software-engineering/zitadel-k8s-operator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use admin client to add IAM_OWNER role

Browse Source 
[ZITADOPER-5]
This commit is contained in:
Haim Kortovich
2024-07-25 12:31:06 -05:00
parent 0348cd6036
commit 569db609ee
1 changed files with 47 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/internal/controller/organization_controller.go
View File

@@ -25,8 +25,11 @@ import (
zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1" zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
condition "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/condition" condition "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/condition"
"bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/controller/zitadel" "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/controller/zitadel"
zitadelClient "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/zitadel"
"github.com/zitadel/zitadel-go/v2/pkg/client/admin"
"github.com/zitadel/zitadel-go/v2/pkg/client/management" "github.com/zitadel/zitadel-go/v2/pkg/client/management"
"github.com/zitadel/zitadel-go/v2/pkg/client/middleware" "github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
adm "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/admin"
pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management" pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
"k8s.io/client-go/util/workqueue" "k8s.io/client-go/util/workqueue"
ctrl "sigs.k8s.io/controller-runtime" ctrl "sigs.k8s.io/controller-runtime"
@@ -150,6 +153,14 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
if err != nil { if err != nil {
return err return err
} }
var adminClient *admin.Client
if zitadelCluster.Spec.FirstOrgName == wr.organization.Name {
adminClient, err = zitadelClient.NewAdminClient(ctx, zitadelCluster, *wr.refResolver)
if err != nil {
return err
}
}
adminUser, err := ztdClient.GetUserByLoginNameGlobal(ctx, &pb.GetUserByLoginNameGlobalRequest{ adminUser, err := ztdClient.GetUserByLoginNameGlobal(ctx, &pb.GetUserByLoginNameGlobalRequest{
LoginName: strings.ToLower(fmt.Sprintf("%s@%s.%s", wr.organization.Spec.OrganizationAdmin.UserName, wr.organization.Name, zitadelCluster.Spec.Host)), LoginName: strings.ToLower(fmt.Sprintf("%s@%s.%s", wr.organization.Spec.OrganizationAdmin.UserName, wr.organization.Name, zitadelCluster.Spec.Host)),
}) })
@@ -159,12 +170,6 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
} }
} }
ctx = middleware.SetOrgID(ctx, wr.organization.Status.OrgId) ctx = middleware.SetOrgID(ctx, wr.organization.Status.OrgId)
roles := []string{
"ORG_OWNER",
}
if wr.organization.Name == zitadelCluster.Spec.FirstOrgName {
roles = append(roles, "IAM_OWNER")
}
var userid string var userid string
if adminUser == nil { if adminUser == nil {
resp, err := ztdClient.AddHumanUser(ctx, &pb.AddHumanUserRequest{ resp, err := ztdClient.AddHumanUser(ctx, &pb.AddHumanUserRequest{
@@ -185,13 +190,30 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
{ {
if _, err := ztdClient.AddOrgMember(ctx, &pb.AddOrgMemberRequest{ if _, err := ztdClient.AddOrgMember(ctx, &pb.AddOrgMemberRequest{
UserId: userid, UserId: userid,
Roles: roles, Roles: []string{
"ORG_OWNER",
},
}); err != nil { }); err != nil {
if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") { if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
return fmt.Errorf("Error adding org member: %v", err) return fmt.Errorf("Error adding org member: %v", err)
} }
} }
} }
if adminClient != nil {
{
if _, err := adminClient.AddIAMMember(ctx, &adm.AddIAMMemberRequest{
UserId: userid,
Roles: []string{
"IAM_OWNER",
},
}); err != nil {
if !strings.Contains(err.Error(), "RolesNotChanged") {
return fmt.Errorf("Error adding org member: %v", err)
}
}
}
}
} else { } else {
userid = adminUser.User.Id userid = adminUser.User.Id
} }
@@ -199,12 +221,29 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
{ {
if _, err := ztdClient.UpdateOrgMember(ctx, &pb.UpdateOrgMemberRequest{ if _, err := ztdClient.UpdateOrgMember(ctx, &pb.UpdateOrgMemberRequest{
UserId: userid, UserId: userid,
Roles: roles, Roles: []string{
"ORG_OWNER",
},
}); err != nil { }); err != nil {
if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") { if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
return fmt.Errorf("Error updating org member: %v", err) return fmt.Errorf("Error updating org member: %v", err)
} }
} }
if adminClient != nil {
{
if _, err := adminClient.UpdateIAMMember(ctx, &adm.UpdateIAMMemberRequest{
UserId: userid,
Roles: []string{
"IAM_OWNER",
},
}); err != nil {
if !strings.Contains(err.Error(), "RolesNotChanged") {
return fmt.Errorf("Error updating org member: %v", err)
}
}
}
}
} }
patch := client.MergeFrom(wr.organization.DeepCopy()) patch := client.MergeFrom(wr.organization.DeepCopy())
wr.organization.Status.AdminId = userid wr.organization.Status.AdminId = userid