in controllers/keycloakclient/chain/put_client.go [146:187]
func (el *PutClient) generateSecret(ctx context.Context, keycloakClient *keycloakApi.KeycloakClient) (string, error) {
var clientSecret corev1.Secret
secretName := fmt.Sprintf("keycloak-client-%s-secret", keycloakClient.Name)
secretErr := el.k8sClient.Get(ctx, types.NamespacedName{Namespace: keycloakClient.Namespace,
Name: secretName}, &clientSecret)
if secretErr != nil && !k8sErrors.IsNotFound(secretErr) {
return "", fmt.Errorf("unable to check client secret existance: %w", secretErr)
}
pass, err := password.Generate(passwordLength, passwordDigits, passwordSymbols, true, true)
if err != nil {
return "", fmt.Errorf("unable to generate password: %w", err)
}
if k8sErrors.IsNotFound(secretErr) {
clientSecret = corev1.Secret{
ObjectMeta: v1.ObjectMeta{Namespace: keycloakClient.Namespace,
Name: secretName},
Data: map[string][]byte{
keycloakApi.ClientSecretKey: []byte(pass),
},
}
if err := controllerutil.SetControllerReference(keycloakClient, &clientSecret, el.k8sClient.Scheme()); err != nil {
return "", fmt.Errorf("unable to set controller ref for secret: %w", err)
}
if err := el.k8sClient.Create(ctx, &clientSecret); err != nil {
return "", fmt.Errorf("unable to create secret %+v, err: %w", clientSecret, err)
}
}
keycloakClient.Spec.Secret = secretref.GenerateSecretRef(clientSecret.Name, keycloakApi.ClientSecretKey)
if err := el.k8sClient.Update(ctx, keycloakClient); err != nil {
return "", fmt.Errorf("unable to update client with new secret: %s, err: %w", clientSecret.Name, err)
}
return string(clientSecret.Data[keycloakApi.ClientSecretKey]), nil
}