Add roles to project
[ZITADOPER-1]
This commit is contained in:
Haim Kortovich
@@ -28,6 +28,7 @@ import (
|
||||
"github.com/zitadel/zitadel-go/v2/pkg/client/management"
|
||||
"github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
|
||||
pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
|
||||
"golang.org/x/exp/maps"
|
||||
"k8s.io/client-go/util/workqueue"
|
||||
ctrl "sigs.k8s.io/controller-runtime"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
@@ -91,7 +92,32 @@ func newWrappedProjectReconciler(client client.Client, refResolver *zitadelv1alp
|
||||
}
|
||||
}
|
||||
|
||||
type projectReconcilePhase struct {
|
||||
Name string
|
||||
Reconcile func(context.Context, *management.Client) error
|
||||
}
|
||||
|
||||
func (wr *wrappedProjectReconciler) Reconcile(ctx context.Context, ztdClient *management.Client) error {
|
||||
phases := []projectReconcilePhase{
|
||||
{
|
||||
Name: "project",
|
||||
Reconcile: wr.reconcileProject,
|
||||
},
|
||||
{
|
||||
Name: "roles",
|
||||
Reconcile: wr.reconcileRoles,
|
||||
},
|
||||
}
|
||||
for _, p := range phases {
|
||||
err := p.Reconcile(ctx, ztdClient)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (wr *wrappedProjectReconciler) reconcileProject(ctx context.Context, ztdClient *management.Client) error {
|
||||
org, err := wr.refResolver.OrganizationRef(ctx, &wr.project.Spec.OrganizationRef, wr.project.Namespace)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -138,6 +164,59 @@ func (wr *wrappedProjectReconciler) Reconcile(ctx context.Context, ztdClient *ma
|
||||
return wr.Client.Status().Patch(ctx, wr.project, patch)
|
||||
}
|
||||
|
||||
func (wr *wrappedProjectReconciler) reconcileRoles(ctx context.Context, ztdClient *management.Client) error {
|
||||
org, err := wr.refResolver.OrganizationRef(ctx, &wr.project.Spec.OrganizationRef, wr.project.Namespace)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
resp, err := ztdClient.ListProjectRoles(middleware.SetOrgID(ctx, org.Status.OrgId), &pb.ListProjectRolesRequest{
|
||||
ProjectId: wr.project.Status.ProjectId,
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("Could not list project roles: %v", err)
|
||||
}
|
||||
roles := map[string]*pb.BulkAddProjectRolesRequest_Role{}
|
||||
deleteRoles := []*pb.BulkAddProjectRolesRequest_Role{}
|
||||
for _, role := range wr.project.Spec.Roles {
|
||||
roles[role.Key] = &pb.BulkAddProjectRolesRequest_Role{
|
||||
Key: role.Key,
|
||||
DisplayName: role.DisplayName,
|
||||
Group: role.Group,
|
||||
}
|
||||
}
|
||||
|
||||
for _, role := range resp.Result {
|
||||
if r, ok := roles[role.Key]; ok {
|
||||
if r.DisplayName != role.DisplayName || r.Group != role.Group {
|
||||
deleteRoles = append(deleteRoles, r)
|
||||
} else {
|
||||
delete(roles, role.Key)
|
||||
}
|
||||
} else {
|
||||
delete(roles, role.Key)
|
||||
}
|
||||
}
|
||||
|
||||
for _, dRole := range deleteRoles {
|
||||
if _, err = ztdClient.RemoveProjectRole(middleware.SetOrgID(ctx, org.Status.OrgId), &pb.RemoveProjectRoleRequest{
|
||||
ProjectId: wr.project.Status.ProjectId,
|
||||
RoleKey: dRole.Key,
|
||||
}); err != nil {
|
||||
return fmt.Errorf("Error removing project role: %v", err)
|
||||
}
|
||||
}
|
||||
if len(roles) > 0 {
|
||||
_, err = ztdClient.BulkAddProjectRoles(middleware.SetOrgID(ctx, org.Status.OrgId), &pb.BulkAddProjectRolesRequest{
|
||||
ProjectId: wr.project.Status.ProjectId,
|
||||
Roles: maps.Values(roles)})
|
||||
if err != nil {
|
||||
return fmt.Errorf("Could not add roles to project: %v", err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (wr *wrappedProjectReconciler) PatchStatus(ctx context.Context, patcher condition.Patcher) error {
|
||||
patch := client.MergeFrom(wr.project.DeepCopy())
|
||||
patcher(&wr.project.Status)
|
||||
|
||||
Reference in New Issue
Block a user