Giter VIP home page Giter VIP logo

appuio-keycloak-adapter's Introduction

VSHN

Repository containing the README shown in the GitHub VSHN profile page.

appuio-keycloak-adapter's People

Contributors

bastjan avatar davidgubler avatar glrf avatar happytetrahedron avatar renovate-bot avatar renovate[bot] avatar

Watchers

avatar avatar avatar avatar

appuio-keycloak-adapter's Issues

Use `patch` to update resources managed in external repos

Description

If not kept in sync with https://github.com/appuio/cloud-portal this adapter will delete fields from the stored Organizations.

appuio-keycloak-adapter/controllers/organization_controller.go

Line 130 in d2d36ae

if err := r.Update(ctx, org); err != nil {

should minimally updated to use server side merge so we don't have to be extra cautious to keep this adapter in sync.

Additional Context

No response

Logs

No response

Expected Behavior

Controller uses server side merge for organizations.

Steps To Reproduce

  • Use version < v0.6.0
  • Set .spec.billingEntityRef on an organization
  • Delete organization finalizer
  • .spec.billingEntityRef disappears

Versions

all

Controller fails to clean up users which have been deleted in Keycloak

Description

When a user that's been synced to the control-api is deleted in keycloak, subsequent reconciles for that user object fail with

{"level":"error","ts":"2023-06-09T12:33:09Z","msg":"Reconciler error","controller":"user","controllerGroup":"appuio.io","controllerKind":"User","User":{"name":"<redacted>"},"namespace":"","name":"<redacted>","reconcileID":"cfcb6169-0f20-4e83-83f4-cb063e6d1c26","error":"failed querying keycloak for user \"<redacted>\": user \"<redacted>\" not found","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:329\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235"}

Additional Context

From looking through the code, there's simply no logic to handle this case cleanly. I don't remember if that was an oversight or a conscious decision to not delete users which don't exist anymore in Keycloak.

Users are created when groups are synced (cf.

appuio-keycloak-adapter/controllers/periodic_syncer.go

Line 91 in 84de744

err := r.createUser(ctx, m)
).

The user reconcile loop then tries to update changes to the user's profile in keycloak in

appuio-keycloak-adapter/controllers/user_controller.go

Lines 54 to 61 in 84de744

func (r *UserReconciler) updateUserStatus(ctx context.Context, user controlv1.User, kcUser keycloak.User) error {
user.Status.ID = kcUser.ID
user.Status.Username = kcUser.Username
user.Status.Email = kcUser.Email
user.Status.DisplayName = kcUser.DisplayName()
user.Status.DefaultOrganizationRef = kcUser.DefaultOrganizationRef
return r.Status().Update(ctx, &user)
}

Logs

{"level":"error","ts":"2023-06-09T12:33:09Z","msg":"Reconciler error","controller":"user","controllerGroup":"appuio.io","controllerKind":"User","User":{"name":"<redacted>"},"namespace":"","name":"<redacted>","reconcileID":"cfcb6169-0f20-4e83-83f4-cb063e6d1c26","error":"failed querying keycloak for user \"<redacted>\": user \"<redacted>\" not found","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:329\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235"}

Expected Behavior

Stale user objects are deleted when the corresponding user in Keycloak has been deleted.

Steps To Reproduce

  • Create user in Keycloak
  • Wait for it to be synced to the control-api
  • Delete user in Keycloak
  • Observe that user object remains in control-api and reconcile errors are logged

Versions

appuio-keycloak-adapter v0.6.1

Add option to synchronize Organizations as sub-groups

Summary

As an APPUiO Cloud Developer
I want to be able to sync organization as sub-group
So that I can separate groups representing organizations from other groups

Context

To be able to attach the adapter to an existing Keycloak realm with existing groups that do not represent organizations, we want to be able to separate organizations from other groups.

This means if we have two organizations foo and bar and teams foo1 and foo2 in foo, and the adapter is configured to synchronize to a "root-group" organizations the following group structure is created on Keycloak

├── not-an-org
├── organizations
│   ├── bar
│   └── foo
│       ├── foo1
│       └── foo2
└── other-group

Out of Scope

No response

Further links

No response

Acceptance Criteria

  • We can configure a root-group and organizations are synchronized as sub-groups of this root-group instead of as top level groups.

Implementation Ideas

No response

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.