*Creation*
When a new SharedServiceAction is seen with a service type of keycloak, the keycloak operator should do the following things.
- look at the params. There will be one named {code}ActionType{code} if it is a user action it should do the following.
- look for the username param
- look for a roles param
- look up the shared service slice that this action is tied to (will be part of the spec and filled in by the broker)
- This will tell us the realm to create the user in and the keycloak to target
- update the keycloak resource with the user under the correct realm
- set the status of keycloak resource to modified
- set the status of the sharedserviceaction to in progress and set a message.
- With each reconciliation loop it should check the keycloak resource and see has it been set status complete or failed. When either of these is reached, it should update the SharedServiceAction with the same status and add a user friendly message.
- in the keycloak resource handler, it should then reconcile this change into a new user in the keycloak realm and create a secret with the user details (possibly with a deterministic name based on the user). To reconcile it should list users in the realm from keycloak and check is there one in the keycloak resource that is not in the realm, if so add it.
- Once done the keycloak resource should get the status complete to indicate that the state of the keycloak now matches the resource
*Deletion*
When the resource SharedServiceAction is deleted, we should delete remove the user in definition from the keycloak resource. Similar to above the keycloak reconcilliation loop should read the users from the realm and and if one exists in the associated realm that does not exist in the keycloak resource, that user should be removed from the keycloak realm.
One tricky part here is removing the secret then remove , if we use a deterministic name we can reconstruct the finalizer reference
name. If not we will need to update the status of the keycloak somehow to indicate the secret that needs deleting |
|
