Merged in feature/ZITADOPER-5-add-iam_owner-to-firstorg-ad (pull request #7)

Feature/ZITADOPER-5 add iam owner to firstorg ad
2024-10-31 17:01:45 +00:00
parent 58555164a9 686d4e5e11
commit 8deee2bc82
1 changed files with 35 additions and 0 deletions
--- a/src/internal/controller/organization_controller.go
+++ b/src/internal/controller/organization_controller.go
@@ -25,8 +25,10 @@ import (
 	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
 	condition "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/condition"
 	"bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/controller/zitadel"
+	zitadelClient "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/zitadel"
 	"github.com/zitadel/zitadel-go/v2/pkg/client/management"
 	"github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
+	adm "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/admin"
 	pb "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
 	"k8s.io/client-go/util/workqueue"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -150,6 +152,7 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
 	if err != nil {
 		return err
 	}
+
 	adminUser, err := ztdClient.GetUserByLoginNameGlobal(ctx, &pb.GetUserByLoginNameGlobalRequest{
 		LoginName: strings.ToLower(fmt.Sprintf("%s@%s.%s", wr.organization.Spec.OrganizationAdmin.UserName, wr.organization.Name, zitadelCluster.Spec.Host)),
 	})
@@ -188,6 +191,7 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
 				}
 			}
 		}
+
 	} else {
 		userid = adminUser.User.Id
 	}
@@ -203,6 +207,37 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
 				return fmt.Errorf("Error updating org member: %v", err)
 			}
 		}
+
+		if zitadelCluster.Spec.FirstOrgName == wr.organization.Name {
+			adminClient, err := zitadelClient.NewAdminClient(ctx, zitadelCluster, *wr.refResolver)
+			if err != nil {
+				return err
+			}
+			{
+				if _, err := adminClient.AddIAMMember(ctx, &adm.AddIAMMemberRequest{
+					UserId: userid,
+					Roles: []string{
+						"IAM_OWNER",
+					},
+				}); err != nil {
+					if !strings.Contains(err.Error(), "Roles have not been changed") && !strings.Contains(err.Error(), "AlreadyExists") {
+						return fmt.Errorf("Error adding iam member: %v", err)
+					}
+				}
+			}
+			{
+				if _, err := adminClient.UpdateIAMMember(ctx, &adm.UpdateIAMMemberRequest{
+					UserId: userid,
+					Roles: []string{
+						"IAM_OWNER",
+					},
+				}); err != nil {
+					if !strings.Contains(err.Error(), "Roles have not been changed") {
+						return fmt.Errorf("Error updating iam member: %v", err)
+					}
+				}
+			}
+		}
 	}
 	patch := client.MergeFrom(wr.organization.DeepCopy())
 	wr.organization.Status.AdminId = userid