feat: Add adminEventsExpiration to KeycloakRealm realmEventConfig

api/v1/keycloakrealm_types.go

@@ -110,6 +110,11 @@ type RealmEventConfig struct {
 	// +optional
 	AdminEventsEnabled bool `json:"adminEventsEnabled,omitempty"`
 
+	// AdminEventsExpiration sets the expiration for events in seconds.
+	// Expired events are periodically deleted from the database.
+	// +optional
+	AdminEventsExpiration int `json:"adminEventsExpiration,omitempty"`
+
 	// EnabledEventTypes is a list of event types to enable.
 	// +optional
 	// +nullable.

api/v1alpha1/clusterkeycloakrealm_types.go

@@ -119,6 +119,11 @@ type RealmEventConfig struct {
 	// +optional
 	AdminEventsEnabled bool `json:"adminEventsEnabled,omitempty"`
 
+	// AdminEventsExpiration sets the expiration for events in seconds.
+	// Expired events are periodically deleted from the database.
+	// +optional
+	AdminEventsExpiration int `json:"adminEventsExpiration,omitempty"`
+
 	// EnabledEventTypes is a list of event types to enable.
 	// +optional
 	// +nullable.

config/crd/bases/v1.edp.epam.com_clusterkeycloakrealms.yaml

@@ -127,6 +127,11 @@ spec:
                     description: AdminEventsEnabled indicates whether to enable admin
                       events.
                     type: boolean
+                  adminEventsExpiration:
+                    description: |-
+                      AdminEventsExpiration sets the expiration for events in seconds.
+                      Expired events are periodically deleted from the database.
+                    type: integer
                   enabledEventTypes:
                     description: EnabledEventTypes is a list of event types to enable.
                     items:

config/crd/bases/v1.edp.epam.com_keycloakrealms.yaml

@@ -132,6 +132,11 @@ spec:
                     description: AdminEventsEnabled indicates whether to enable admin
                       events.
                     type: boolean
+                  adminEventsExpiration:
+                    description: |-
+                      AdminEventsExpiration sets the expiration for events in seconds.
+                      Expired events are periodically deleted from the database.
+                    type: integer
                   enabledEventTypes:
                     description: EnabledEventTypes is a list of event types to enable.
                     items:

controllers/clusterkeycloakrealm/chain/put_realm_settings.go

@@ -67,6 +67,12 @@ func (h PutRealmSettings) ServeRequest(ctx context.Context, realm *v1alpha1.Clus
 
 	settings.TokenSettings = adapter.ToRealmTokenSettings(realm.Spec.TokenSettings)
 
+	if realm.Spec.RealmEventConfig != nil && realm.Spec.RealmEventConfig.AdminEventsEnabled {
+		eventCfCopy := realm.Spec.RealmEventConfig.DeepCopy()
+
+		settings.AdminEventsExpiration = &eventCfCopy.AdminEventsExpiration
+	}
+
 	if err := kClient.UpdateRealmSettings(realm.Spec.RealmName, &settings); err != nil {
 		return errors.Wrap(err, "unable to update realm settings")
 	}

controllers/clusterkeycloakrealm/clusterkeycloakrealm_controller_integration_test.go

@@ -39,6 +39,10 @@ var _ = Describe("ClusterKeycloakRealm controller", func() {
 				},
 				DisplayName:     "Test Realm",
 				DisplayHTMLName: "<b>Test Realm</b>",
+				RealmEventConfig: &keycloakAlpha.RealmEventConfig{
+					AdminEventsEnabled:    true,
+					AdminEventsExpiration: 100,
+				},
 			},
 		}
 		Expect(k8sClient.Create(ctx, keycloakRealm)).Should(Succeed())

controllers/keycloakclient/chain/put_client_admin_fine_grained_perms.go

@@ -13,7 +13,7 @@ import (
 
 const (
 	// RealmManagementClient built-in Keycloak client for the realm
-	// This client manages admin fine-grained permissions for other clients
+	// This client manages admin fine-grained permissions for other clients.
 	RealmManagementClient = "realm-management"
 )
 

controllers/keycloakrealm/chain/realm_settings.go

@@ -58,6 +58,12 @@ func (h RealmSettings) ServeRequest(ctx context.Context, realm *keycloakApi.Keyc
 
 	settings.TokenSettings = adapter.ToRealmTokenSettings(realm.Spec.TokenSettings)
 
+	if realm.Spec.RealmEventConfig != nil && realm.Spec.RealmEventConfig.AdminEventsEnabled {
+		eventCfCopy := realm.Spec.RealmEventConfig.DeepCopy()
+
+		settings.AdminEventsExpiration = &eventCfCopy.AdminEventsExpiration
+	}
+
 	if err := kClient.UpdateRealmSettings(realm.Spec.RealmName, &settings); err != nil {
 		return errors.Wrap(err, "unable to update realm settings")
 	}

controllers/keycloakrealm/chain/realm_settings_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
+	"k8s.io/utils/ptr"
 
 	keycloakApi "github.com/epam/edp-keycloak-operator/api/v1"
 	"github.com/epam/edp-keycloak-operator/pkg/client/keycloak/adapter"
@@ -37,7 +38,9 @@ func TestRealmSettings_ServeRequest(t *testing.T) {
 				"foo": "bar",
 			},
 			RealmEventConfig: &keycloakApi.RealmEventConfig{
-				EventsListeners: []string{"foo", "bar"},
+				EventsListeners:       []string{"foo", "bar"},
+				AdminEventsEnabled:    true,
+				AdminEventsExpiration: 100,
 			},
 			PasswordPolicies: []keycloakApi.PasswordPolicy{
 				{Type: "foo", Value: "bar"},
@@ -57,20 +60,23 @@ func TestRealmSettings_ServeRequest(t *testing.T) {
 		PasswordPolicies: []adapter.PasswordPolicy{
 			{Type: "foo", Value: "bar"},
 		},
-		DisplayHTMLName: realm.Spec.DisplayHTMLName,
-		FrontendURL:     realm.Spec.FrontendURL,
-		DisplayName:     realm.Spec.DisplayName,
+		DisplayHTMLName:       realm.Spec.DisplayHTMLName,
+		FrontendURL:           realm.Spec.FrontendURL,
+		DisplayName:           realm.Spec.DisplayName,
+		AdminEventsExpiration: ptr.To(100),
 	}).Return(nil)
 
 	kClient.On("SetRealmEventConfig", realm.Spec.RealmName, &adapter.RealmEventConfig{
-		EventsListeners: []string{"foo", "bar"},
+		EventsListeners:    []string{"foo", "bar"},
+		AdminEventsEnabled: true,
 	}).Return(nil).Once()
 
 	err = rs.ServeRequest(ctx, &realm, kClient)
 	require.NoError(t, err)
 
 	kClient.On("SetRealmEventConfig", realm.Spec.RealmName, &adapter.RealmEventConfig{
-		EventsListeners: []string{"foo", "bar"},
+		EventsListeners:    []string{"foo", "bar"},
+		AdminEventsEnabled: true,
 	}).Return(errors.New("event config fatal")).Once()
 	kClient.On("UpdateRealmSettings", mock.Anything, mock.Anything).Return(nil)
 

controllers/keycloakrealm/keycloakrealm_controller_integration_test.go

@@ -53,6 +53,7 @@ var _ = Describe("KeycloakRealm controller", Ordered, func() {
 					EventsEnabled:             true,
 					EventsExpiration:          15000,
 					EventsListeners:           []string{"jboss-logging"},
+					AdminEventsExpiration:     100,
 				},
 				PasswordPolicies: []keycloakApi.PasswordPolicy{
 					{

deploy-templates/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml

@@ -127,6 +127,11 @@ spec:
                     description: AdminEventsEnabled indicates whether to enable admin
                       events.
                     type: boolean
+                  adminEventsExpiration:
+                    description: |-
+                      AdminEventsExpiration sets the expiration for events in seconds.
+                      Expired events are periodically deleted from the database.
+                    type: integer
                   enabledEventTypes:
                     description: EnabledEventTypes is a list of event types to enable.
                     items:

deploy-templates/crds/v1.edp.epam.com_keycloakrealms.yaml

@@ -132,6 +132,11 @@ spec:
                     description: AdminEventsEnabled indicates whether to enable admin
                       events.
                     type: boolean
+                  adminEventsExpiration:
+                    description: |-
+                      AdminEventsExpiration sets the expiration for events in seconds.
+                      Expired events are periodically deleted from the database.
+                    type: integer
                   enabledEventTypes:
                     description: EnabledEventTypes is a list of event types to enable.
                     items:

docs/api.md

@@ -307,6 +307,14 @@ RealmEventConfig is the configuration for events in the realm.
           AdminEventsEnabled indicates whether to enable admin events.<br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b>adminEventsExpiration</b></td>
+        <td>integer</td>
+        <td>
+          AdminEventsExpiration sets the expiration for events in seconds.
+Expired events are periodically deleted from the database.<br/>
+        </td>
+        <td>false</td>
       </tr><tr>
         <td><b>enabledEventTypes</b></td>
         <td>[]string</td>
@@ -5032,6 +5040,14 @@ RealmEventConfig is the configuration for events in the realm.
           AdminEventsEnabled indicates whether to enable admin events.<br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b>adminEventsExpiration</b></td>
+        <td>integer</td>
+        <td>
+          AdminEventsExpiration sets the expiration for events in seconds.
+Expired events are periodically deleted from the database.<br/>
+        </td>
+        <td>false</td>
       </tr><tr>
         <td><b>enabledEventTypes</b></td>
         <td>[]string</td>

pkg/client/keycloak/adapter/gocloak_adapter_realms.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"strconv"
 	"strings"
 
 	"github.com/Nerzal/gocloak/v12"
@@ -22,6 +23,7 @@ type RealmSettings struct {
 	FrontendURL            string
 	TokenSettings          *TokenSettings
 	DisplayName            string
+	AdminEventsExpiration  *int
 }
 
 type PasswordPolicy struct {
@@ -124,6 +126,10 @@ func setRealmSettings(realm *gocloak.RealmRepresentation, realmSettings *RealmSe
 		realm.ActionTokenGeneratedByUserLifespan = gocloak.IntP(realmSettings.TokenSettings.ActionTokenGeneratedByUserLifespan)
 		realm.ActionTokenGeneratedByAdminLifespan = gocloak.IntP(realmSettings.TokenSettings.ActionTokenGeneratedByAdminLifespan)
 	}
+
+	if realmSettings.AdminEventsExpiration != nil {
+		(*realm.Attributes)["adminEventsExpiration"] = strconv.Itoa(*realmSettings.AdminEventsExpiration)
+	}
 }
 
 func (a GoCloakAdapter) ExistRealm(realmName string) (bool, error) {

pkg/client/keycloak/adapter/gocloak_adapter_realms_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
+	"k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	"github.com/epam/edp-keycloak-operator/api/common"
@@ -45,6 +46,7 @@ func TestGoCloakAdapter_UpdateRealmSettings(t *testing.T) {
 			ActionTokenGeneratedByUserLifespan:  234,
 			ActionTokenGeneratedByAdminLifespan: 235,
 		},
+		AdminEventsExpiration: ptr.To(100),
 	}
 	realmName := "ream11"
 
@@ -62,7 +64,8 @@ func TestGoCloakAdapter_UpdateRealmSettings(t *testing.T) {
 			}, realm.BrowserSecurityHeaders) &&
 			assert.Equal(t, gocloak.StringP("foo(bar) and bar(baz)"), realm.PasswordPolicy) &&
 			assert.Equal(t, &map[string]string{
-				"frontendUrl": settings.FrontendURL,
+				"frontendUrl":           settings.FrontendURL,
+				"adminEventsExpiration": "100",
 			}, realm.Attributes) &&
 			assert.Equal(t, settings.TokenSettings.DefaultSignatureAlgorithm, *realm.DefaultSignatureAlgorithm) &&
 			assert.Equal(t, settings.TokenSettings.RevokeRefreshToken, *realm.RevokeRefreshToken) &&