From 45507aade61299456ea5e7339bed7af0719876eb Mon Sep 17 00:00:00 2001 From: bom Date: Fri, 20 Jan 2023 14:32:44 +0100 Subject: [PATCH] Use common ingress update the rest of keycloak.cljc --- src/main/cljc/dda/c4k_keycloak/core.cljc | 4 +- src/main/cljc/dda/c4k_keycloak/keycloak.cljc | 71 +++++++++++--------- src/main/resources/keycloak/certificate.yaml | 13 ---- src/main/resources/keycloak/ingress.yaml | 25 ------- 4 files changed, 42 insertions(+), 71 deletions(-) delete mode 100644 src/main/resources/keycloak/certificate.yaml delete mode 100644 src/main/resources/keycloak/ingress.yaml diff --git a/src/main/cljc/dda/c4k_keycloak/core.cljc b/src/main/cljc/dda/c4k_keycloak/core.cljc index e07ca03..a5dfec9 100644 --- a/src/main/cljc/dda/c4k_keycloak/core.cljc +++ b/src/main/cljc/dda/c4k_keycloak/core.cljc @@ -12,8 +12,8 @@ (def config-defaults {:issuer :staging}) -(def config? (s/keys :req-un [::kc/fqdn] - :opt-un [::kc/issuer])) +(def config? (s/keys :req-un [::fqdn] + :opt-un [::issuer])) (def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password])) diff --git a/src/main/cljc/dda/c4k_keycloak/keycloak.cljc b/src/main/cljc/dda/c4k_keycloak/keycloak.cljc index 939016f..800f6a6 100644 --- a/src/main/cljc/dda/c4k_keycloak/keycloak.cljc +++ b/src/main/cljc/dda/c4k_keycloak/keycloak.cljc @@ -1,43 +1,52 @@ (ns dda.c4k-keycloak.keycloak (:require [clojure.spec.alpha :as s] + #?(:cljs [shadow.resource :as rc]) + #?(:clj [orchestra.core :refer [defn-spec]] + :cljs [orchestra.core :refer-macros [defn-spec]]) [dda.c4k-common.yaml :as yaml] + [dda.c4k-common.common :as cm] [dda.c4k-common.base64 :as b64] - [dda.c4k-common.common :as cm])) + [dda.c4k-common.ingress :as ing] + [dda.c4k-common.predicate :as cp])) -(s/def ::keycloak-admin-user cm/bash-env-string?) -(s/def ::keycloak-admin-password cm/bash-env-string?) -(s/def ::fqdn cm/fqdn-string?) -(s/def ::issuer cm/letsencrypt-issuer?) +(s/def ::fqdn cp/fqdn-string?) +(s/def ::issuer cp/letsencrypt-issuer?) +(s/def ::keycloak-admin-user cp/bash-env-string?) +(s/def ::keycloak-admin-password cp/bash-env-string?) -(defn generate-secret [my-auth] - (let [{:keys [keycloak-admin-user keycloak-admin-password]} my-auth] +(def config? (s/keys :req-un [::fqdn] + :opt-un [::issuer])) + +(def auth? (s/keys :req-un [::keycloak-admin-user ::keycloak-admin-password])) + +#?(:cljs + (defmethod yaml/load-resource :keycloak [resource-name] + (case resource-name + "keycloak/deployment.yaml" (rc/inline "keycloak/deployment.yaml") + "keycloak/secret.yaml" (rc/inline "keycloak/secret.yaml") + "keycloak/service.yaml" (rc/inline "keycloak/service.yaml") + (throw (js/Error. "Undefined Resource!"))))) + +(defn-spec generate-ingress cp/map-or-seq? + [config config?] + (ing/generate-ingress-and-cert + (merge + {:service-name "keycloak" + :service-port 80 + :fqdns [(:fqdn config)]} + config))) + +(defn-spec generate-secret cp/map-or-seq? + [auth auth?] + (let [{:keys [keycloak-admin-user keycloak-admin-password]} auth] (-> - (yaml/from-string (yaml/load-resource "keycloak/secret.yaml")) + (yaml/load-as-edn "keycloak/secret.yaml") (cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user)) (cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password))))) -(defn generate-deployment [] - (yaml/from-string (yaml/load-resource "keycloak/deployment.yaml"))) +(defn-spec generate-service cp/map-or-seq? [] + (yaml/load-as-edn "keycloak/service.yaml")) -(defn generate-certificate [config] - (let [{:keys [fqdn issuer] - :or {issuer :staging}} config - letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")] - (-> - (yaml/from-string (yaml/load-resource "keycloak/certificate.yaml")) - (assoc-in [:spec :commonName] fqdn) - (assoc-in [:spec :dnsNames] [fqdn]) - (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)))) - -(defn generate-ingress [config] - (let [{:keys [fqdn issuer] - :or {issuer :staging}} config - letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")] - (-> - (yaml/from-string (yaml/load-resource "keycloak/ingress.yaml")) - (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) - (cm/replace-all-matching-values-by-new-value "fqdn" fqdn)))) - -(defn generate-service [] - (yaml/from-string (yaml/load-resource "keycloak/service.yaml"))) +(defn-spec generate-deployment cp/map-or-seq? [] + (yaml/load-as-edn "keycloak/deployment.yaml")) diff --git a/src/main/resources/keycloak/certificate.yaml b/src/main/resources/keycloak/certificate.yaml deleted file mode 100644 index dd025a2..0000000 --- a/src/main/resources/keycloak/certificate.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: keycloak-cert - namespace: default -spec: - secretName: keycloak-secret - commonName: fqdn - dnsNames: - - fqdn - issuerRef: - name: letsencrypt-staging-issuer - kind: ClusterIssuer \ No newline at end of file diff --git a/src/main/resources/keycloak/ingress.yaml b/src/main/resources/keycloak/ingress.yaml deleted file mode 100644 index 6b4e6d3..0000000 --- a/src/main/resources/keycloak/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: ingress-cloud - annotations: - cert-manager.io/cluster-issuer: letsencrypt-staging-issuer - nginx.ingress.kubernetes.io/proxy-body-size: "256m" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-connect-timeout: "300" - nginx.ingress.kubernetes.io/proxy-send-timeout: "300" - nginx.ingress.kubernetes.io/proxy-read-timeout: "300" - namespace: default -spec: - tls: - - hosts: - - fqdn - secretName: keycloak-secret - rules: - - host: fqdn - http: - paths: - - backend: - serviceName: keycloak - servicePort: 8080 \ No newline at end of file