upgraded gocloak to v13.9.0

[tanalam2411]

As per the issue mentioned in Gocloak gocloak is broken for Keycloak v17.0 : need to remove /auth from the gocloak endpoint path, have updated Gocloak to its latest version (v13.9.0) to bring that fix in group-sync-operator.

Verified by creating GroupSync CR for Provider type keycloak

apiVersion: redhatcop.redhat.io/v1alpha1
kind: GroupSync
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"redhatcop.redhat.io/v1alpha1","kind":"GroupSync","metadata":{"annotations":{},"name":"keycloak-groupsync","namespace":"group-sync-operator"},"spec":{"providers":[{"keycloak":{"credentialsSecret":{"name":"keycloak-group-sync","namespace":"group-sync-operator"},"insecure":true,"loginRealm":"master","realm":"master","scope":"sub","url":"https://keycloak.lab.kubeapp.cloud"},"name":"keycloak"}]}}
  creationTimestamp: "2024-02-16T21:23:05Z"
  generation: 1
  name: keycloak-groupsync
  namespace: group-sync-operator
  resourceVersion: "9074428"
  uid: 7ae9fc86-f09c-46bd-8fe1-b7379fbe8480
spec:
  providers:
  - keycloak:
      credentialsSecret:
        kind: Secret
        name: keycloak-group-sync
        namespace: group-sync-operator
      insecure: true
      loginRealm: master
      realm: master
      scope: sub
      url: https://keycloak.lab.kubeapp.cloud
    name: keycloak
status:
  conditions:
  - lastTransitionTime: "2024-02-16T21:23:30Z"
    message: ""
    observedGeneration: 1
    reason: LastReconcileCycleSucceded
    status: "True"
    type: ReconcileSuccess
  lastSyncSuccessTime: "2024-02-16T21:23:30Z"

Observed logs:

1.708118585902769e+09	INFO	controllers.GroupSync	Beginning Sync	{"groupsync": "group-sync-operator/keycloak-groupsync", "Provider": "keycloak"}
1.7081185872111435e+09	INFO	syncer_keycloak	Successfully Authenticated with Keycloak Provider
1.7081186109454274e+09	INFO	controllers.GroupSync	Sync Completed Successfully	{"groupsync": "group-sync-operator/keycloak-groupsync", "Provider": "keycloak", "Groups Created or Updated": 9, "Groups Pruned": 0}

[sabre1041]

@tanalam2411 thanks for the contribution. Will look into review the PR soon.

In the meantime, the operator supports versions before and after v17.0. The Operator documentation for Keycloak highlights how to manage the configuration with both versions

[tanalam2411]

@tanalam2411 thanks for the contribution. Will look into review the PR soon.

In the meantime, the operator supports versions before and after v17.0. The Operator documentation for Keycloak highlights how to manage the configuration with both versions

As per the README Older versions (<17.0.0) including Red Hat SSO should include the context path /auth appended to the hostname and for new version (>17.0.0) of Keycloak or RHSSO we don't need to append /auth to the hostname but the gocloak (version v11.2.0) is itself appending /auth internally which is causing this error "Unable to find matching target resource method" as a responce from keycloak server.
And this has been fixed in current latest version of gocloak - https://github.com/Nerzal/gocloak/blob/v13.9.0/client.go#L183

[sabre1041]

@tanalam2411 I just testing the current released Group Sync Operator with the latest versions of Red Hat Single Sing On and upstream keycloak successfully

apiVersion: redhatcop.redhat.io/v1alpha1
kind: GroupSync
metadata:
  name: keycloak-groupsync
  namespace: group-sync-operator
spec:
  providers:
    - keycloak:
        credentialsSecret:
          kind: Secret
          name: keycloak-group-sync
          namespace: group-sync-operator
        prune: false
        realm: master
        scope: sub
        url: 'https://keycloak.<apps_domain>'
      name: keycloak
    - keycloak:
        credentialsSecret:
          kind: Secret
          name: rhsso-group-sync
          namespace: group-sync-operator
        loginRealm: master
        prune: false
        realm: master
        scope: sub
        url: 'https://keycloak-rhsso.<apps_domain>/auth'
      name: keycloak

[sabre1041]

Small number of changes

[tanalam2411]

@tanalam2411 I just testing the current released Group Sync Operator with the latest versions of Red Hat Single Sing On and upstream keycloak successfully

apiVersion: redhatcop.redhat.io/v1alpha1
kind: GroupSync
metadata:
  name: keycloak-groupsync
  namespace: group-sync-operator
spec:
  providers:
    - keycloak:
        credentialsSecret:
          kind: Secret
          name: keycloak-group-sync
          namespace: group-sync-operator
        prune: false
        realm: master
        scope: sub
        url: 'https://keycloak.<apps_domain>'
      name: keycloak
    - keycloak:
        credentialsSecret:
          kind: Secret
          name: rhsso-group-sync
          namespace: group-sync-operator
        loginRealm: master
        prune: false
        realm: master
        scope: sub
        url: 'https://keycloak-rhsso.<apps_domain>/auth'
      name: keycloak

Yes its working, tested on different cluster and it worked for upstream keycloak.
@sabre1041 should we keep this PR as its updating goloack's version and doesn't have any major impacting change.

[sabre1041]

LGTM