| What Using the operator SDK, investigate ensuring that keycloak is kept in sync with the secrets we have in OpenShift. Right now when a binding is created it is a single action that creates a client in Keycloak and a secret in OS. If someone were to go into keycloak and delete that client our client would be invalid.
We want to watch secrets that are being created and if the secret is a mobile secret (we know because of the labels it has and for keycloak) then the operator will ensure the following
- the fields in the secret match the fields in keycloak if they don't it will update keycloak to match
- if the client is deleted from KC and the secret is still present it should be recreated
How Read up on the Operator Framework https://github.com/operator-framework
Look at setting up an operator to watch secrets
interact with a provisioned keycloak when these secrets change or are deleted |
