enable all other resources

2026-03-25 17:08:48 -05:00
parent 25c940cfd3
commit 20a511b6b7
36 changed files with 2377 additions and 134 deletions
--- a/src/api/v1alpha1/machineuser_types.go
+++ b/src/api/v1alpha1/machineuser_types.go
@@ -44,14 +44,14 @@ type ProjectGrantResource struct {
 	OrgID     string `json:"orgId"`
 }

-type ConnectionResource struct{}
+type InstanceResource struct{}

-// +kubebuilder:validation:XValidation:rule="[has(self.organization), has(self.connection), has(self.project), has(self.projectGrant)].filter(x, x).size() == 1",message="exactly one of organization, connection, project, or projectGrant must be specified"
+// +kubebuilder:validation:XValidation:rule="[has(self.organization), has(self.instance), has(self.project), has(self.projectGrant)].filter(x, x).size() == 1",message="exactly one of organization, instance, project, or projectGrant must be specified"
 type Resource struct {
 	// +optional
 	Organization *OrganizationResource `json:"organization,omitempty"`
 	// +optional
-	Connection *ConnectionResource `json:"connection,omitempty"`
+	Instance *InstanceResource `json:"instance,omitempty"`
 	// +optional
 	Project *ProjectResource `json:"project,omitempty"`
 	// +optional
--- a/src/api/v1alpha1/zz_generated.deepcopy.go
+++ b/src/api/v1alpha1/zz_generated.deepcopy.go
@@ -366,21 +366,6 @@ func (in *ConnectionRef) DeepCopy() *ConnectionRef {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ConnectionResource) DeepCopyInto(out *ConnectionResource) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionResource.
-func (in *ConnectionResource) DeepCopy() *ConnectionResource {
-	if in == nil {
-		return nil
-	}
-	out := new(ConnectionResource)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ConnectionSpec) DeepCopyInto(out *ConnectionSpec) {
 	*out = *in
@@ -547,6 +532,21 @@ func (in *Grant) DeepCopy() *Grant {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *InstanceResource) DeepCopyInto(out *InstanceResource) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceResource.
+func (in *InstanceResource) DeepCopy() *InstanceResource {
+	if in == nil {
+		return nil
+	}
+	out := new(InstanceResource)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *InternalPermissions) DeepCopyInto(out *InternalPermissions) {
 	*out = *in
@@ -1198,9 +1198,9 @@ func (in *Resource) DeepCopyInto(out *Resource) {
 		*out = new(OrganizationResource)
 		**out = **in
 	}
-	if in.Connection != nil {
-		in, out := &in.Connection, &out.Connection
-		*out = new(ConnectionResource)
+	if in.Instance != nil {
+		in, out := &in.Instance, &out.Instance
+		*out = new(InstanceResource)
 		**out = **in
 	}
 	if in.Project != nil {
--- a/src/cmd/main.go
+++ b/src/cmd/main.go
@@ -48,6 +48,7 @@ var (

 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+	utilruntime.Must(zitadelv1alpha1.AddToScheme(scheme))
 	//+kubebuilder:scaffold:scheme
 }

@@ -73,7 +74,7 @@ func main() {
 		Metrics:                server.Options{BindAddress: metricsAddr},
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
-		LeaderElectionID:       "88a0b43c.github.com",
+		LeaderElectionID:       "r8a0b43c.github.com",
 		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
 		// when the Manager ends. This requires the binary to immediately end when the
 		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
@@ -98,7 +99,7 @@ func main() {
 	requeueZitadel := 5 * time.Minute

 	if err = controller.NewConnectionReconciler(client, refResolver, builder, conditionReady, requeueZitadel).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "Organization")
+		setupLog.Error(err, "unable to create controller", "controller", "Connection")
 		os.Exit(1)
 	}

--- a/src/config/crd/bases/zitadel.github.com_machineusers.yaml
+++ b/src/config/crd/bases/zitadel.github.com_machineusers.yaml
@@ -102,7 +102,7 @@ spec:
                  properties:
                    resource:
                      properties:
-                        connection:
+                        instance:
                          type: object
                        organization:
                          properties:
@@ -130,9 +130,9 @@ spec:
                          type: object
                      type: object
                      x-kubernetes-validations:
-                      - message: exactly one of organization, connection, project,
-                          or projectGrant must be specified
-                        rule: '[has(self.organization), has(self.connection), has(self.project),
+                      - message: exactly one of organization, instance, project, or
+                          projectGrant must be specified
+                        rule: '[has(self.organization), has(self.instance), has(self.project),
                          has(self.projectGrant)].filter(x, x).size() == 1'
                    roles:
                      items:
--- a/src/config/rbac/role.yaml
+++ b/src/config/rbac/role.yaml
@@ -4,6 +4,15 @@ kind: ClusterRole
 metadata:
  name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - list
+  - patch
+  - watch
 - apiGroups:
  - zitadel.github.com
  resources:
@@ -30,3 +39,38 @@ rules:
  - get
  - patch
  - update
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers
+  - oidcapps
+  - organizations
+  - projects
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers/finalizers
+  - oidcapps/finalizers
+  - organizations/finalizers
+  - projects/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers/status
+  - oidcapps/status
+  - organizations/status
+  - projects/status
+  verbs:
+  - get
+  - patch
+  - update
--- a/src/internal/controller/connection_controller.go
+++ b/src/internal/controller/connection_controller.go
@@ -56,6 +56,7 @@ func NewConnectionReconciler(client client.Client, refResolver *zitadelv1alpha1.
 //+kubebuilder:rbac:groups=zitadel.github.com,resources=connections,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=zitadel.github.com,resources=connections/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=zitadel.github.com,resources=connections/finalizers,verbs=update
+// +kubebuilder:rbac:groups="",resources=secrets,verbs=list;watch;create;patch

 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
--- a/src/internal/controller/instance_controller_test.gold
+++ b/src/internal/controller/instance_controller_test.gold
@@ -1,84 +0,0 @@
-/*
-Copyright 2024.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package controller
-
-import (
-	"context"
-
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
-	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-)
-
-var _ = Describe("ZitadelInstance Controller", func() {
-	Context("When reconciling a resource", func() {
-		const resourceName = "test-resource"
-
-		ctx := context.Background()
-
-		typeNamespacedName := types.NamespacedName{
-			Name:      resourceName,
-			Namespace: "default", // TODO(user):Modify as needed
-		}
-		zitadelinstance := &zitadelv1alpha1.ZitadelInstance{}
-
-		BeforeEach(func() {
-			By("creating the custom resource for the Kind ZitadelInstance")
-			err := k8sClient.Get(ctx, typeNamespacedName, zitadelinstance)
-			if err != nil && errors.IsNotFound(err) {
-				resource := &zitadelv1alpha1.ZitadelInstance{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      resourceName,
-						Namespace: "default",
-					},
-					// TODO(user): Specify other spec details if needed.
-				}
-				Expect(k8sClient.Create(ctx, resource)).To(Succeed())
-			}
-		})
-
-		AfterEach(func() {
-			// TODO(user): Cleanup logic after each test, like removing the resource instance.
-			resource := &zitadelv1alpha1.ZitadelInstance{}
-			err := k8sClient.Get(ctx, typeNamespacedName, resource)
-			Expect(err).NotTo(HaveOccurred())
-
-			By("Cleanup the specific resource instance ZitadelInstance")
-			Expect(k8sClient.Delete(ctx, resource)).To(Succeed())
-		})
-		It("should successfully reconcile the resource", func() {
-			By("Reconciling the created resource")
-			controllerReconciler := &ZitadelInstanceReconciler{
-				Client: k8sClient,
-				Scheme: k8sClient.Scheme(),
-			}
-
-			_, err := controllerReconciler.Reconcile(ctx, reconcile.Request{
-				NamespacedName: typeNamespacedName,
-			})
-			Expect(err).NotTo(HaveOccurred())
-			// TODO(user): Add more specific assertions depending on your controller's reconciliation logic.
-			// Example: If you expect a certain status condition after reconciliation, verify it here.
-		})
-	})
-})
--- a/src/internal/controller/machineuser_controller.gold
+++ b/src/internal/controller/machineuser_controller.gold
@@ -6,10 +6,10 @@ import (
 	"slices"
 	"time"

-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/builder"
-	condition "github.com/HaimKortovich/zitadel-k8s-operator/pkg/condition"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/controller/core"
+	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-resources-operator/api/v1alpha1"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/builder"
+	condition "github.com/HaimKortovich/zitadel-resources-operator/pkg/condition"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/controller/core"
 	clientv2 "github.com/zitadel/zitadel-go/v3/pkg/client"
 	"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/filter/v2"
 	"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/internal_permission/v2"
--- a/src/internal/controller/machineuser_controller_finalizer.gold
+++ b/src/internal/controller/machineuser_controller_finalizer.gold
@@ -1,8 +1,8 @@
 package controller

 import (
-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/controller/core"
+	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-resources-operator/api/v1alpha1"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/controller/core"

 	"context"
 	"fmt"
--- a/src/internal/controller/oidcapp_controller.gold
+++ b/src/internal/controller/oidcapp_controller.gold
@@ -21,10 +21,10 @@ import (
 	"fmt"
 	"time"

-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/builder"
-	condition "github.com/HaimKortovich/zitadel-k8s-operator/pkg/condition"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/controller/core"
+	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-resources-operator/api/v1alpha1"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/builder"
+	condition "github.com/HaimKortovich/zitadel-resources-operator/pkg/condition"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/controller/core"
 	clientv2 "github.com/zitadel/zitadel-go/v3/pkg/client"
 	"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/application/v2"
 	"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/filter/v2"
@@ -191,7 +191,7 @@ func (wr *wrappedOIDCAppReconciler) Reconcile(ctx context.Context, ztdClient *cl
 		}

 		secretData := map[string][]byte{"clientSecret": []byte(resp.GetApiConfiguration().ClientSecret), "appId": []byte(resp.ApplicationId), "clientId": []byte(resp.GetApiConfiguration().ClientId)}
-		secret, err := wr.Builder.BuildSecret(builder.SecretOpts{Immutable: false, Zitadel: nil, Key: key, Data: secretData}, wr.OIDCApp)
+		secret, err := wr.Builder.BuildSecret(builder.SecretOpts{Immutable: false, Key: key, Data: secretData}, wr.OIDCApp)
 		if err != nil {
 			return fmt.Errorf("error building Secret: %v", err)
 		}
--- a/src/internal/controller/oidcapp_controller_finalizer.gold
+++ b/src/internal/controller/oidcapp_controller_finalizer.gold
@@ -3,8 +3,8 @@ package controller
 import (
 	"strings"

-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/controller/core"
+	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-resources-operator/api/v1alpha1"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/controller/core"

 	"context"
 	"fmt"
--- a/src/internal/controller/organization_controller.gold
+++ b/src/internal/controller/organization_controller.gold
@@ -21,9 +21,9 @@ import (
 	"fmt"
 	"time"

-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-	condition "github.com/HaimKortovich/zitadel-k8s-operator/pkg/condition"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/controller/core"
+	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-resources-operator/api/v1alpha1"
+	condition "github.com/HaimKortovich/zitadel-resources-operator/pkg/condition"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/controller/core"
 	clientv2 "github.com/zitadel/zitadel-go/v3/pkg/client"
 	"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/object/v2"
 	"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/org/v2"
--- a/src/internal/controller/organization_controller_finalizer.gold
+++ b/src/internal/controller/organization_controller_finalizer.gold
@@ -1,8 +1,8 @@
 package controller

 import (
-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/controller/core"
+	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-resources-operator/api/v1alpha1"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/controller/core"

 	"context"
 	"fmt"
--- a/src/internal/controller/project_controller.gold
+++ b/src/internal/controller/project_controller.gold
@@ -23,9 +23,9 @@ import (
 	"sort"
 	"time"

-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-	condition "github.com/HaimKortovich/zitadel-k8s-operator/pkg/condition"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/controller/core"
+	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-resources-operator/api/v1alpha1"
+	condition "github.com/HaimKortovich/zitadel-resources-operator/pkg/condition"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/controller/core"

 	clientv2 "github.com/zitadel/zitadel-go/v3/pkg/client"
 	"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/filter/v2"
--- a/src/internal/controller/project_controller_finalizer.gold
+++ b/src/internal/controller/project_controller_finalizer.gold
@@ -1,8 +1,8 @@
 package controller

 import (
-	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-k8s-operator/api/v1alpha1"
-	"github.com/HaimKortovich/zitadel-k8s-operator/pkg/controller/core"
+	zitadelv1alpha1 "github.com/HaimKortovich/zitadel-resources-operator/api/v1alpha1"
+	"github.com/HaimKortovich/zitadel-resources-operator/pkg/controller/core"

 	"context"
 	"fmt"