allow to reference via zitadel too

2026-04-30 15:36:20 -05:00
parent c6aff229ae
commit 319acd90de
8 changed files with 185 additions and 77 deletions
--- a/internal/controller/oidcapp_controller.go
+++ b/internal/controller/oidcapp_controller.go
@@ -101,11 +101,11 @@ func newWrappedOIDCAppReconciler(client client.Client, refResolver *zitadelv1alp
 }

 func (wr *wrappedOIDCAppReconciler) Reconcile(ctx context.Context, ztdClient *clientv2.Client) error {
-	project, err := wr.OIDCApp.Project(ctx, wr.refResolver)
+	projectRef, err := wr.OIDCApp.Project(ctx, wr.refResolver)
 	if err != nil {
 		return err
 	}
-	if project.Status.ProjectId == nil {
+	if projectRef.ID == "" {
 		return fmt.Errorf("Project has not been created yet...")
 	}
 	responseTypes := []application.OIDCResponseType{}
@@ -133,7 +133,7 @@ func (wr *wrappedOIDCAppReconciler) Reconcile(ctx context.Context, ztdClient *cl
 				{
 					Filter: &application.ApplicationSearchFilter_ProjectIdFilter{
 						ProjectIdFilter: &application.ProjectIDFilter{
-							ProjectId: *project.Status.ProjectId,
+							ProjectId: projectRef.ID,
 						},
 					},
 				},
@@ -153,7 +153,7 @@ func (wr *wrappedOIDCAppReconciler) Reconcile(ctx context.Context, ztdClient *cl
 		resp, err := ztdClient.ApplicationServiceV2().CreateApplication(ctx,
 			&application.CreateApplicationRequest{
 				Name:      wr.OIDCApp.Spec.OIDCAppName,
-				ProjectId: *project.Status.ProjectId,
+				ProjectId: projectRef.ID,
 				ApplicationType: &application.CreateApplicationRequest_OidcConfiguration{
 					OidcConfiguration: &application.CreateOIDCApplicationRequest{
 						ApplicationType:          application.OIDCApplicationType(application.OIDCApplicationType_value[wr.OIDCApp.Spec.AppType]),
@@ -205,7 +205,7 @@ func (wr *wrappedOIDCAppReconciler) Reconcile(ctx context.Context, ztdClient *cl
 		_, err := ztdClient.ApplicationServiceV2().UpdateApplication(ctx,
 			&application.UpdateApplicationRequest{
 				Name:          wr.OIDCApp.Name,
-				ProjectId:     *project.Status.ProjectId,
+				ProjectId:     projectRef.ID,
 				ApplicationId: *appid,
 				ApplicationType: &application.UpdateApplicationRequest_OidcConfiguration{
 					OidcConfiguration: &application.UpdateOIDCApplicationConfigurationRequest{
--- a/internal/controller/oidcapp_controller_finalizer.go
+++ b/internal/controller/oidcapp_controller_finalizer.go
@@ -58,13 +58,13 @@ func (wr *wrappedOIDCAppFinalizer) ContainsFinalizer() bool {

 func (wf *wrappedOIDCAppFinalizer) Reconcile(ctx context.Context, ztdClient *clientv2.Client) error {
 	if wf.OIDCApp.Status.AppId != nil {
-		project, err := wf.OIDCApp.Project(ctx, wf.refresolver)
+		projectRef, err := wf.OIDCApp.Project(ctx, wf.refresolver)
 		if err != nil {
 			return err
 		}
 		_, err = ztdClient.ApplicationServiceV2().DeleteApplication(ctx, &application.DeleteApplicationRequest{
 			ApplicationId: *wf.OIDCApp.Status.AppId,
-			ProjectId:     *project.Status.ProjectId,
+			ProjectId:     projectRef.ID,
 		})
 		if err != nil {
 			if strings.Contains(err.Error(), "doesn't exist") {
--- a/internal/controller/project_controller.go
+++ b/internal/controller/project_controller.go
@@ -124,13 +124,11 @@ func (wr *wrappedProjectReconciler) Reconcile(ctx context.Context, ztdClient *cl
 }

 func (wr *wrappedProjectReconciler) reconcileProject(ctx context.Context, ztdClient *clientv2.Client) error {
-	org, err := wr.refResolver.OrganizationRef(ctx, &wr.project.Spec.OrganizationRef, wr.project.Namespace)
+	orgRef, err := wr.refResolver.ResolveOrganization(ctx, &wr.project.Spec.OrganizationRef, wr.project.Namespace)
 	if err != nil {
 		return err
 	}
-	if org.Status.OrganizationId == nil {
-		return fmt.Errorf("Organization not created yet")
-	}
+
 	var projectId *string
 	projectList, err := ztdClient.ProjectServiceV2().ListProjects(ctx, &project.ListProjectsRequest{
 		Filters: []*project.ProjectSearchFilter{
@@ -145,7 +143,7 @@ func (wr *wrappedProjectReconciler) reconcileProject(ctx context.Context, ztdCli
 			&project.ProjectSearchFilter{
 				Filter: &project.ProjectSearchFilter_OrganizationIdFilter{
 					OrganizationIdFilter: &project.ProjectOrganizationIDFilter{
-						OrganizationId: *org.Status.OrganizationId,
+						OrganizationId: orgRef.ID,
 						Type:           project.ProjectOrganizationIDFilter_OWNED,
 					},
 				},
@@ -163,7 +161,7 @@ func (wr *wrappedProjectReconciler) reconcileProject(ctx context.Context, ztdCli
 		resp, err :=
 			ztdClient.ProjectServiceV2().CreateProject(ctx,
 				&project.CreateProjectRequest{
-					OrganizationId:        *org.Status.OrganizationId,
+					OrganizationId:        orgRef.ID,
 					Name:                  wr.project.Spec.ProjectName,
 					ProjectRoleAssertion:  wr.project.Spec.ProjectRoleAssertion,
 					AuthorizationRequired: wr.project.Spec.ProjectRoleCheck,
@@ -254,16 +252,13 @@ func (wr *wrappedProjectReconciler) reconcileGrants(ctx context.Context, ztdClie
 		return fmt.Errorf("Error listing project grants: %v", err)
 	}
 	for _, grant := range wr.project.DeepCopy().Spec.Grants {
-		grantedOrg, err := wr.refResolver.OrganizationRef(ctx, &grant.OrganizationRef, wr.project.Namespace)
+		grantedOrgRef, err := wr.refResolver.ResolveOrganization(ctx, &grant.OrganizationRef, wr.project.Namespace)
 		if err != nil {
 			return err
 		}
-		if grantedOrg.Status.OrganizationId == nil {
-			continue
-		}
 		var existingGrant *project.ProjectGrant
 		for _, eGrant := range existingGrants.ProjectGrants {
-			if eGrant.GrantedOrganizationId == *grantedOrg.Status.OrganizationId {
+			if eGrant.GrantedOrganizationId == grantedOrgRef.ID {
 				existingGrant = eGrant
 				break
 			}
@@ -271,7 +266,7 @@ func (wr *wrappedProjectReconciler) reconcileGrants(ctx context.Context, ztdClie
 		if existingGrant == nil {
 			_, err := ztdClient.ProjectServiceV2().CreateProjectGrant(ctx, &project.CreateProjectGrantRequest{
 				ProjectId:             *wr.project.Status.ProjectId,
-				GrantedOrganizationId: *grantedOrg.Status.OrganizationId,
+				GrantedOrganizationId: grantedOrgRef.ID,
 				RoleKeys:              grant.RoleKeys,
 			})
 			if err != nil {