software-engineering/zitadel-k8s-operator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add useer grants

Browse Source 
[ZITADOPER-1]
This commit is contained in:
Haim Kortovich
2024-05-20 15:54:56 -05:00
parent 1107dd3e8a
commit 74ac1e33a4
4 changed files with 197 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
src/internal/controller/machineuser_controller.go
View File

@@ -4,6 +4,8 @@ import (
"context"
"encoding/json"
"fmt"
"reflect"
"sort"
"strings"
"time"
@@ -14,6 +16,8 @@ import (
"github.com/zitadel/zitadel-go/v2/pkg/client/management"
"github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
object "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/object"
project "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/project"
user "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/user"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
@@ -103,6 +107,10 @@ func (wr *wrappedMachineUserReconciler) Reconcile(ctx context.Context, ztdClient
Name: "jwt",
Reconcile: wr.reconcileJWT,
},
{
Name: "usergrants",
Reconcile: wr.reconcileUserGrants,
},
}
for _, p := range phases {
err := p.Reconcile(ctx, ztdClient)
@@ -275,6 +283,92 @@ func (wr *wrappedMachineUserReconciler) reconcileJWT(ctx context.Context, ztdCli
return nil
}
func (wr *wrappedMachineUserReconciler) reconcileUserGrants(ctx context.Context, ztdClient *management.Client) error {
org, err := wr.refResolver.OrganizationRef(ctx, &wr.MachineUser.Spec.OrganizationRef, wr.MachineUser.Namespace)
if err != nil {
return err
}
existingUserGrants, err := ztdClient.ListUserGrants(ctx, &pb.ListUserGrantRequest{
Queries: []*user.UserGrantQuery{
{
Query: &user.UserGrantQuery_UserIdQuery{
UserIdQuery: &user.UserGrantUserIDQuery{
UserId: wr.MachineUser.Status.UserId,
},
},
},
},
})
if err != nil {
return fmt.Errorf("Error listing MachineUser grants: %v", err)
}
ctx = middleware.SetOrgID(ctx, org.Status.OrgId)
for _, userGrant := range wr.MachineUser.DeepCopy().Spec.UserGrants {
userGrantedProject, err := wr.refResolver.ProjectRef(ctx, &userGrant.ProjectRef, wr.MachineUser.Namespace)
if err != nil {
return err
}
var existingUserGrant *user.UserGrant
for _, eGrant := range existingUserGrants.Result {
if eGrant.ProjectId == userGrantedProject.Status.ProjectId {
existingUserGrant = eGrant
break
}
}
if existingUserGrant == nil {
grantedProjects, err := ztdClient.ListGrantedProjects(ctx, &pb.ListGrantedProjectsRequest{
Queries: []*project.ProjectQuery{
{
Query: &project.ProjectQuery_NameQuery{
NameQuery: &project.ProjectNameQuery{
Name: userGrantedProject.Name,
Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
},
},
},
},
})
if err != nil {
return fmt.Errorf("Error listing granted projects: %v", err)
}
var existingProjectGrant *project.GrantedProject
for _, existingGrantedProject := range grantedProjects.Result {
if existingGrantedProject.ProjectId == userGrantedProject.Status.ProjectId {
existingGrantedProject = existingGrantedProject
}
}
if existingProjectGrant == nil {
return fmt.Errorf("Error no project granted to user organization: %v", err)
}
_, err = ztdClient.AddUserGrant(ctx, &pb.AddUserGrantRequest{
UserId: wr.MachineUser.Status.UserId,
RoleKeys: userGrant.RoleKeys,
ProjectId: existingProjectGrant.ProjectId,
ProjectGrantId: existingProjectGrant.GrantId,
})
if err != nil {
return fmt.Errorf("Error Adding MachineUser grant: %v", err)
}
} else {
sort.Strings(existingUserGrant.RoleKeys)
sort.Strings(userGrant.RoleKeys)
if !reflect.DeepEqual(existingUserGrant.RoleKeys, userGrant.RoleKeys) {
_, err := ztdClient.UpdateUserGrant(ctx, &pb.UpdateUserGrantRequest{
UserId: wr.MachineUser.Status.UserId,
GrantId: existingUserGrant.Id,
RoleKeys: userGrant.RoleKeys,
})
if err != nil {
return fmt.Errorf("Error Updating MachineUser grant: %v", err)
}
}
}
}
return nil
}
func (wr *wrappedMachineUserReconciler) PatchStatus(ctx context.Context, patcher condition.Patcher) error {
patch := client.MergeFrom(wr.MachineUser.DeepCopy())
patcher(&wr.MachineUser.Status)