in controllers/keycloakrealmuser/keycloakrealmuser_controller.go [119:182]
func (r *Reconcile) tryReconcile(ctx context.Context, instance *keycloakApi.KeycloakRealmUser) error {
err := r.helper.SetRealmOwnerRef(ctx, instance)
if err != nil {
return fmt.Errorf("unable to set realm owner ref: %w", err)
}
kClient, err := r.helper.CreateKeycloakClientFromRealmRef(ctx, instance)
if err != nil {
return fmt.Errorf("unable to create keycloak client from ref: %w", err)
}
realm, err := r.helper.GetKeycloakRealmFromRef(ctx, instance, kClient)
if err != nil {
return fmt.Errorf("unable to get keycloak realm from ref: %w", err)
}
if instance.Spec.KeepResource {
deleted, err := r.helper.TryToDelete(ctx, instance,
makeTerminator(
gocloak.PString(realm.Realm),
instance.Spec.Username,
kClient,
objectmeta.PreserveResourcesOnDeletion(instance),
),
finalizer,
)
if err != nil {
return fmt.Errorf("failed to delete keycloak realm user: %w", err)
}
if deleted {
return nil
}
}
password, getPasswordErr := r.getPassword(ctx, instance)
if getPasswordErr != nil {
return fmt.Errorf("unable to get password: %w", getPasswordErr)
}
if err := kClient.SyncRealmUser(ctx, gocloak.PString(realm.Realm), &adapter.KeycloakUser{
Username: instance.Spec.Username,
Groups: instance.Spec.Groups,
Roles: instance.Spec.Roles,
RequiredUserActions: instance.Spec.RequiredUserActions,
LastName: instance.Spec.LastName,
FirstName: instance.Spec.FirstName,
EmailVerified: instance.Spec.EmailVerified,
Enabled: instance.Spec.Enabled,
Email: instance.Spec.Email,
Attributes: instance.Spec.Attributes,
Password: password,
}, instance.GetReconciliationStrategy() == keycloakApi.ReconciliationStrategyAddOnly); err != nil {
return errors.Wrap(err, "unable to sync realm user")
}
if !instance.Spec.KeepResource {
if err := r.client.Delete(ctx, instance); err != nil {
return errors.Wrap(err, "unable to delete instance of keycloak realm user")
}
}
return nil
}