software-engineering/zitadel-k8s-operator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add jwt reconcile for machineuser

Browse Source 
[ZITADOPER-1]
This commit is contained in:
Haim Kortovich
2024-05-20 12:19:20 -05:00
parent a5d7c083ed
commit 225aa5ee33
1 changed files with 65 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/internal/controller/machineuser_controller.go
View File

@@ -2,6 +2,7 @@ package controller
import ( import (
"context" "context"
"encoding/json"
"fmt" "fmt"
"strings" "strings"
"time" "time"
@@ -98,6 +99,10 @@ func (wr *wrappedMachineUserReconciler) Reconcile(ctx context.Context, ztdClient
Name: "pat", Name: "pat",
Reconcile: wr.reconcilePAT, Reconcile: wr.reconcilePAT,
}, },
{
Name: "jwt",
Reconcile: wr.reconcileJWT,
},
} }
for _, p := range phases { for _, p := range phases {
err := p.Reconcile(ctx, ztdClient) err := p.Reconcile(ctx, ztdClient)
@@ -210,6 +215,66 @@ func (wr *wrappedMachineUserReconciler) reconcilePAT(ctx context.Context, ztdCli
return nil return nil
} }
func (wr *wrappedMachineUserReconciler) reconcileJWT(ctx context.Context, ztdClient *management.Client) error {
org, err := wr.refResolver.OrganizationRef(ctx, &wr.MachineUser.Spec.OrganizationRef, wr.MachineUser.Namespace)
if err != nil {
return err
}
ctx = middleware.SetOrgID(ctx, org.Status.OrgId)
token, err := ztdClient.GetMachineKeyByIDs(ctx, &pb.GetMachineKeyByIDsRequest{
UserId: wr.MachineUser.Status.UserId,
KeyId: wr.MachineUser.Status.KeyId,
})
if err != nil {
if !strings.Contains(err.Error(), "not found") {
return fmt.Errorf("Error getting JWT: %v", err)
}
}
if token == nil {
resp, err := ztdClient.AddMachineKey(ctx, &pb.AddMachineKeyRequest{
UserId: wr.MachineUser.Status.UserId,
})
if err != nil {
return fmt.Errorf("Error adding JWT: %v", err)
}
key := types.NamespacedName{
Name: wr.MachineUser.Name + "-machinekey-secret",
Namespace: wr.MachineUser.Namespace,
}
var jsonKey Key
if err = json.Unmarshal(resp.KeyDetails, &jsonKey); err != nil {
return fmt.Errorf("Could not unmarshal key details: %v", err)
}
secretData := map[string][]byte{
"clientId": []byte(jsonKey.ClientID),
"type": []byte(jsonKey.Type),
"keyId": []byte(jsonKey.KeyID),
"appId": []byte(jsonKey.AppID),
"key": []byte(jsonKey.Key),
}
patSecret, err := wr.Builder.BuildSecret(builder.SecretOpts{
Key: key,
Immutable: true,
Data: secretData,
}, wr.MachineUser)
if err != nil {
return fmt.Errorf("error building machine key Secret: %v", err)
}
if err := wr.Create(ctx, patSecret); err != nil {
return fmt.Errorf("error creating machine key Secret: %v", err)
}
patch := ctrlClient.MergeFrom(wr.MachineUser.DeepCopy())
wr.MachineUser.Status.KeyId = resp.KeyId
return wr.Client.Status().Patch(ctx, wr.MachineUser, patch)
}
return nil
}
func (wr *wrappedMachineUserReconciler) PatchStatus(ctx context.Context, patcher condition.Patcher) error { func (wr *wrappedMachineUserReconciler) PatchStatus(ctx context.Context, patcher condition.Patcher) error {
patch := client.MergeFrom(wr.MachineUser.DeepCopy()) patch := client.MergeFrom(wr.MachineUser.DeepCopy())
patcher(&wr.MachineUser.Status) patcher(&wr.MachineUser.Status)