From 2d0947703e25bb7b233dadc31f36c086dfb794b6 Mon Sep 17 00:00:00 2001 From: OlegErshov Date: Tue, 4 Nov 2025 09:00:32 +0100 Subject: [PATCH 1/5] fix: added clientID/secret based access On-behalf-of: SAP aleh.yarshou@sap.com --- cmd/operator.go | 10 +++++++++- go.mod | 2 ++ go.sum | 8 ++++++++ internal/config/config.go | 4 ++-- internal/controller/invite_controller.go | 23 +++++++++++++++++------ internal/subroutine/invite/subroutine.go | 18 ++++++++---------- 6 files changed, 46 insertions(+), 19 deletions(-) diff --git a/cmd/operator.go b/cmd/operator.go index 7b8fe99..4a5a7a9 100644 --- a/cmd/operator.go +++ b/cmd/operator.go @@ -5,6 +5,7 @@ import ( "crypto/tls" "fmt" "net/url" + "os" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. @@ -147,6 +148,13 @@ var operatorCmd = &cobra.Command{ fga := openfgav1.NewOpenFGAServiceClient(conn) + k8sCfg := ctrl.GetConfigOrDie() + runtimeClient, err := client.New(k8sCfg, client.Options{Scheme: scheme}) + if err != nil { + log.Error().Err(err).Msg("Failed to create in cluster client") + return err + } + if err = controller.NewStoreReconciler(log, fga, mgr). SetupWithManager(mgr, defaultCfg); err != nil { log.Error().Err(err).Str("controller", "store").Msg("unable to create controller") @@ -158,7 +166,7 @@ var operatorCmd = &cobra.Command{ log.Error().Err(err).Str("controller", "authorizationmodel").Msg("unable to create controller") return err } - if err = controller.NewInviteReconciler(ctx, mgr, &operatorCfg, log).SetupWithManager(mgr, defaultCfg, log); err != nil { + if err = controller.NewInviteReconciler(ctx, mgr, runtimeClient, &operatorCfg, log).SetupWithManager(mgr, defaultCfg, log); err != nil { log.Error().Err(err).Str("controller", "invite").Msg("unable to create controller") return err } diff --git a/go.mod b/go.mod index db0b15f..cb779d8 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/kcp-dev/kcp/sdk v0.28.1-0.20250926104223-cec2e15f24c6 github.com/kcp-dev/logicalcluster/v3 v3.0.5 github.com/kcp-dev/multicluster-provider v0.2.0 + github.com/oapi-codegen/runtime v1.1.2 github.com/openfga/api/proto v0.0.0-20250909173124-0ac19aac54f2 github.com/openfga/language/pkg/go v0.2.0-beta.2.0.20251003203216-7c0d09a1cc5a github.com/platform-mesh/account-operator v0.5.11 @@ -37,6 +38,7 @@ require ( require ( github.com/99designs/gqlgen v0.17.81 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect + github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index f6ddbf1..d3fdc3d 100644 --- a/go.sum +++ b/go.sum @@ -2,14 +2,18 @@ cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= github.com/99designs/gqlgen v0.17.81 h1:kCkN/xVyRb5rEQpuwOHRTYq83i0IuTQg9vdIiwEerTs= github.com/99designs/gqlgen v0.17.81/go.mod h1:vgNcZlLwemsUhYim4dC1pvFP5FX0pr2Y+uYUoHFb1ig= +github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= +github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ= +github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w= github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= @@ -108,6 +112,7 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE= github.com/kcp-dev/apimachinery/v2 v2.0.1-0.20250728122101-adbf20db3e51 h1:l38RDS+VUMx9etvyaCgJIZa4nM7FaNevNubWN0kDZY4= github.com/kcp-dev/apimachinery/v2 v2.0.1-0.20250728122101-adbf20db3e51/go.mod h1:rF1jfvUfPjFXs+HV/LN1BtPzAz1bfjJOwVa+hAVfroQ= github.com/kcp-dev/kcp/sdk v0.28.1-0.20250926104223-cec2e15f24c6 h1:bOR4mdLD24VCJRrHxmtTh21AdbbzkBBKkEh0ngL+XTc= @@ -143,6 +148,8 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/oapi-codegen/runtime v1.1.2 h1:P2+CubHq8fO4Q6fV1tqDBZHCwpVpvPg7oKiYzQgXIyI= +github.com/oapi-codegen/runtime v1.1.2/go.mod h1:SK9X900oXmPWilYR5/WKPzt3Kqxn/uS/+lbpREv+eCg= github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= @@ -199,6 +206,7 @@ github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU= github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY= +github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0= github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/internal/config/config.go b/internal/config/config.go index 4482e60..02261bd 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -2,9 +2,9 @@ package config type InviteConfig struct { KeycloakBaseURL string `mapstructure:"invite-keycloak-base-url"` - KeycloakClientID string `mapstructure:"invite-keycloak-client-id" default:"admin-cli"` + KeycloakClientID string `mapstructure:"invite-keycloak-client-id" default:"security-operator"` KeycloakUser string `mapstructure:"invite-keycloak-user" default:"keycloak-admin"` - KeycloakPasswordFile string `mapstructure:"invite-keycloak-password-file" default:"/var/run/secrets/keycloak/password"` + KeycloakClientSecret string `mapstructure:"keycloak-client-secret" default:"security-operator-client-secret"` } // Config struct to hold the app config diff --git a/internal/controller/invite_controller.go b/internal/controller/invite_controller.go index d9d6839..8ca4f5f 100644 --- a/internal/controller/invite_controller.go +++ b/internal/controller/invite_controller.go @@ -2,14 +2,16 @@ package controller // coverage-ignore import ( "context" - "os" platformeshconfig "github.com/platform-mesh/golang-commons/config" "github.com/platform-mesh/golang-commons/controller/lifecycle/builder" "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine" "github.com/platform-mesh/golang-commons/logger" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" mccontext "sigs.k8s.io/multicluster-runtime/pkg/context" mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager" mcreconcile "sigs.k8s.io/multicluster-runtime/pkg/reconcile" @@ -19,17 +21,26 @@ import ( "github.com/platform-mesh/security-operator/internal/subroutine/invite" ) +const ( + platformeMeshNamespace = "platform-mesh-system" + clientSecretDataKey = "attribute.client_secret" +) + type InviteReconciler struct { mclifecycle *multicluster.LifecycleManager } -func NewInviteReconciler(ctx context.Context, mgr mcmanager.Manager, cfg *config.Config, log *logger.Logger) *InviteReconciler { - pwd, err := os.ReadFile(cfg.Invite.KeycloakPasswordFile) - if err != nil { - log.Fatal().Err(err).Msg("Failed to read keycloak password file") +func NewInviteReconciler(ctx context.Context, mgr mcmanager.Manager, runtimeClient client.Client, cfg *config.Config, log *logger.Logger) *InviteReconciler { + secretKey := types.NamespacedName{Name: cfg.Invite.KeycloakClientSecret, Namespace: platformeMeshNamespace} + + var clientSecret corev1.Secret + if err := runtimeClient.Get(ctx, secretKey, &clientSecret); err != nil { + log.Fatal().Err(err).Msg("Failed to get client secret") } - inviteSubroutine, err := invite.New(ctx, cfg, mgr, string(pwd)) + keycloakClientSecret := string(clientSecret.Data[clientSecretDataKey]) + + inviteSubroutine, err := invite.New(ctx, cfg, mgr, keycloakClientSecret) if err != nil { log.Fatal().Err(err).Msg("Failed to create invite subroutine") } diff --git a/internal/subroutine/invite/subroutine.go b/internal/subroutine/invite/subroutine.go index eb711bd..eec20a8 100644 --- a/internal/subroutine/invite/subroutine.go +++ b/internal/subroutine/invite/subroutine.go @@ -14,7 +14,6 @@ import ( lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine" "github.com/platform-mesh/golang-commons/errors" "github.com/platform-mesh/golang-commons/logger" - "golang.org/x/oauth2" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" mccontext "sigs.k8s.io/multicluster-runtime/pkg/context" @@ -22,6 +21,7 @@ import ( "github.com/platform-mesh/security-operator/api/v1alpha1" "github.com/platform-mesh/security-operator/internal/config" + "golang.org/x/oauth2/clientcredentials" ) const ( @@ -48,7 +48,7 @@ type keycloakClient struct { ClientID string `json:"clientId,omitempty"` } -func New(ctx context.Context, cfg *config.Config, mgr mcmanager.Manager, pwd string) (*subroutine, error) { +func New(ctx context.Context, cfg *config.Config, mgr mcmanager.Manager, keycloakClientSecret string) (*subroutine, error) { issuer := fmt.Sprintf("%s/realms/master", cfg.Invite.KeycloakBaseURL) provider, err := oidc.NewProvider(ctx, issuer) @@ -56,21 +56,19 @@ func New(ctx context.Context, cfg *config.Config, mgr mcmanager.Manager, pwd str return nil, err } - config := oauth2.Config{ - ClientID: cfg.Invite.KeycloakClientID, - Endpoint: provider.Endpoint(), + cCfg := clientcredentials.Config{ + ClientID: cfg.Invite.KeycloakClientID, + ClientSecret: keycloakClientSecret, + TokenURL: provider.Endpoint().TokenURL, } - token, err := config.PasswordCredentialsToken(ctx, cfg.Invite.KeycloakUser, pwd) - if err != nil { - return nil, err - } + httpClient := cCfg.Client(ctx) return &subroutine{ keycloakBaseURL: cfg.Invite.KeycloakBaseURL, baseDomain: cfg.BaseDomain, mgr: mgr, - keycloak: config.Client(ctx, token), + keycloak: httpClient, }, nil } From 53e99ff9ce01d7f188aa2b903de110131bcbbf62 Mon Sep 17 00:00:00 2001 From: OlegErshov Date: Tue, 4 Nov 2025 09:04:46 +0100 Subject: [PATCH 2/5] fixed typo On-behalf-of: SAP aleh.yarshou@sap.com --- cmd/operator.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/operator.go b/cmd/operator.go index 4a5a7a9..77c5ad8 100644 --- a/cmd/operator.go +++ b/cmd/operator.go @@ -5,7 +5,6 @@ import ( "crypto/tls" "fmt" "net/url" - "os" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. From f184cf2934db7e5a34bbe77d980b19fbbe144a0d Mon Sep 17 00:00:00 2001 From: OlegErshov Date: Tue, 4 Nov 2025 11:46:40 +0100 Subject: [PATCH 3/5] chore: updated secret reading On-behalf-of: SAP aleh.yarshou@sap.com --- cmd/operator.go | 9 +------- internal/config/config.go | 2 +- internal/controller/invite_controller.go | 21 ++----------------- internal/subroutine/invite/subroutine.go | 4 ++-- internal/subroutine/invite/subroutine_test.go | 4 ++-- 5 files changed, 8 insertions(+), 32 deletions(-) diff --git a/cmd/operator.go b/cmd/operator.go index 77c5ad8..7b8fe99 100644 --- a/cmd/operator.go +++ b/cmd/operator.go @@ -147,13 +147,6 @@ var operatorCmd = &cobra.Command{ fga := openfgav1.NewOpenFGAServiceClient(conn) - k8sCfg := ctrl.GetConfigOrDie() - runtimeClient, err := client.New(k8sCfg, client.Options{Scheme: scheme}) - if err != nil { - log.Error().Err(err).Msg("Failed to create in cluster client") - return err - } - if err = controller.NewStoreReconciler(log, fga, mgr). SetupWithManager(mgr, defaultCfg); err != nil { log.Error().Err(err).Str("controller", "store").Msg("unable to create controller") @@ -165,7 +158,7 @@ var operatorCmd = &cobra.Command{ log.Error().Err(err).Str("controller", "authorizationmodel").Msg("unable to create controller") return err } - if err = controller.NewInviteReconciler(ctx, mgr, runtimeClient, &operatorCfg, log).SetupWithManager(mgr, defaultCfg, log); err != nil { + if err = controller.NewInviteReconciler(ctx, mgr, &operatorCfg, log).SetupWithManager(mgr, defaultCfg, log); err != nil { log.Error().Err(err).Str("controller", "invite").Msg("unable to create controller") return err } diff --git a/internal/config/config.go b/internal/config/config.go index 02261bd..2d553d1 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -4,7 +4,7 @@ type InviteConfig struct { KeycloakBaseURL string `mapstructure:"invite-keycloak-base-url"` KeycloakClientID string `mapstructure:"invite-keycloak-client-id" default:"security-operator"` KeycloakUser string `mapstructure:"invite-keycloak-user" default:"keycloak-admin"` - KeycloakClientSecret string `mapstructure:"keycloak-client-secret" default:"security-operator-client-secret"` + KeycloakClientSecret string `mapstructure:"invite-keycloak-client-secret"` } // Config struct to hold the app config diff --git a/internal/controller/invite_controller.go b/internal/controller/invite_controller.go index 8ca4f5f..11a5ff0 100644 --- a/internal/controller/invite_controller.go +++ b/internal/controller/invite_controller.go @@ -8,10 +8,7 @@ import ( "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine" "github.com/platform-mesh/golang-commons/logger" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" mccontext "sigs.k8s.io/multicluster-runtime/pkg/context" mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager" mcreconcile "sigs.k8s.io/multicluster-runtime/pkg/reconcile" @@ -21,26 +18,12 @@ import ( "github.com/platform-mesh/security-operator/internal/subroutine/invite" ) -const ( - platformeMeshNamespace = "platform-mesh-system" - clientSecretDataKey = "attribute.client_secret" -) - type InviteReconciler struct { mclifecycle *multicluster.LifecycleManager } -func NewInviteReconciler(ctx context.Context, mgr mcmanager.Manager, runtimeClient client.Client, cfg *config.Config, log *logger.Logger) *InviteReconciler { - secretKey := types.NamespacedName{Name: cfg.Invite.KeycloakClientSecret, Namespace: platformeMeshNamespace} - - var clientSecret corev1.Secret - if err := runtimeClient.Get(ctx, secretKey, &clientSecret); err != nil { - log.Fatal().Err(err).Msg("Failed to get client secret") - } - - keycloakClientSecret := string(clientSecret.Data[clientSecretDataKey]) - - inviteSubroutine, err := invite.New(ctx, cfg, mgr, keycloakClientSecret) +func NewInviteReconciler(ctx context.Context, mgr mcmanager.Manager, cfg *config.Config, log *logger.Logger) *InviteReconciler { + inviteSubroutine, err := invite.New(ctx, cfg, mgr) if err != nil { log.Fatal().Err(err).Msg("Failed to create invite subroutine") } diff --git a/internal/subroutine/invite/subroutine.go b/internal/subroutine/invite/subroutine.go index eec20a8..5af533e 100644 --- a/internal/subroutine/invite/subroutine.go +++ b/internal/subroutine/invite/subroutine.go @@ -48,7 +48,7 @@ type keycloakClient struct { ClientID string `json:"clientId,omitempty"` } -func New(ctx context.Context, cfg *config.Config, mgr mcmanager.Manager, keycloakClientSecret string) (*subroutine, error) { +func New(ctx context.Context, cfg *config.Config, mgr mcmanager.Manager) (*subroutine, error) { issuer := fmt.Sprintf("%s/realms/master", cfg.Invite.KeycloakBaseURL) provider, err := oidc.NewProvider(ctx, issuer) @@ -58,7 +58,7 @@ func New(ctx context.Context, cfg *config.Config, mgr mcmanager.Manager, keycloa cCfg := clientcredentials.Config{ ClientID: cfg.Invite.KeycloakClientID, - ClientSecret: keycloakClientSecret, + ClientSecret: cfg.Invite.KeycloakClientSecret, TokenURL: provider.Endpoint().TokenURL, } diff --git a/internal/subroutine/invite/subroutine_test.go b/internal/subroutine/invite/subroutine_test.go index 74a9e16..ae19b41 100644 --- a/internal/subroutine/invite/subroutine_test.go +++ b/internal/subroutine/invite/subroutine_test.go @@ -353,7 +353,7 @@ func TestSubroutineProcess(t *testing.T) { KeycloakClientID: "admin-cli", }, BaseDomain: "portal.dev.local:8443", - }, mgr, "password") + }, mgr) assert.NoError(t, err) l := testlogger.New() @@ -384,7 +384,7 @@ func TestHelperFunctions(t *testing.T) { KeycloakBaseURL: srv.URL, KeycloakClientID: "admin-cli", }, - }, nil, "password") + }, nil) assert.NoError(t, err) assert.Equal(t, "Invite", s.GetName()) From 6923256e6f88daa3913ffda77322a2ee9c1ae17e Mon Sep 17 00:00:00 2001 From: OlegErshov Date: Tue, 4 Nov 2025 11:55:41 +0100 Subject: [PATCH 4/5] chore: removed unused config variable On-behalf-of: SAP aleh.yarshou@sap.com --- internal/config/config.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/config/config.go b/internal/config/config.go index 2d553d1..6250d58 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -3,7 +3,6 @@ package config type InviteConfig struct { KeycloakBaseURL string `mapstructure:"invite-keycloak-base-url"` KeycloakClientID string `mapstructure:"invite-keycloak-client-id" default:"security-operator"` - KeycloakUser string `mapstructure:"invite-keycloak-user" default:"keycloak-admin"` KeycloakClientSecret string `mapstructure:"invite-keycloak-client-secret"` } From c34ac823902b5ad6cc83a49fd4145f298230272a Mon Sep 17 00:00:00 2001 From: OlegErshov Date: Tue, 4 Nov 2025 12:02:32 +0100 Subject: [PATCH 5/5] chore: updated client id in tests On-behalf-of: SAP aleh.yarshou@sap.com --- internal/subroutine/invite/subroutine_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/subroutine/invite/subroutine_test.go b/internal/subroutine/invite/subroutine_test.go index ae19b41..742f691 100644 --- a/internal/subroutine/invite/subroutine_test.go +++ b/internal/subroutine/invite/subroutine_test.go @@ -350,7 +350,7 @@ func TestSubroutineProcess(t *testing.T) { s, err := invite.New(ctx, &config.Config{ Invite: config.InviteConfig{ KeycloakBaseURL: srv.URL, - KeycloakClientID: "admin-cli", + KeycloakClientID: "security-operator", }, BaseDomain: "portal.dev.local:8443", }, mgr) @@ -382,7 +382,7 @@ func TestHelperFunctions(t *testing.T) { s, err := invite.New(ctx, &config.Config{ Invite: config.InviteConfig{ KeycloakBaseURL: srv.URL, - KeycloakClientID: "admin-cli", + KeycloakClientID: "security-operator", }, }, nil) assert.NoError(t, err)