From c143e6dca35bde63f8d7555fab34d9f7095c6df9 Mon Sep 17 00:00:00 2001
From: Haim Kortovich <haim.kortovich@topmanage.com>
Date: Mon, 20 May 2024 18:54:25 -0500
Subject: [PATCH] Remove immutable

[ZITADOPER-1]
---
 src/internal/controller/machineuser_controller.go | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/internal/controller/machineuser_controller.go b/src/internal/controller/machineuser_controller.go
index 514b104..8964cbf 100644
--- a/src/internal/controller/machineuser_controller.go
+++ b/src/internal/controller/machineuser_controller.go
@@ -215,7 +215,7 @@ func (wr *wrappedMachineUserReconciler) reconcilePAT(ctx context.Context, ztdCli
 		}
 		desiredPatSecret, err := wr.Builder.BuildSecret(builder.SecretOpts{
 			Key:       key,
-			Immutable: true,
+			Immutable: false,
 			Data: map[string][]byte{
 				"pat": []byte(resp.Token),
 			},
@@ -297,7 +297,7 @@ func (wr *wrappedMachineUserReconciler) reconcileJWT(ctx context.Context, ztdCli
 			"appId":    []byte(jsonKey.AppID),
 			"key":      []byte(jsonKey.Key),
 		}
-		patSecret, err := wr.Builder.BuildSecret(builder.SecretOpts{
+		jwtSecret, err := wr.Builder.BuildSecret(builder.SecretOpts{
 			Key:       key,
 			Immutable: false,
 			Data:      secretData,
@@ -306,7 +306,7 @@ func (wr *wrappedMachineUserReconciler) reconcileJWT(ctx context.Context, ztdCli
 		if err != nil {
 			return fmt.Errorf("error building machine key Secret: %v", err)
 		}
-		if err := wr.Create(ctx, patSecret); err != nil {
+		if err := wr.Create(ctx, jwtSecret); err != nil {
 			return fmt.Errorf("error creating machine key Secret: %v", err)
 		}
 		patch := ctrlClient.MergeFrom(wr.MachineUser.DeepCopy())
@@ -331,6 +331,13 @@ func (wr *wrappedMachineUserReconciler) reconcileUserGrants(ctx context.Context,
 					},
 				},
 			},
+			{
+				Query: &user.UserGrantQuery_WithGrantedQuery{
+					WithGrantedQuery: &user.UserGrantWithGrantedQuery{
+						WithGranted: true,
+					},
+				},
+			},
 		},
 	})
 	if err != nil {
@@ -343,7 +350,7 @@ func (wr *wrappedMachineUserReconciler) reconcileUserGrants(ctx context.Context,
 		}
 		var existingUserGrant *user.UserGrant
 		for _, eGrant := range existingUserGrants.Result {
-			if eGrant.ProjectId == userGrantedProject.Status.ProjectId {
+			if eGrant.ProjectId == userGrantedProject.Status.ProjectId && eGrant.UserId == wr.MachineUser.Status.UserId {
 				existingUserGrant = eGrant
 				break
 			}