Merge pull request #544 from vshn/fix/keycloak-config

Enhance Keycloak configuration handling and resource copying

Author: vshnbot

pkg/comp-functions/functions/vshnkeycloak/deploy.go

@@ -197,8 +197,9 @@ func handleCustomConfig(ctx context.Context, comp *vshnv1.VSHNKeycloak, svc *run
 	l := svc.Log
 	customConfigurationRef := comp.Spec.Parameters.Service.CustomConfigurationRef
 	customEnvVariablesRef := comp.Spec.Parameters.Service.CustomEnvVariablesRef
+	envFrom := comp.Spec.Parameters.Service.EnvFrom
 
-	if customConfigurationRef == nil && customEnvVariablesRef == nil {
+	if customConfigurationRef == nil && customEnvVariablesRef == nil && envFrom == nil {
 		return nil
 	}
 
@@ -242,6 +243,50 @@ func handleCustomConfig(ctx context.Context, comp *vshnv1.VSHNKeycloak, svc *run
 		currentEnvHash = fmt.Sprintf("%x", md5.Sum(dataBytes))
 	}
 
+	if envFrom != nil {
+		var envFromData []byte
+		for _, ef := range *envFrom {
+			if ef.SecretRef != nil {
+				sec := &corev1.Secret{}
+				obj, err := svc.CopyKubeResource(ctx, sec, comp.GetName()+"-env-secret-"+ef.SecretRef.Name, ef.SecretRef.Name, comp.GetClaimNamespace(), comp.GetInstanceNamespace())
+				if err != nil {
+					l.Error(err, "cannot copy envFrom Secret", "secretName", ef.SecretRef.Name)
+					svc.AddResult(runtime.NewWarningResult(fmt.Sprintf("cannot copy envFrom Secret %q: %s", ef.SecretRef.Name, err)))
+					continue
+				}
+				dataBytes, err := json.Marshal(obj.(*corev1.Secret).Data)
+				if err != nil {
+					l.Error(err, "cannot marshal Secret data for hashing", "secretName", ef.SecretRef.Name)
+					continue
+				}
+				envFromData = append(envFromData, dataBytes...)
+			}
+			if ef.ConfigMapRef != nil {
+				cm := &corev1.ConfigMap{}
+				obj, err := svc.CopyKubeResource(ctx, cm, comp.GetName()+"-env-cm-"+ef.ConfigMapRef.Name, ef.ConfigMapRef.Name, comp.GetClaimNamespace(), comp.GetInstanceNamespace())
+				if err != nil {
+					l.Error(err, "cannot copy envFrom ConfigMap", "configMapName", ef.ConfigMapRef.Name)
+					svc.AddResult(runtime.NewWarningResult(fmt.Sprintf("cannot copy envFrom ConfigMap %q: %s", ef.ConfigMapRef.Name, err)))
+					continue
+				}
+				dataBytes, err := json.Marshal(obj.(*corev1.ConfigMap).Data)
+				if err != nil {
+					l.Error(err, "cannot marshal ConfigMap data for hashing", "configMapName", ef.ConfigMapRef.Name)
+					continue
+				}
+				envFromData = append(envFromData, dataBytes...)
+			}
+		}
+		if len(envFromData) > 0 {
+			envFromHash := fmt.Sprintf("%x", md5.Sum(envFromData))
+			if currentEnvHash != "" {
+				currentEnvHash = fmt.Sprintf("%x", md5.Sum([]byte(currentEnvHash+envFromHash)))
+			} else {
+				currentEnvHash = envFromHash
+			}
+		}
+	}
+
 	lastConfigHash := comp.GetLastConfigHash()
 	lastEnvHash := comp.GetLastEnvHash()
 
@@ -798,25 +843,6 @@ func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VS
 }
 
 func newRelease(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VSHNKeycloak, adminSecret, pgSecret string) (*xhelmv1.Release, error) {
-	if comp.Spec.Parameters.Service.EnvFrom != nil {
-		for _, r := range *comp.Spec.Parameters.Service.EnvFrom {
-			if r.SecretRef != nil {
-				obj := &corev1.Secret{}
-				_, err := svc.CopyKubeResource(ctx, obj, comp.GetName()+"-env-secret-"+r.SecretRef.Name, r.SecretRef.Name, comp.GetClaimNamespace(), comp.GetInstanceNamespace())
-				if err != nil {
-					return nil, fmt.Errorf("cannot copy Keycloak env variable Secret to instance namespace: %w", err)
-				}
-			}
-			if r.ConfigMapRef != nil {
-				obj := &corev1.ConfigMap{}
-				_, err := svc.CopyKubeResource(ctx, obj, comp.GetName()+"-env-cm-"+r.ConfigMapRef.Name, r.ConfigMapRef.Name, comp.GetClaimNamespace(), comp.GetInstanceNamespace())
-				if err != nil {
-					return nil, fmt.Errorf("cannot copy Keycloak env variable ConfigMap to instance namespace: %w", err)
-				}
-			}
-		}
-	}
-
 	values, err := newValues(ctx, svc, comp, adminSecret, pgSecret)
 	if err != nil {
 		return nil, err

pkg/comp-functions/functions/vshnkeycloak/maintenance.go

@@ -14,8 +14,12 @@ import (
 
 // AddMaintenanceJob will add a job to do the maintenance for the instance
 func AddMaintenanceJob(ctx context.Context, comp *vshnv1.VSHNKeycloak, svc *runtime.ServiceRuntime) *xfnproto.Result {
-	if err := svc.GetObservedComposite(comp); err != nil {
-		return runtime.NewFatalResult(fmt.Errorf("can't get desired composite: %w", err))
+	// Try desired first but fall back to observed.
+	// Config hash updates were observed to be dropped when only reading the observed composite.
+	if err := svc.GetDesiredComposite(comp); err != nil {
+		if err := svc.GetObservedComposite(comp); err != nil {
+			return runtime.NewFatalResult(fmt.Errorf("can't get composite: %w", err))
+		}
 	}
 
 	maintTime := common.SetRandomMaintenanceSchedule(comp)

pkg/comp-functions/runtime/function_mgr.go

@@ -1521,7 +1521,7 @@ func (s *ServiceRuntime) CopyKubeResource(ctx context.Context, obj client.Object
 		ProviderConfigIgnoreLabel: "true",
 	}
 
-	if err := s.SetDesiredKubeObject(observerObj, observerName, KubeOptionObserve, KubeOptionAddLabels(objectExtraLabels)); err != nil {
+	if err := s.SetDesiredKubeObject(observerObj, observerName, KubeOptionObserve, KubeOptionAllowDeletion, KubeOptionAddLabels(objectExtraLabels)); err != nil {
 		return nil, err
 	}
 
@@ -1532,7 +1532,7 @@ func (s *ServiceRuntime) CopyKubeResource(ctx context.Context, obj client.Object
 	instObj := obj.DeepCopyObject().(client.Object)
 	instObj.SetNamespace(toNS)
 
-	if err := s.SetDesiredKubeObject(instObj, resourceName); err != nil {
+	if err := s.SetDesiredKubeObject(instObj, resourceName, KubeOptionAllowDeletion); err != nil {
 		return nil, err
 	}