software-engineering/zitadel-resources-operator
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

allow to reference via zitadel too
All checks were successful
Build and Publish / build-release (push) Successful in 2m9s
Details

Browse Source
This commit is contained in:
HaimKortovich
2026-04-30 15:36:20 -05:00
parent c6aff229ae
commit 319acd90de
8 changed files with 185 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
api/v1alpha1/refresolver.go
View File

@@ -9,6 +9,13 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
)
// ResolvedReference is the common abstraction for both reference types
type ResolvedReference struct {
ID string
Namespace string
Name string
}
// +kubebuilder:object:generate=false
type RefResolver struct {
client client.Client
@@ -22,16 +29,16 @@ func NewRefResolver(client client.Client) *RefResolver {
func (r *RefResolver) OIDCAppRef(ctx context.Context, ref *OIDCAppRef,
namespace string) (*OIDCApp, error) {
if ref.Kind != "" && ref.Kind != "OIDCApp" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.Kind)
if ref.ObjectReference.Kind != "" && ref.ObjectReference.Kind != "OIDCApp" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.ObjectReference.Kind)
}
key := types.NamespacedName{
Name: ref.Name,
Name: ref.ObjectReference.Name,
Namespace: namespace,
}
if ref.Namespace != "" {
key.Namespace = ref.Namespace
if ref.ObjectReference.Namespace != "" {
key.Namespace = ref.ObjectReference.Namespace
}
var zitadel OIDCApp
@@ -43,16 +50,16 @@ func (r *RefResolver) OIDCAppRef(ctx context.Context, ref *OIDCAppRef,
func (r *RefResolver) ActionRef(ctx context.Context, ref *ActionRef,
namespace string) (*Action, error) {
if ref.Kind != "" && ref.Kind != "Action" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.Kind)
if ref.ObjectReference.Kind != "" && ref.ObjectReference.Kind != "Action" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.ObjectReference.Kind)
}
key := types.NamespacedName{
Name: ref.Name,
Name: ref.ObjectReference.Name,
Namespace: namespace,
}
if ref.Namespace != "" {
key.Namespace = ref.Namespace
if ref.ObjectReference.Namespace != "" {
key.Namespace = ref.ObjectReference.Namespace
}
var zitadel Action
@@ -64,16 +71,16 @@ func (r *RefResolver) ActionRef(ctx context.Context, ref *ActionRef,
func (r *RefResolver) ProjectRef(ctx context.Context, ref *ProjectRef,
namespace string) (*Project, error) {
if ref.Kind != "" && ref.Kind != "Project" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.Kind)
if ref.ObjectReference.Kind != "" && ref.ObjectReference.Kind != "Project" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.ObjectReference.Kind)
}
key := types.NamespacedName{
Name: ref.Name,
Name: ref.ObjectReference.Name,
Namespace: namespace,
}
if ref.Namespace != "" {
key.Namespace = ref.Namespace
if ref.ObjectReference.Namespace != "" {
key.Namespace = ref.ObjectReference.Namespace
}
var zitadel Project
@@ -85,16 +92,16 @@ func (r *RefResolver) ProjectRef(ctx context.Context, ref *ProjectRef,
func (r *RefResolver) OrganizationRef(ctx context.Context, ref *OrganizationRef,
namespace string) (*Organization, error) {
if ref.Kind != "" && ref.Kind != "Organization" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.Kind)
if ref.ObjectReference.Kind != "" && ref.ObjectReference.Kind != "Organization" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.ObjectReference.Kind)
}
key := types.NamespacedName{
Name: ref.Name,
Name: ref.ObjectReference.Name,
Namespace: namespace,
}
if ref.Namespace != "" {
key.Namespace = ref.Namespace
if ref.ObjectReference.Namespace != "" {
key.Namespace = ref.ObjectReference.Namespace
}
var zitadel Organization
@@ -105,15 +112,15 @@ func (r *RefResolver) OrganizationRef(ctx context.Context, ref *OrganizationRef,
}
func (r *RefResolver) ConnectionRef(ctx context.Context, ref *ConnectionRef, namespace string) (*Connection, error) {
if ref.Kind != "" && ref.Kind != "Connection" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.Kind)
if ref.ObjectReference.Kind != "" && ref.ObjectReference.Kind != "Connection" {
return nil, fmt.Errorf("Unsupported reference kind: '%s'", ref.ObjectReference.Kind)
}
key := types.NamespacedName{
Name: ref.Name,
Name: ref.ObjectReference.Name,
Namespace: namespace,
}
if ref.Namespace != "" {
key.Namespace = ref.Namespace
if ref.ObjectReference.Namespace != "" {
key.Namespace = ref.ObjectReference.Namespace
}
var connection Connection
@@ -141,3 +148,79 @@ func (r *RefResolver) SecretKeyRef(ctx context.Context, selector corev1.SecretKe
return string(data), nil
}
// ResolveOrganization resolves an organization reference to a common abstraction
func (r *RefResolver) ResolveOrganization(ctx context.Context, ref *OrganizationRef, namespace string) (*ResolvedReference, error) {
// Priority 1: Direct Zitadel ID reference (cross-cluster)
if ref.ID != "" {
return &ResolvedReference{
ID: ref.ID,
}, nil
}
// Priority 2: K8s object reference (same-cluster, backward compatible)
if ref.ObjectReference.Name != "" {
org, err := r.OrganizationRef(ctx, ref, namespace)
if err != nil {
return nil, err
}
if org.Status.OrganizationId == nil {
return nil, fmt.Errorf("organization not ready")
}
return &ResolvedReference{
ID: *org.Status.OrganizationId,
Namespace: org.Namespace,
Name: org.Name,
}, nil
}
return nil, fmt.Errorf("no valid organization reference provided")
}
// ResolveProject resolves a project reference to a common abstraction
func (r *RefResolver) ResolveProject(ctx context.Context, ref *ProjectRef, namespace string) (*ResolvedReference, error) {
// Priority 1: Direct Zitadel ID reference (cross-cluster)
if ref.ID != "" {
return &ResolvedReference{
ID: ref.ID,
}, nil
}
// Priority 2: K8s object reference (same-cluster, backward compatible)
if ref.ObjectReference.Name != "" {
project, err := r.ProjectRef(ctx, ref, namespace)
if err != nil {
return nil, err
}
if project.Status.ProjectId == nil {
return nil, fmt.Errorf("project not ready")
}
return &ResolvedReference{
ID: *project.Status.ProjectId,
Namespace: project.Namespace,
Name: project.Name,
}, nil
}
return nil, fmt.Errorf("no valid project reference provided")
}
// ResolveConnectionForRef resolves connection from either a ConnectionRef or enhanced reference with embedded ConnectionRef
func (r *RefResolver) ResolveConnectionForRef(ctx context.Context, ref interface{}, namespace string) (*Connection, error) {
switch v := ref.(type) {
case *ConnectionRef:
return r.ConnectionRef(ctx, v, namespace)
case *OrganizationRef:
if v.ID != "" {
return r.ConnectionRef(ctx, &v.ConnectionRef, namespace)
}
return nil, fmt.Errorf("organization reference does not contain connection info")
case *ProjectRef:
if v.ID != "" {
return r.ConnectionRef(ctx, &v.ConnectionRef, namespace)
}
return nil, fmt.Errorf("project reference does not contain connection info")
default:
return nil, fmt.Errorf("unsupported reference type for connection resolution")
}
}