Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: remove hostname v1 handling from the operator #32485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
shawkins wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

fix: remove hostname v1 handling from the operator #32485

shawkins wants to merge 1 commit into from

Conversation

@shawkins
Copy link
Contributor

@shawkins shawkins commented Aug 29, 2024

closes: #32470

This is a draft of the most aggressive option, which is to completely remove hostname v1 fields from the cr. While this is a breaking change, it is allowable via an olm upgrade as long none of the Keycloaks on the cluster have these fields populated. This would be called out in the migration guide. Kubernetes itself takes this approach - deprecated fields are dropped from the same api version after a sufficient period of deprecation.

Other possible options:

  • we can do nothing for now, for the user to use these fields they'd also have setting the features, which will result in the keycloak failing to start with an appropriate error message. This has the benefit(?) of allowing for users to use the newer operator with older custom images.
  • we can add a v2 of the crd - however I'd say this change alone doesn't warrent this, and removal or leaving alone for now is far simpler.

cc @vmuzikar @mabartos

@keycloak-github-bot
Copy link

keycloak-github-bot bot commented Aug 29, 2024

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.webauthn.WebAuthnIdlessTest#testWebAuthnIDLessLogin

Keycloak CI - WebAuthn IT (chrome)

java.lang.AssertionError: Event expected
	at org.junit.Assert.fail(Assert.java:89)
	at org.junit.Assert.assertTrue(Assert.java:42)
	at org.junit.Assert.assertNotNull(Assert.java:713)
	at org.keycloak.testsuite.AssertEvents.poll(AssertEvents.java:87)
...

Report flaky test

org.keycloak.testsuite.forms.LoginTest#loginRememberMeExpiredMaxLifespan

Keycloak CI - Forms IT (chrome)

java.lang.AssertionError: Expected LoginPage but was AUTH_RESPONSE (https://localhost:8543/auth/realms/master/app/auth?state=b921ca98-1c70-4d15-aa85-f920c8027d65&session_state=bbb1ae0b-ca25-4241-a6ab-bc3f5ce8f2ea&iss=https%3A%2F%2Flocalhost%3A8543%2Fauth%2Frealms%2Ftest&code=2135d6fa-02dc-499d-950a-e12f7cf6887b.bbb1ae0b-ca25-4241-a6ab-bc3f5ce8f2ea.e296fc35-904f-475a-aba4-5150e6324064)
	at org.junit.Assert.fail(Assert.java:89)
	at org.junit.Assert.assertTrue(Assert.java:42)
	at org.keycloak.testsuite.pages.AbstractPage.assertCurrent(AbstractPage.java:47)
	at org.keycloak.testsuite.pages.LoginPage.open(LoginPage.java:253)
...

Report flaky test

org.keycloak.testsuite.forms.LoginTest#loginMissingUsername

Keycloak CI - Forms IT (chrome)

java.lang.AssertionError: expected:<Invalid username or password.> but was:<null>
	at org.junit.Assert.fail(Assert.java:89)
	at org.junit.Assert.failNotEquals(Assert.java:835)
	at org.junit.Assert.assertEquals(Assert.java:120)
	at org.junit.Assert.assertEquals(Assert.java:146)
...

Report flaky test

org.keycloak.testsuite.forms.ResetPasswordTest#resetPasswordBeforeUserIsDisabled

Keycloak CI - Forms IT (chrome)

java.lang.AssertionError: Expected LoginPasswordResetPage but was Sign in to test (https://localhost:8543/auth/realms/test/protocol/openid-connect/auth?response_type=code&client_id=test-app&redirect_uri=https%3A%2F%2Flocalhost%3A8543%2Fauth%2Frealms%2Fmaster%2Fapp%2Fauth&state=a5cd0b6c-9986-4765-9b3e-3fe69e57689b&scope=openid)
	at org.junit.Assert.fail(Assert.java:89)
	at org.junit.Assert.assertTrue(Assert.java:42)
	at org.keycloak.testsuite.pages.AbstractPage.assertCurrent(AbstractPage.java:47)
	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
...

Report flaky test

keycloak-github-bot[bot]
keycloak-github-bot bot reviewed Aug 29, 2024
View reviewed changes
Copy link

@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@vmuzikar
Copy link
Contributor

vmuzikar commented Aug 30, 2024

@shawkins Thank you for creating the follow-up for the Operator.

While I'd love to take this aggressive approach and just remove the no-longer-needed fields (as it's the last opportunity to do that for a long time as we can't do breaking changes in minor versions and 27 is more than a year away by the new release schema), but I'm afraid we can't do it since CRDs are a cluster-wide resource. That would mean e.g. Keycloak 25 and 26 could not exist in the same cluster, AFAIK.

@shawkins
Copy link
Contributor Author

shawkins commented Aug 30, 2024

That would mean e.g. Keycloak 25 and 26 could not exist in the same cluster, AFAIK.

I'd say it's more nuanced than that. They can't upgrade until all Keycloaks no longer use the deprecated field. The case you might be worried about is that they won't be able to re-introduce those deprecated fields after the upgrade. I see this as somewhat similar to the problem we introduce for older versions once new CRD fields are available, but that aren't supported.

@vmuzikar
Copy link
Contributor

vmuzikar commented Sep 2, 2024

They can't upgrade until all Keycloaks no longer use the deprecated field.

This is the main issue I see. The typical scenario (for RHBK but upstream possibly as well) would be that user is using 24 in prod but want to try 26 in a different namespace.

@vmuzikar
Copy link
Contributor

vmuzikar commented Sep 9, 2024

@shawkins I'd like to resurrect the discussion here.

If we remove the fields, users can't install KC 24/25 alongside 26 in the same cluster, correct? If that's the case, I'm afraid we can't do it. :(

@shawkins
Copy link
Contributor Author

shawkins commented Sep 9, 2024

If we remove the fields, users can't install KC 24/25 alongside 26 in the same cluster, correct? If that's the case, I'm afraid we can't do it. :(

It's probably important to deliniate between 24 and 25 wrt hostname. In 25 v1 was deprecated, so running 25 and 26 with the additional requirement that the deprecated fields are no longer used does not seem like a problem.

However running 24 and 26 together is problematic because these options aren't deprecated in v24. This brings up a larger issue - when we moved up the removal of hostname v1 from the server to v26 from v27 that makes sense from a community perspective. However does seem problematic from a product perspective because the options had yet to have a product release where they were deprecated.

@shawkins
Copy link
Contributor Author

shawkins commented Sep 13, 2024

Based upon our offline messages, we'll stick with the "do nothing" option for KC 26. We can revisit this once KC 24 is not expected to be in production use.

@shawkins shawkins mentioned this pull request Sep 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

flaky-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove Hostname v1 support from Operator

2 participants

@shawkins @vmuzikar