From 29ff442d95b0e4a411034e80e3bacb0f2386a1e2 Mon Sep 17 00:00:00 2001 From: Carlos Feria Date: Fri, 8 Nov 2024 13:05:35 +0100 Subject: [PATCH] feat: add oidc (#37) --- .../operator/cdrs/v2alpha1/TrustifySpec.java | 17 +++++++++++++++ .../server/ServerDeploymentDiscriminator.java | 2 +- .../server/ServerServiceDiscriminator.java | 2 +- .../controllers/TrustifyDistConfigurator.java | 18 +++++++++++++--- .../controllers/TrustifyReconciler.java | 21 ++++++++++--------- 5 files changed, 45 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/trustify/operator/cdrs/v2alpha1/TrustifySpec.java b/src/main/java/org/trustify/operator/cdrs/v2alpha1/TrustifySpec.java index 4b2673a..2ad0185 100644 --- a/src/main/java/org/trustify/operator/cdrs/v2alpha1/TrustifySpec.java +++ b/src/main/java/org/trustify/operator/cdrs/v2alpha1/TrustifySpec.java @@ -32,6 +32,10 @@ public record TrustifySpec( @JsonPropertyDescription("In this section you can configure features related to HTTP and HTTPS") HttpSpec httpSpec, + @JsonProperty("oidc") + @JsonPropertyDescription("In this section you can configure Oidc settings.") + OidcSpec oidcSpec, + @JsonProperty("serverResourceLimits") @JsonPropertyDescription("In this section you can configure resource limits settings for the Server.") ResourcesLimitSpec serverResourceLimitSpec @@ -46,6 +50,7 @@ public TrustifySpec() { null, null, null, + null, null ); } @@ -89,6 +94,18 @@ public record HttpSpec( ) { } + public record OidcSpec( + @JsonPropertyDescription("Enable Oidc Auth.") + boolean enabled, + @JsonPropertyDescription("Oidc server url.") + String serverUrl, + @JsonPropertyDescription("Oidc client id for the UI.") + String uiClientId, + @JsonPropertyDescription("Oidc client id for the Server.") + String serverClientId + ) { + } + public record ResourcesLimitSpec( @JsonPropertyDescription("Requested CPU.") String cpuRequest, diff --git a/src/main/java/org/trustify/operator/cdrs/v2alpha1/server/ServerDeploymentDiscriminator.java b/src/main/java/org/trustify/operator/cdrs/v2alpha1/server/ServerDeploymentDiscriminator.java index 6f5fce6..8c8ab6c 100644 --- a/src/main/java/org/trustify/operator/cdrs/v2alpha1/server/ServerDeploymentDiscriminator.java +++ b/src/main/java/org/trustify/operator/cdrs/v2alpha1/server/ServerDeploymentDiscriminator.java @@ -15,7 +15,7 @@ public class ServerDeploymentDiscriminator implements ResourceDiscriminator distinguish(Class resource, Trustify cr, Context context) { String deploymentName = ServerDeployment.getDeploymentName(cr); ResourceID resourceID = new ResourceID(deploymentName, cr.getMetadata().getNamespace()); - var informerEventSource = (InformerEventSource) context.eventSourceRetriever().getResourceEventSourceFor(Deployment.class, TrustifyReconciler.SERVER_DEPLOYMENT_EVENT_SOURCE); + var informerEventSource = (InformerEventSource) context.eventSourceRetriever().getResourceEventSourceFor(Deployment.class, TrustifyReconciler.DEPLOYMENT_EVENT_SOURCE); return informerEventSource.get(resourceID); } } \ No newline at end of file diff --git a/src/main/java/org/trustify/operator/cdrs/v2alpha1/server/ServerServiceDiscriminator.java b/src/main/java/org/trustify/operator/cdrs/v2alpha1/server/ServerServiceDiscriminator.java index 29ea024..15df354 100644 --- a/src/main/java/org/trustify/operator/cdrs/v2alpha1/server/ServerServiceDiscriminator.java +++ b/src/main/java/org/trustify/operator/cdrs/v2alpha1/server/ServerServiceDiscriminator.java @@ -15,7 +15,7 @@ public class ServerServiceDiscriminator implements ResourceDiscriminator distinguish(Class resource, Trustify cr, Context context) { String serviceName = ServerService.getServiceName(cr); ResourceID resourceID = new ResourceID(serviceName, cr.getMetadata().getNamespace()); - var informerEventSource = (InformerEventSource) context.eventSourceRetriever().getResourceEventSourceFor(Service.class, TrustifyReconciler.SERVER_SERVICE_EVENT_SOURCE); + var informerEventSource = (InformerEventSource) context.eventSourceRetriever().getResourceEventSourceFor(Service.class, TrustifyReconciler.SERVICE_EVENT_SOURCE); return informerEventSource.get(resourceID); } } \ No newline at end of file diff --git a/src/main/java/org/trustify/operator/controllers/TrustifyDistConfigurator.java b/src/main/java/org/trustify/operator/controllers/TrustifyDistConfigurator.java index 2e86267..a2dc9d4 100644 --- a/src/main/java/org/trustify/operator/controllers/TrustifyDistConfigurator.java +++ b/src/main/java/org/trustify/operator/controllers/TrustifyDistConfigurator.java @@ -146,9 +146,21 @@ private void configureStorage() { } private void configureOidc() { - List envVars = optionMapper(cr.getSpec()) - .mapOption("AUTH_DISABLED", spec -> true) - .getEnvVars(); + List envVars = Optional.ofNullable(cr.getSpec().oidcSpec()) + .map(oidcSpec -> optionMapper(oidcSpec) + .mapOption("AUTH_DISABLED", spec -> !spec.enabled()) + .mapOption("AUTHENTICATOR_OIDC_ISSUER_URL", TrustifySpec.OidcSpec::serverUrl) + .mapOption("AUTHENTICATOR_OIDC_CLIENT_IDS", TrustifySpec.OidcSpec::serverClientId) + .mapOption("UI_ISSUER_URL", TrustifySpec.OidcSpec::serverUrl) + .mapOption("UI_CLIENT_ID", TrustifySpec.OidcSpec::uiClientId) + .getEnvVars() + ) + .orElseGet(() -> List.of(new EnvVarBuilder() + .withName("AUTH_DISABLED") + .withValue(Boolean.TRUE.toString()) + .build()) + ); + allEnvVars.addAll(envVars); } diff --git a/src/main/java/org/trustify/operator/controllers/TrustifyReconciler.java b/src/main/java/org/trustify/operator/controllers/TrustifyReconciler.java index bcbd157..921c996 100644 --- a/src/main/java/org/trustify/operator/controllers/TrustifyReconciler.java +++ b/src/main/java/org/trustify/operator/controllers/TrustifyReconciler.java @@ -1,5 +1,6 @@ package org.trustify.operator.controllers; +import io.fabric8.kubernetes.api.model.PersistentVolumeClaim; import io.fabric8.kubernetes.api.model.Service; import io.fabric8.kubernetes.api.model.apps.Deployment; import io.javaoperatorsdk.operator.api.config.informer.InformerConfiguration; @@ -53,13 +54,13 @@ type = ServerDeployment.class, // dependsOn = {"db-service"}, readyPostcondition = ServerDeployment.class, - useEventSourceWithName = "server-deployment" + useEventSourceWithName = TrustifyReconciler.DEPLOYMENT_EVENT_SOURCE ), @Dependent( name = "server-service", type = ServerService.class, dependsOn = {"server-deployment"}, - useEventSourceWithName = "server-service" + useEventSourceWithName = TrustifyReconciler.SERVICE_EVENT_SOURCE ), @Dependent( @@ -74,8 +75,8 @@ public class TrustifyReconciler implements Reconciler, ContextInitiali private static final Logger logger = Logger.getLogger(TrustifyReconciler.class); - public static final String SERVER_DEPLOYMENT_EVENT_SOURCE = "server-deployment"; - public static final String SERVER_SERVICE_EVENT_SOURCE = "server-service"; + public static final String DEPLOYMENT_EVENT_SOURCE = "deploymentSource"; + public static final String SERVICE_EVENT_SOURCE = "serviceSource"; @Override public void initContext(Trustify cr, Context context) { @@ -121,15 +122,15 @@ public UpdateControl reconcile(Trustify cr, Context context) { @Override public Map prepareEventSources(EventSourceContext context) { - var serverDeploymentInformerConfiguration = InformerConfiguration.from(Deployment.class, context).build(); - var serverServiceInformerConfiguration = InformerConfiguration.from(Service.class, context).build(); + var deploymentInformerConfiguration = InformerConfiguration.from(Deployment.class, context).build(); + var serviceInformerConfiguration = InformerConfiguration.from(Service.class, context).build(); - var serverDeploymentInformerEventSource = new InformerEventSource<>(serverDeploymentInformerConfiguration, context); - var serverServiceInformerEventSource = new InformerEventSource<>(serverServiceInformerConfiguration, context); + var deploymentInformerEventSource = new InformerEventSource<>(deploymentInformerConfiguration, context); + var serviceInformerEventSource = new InformerEventSource<>(serviceInformerConfiguration, context); return Map.of( - SERVER_DEPLOYMENT_EVENT_SOURCE, serverDeploymentInformerEventSource, - SERVER_SERVICE_EVENT_SOURCE, serverServiceInformerEventSource + DEPLOYMENT_EVENT_SOURCE, deploymentInformerEventSource, + SERVICE_EVENT_SOURCE, serviceInformerEventSource ); } }