Add organizationAdmin

[ZITADOPER-1]
2024-05-20 19:45:14 -05:00
parent c143e6dca3
commit 430d4a7383
6 changed files with 154 additions and 151 deletions
--- a/src/internal/controller/organization_controller.go
+++ b/src/internal/controller/organization_controller.go
@@ -26,6 +26,7 @@ import (
 	condition "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/condition"
 	"bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/controller/zitadel"
 	"github.com/zitadel/zitadel-go/v2/pkg/client/management"
+	"github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
 	pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
 	"k8s.io/client-go/util/workqueue"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -90,7 +91,28 @@ func newWrappedOrganizationReconciler(client client.Client, refResolver *zitadel
 	}
 }

+type orgReconcilePhase struct {
+	Name      string
+	Reconcile func(context.Context, *management.Client) error
+}
+
 func (wr *wrappedOrganizationReconciler) Reconcile(ctx context.Context, ztdClient *management.Client) error {
+	phases := []orgReconcilePhase{
+		{
+			Name:      "organization",
+			Reconcile: wr.reconcileOrg,
+		},
+	}
+	for _, p := range phases {
+		err := p.Reconcile(ctx, ztdClient)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (wr *wrappedOrganizationReconciler) reconcileOrg(ctx context.Context, ztdClient *management.Client) error {
 	zitadelCluster, err := wr.refResolver.ZitadelCluster(ctx, &wr.organization.Spec.ZitadelClusterRef, wr.organization.Namespace)
 	if err != nil {
 		return err
@@ -103,7 +125,6 @@ func (wr *wrappedOrganizationReconciler) Reconcile(ctx context.Context, ztdClien
 			return fmt.Errorf("Error getting org: %v", err)
 		}
 	}
-	// TODO: add initial user
 	if orgRes == nil {
 		resp, err := ztdClient.AddOrg(ctx, &pb.AddOrgRequest{
 			Name: strings.ToLower(wr.organization.Name),
@@ -120,6 +141,70 @@ func (wr *wrappedOrganizationReconciler) Reconcile(ctx context.Context, ztdClien
 	return wr.Client.Status().Patch(ctx, wr.organization, patch)
 }

+func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Context, ztdClient *management.Client) error {
+	zitadelCluster, err := wr.refResolver.ZitadelCluster(ctx, &wr.organization.Spec.ZitadelClusterRef, wr.organization.Namespace)
+	if err != nil {
+		return err
+	}
+	adminUser, err := ztdClient.GetUserByLoginNameGlobal(ctx, &pb.GetUserByLoginNameGlobalRequest{
+		LoginName: strings.ToLower(fmt.Sprintf("%s@%s.%s", wr.organization.Spec.OrganizationAdmin.UserName, wr.organization.Name, zitadelCluster.Spec.Host)),
+	})
+	if err != nil {
+		if !strings.Contains(err.Error(), "could not be found") {
+			return fmt.Errorf("Error getting admin user: %v", err)
+		}
+	}
+	ctx = middleware.SetOrgID(ctx, wr.organization.Status.OrgId)
+	var userid string
+	if adminUser == nil {
+		resp, err := ztdClient.AddHumanUser(ctx, &pb.AddHumanUserRequest{
+			UserName: wr.organization.Spec.OrganizationAdmin.UserName,
+			Profile: &pb.AddHumanUserRequest_Profile{
+				FirstName: wr.organization.Spec.OrganizationAdmin.FirstName,
+				LastName:  wr.organization.Spec.OrganizationAdmin.LastName,
+			},
+			Email: &pb.AddHumanUserRequest_Email{
+				Email:           wr.organization.Spec.OrganizationAdmin.Email,
+				IsEmailVerified: false,
+			},
+		})
+		userid = resp.UserId
+		if err != nil {
+			return fmt.Errorf("Error adding human user: %v", err)
+		}
+		{
+			if _, err := ztdClient.AddOrgMember(ctx, &pb.AddOrgMemberRequest{
+				UserId: userid,
+				Roles: []string{
+					"ORG_OWNER",
+				},
+			}); err != nil {
+				if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
+					return fmt.Errorf("Error adding org member: %v", err)
+				}
+			}
+		}
+	} else {
+		userid = adminUser.User.Id
+	}
+
+	{
+		if _, err := ztdClient.UpdateOrgMember(ctx, &pb.UpdateOrgMemberRequest{
+			UserId: userid,
+			Roles: []string{
+				"ORG_OWNER",
+			},
+		}); err != nil {
+			if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
+				return fmt.Errorf("Error updating org member: %v", err)
+			}
+		}
+	}
+	patch := client.MergeFrom(wr.organization.DeepCopy())
+	wr.organization.Status.AdminId = userid
+	return wr.Status().Patch(ctx, wr.organization, patch)
+}
+
 func (wr *wrappedOrganizationReconciler) PatchStatus(ctx context.Context, patcher condition.Patcher) error {
 	patch := client.MergeFrom(wr.organization.DeepCopy())
 	patcher(&wr.organization.Status)
--- a/src/internal/controller/zitadelcluster_controller.go
+++ b/src/internal/controller/zitadelcluster_controller.go
@@ -27,7 +27,6 @@ import (
 	"time"

 	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
-	"bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/admin"
 	builder "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/builder"
 	condition "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/condition"
 	"bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/configuration"
@@ -40,13 +39,10 @@ import (
 	systemapiaccount "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/systemapi"
 	zitadelClient "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/zitadel"
 	"github.com/hashicorp/go-multierror"
-	"github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
 	"github.com/zitadel/zitadel-go/v2/pkg/client/system"
 	adm "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/admin"
 	authn "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/authn"
-	"github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
 	pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/system"
-	"github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/user"
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -153,10 +149,6 @@ func (r *ZitadelClusterReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 			Name:      "DefaultInstance",
 			Reconcile: r.reconcileDefaultInstance,
 		},
-		{
-			Name:      "DefaultOrgManifest",
-			Reconcile: r.reconcileOrgManifest,
-		},
 		{
 			Name:      "SMTPConfig",
 			Reconcile: r.reconcileSMTPConfig,
@@ -165,14 +157,6 @@ func (r *ZitadelClusterReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 			Name:      "DomainPolicyConfig",
 			Reconcile: r.reconcileDomainPolicy,
 		},
-		{
-			Name:      "InitialAdminSecret",
-			Reconcile: r.reconcileInitialAdminPassword,
-		},
-		{
-			Name:      "InitialAdmin",
-			Reconcile: r.reconcileInitialHumanUser,
-		},
 	}

 	for _, p := range phases {
@@ -461,31 +445,6 @@ func (r *ZitadelClusterReconciler) reconcileDefaultInstance(ctx context.Context,
 	return ctrl.Result{}, nil
 }

-func (r *ZitadelClusterReconciler) reconcileOrgManifest(ctx context.Context, zitadel *zitadelv1alpha1.ZitadelCluster) (ctrl.Result, error) {
-	key := types.NamespacedName{
-		Name:      zitadel.Spec.FirstOrgName,
-		Namespace: zitadel.Namespace,
-	}
-	desiredOrganization, err := r.Builder.BuildOrganization(builder.OrganizationOpts{
-		Key:     key,
-		Zitadel: zitadel,
-	}, zitadel)
-	if err != nil {
-		return ctrl.Result{}, fmt.Errorf("error building default organization: %v", err)
-	}
-
-	var existingOrganization zitadelv1alpha1.Organization
-	if err := r.Get(ctx, key, &existingOrganization); err != nil {
-		if !errors.IsNotFound(err) {
-			return ctrl.Result{}, fmt.Errorf("error getting Organization: %v", err)
-		}
-		if err := r.Create(ctx, desiredOrganization); err != nil {
-			return ctrl.Result{}, fmt.Errorf("error creating Organization: %v", err)
-		}
-	}
-	return ctrl.Result{}, nil
-}
-
 func (r *ZitadelClusterReconciler) reconcileSMTPConfig(ctx context.Context, zitadel *zitadelv1alpha1.ZitadelCluster) (ctrl.Result, error) {
 	adminClient, err := zitadelClient.NewAdminClient(ctx, zitadel, *r.RefResolver)
 	if err != nil {
@@ -575,115 +534,6 @@ func (r *ZitadelClusterReconciler) reconcileDomainPolicy(ctx context.Context, zi
 	return ctrl.Result{}, nil
 }

-func (r *ZitadelClusterReconciler) reconcileInitialAdminPassword(ctx context.Context, zitadel *zitadelv1alpha1.ZitadelCluster) (ctrl.Result, error) {
-	secretName := admin.AdminPasswordSecretName(zitadel)
-	key := types.NamespacedName{
-		Name:      secretName,
-		Namespace: zitadel.Namespace,
-	}
-	_, err := r.SecretReconciler.ReconcileRandomPassword(ctx, key, admin.Key, zitadel)
-
-	if err != nil {
-		return ctrl.Result{}, err
-	}
-	return ctrl.Result{}, nil
-}
-
-func (r *ZitadelClusterReconciler) reconcileInitialHumanUser(ctx context.Context, zitadel *zitadelv1alpha1.ZitadelCluster) (ctrl.Result, error) {
-	managementClient, err := zitadelClient.NewClient(ctx, zitadel, *r.RefResolver)
-	if err != nil {
-		return ctrl.Result{}, err
-	}
-	defer managementClient.Connection.Close()
-
-	secretName := admin.AdminPasswordSecretName(zitadel)
-	key := types.NamespacedName{
-		Name:      secretName,
-		Namespace: zitadel.Namespace,
-	}
-	password, err := r.SecretReconciler.ReconcileRandomPassword(ctx, key, admin.Key, zitadel)
-	if err != nil {
-		return ctrl.Result{}, err
-	}
-
-	org, err := managementClient.GetMyOrg(ctx, &management.GetMyOrgRequest{})
-	if err != nil {
-		return ctrl.Result{}, fmt.Errorf("Error getting org: %v", err)
-	}
-	adminUser, err := managementClient.GetUserByLoginNameGlobal(ctx, &management.GetUserByLoginNameGlobalRequest{
-		LoginName: strings.ToLower(fmt.Sprintf("%s@%s.%s", admin.AccountName, zitadel.Spec.FirstOrgName, zitadel.Spec.Host)),
-	})
-	if err != nil {
-		if !strings.Contains(err.Error(), "could not be found") {
-			return ctrl.Result{}, fmt.Errorf("Error getting admin user: %v", err)
-		}
-	}
-	var userid string
-	if adminUser == nil {
-		resp, err := managementClient.AddHumanUser(middleware.SetOrgID(ctx, org.Org.Id), &management.AddHumanUserRequest{
-			UserName: admin.AccountName,
-			Profile: &management.AddHumanUserRequest_Profile{
-				FirstName:         admin.AccountName,
-				LastName:          admin.AccountName,
-				NickName:          admin.AccountName,
-				DisplayName:       admin.AccountName,
-				Gender:            user.Gender_GENDER_DIVERSE,
-				PreferredLanguage: "en",
-			},
-			InitialPassword: password,
-			Email: &management.AddHumanUserRequest_Email{
-				Email:           "dev@topmanage.com",
-				IsEmailVerified: true,
-			},
-		})
-		userid = resp.UserId
-		if err != nil {
-			return ctrl.Result{}, fmt.Errorf("Error adding human user: %v", err)
-		}
-		{
-			if _, err := managementClient.AddOrgMember(middleware.SetOrgID(ctx, org.Org.Id), &management.AddOrgMemberRequest{
-				UserId: userid,
-				Roles: []string{
-					"ORG_OWNER",
-				},
-			}); err != nil {
-				if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
-					return ctrl.Result{}, fmt.Errorf("Error adding org member: %v", err)
-				}
-			}
-		}
-	} else {
-		userid = adminUser.User.Id
-	}
-
-	{
-		if _, err := managementClient.SetHumanPassword(middleware.SetOrgID(ctx, org.Org.Id), &management.SetHumanPasswordRequest{
-			UserId:           userid,
-			Password:         password,
-			NoChangeRequired: true,
-		}); err != nil {
-			return ctrl.Result{}, fmt.Errorf("Error setting password for member: %v", err)
-		}
-	}
-	{
-		if _, err := managementClient.UpdateOrgMember(middleware.SetOrgID(ctx, org.Org.Id), &management.UpdateOrgMemberRequest{
-			UserId: userid,
-			Roles: []string{
-				"ORG_OWNER",
-			},
-		}); err != nil {
-			if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
-				return ctrl.Result{}, fmt.Errorf("Error updating org member: %v", err)
-			}
-		}
-
-	}
-
-	patch := client.MergeFrom(zitadel.DeepCopy())
-	zitadel.Status.InitialAdminId = userid
-	return ctrl.Result{}, r.Status().Patch(ctx, zitadel, patch)
-}
-
 func GetIssuer(zitadel *zitadelv1alpha1.ZitadelCluster) string {
 	scheme := "http"
 	if zitadel.Spec.ExternalSecure {