feat: Add adminEventsExpiration to KeycloakRealm realmEventConfig (#122)

zmotso · zmotso · commit 200c8707b3c3 · 2025-02-12T17:21:26.000+02:00
diff --git a/api/v1/keycloakrealm_types.go b/api/v1/keycloakrealm_types.go
@@ -110,6 +110,11 @@ type RealmEventConfig struct {
 	// +optional
 	AdminEventsEnabled bool `json:"adminEventsEnabled,omitempty"`
 
+	// AdminEventsExpiration sets the expiration for events in seconds.
+	// Expired events are periodically deleted from the database.
+	// +optional
+	AdminEventsExpiration int `json:"adminEventsExpiration,omitempty"`
+
 	// EnabledEventTypes is a list of event types to enable.
 	// +optional
 	// +nullable.
diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go
diff --git a/api/v1alpha1/clusterkeycloakrealm_types.go b/api/v1alpha1/clusterkeycloakrealm_types.go
@@ -119,6 +119,11 @@ type RealmEventConfig struct {
 	// +optional
 	AdminEventsEnabled bool `json:"adminEventsEnabled,omitempty"`
 
+	// AdminEventsExpiration sets the expiration for events in seconds.
+	// Expired events are periodically deleted from the database.
+	// +optional
+	AdminEventsExpiration int `json:"adminEventsExpiration,omitempty"`
+
 	// EnabledEventTypes is a list of event types to enable.
 	// +optional
 	// +nullable.
diff --git a/config/crd/bases/v1.edp.epam.com_clusterkeycloakrealms.yaml b/config/crd/bases/v1.edp.epam.com_clusterkeycloakrealms.yaml
@@ -127,6 +127,11 @@ spec:
                     description: AdminEventsEnabled indicates whether to enable admin
                       events.
                     type: boolean
+                  adminEventsExpiration:
+                    description: |-
+                      AdminEventsExpiration sets the expiration for events in seconds.
+                      Expired events are periodically deleted from the database.
+                    type: integer
                   enabledEventTypes:
                     description: EnabledEventTypes is a list of event types to enable.
                     items:
diff --git a/config/crd/bases/v1.edp.epam.com_keycloakrealms.yaml b/config/crd/bases/v1.edp.epam.com_keycloakrealms.yaml
@@ -132,6 +132,11 @@ spec:
                     description: AdminEventsEnabled indicates whether to enable admin
                       events.
                     type: boolean
+                  adminEventsExpiration:
+                    description: |-
+                      AdminEventsExpiration sets the expiration for events in seconds.
+                      Expired events are periodically deleted from the database.
+                    type: integer
                   enabledEventTypes:
                     description: EnabledEventTypes is a list of event types to enable.
                     items:
diff --git a/controllers/clusterkeycloakrealm/chain/put_realm_settings.go b/controllers/clusterkeycloakrealm/chain/put_realm_settings.go
@@ -67,6 +67,12 @@ func (h PutRealmSettings) ServeRequest(ctx context.Context, realm *v1alpha1.Clus
 
 	settings.TokenSettings = adapter.ToRealmTokenSettings(realm.Spec.TokenSettings)
 
+	if realm.Spec.RealmEventConfig != nil && realm.Spec.RealmEventConfig.AdminEventsEnabled {
+		specCopy := realm.Spec.DeepCopy()
+
+		settings.AdminEventsExpiration = &specCopy.RealmEventConfig.AdminEventsExpiration
+	}
+
 	if err := kClient.UpdateRealmSettings(realm.Spec.RealmName, &settings); err != nil {
 		return errors.Wrap(err, "unable to update realm settings")
 	}
diff --git a/controllers/clusterkeycloakrealm/clusterkeycloakrealm_controller_integration_test.go b/controllers/clusterkeycloakrealm/clusterkeycloakrealm_controller_integration_test.go
@@ -39,6 +39,10 @@ var _ = Describe("ClusterKeycloakRealm controller", func() {
 				},
 				DisplayName:     "Test Realm",
 				DisplayHTMLName: "<b>Test Realm</b>",
+				RealmEventConfig: &keycloakAlpha.RealmEventConfig{
+					AdminEventsEnabled:    true,
+					AdminEventsExpiration: 100,
+				},
 			},
 		}
 		Expect(k8sClient.Create(ctx, keycloakRealm)).Should(Succeed())
diff --git a/controllers/keycloakclient/chain/put_client_admin_fine_grained_perms.go b/controllers/keycloakclient/chain/put_client_admin_fine_grained_perms.go
@@ -13,7 +13,7 @@ import (
 
 const (
 	// RealmManagementClient built-in Keycloak client for the realm
-	// This client manages admin fine-grained permissions for other clients
+	// This client manages admin fine-grained permissions for other clients.
 	RealmManagementClient = "realm-management"
 )
 
diff --git a/controllers/keycloakrealm/chain/realm_settings.go b/controllers/keycloakrealm/chain/realm_settings.go
@@ -58,6 +58,12 @@ func (h RealmSettings) ServeRequest(ctx context.Context, realm *keycloakApi.Keyc
 
 	settings.TokenSettings = adapter.ToRealmTokenSettings(realm.Spec.TokenSettings)
 
+	if realm.Spec.RealmEventConfig != nil && realm.Spec.RealmEventConfig.AdminEventsEnabled {
+		specCopy := realm.Spec.DeepCopy()
+
+		settings.AdminEventsExpiration = &specCopy.RealmEventConfig.AdminEventsExpiration
+	}
+
 	if err := kClient.UpdateRealmSettings(realm.Spec.RealmName, &settings); err != nil {
 		return errors.Wrap(err, "unable to update realm settings")
 	}
diff --git a/controllers/keycloakrealm/chain/realm_settings_test.go b/controllers/keycloakrealm/chain/realm_settings_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
+	"k8s.io/utils/ptr"
 
 	keycloakApi "github.com/epam/edp-keycloak-operator/api/v1"
 	"github.com/epam/edp-keycloak-operator/pkg/client/keycloak/adapter"
@@ -37,7 +38,9 @@ func TestRealmSettings_ServeRequest(t *testing.T) {
 				"foo": "bar",
 			},
 			RealmEventConfig: &keycloakApi.RealmEventConfig{
-				EventsListeners: []string{"foo", "bar"},
+				EventsListeners:       []string{"foo", "bar"},
+				AdminEventsEnabled:    true,
+				AdminEventsExpiration: 100,
 			},
 			PasswordPolicies: []keycloakApi.PasswordPolicy{
 				{Type: "foo", Value: "bar"},
@@ -57,20 +60,23 @@ func TestRealmSettings_ServeRequest(t *testing.T) {
 		PasswordPolicies: []adapter.PasswordPolicy{
 			{Type: "foo", Value: "bar"},
 		},
-		DisplayHTMLName: realm.Spec.DisplayHTMLName,
-		FrontendURL:     realm.Spec.FrontendURL,
-		DisplayName:     realm.Spec.DisplayName,
+		DisplayHTMLName:       realm.Spec.DisplayHTMLName,
+		FrontendURL:           realm.Spec.FrontendURL,
+		DisplayName:           realm.Spec.DisplayName,
+		AdminEventsExpiration: ptr.To(100),
 	}).Return(nil)
 
 	kClient.On("SetRealmEventConfig", realm.Spec.RealmName, &adapter.RealmEventConfig{
-		EventsListeners: []string{"foo", "bar"},
+		EventsListeners:    []string{"foo", "bar"},
+		AdminEventsEnabled: true,
 	}).Return(nil).Once()
 
 	err = rs.ServeRequest(ctx, &realm, kClient)
 	require.NoError(t, err)
 
 	kClient.On("SetRealmEventConfig", realm.Spec.RealmName, &adapter.RealmEventConfig{
-		EventsListeners: []string{"foo", "bar"},
+		EventsListeners:    []string{"foo", "bar"},
+		AdminEventsEnabled: true,
 	}).Return(errors.New("event config fatal")).Once()
 	kClient.On("UpdateRealmSettings", mock.Anything, mock.Anything).Return(nil)
 
diff --git a/controllers/keycloakrealm/keycloakrealm_controller_integration_test.go b/controllers/keycloakrealm/keycloakrealm_controller_integration_test.go
@@ -53,6 +53,7 @@ var _ = Describe("KeycloakRealm controller", Ordered, func() {
 					EventsEnabled:             true,
 					EventsExpiration:          15000,
 					EventsListeners:           []string{"jboss-logging"},
+					AdminEventsExpiration:     100,
 				},
 				PasswordPolicies: []keycloakApi.PasswordPolicy{
 					{
diff --git a/deploy-templates/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml b/deploy-templates/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml
@@ -127,6 +127,11 @@ spec:
                     description: AdminEventsEnabled indicates whether to enable admin
                       events.
                     type: boolean
+                  adminEventsExpiration:
+                    description: |-
+                      AdminEventsExpiration sets the expiration for events in seconds.
+                      Expired events are periodically deleted from the database.
+                    type: integer
                   enabledEventTypes:
                     description: EnabledEventTypes is a list of event types to enable.
                     items:
diff --git a/deploy-templates/crds/v1.edp.epam.com_keycloakrealms.yaml b/deploy-templates/crds/v1.edp.epam.com_keycloakrealms.yaml
@@ -132,6 +132,11 @@ spec:
                     description: AdminEventsEnabled indicates whether to enable admin
                       events.
                     type: boolean
+                  adminEventsExpiration:
+                    description: |-
+                      AdminEventsExpiration sets the expiration for events in seconds.
+                      Expired events are periodically deleted from the database.
+                    type: integer
                   enabledEventTypes:
                     description: EnabledEventTypes is a list of event types to enable.
                     items:
diff --git a/docs/api.md b/docs/api.md
diff --git a/pkg/client/keycloak/adapter/gocloak_adapter_realms.go b/pkg/client/keycloak/adapter/gocloak_adapter_realms.go
diff --git a/pkg/client/keycloak/adapter/gocloak_adapter_realms_test.go b/pkg/client/keycloak/adapter/gocloak_adapter_realms_test.go

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ import (`
`13`	`13`
`14`	`14`	`const (`
`15`	`15`	`// RealmManagementClient built-in Keycloak client for the realm`
`16`		`- // This client manages admin fine-grained permissions for other clients`
	`16`	`+ // This client manages admin fine-grained permissions for other clients.`
`17`	`17`	`RealmManagementClient = "realm-management"`
`18`	`18`	`)`
`19`	`19`