software-engineering/zitadel-k8s-operator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use admin client to add IAM_OWNER role

Browse Source 
[ZITADOPER-5]
This commit is contained in:
Haim Kortovich
2024-07-25 12:31:06 -05:00
parent 0348cd6036
commit 569db609ee
1 changed files with 47 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/internal/controller/organization_controller.go
View File

@@ -25,8 +25,11 @@ import (
zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
condition "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/condition"
"bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/controller/zitadel"
zitadelClient "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/zitadel"
"github.com/zitadel/zitadel-go/v2/pkg/client/admin"
"github.com/zitadel/zitadel-go/v2/pkg/client/management"
"github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
adm "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/admin"
pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
"k8s.io/client-go/util/workqueue"
ctrl "sigs.k8s.io/controller-runtime"
@@ -150,6 +153,14 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
if err != nil {
return err
}
var adminClient *admin.Client
if zitadelCluster.Spec.FirstOrgName == wr.organization.Name {
adminClient, err = zitadelClient.NewAdminClient(ctx, zitadelCluster, *wr.refResolver)
if err != nil {
return err
}
}
adminUser, err := ztdClient.GetUserByLoginNameGlobal(ctx, &pb.GetUserByLoginNameGlobalRequest{
LoginName: strings.ToLower(fmt.Sprintf("%s@%s.%s", wr.organization.Spec.OrganizationAdmin.UserName, wr.organization.Name, zitadelCluster.Spec.Host)),
})
@@ -159,12 +170,6 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
}
}
ctx = middleware.SetOrgID(ctx, wr.organization.Status.OrgId)
roles := []string{
"ORG_OWNER",
}
if wr.organization.Name == zitadelCluster.Spec.FirstOrgName {
roles = append(roles, "IAM_OWNER")
}
var userid string
if adminUser == nil {
resp, err := ztdClient.AddHumanUser(ctx, &pb.AddHumanUserRequest{
@@ -185,13 +190,30 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
{
if _, err := ztdClient.AddOrgMember(ctx, &pb.AddOrgMemberRequest{
UserId: userid,
Roles: roles,
Roles: []string{
"ORG_OWNER",
},
}); err != nil {
if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
return fmt.Errorf("Error adding org member: %v", err)
}
}
}
if adminClient != nil {
{
if _, err := adminClient.AddIAMMember(ctx, &adm.AddIAMMemberRequest{
UserId: userid,
Roles: []string{
"IAM_OWNER",
},
}); err != nil {
if !strings.Contains(err.Error(), "RolesNotChanged") {
return fmt.Errorf("Error adding org member: %v", err)
}
}
}
}
} else {
userid = adminUser.User.Id
}
@@ -199,12 +221,29 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
{
if _, err := ztdClient.UpdateOrgMember(ctx, &pb.UpdateOrgMemberRequest{
UserId: userid,
Roles: roles,
Roles: []string{
"ORG_OWNER",
},
}); err != nil {
if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
return fmt.Errorf("Error updating org member: %v", err)
}
}
if adminClient != nil {
{
if _, err := adminClient.UpdateIAMMember(ctx, &adm.UpdateIAMMemberRequest{
UserId: userid,
Roles: []string{
"IAM_OWNER",
},
}); err != nil {
if !strings.Contains(err.Error(), "RolesNotChanged") {
return fmt.Errorf("Error updating org member: %v", err)
}
}
}
}
}
patch := client.MergeFrom(wr.organization.DeepCopy())
wr.organization.Status.AdminId = userid