implement accessrequest controller (#24)

* implement accessrequest controller

* accessrequest controller now also adds profile label

* accessrequest controller now also adds cluster reference

* move general openmcp constants into own api package

Author: Diaphteiros

Taskfile.yaml

@@ -7,9 +7,9 @@ includes:
     excludes: [] # put task names in here which are overwritten in this file
     vars:
       NESTED_MODULES: api
-      API_DIRS: '{{.ROOT_DIR}}/api/provider/v1alpha1/... {{.ROOT_DIR}}/api/clusters/v1alpha1/...'
+      API_DIRS: '{{.ROOT_DIR}}/api/...'
       MANIFEST_OUT: '{{.ROOT_DIR}}/api/crds/manifests'
-      CODE_DIRS: '{{.ROOT_DIR}}/cmd/... {{.ROOT_DIR}}/internal/... {{.ROOT_DIR}}/api/provider/v1alpha1/... {{.ROOT_DIR}}/api/clusters/v1alpha1/...'
+      CODE_DIRS: '{{.ROOT_DIR}}/cmd/... {{.ROOT_DIR}}/internal/... {{.ROOT_DIR}}/api/...'
       COMPONENTS: 'openmcp-operator'
       REPO_URL: 'https://github.com/openmcp-project/openmcp-operator'
       GENERATE_DOCS_INDEX: "true"

api/clusters/v1alpha1/accessrequest_types.go

@@ -7,14 +7,14 @@ import (
 
 type AccessRequestSpec struct {
 	// ClusterRef is the reference to the Cluster for which access is requested.
-	// Exactly one of clusterRef or requestRef must be set.
+	// If set, requestRef will be ignored.
 	// This value is immutable.
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="clusterRef is immutable"
 	// +optional
 	ClusterRef *NamespacedObjectReference `json:"clusterRef,omitempty"`
 
 	// RequestRef is the reference to the ClusterRequest for whose Cluster access is requested.
-	// Exactly one of clusterRef or requestRef must be set.
+	// Is ignored if clusterRef is set.
 	// This value is immutable.
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="requestRef is immutable"
 	// +optional

api/clusters/v1alpha1/clusterrequest_types.go

@@ -11,7 +11,7 @@ type ClusterRequestSpec struct {
 	Purpose string `json:"purpose"`
 }
 
-// +kubebuilder:validation:XValidation:rule="!has(oldSelf.clusterRef) || has(self.clusterRef)", message="clusterRef may not be removed once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.cluster) || has(self.cluster)", message="cluster may not be removed once set"
 type ClusterRequestStatus struct {
 	CommonStatus `json:",inline"`
 
@@ -23,8 +23,8 @@ type ClusterRequestStatus struct {
 	// Cluster is the reference to the Cluster that was returned as a result of a granted request.
 	// Note that this information needs to be recoverable in case this status is lost, e.g. by adding a back reference in form of a finalizer to the Cluster resource.
 	// +optional
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="clusterRef is immutable"
-	Cluster *NamespacedObjectReference `json:"clusterRef,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="cluster is immutable"
+	Cluster *NamespacedObjectReference `json:"cluster,omitempty"`
 }
 
 type RequestPhase string
@@ -49,6 +49,8 @@ func (p RequestPhase) IsPending() bool {
 // +kubebuilder:selectablefield:JSONPath=".status.phase"
 // +kubebuilder:printcolumn:JSONPath=".spec.purpose",name="Purpose",type=string
 // +kubebuilder:printcolumn:JSONPath=".status.phase",name="Phase",type=string
+// +kubebuilder:printcolumn:JSONPath=".status.cluster.name",name="Cluster",type=string
+// +kubebuilder:printcolumn:JSONPath=".status.cluster.namespace",name="Cluster-NS",type=string
 
 // ClusterRequest is the Schema for the clusters API
 type ClusterRequest struct {

api/clusters/v1alpha1/constants.go

@@ -56,29 +56,24 @@ const (
 )
 
 const (
-	// ClusterLabel can be used on CRDs to indicate onto which cluster they should be deployed.
-	ClusterLabel = "openmcp.cloud/cluster"
-	// OperationAnnotation is used to trigger specific operations on resources.
-	OperationAnnotation = "openmcp.cloud/operation"
-	// OperationAnnotationValueIgnore is used to ignore the resource.
-	OperationAnnotationValueIgnore = "ignore"
-	// OperationAnnotationValueReconcile is used to trigger a reconcile on the resource.
-	OperationAnnotationValueReconcile = "reconcile"
-
 	// K8sVersionAnnotation can be used to display the k8s version of the cluster.
-	K8sVersionAnnotation = "clusters.openmcp.cloud/k8sversion"
+	K8sVersionAnnotation = GroupName + "/k8sversion"
 	// ProviderInfoAnnotation can be used to display provider-specific information about the cluster.
-	ProviderInfoAnnotation = "clusters.openmcp.cloud/providerinfo"
+	ProviderInfoAnnotation = GroupName + "/providerinfo"
 	// ProfileNameAnnotation can be used to display the actual name (not the hash) of the cluster profile.
-	ProfileNameAnnotation = "clusters.openmcp.cloud/profile"
+	ProfileNameAnnotation = GroupName + "/profile"
 	// EnvironmentAnnotation can be used to display the environment of the cluster.
-	EnvironmentAnnotation = "clusters.openmcp.cloud/environment"
+	EnvironmentAnnotation = GroupName + "/environment"
 	// ProviderAnnotation can be used to display the provider of the cluster.
-	ProviderAnnotation = "clusters.openmcp.cloud/provider"
+	ProviderAnnotation = GroupName + "/provider"
 
 	// DeleteWithoutRequestsLabel marks that the corresponding cluster can be deleted if the scheduler removes the last request pointing to it.
 	// Its value must be "true" for the label to take effect.
-	DeleteWithoutRequestsLabel = "clusters.openmcp.cloud/delete-without-requests"
+	DeleteWithoutRequestsLabel = GroupName + "/delete-without-requests"
+	// ProviderLabel is used to indicate the provider that is responsible for an AccessRequest.
+	ProviderLabel = "provider." + GroupName
+	// ProfileLabel is used to make the profile information easily accessible for the ClusterProviders.
+	ProfileLabel = "profile." + GroupName
 )
 
 const (

api/clusters/v1alpha1/constants/reasons.go

@@ -5,6 +5,8 @@ const (
 	ReasonOnboardingClusterInteractionProblem = "OnboardingClusterInteractionProblem"
 	// ReasonPlatformClusterInteractionProblem is used when the platform cluster cannot be reached.
 	ReasonPlatformClusterInteractionProblem = "PlatformClusterInteractionProblem"
+	// ReasonInvalidReference means that a reference points to a non-existing or otherwise invalid object.
+	ReasonInvalidReference = "InvalidReference"
 	// ReasonConfigurationProblem indicates that something is configured incorrectly.
 	ReasonConfigurationProblem = "ConfigurationProblem"
 	// ReasonInternalError indicates that something went wrong internally.

api/clusters/v1alpha1/groupversion_info.go

@@ -5,9 +5,11 @@ package v1alpha1
 import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
+
+	apiconst "github.com/openmcp-project/openmcp-operator/api/constants"
 )
 
-const GroupName = "clusters.openmcp.cloud"
+const GroupName = "clusters." + apiconst.OpenMCPGroupName
 
 var (
 	// GroupVersion is group version used to register these objects

api/constants/constants.go

@@ -0,0 +1,16 @@
+package constants
+
+const (
+	// OpenMCPGroupName is the base API group name for OpenMCP.
+	OpenMCPGroupName = "openmcp.cloud"
+
+	// ClusterLabel can be used on CRDs to indicate onto which cluster they should be deployed.
+	ClusterLabel = OpenMCPGroupName + "/cluster"
+
+	// OperationAnnotation is used to trigger specific operations on resources.
+	OperationAnnotation = OpenMCPGroupName + "/operation"
+	// OperationAnnotationValueIgnore is used to ignore the resource.
+	OperationAnnotationValueIgnore = "ignore"
+	// OperationAnnotationValueReconcile is used to trigger a reconcile on the resource.
+	OperationAnnotationValueReconcile = "reconcile"
+)

api/crds/manifests/clusters.openmcp.cloud_accessrequests.yaml

@@ -50,7 +50,7 @@ spec:
               clusterRef:
                 description: |-
                   ClusterRef is the reference to the Cluster for which access is requested.
-                  Exactly one of clusterRef or requestRef must be set.
+                  If set, requestRef will be ignored.
                   This value is immutable.
                 properties:
                   name:
@@ -135,7 +135,7 @@ spec:
               requestRef:
                 description: |-
                   RequestRef is the reference to the ClusterRequest for whose Cluster access is requested.
-                  Exactly one of clusterRef or requestRef must be set.
+                  Is ignored if clusterRef is set.
                   This value is immutable.
                 properties:
                   name:

api/crds/manifests/clusters.openmcp.cloud_clusterrequests.yaml

@@ -26,6 +26,12 @@ spec:
     - jsonPath: .status.phase
       name: Phase
       type: string
+    - jsonPath: .status.cluster.name
+      name: Cluster
+      type: string
+    - jsonPath: .status.cluster.namespace
+      name: Cluster-NS
+      type: string
     name: v1alpha1
     schema:
       openAPIV3Schema:
@@ -62,7 +68,7 @@ spec:
               rule: self == oldSelf
           status:
             properties:
-              clusterRef:
+              cluster:
                 description: |-
                   Cluster is the reference to the Cluster that was returned as a result of a granted request.
                   Note that this information needs to be recoverable in case this status is lost, e.g. by adding a back reference in form of a finalizer to the Cluster resource.
@@ -79,7 +85,7 @@ spec:
                 - namespace
                 type: object
                 x-kubernetes-validations:
-                - message: clusterRef is immutable
+                - message: cluster is immutable
                   rule: self == oldSelf
               conditions:
                 description: Conditions contains the conditions.
@@ -147,8 +153,8 @@ spec:
             - phase
             type: object
             x-kubernetes-validations:
-            - message: clusterRef may not be removed once set
-              rule: '!has(oldSelf.clusterRef) || has(self.clusterRef)'
+            - message: cluster may not be removed once set
+              rule: '!has(oldSelf.cluster) || has(self.cluster)'
         type: object
     selectableFields:
     - jsonPath: .spec.purpose

cmd/openmcp-operator/app/init.go

@@ -10,6 +10,7 @@ import (
 	"sigs.k8s.io/yaml"
 
 	clustersv1alpha1 "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1"
+	apiconst "github.com/openmcp-project/openmcp-operator/api/constants"
 	"github.com/openmcp-project/openmcp-operator/api/crds"
 	"github.com/openmcp-project/openmcp-operator/api/install"
 )
@@ -75,12 +76,12 @@ func (o *InitOptions) Run(ctx context.Context) error {
 	log.Info("Environment", "value", o.Environment)
 
 	// apply CRDs
-	crdManager := crdutil.NewCRDManager(clustersv1alpha1.ClusterLabel, crds.CRDs)
+	crdManager := crdutil.NewCRDManager(apiconst.ClusterLabel, crds.CRDs)
 
 	crdManager.AddCRDLabelToClusterMapping(clustersv1alpha1.PURPOSE_ONBOARDING, o.Clusters.Onboarding)
 	crdManager.AddCRDLabelToClusterMapping(clustersv1alpha1.PURPOSE_PLATFORM, o.Clusters.Platform)
 
-	if err := crdManager.CreateOrUpdateCRDs(ctx, nil); err != nil {
+	if err := crdManager.CreateOrUpdateCRDs(ctx, &log); err != nil {
 		return fmt.Errorf("error creating/updating CRDs: %w", err)
 	}