris"`
+	ValidPostLogoutUris *[]string `json:"ValidPostLogoutUris,omitempty"`
 	// +optional
-	AdminUrl *string `json:"AdminUrl"`
+	AdminUrl *string `json:"AdminUrl,omitempty"`
 	// +optional
-	WebOrigins *[]string `json:"WebOrigins"`
+	WebOrigins *[]string `json:"WebOrigins,omitempty"`
 	// +kubebuilder:default=true
-	PublicClient *bool `json:"PublicClient"`
+	PublicClient *bool `json:"PublicClient,omitempty"`
 	// +kubebuilder:default=false
-	AuthorizationServicesEnabled *bool `json:"AuthorizationServicesEnabled"`
+	AuthorizationServicesEnabled *bool `json:"AuthorizationServicesEnabled,omitempty"`
 	// +kubebuilder:default=false
-	ServiceAccountsEnabled *bool `json:"ServiceAccountsEnabled"`
+	ServiceAccountsEnabled *bool `json:"ServiceAccountsEnabled,omitempty"`
 	// +kubebuilder:default=true
-	StandardFlowEnabled *bool `json:"StandardFlowEnabled"`
+	StandardFlowEnabled *bool `json:"StandardFlowEnabled,omitempty"`
 	// +kubebuilder:default=true
-	DirectAccessGrantsEnabled *bool `json:"DirectAccessGrantsEnabled"`
+	DirectAccessGrantsEnabled *bool `json:"DirectAccessGrantsEnabled,omitempty"`
 	// +kubebuilder:default=false
-	ImplicitFlowEnabled *bool `json:"ImplicitFlowEnabled"`
+	ImplicitFlowEnabled *bool `json:"ImplicitFlowEnabled,omitempty"`
 	// +kubebuilder:default=false
-	Oauth2DeviceAuthorizationGrantEnabled *bool `json:"Oauth2DeviceAuthorizationGrantEnabled"`
+	Oauth2DeviceAuthorizationGrantEnabled *bool `json:"Oauth2DeviceAuthorizationGrantEnabled,omitempty"`
 	// +kubebuilder:default=false
-	OidcCibaGrantEnabled *bool `json:"OidcCibaGrantEnabled"`
+	OidcCibaGrantEnabled *bool `json:"OidcCibaGrantEnabled,omitempty"`
 	// +optional
-	LoginTheme *string `json:"LoginTheme"`
+	LoginTheme *string `json:"LoginTheme,omitempty"`
 	// +kubebuilder:default=false
-	ConsentRequired *bool `json:"ConsentRequired"`
+	ConsentRequired *bool `json:"ConsentRequired,omitempty"`
 	// +kubebuilder:default=false
-	DisplayClientOnConsentScreen *bool `json:"DisplayClientOnConsentScreen"`
+	DisplayClientOnConsentScreen *bool `json:"DisplayClientOnConsentScreen,omitempty"`
 	// +optional
-	MessageOnConsentScreen *string `json:"MessageOnConsentScreen"`
+	MessageOnConsentScreen *string `json:"MessageOnConsentScreen,omitempty"`
 	// +kubebuilder:default=false
-	FrontChannelLogout *bool `json:"FrontChannelLogout"`
-	// +optional
+	FrontChannelLogout *bool `json:"FrontChannelLogout,omitempty"`
 	// +kubebuilder:validation:Pattern=`^https?:\/\/.+$`
-	FrontChannelLogoutUrl *string `json:"FrontChannelLogoutUrl"`
-	// +optional
+	FrontChannelLogoutUrl *string `json:"FrontChannelLogoutUrl,omitempty"`
 	// +kubebuilder:validation:Pattern=`^https?:\/\/.+$`
-	BackChannelLogoutUrl *string `json:"BackChannelLogoutUrl"`
+	BackChannelLogoutUrl *string `json:"BackChannelLogoutUrl,omitempty"`
 	// +kubebuilder:default=false
-	BackChannelLogoutSessionRequired *bool `json:"BackChannelLogoutSessionRequired"`
+	BackChannelLogoutSessionRequired *bool `json:"BackChannelLogoutSessionRequired,omitempty"`
 	// +kubebuilder:default=false
-	BackchannelLogoutRevokeOfflineTokens *bool `json:"BackchannelLogoutRevokeOfflineTokens"`
+	BackchannelLogoutRevokeOfflineTokens *bool `json:"BackchannelLogoutRevokeOfflineTokens,omitempty"`
 }
 
 // ClientObservation are the observable fields of a Client.

diff --git a/apis/v1alpha1/realm_types.go b/apis/v1alpha1/realm_types.go
@@ -111,6 +111,7 @@ type RealmParameters struct {
 	// +kubebuilder:default=false
 	InternationalizationEnabled *bool `json:"internationalizationEnabled,omitempty"`
 
+	// +optional
 	// +kubebuilder:default={XFrameOptions: "SAMEORIGIN", XRobotsTag: "none", ContentSecurityPolicyReportOnly: "", ContentSecurityPolicy: "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", XContentTypeOptions: "nosniff", XXssProtection: "1; mode=block", StrictTransportSecurity: "max-age=31536000; includeSubDomains"}
 	Headers HeadersConfig `json:"headers"`
 	// +optional

diff --git a/cluster/local/integration_tests.sh b/cluster/local/integration_tests.sh
@@ -173,6 +173,35 @@ echo_step "waiting for provider to be installed"
 
 kubectl wait "provider.pkg.crossplane.io/${PACKAGE_NAME}" --for=condition=healthy --timeout=180s
 
+helm repo add codecentric https://codecentric.github.io/helm-charts
+helm install keycloak codecentric/keycloakx --values ${projectdir}/starter/values.yaml
+
+kubectl create secret generic -n crossplane-system keycloak-credentials --from-file=credentials=${projectdir}/examples/provider/credentials.json
+kubectl apply -f ${projectdir}/examples/provider/config.yaml
+sleep 10
+
+kubectl wait --for=condition=ready pod -l app.kubernetes.io/instance=keycloak --timeout=-1s
+
+echo_step "installing realms"
+kubectl apply -f ${projectdir}/examples/realm
+echo_step "waiting for realm to be ready"
+kubectl wait --timeout 2m --for condition=Ready realm.keycloak.crossplane.io --all
+
+echo_step "installing clients"
+kubectl apply -f ${projectdir}/examples/client
+echo_step "waiting for clients to be ready"
+kubectl wait --timeout 2m --for condition=Ready client.keycloak.crossplane.io --all
+
+echo_step "installing users"
+kubectl apply -f ${projectdir}/examples/user
+echo_step "waiting for user to be ready"
+kubectl wait --timeout 2m --for condition=Ready user.keycloak.crossplane.io --all
+
+echo_step "installing group"
+kubectl apply -f ${projectdir}/examples/group
+echo_step "waiting for group to be ready"
+kubectl wait --timeout 2m --for condition=Ready group.keycloak.crossplane.io --all
+
 echo_step "uninstalling ${PROJECT_NAME}"
 
 echo "${INSTALL_YAML}" | "${KUBECTL}" delete -f -

diff --git a/examples/realm/create-secret.sh b/examples/realm/create-secret.sh
diff --git a/examples/realm/smtp_credentials.json b/examples/realm/smtp_credentials.json
diff --git a/examples/realm/smtp_credentials.yaml b/examples/realm/smtp_credentials.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+data:
+  credentials: ewogICJob3N0IjogInNtdHAiLAogICJwb3J0IjogIjU4NyIsCiAgInNzbCI6ICIiLAogICJzdGFydHRscyI6ICJ0cnVlIiwKICAiYXV0aCI6ICJ0cnVlIiwKICAidXNlciI6ICJleGFtcGxlIiwKICAicGFzc3dvcmQiOiAic210cCIsCgogICJmcm9tIjogImV4YW1wbGVAZXhhbXBsZS5kZSIsCiAgImZyb21EaXNwbGF5TmFtZSI6ICJFeGFtcGxlIFVzZXIiCn0=
+kind: Secret
+metadata:
+  name: smtp-credentials
diff --git a/internal/controller/group/group.go b/internal/controller/group/group.go
@@ -20,11 +20,14 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/google/go-cmp/cmp"
+
 	"github.com/pkg/errors"
 	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 	"github.com/crossplane/crossplane-runtime/pkg/connection"
 	"github.com/crossplane/crossplane-runtime/pkg/controller"
 	"github.com/crossplane/crossplane-runtime/pkg/event"
@@ -145,28 +148,27 @@ func (c *external) Observe(ctx context.Context, mg resource.Managed) (managed.Ex
 	groupId := meta.GetExternalName(cr)
 
 	parameters := cr.Spec.ForProvider
-	_, err := c.service.KeycloakClient.GetGroup(parameters.Realm, groupId)
+	group, err := c.service.KeycloakClient.GetGroup(parameters.Realm, groupId)
 
 	if err != nil {
 		return managed.ExternalObservation{ //nolint:all
 			ResourceExists: false,
 		}, nil
 	}
 
+	equal := cmp.Equal(*group, parameters)
+	diff := ""
+	if equal {
+		cr.Status.SetConditions(xpv1.Available())
+	} else {
+		diff = cmp.Diff(*group, parameters)
+	}
+
 	return managed.ExternalObservation{
-		// Return false when the external resource does not exist. This lets
-		// the managed resource reconciler know that it needs to call Create to
-		// (re)create the resource, or that it has successfully been deleted.
-		ResourceExists: true,
-
-		// Return false when the external resource exists, but it not up to date
-		// with the desired managed resource state. This lets the managed
-		// resource reconciler know that it needs to call Update.
-		ResourceUpToDate: true,
-
-		// Return any details that may be required to connect to the external
-		// resource. These will be stored as the connection secret.
+		ResourceExists:    true,
+		ResourceUpToDate:  equal,
 		ConnectionDetails: managed.ConnectionDetails{},
+		Diff:              diff,
 	}, nil
 }
 

diff --git a/internal/controller/user/user.go b/internal/controller/user/user.go
@@ -19,6 +19,8 @@ package user
 import (
 	"context"
 
+	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
+
 	"github.com/google/go-cmp/cmp"
 	"github.com/pkg/errors"
 	"k8s.io/apimachinery/pkg/types"
@@ -150,7 +152,9 @@ func (c *external) Observe(ctx context.Context, mg resource.Managed) (managed.Ex
 
 	equal := cmp.Equal(*user, parameters)
 	var diff = ""
-	if !equal {
+	if equal {
+		cr.Status.SetConditions(xpv1.Available())
+	} else {
 		diff = cmp.Diff(*user, parameters)
 	}
 

diff --git a/package/crds/keycloak.crossplane.io_clients.yaml b/package/crds/keycloak.crossplane.io_clients.yaml
@@ -145,21 +145,7 @@ spec:
                       type: string
                     type: array
                 required:
-                - AuthorizationServicesEnabled
-                - BackChannelLogoutSessionRequired
-                - BackchannelLogoutRevokeOfflineTokens
-                - ConsentRequired
-                - DirectAccessGrantsEnabled
-                - DisplayClientOnConsentScreen
-                - FrontChannelLogout
-                - ImplicitFlowEnabled
-                - Oauth2DeviceAuthorizationGrantEnabled
-                - OidcCibaGrantEnabled
-                - Protocol
-                - PublicClient
                 - Realm
-                - ServiceAccountsEnabled
-                - StandardFlowEnabled
                 type: object
                 x-kubernetes-validations:
                 - rule: '!self.AuthorizationServicesEnabled || (self.AuthorizationServicesEnabled

diff --git a/package/crds/keycloak.crossplane.io_realms.yaml b/package/crds/keycloak.crossplane.io_realms.yaml
@@ -499,8 +499,6 @@ spec:
                   verifyEmail:
                     default: false
                     type: boolean
-                required:
-                - headers
                 type: object
               providerConfigRef:
                 default: