implement createOrUpdate path of mcp controller

Diaphteiros · Diaphteiros · commit 2dff94d6916b · 2025-08-28T10:07:37.000+02:00
diff --git a/api/clusters/v1alpha1/constants.go b/api/clusters/v1alpha1/constants.go
@@ -84,13 +84,16 @@ const (
 	// SecretKeyCreationTimestamp is the name of the key in the AccessRequest secret that contains the creation timestamp.
 	// This value is optional and must not be set for non-expiring authentication methods.
 	SecretKeyCreationTimestamp = "creationTimestamp"
-	// SecretKeyCAData is the name of the key in the AccessRequest secret that contains the CA data.
-	// This value is optional and must not be set.
-	SecretKeyCAData = "caData"
-	// SecretKeyHost is the name of the key in the AccessRequest secret that contains the host.
-	// This value is optional and must not be set.
-	SecretKeyHost = "host"
 	// SecretKeyClientID is the name of the key in the AccessRequest secret that contains the client ID.
 	// This value is optional and must not be set for non-OIDC-based authentication methods.
 	SecretKeyClientID = "clientID"
+	// SecretKeyHost is the name of the key in the AccessRequest secret that contains the host of the cluster.
+	// This value is optional.
+	SecretKeyHost = "host"
+	// SecretKeyCA is the name of the key in the AccessRequest secret that contains the CA certificate of the cluster.
+	// This value is optional.
+	SecretKeyCA = "ca.crt"
+	// SecretKeyToken is the name of the key in the AccessRequest secret that contains the token.
+	// This value is optional.
+	SecretKeyToken = "token"
 )
diff --git a/api/clusters/v1alpha1/constants/reasons.go b/api/clusters/v1alpha1/constants/reasons.go
@@ -11,4 +11,8 @@ const (
 	ReasonConfigurationProblem = "ConfigurationProblem"
 	// ReasonInternalError indicates that something went wrong internally.
 	ReasonInternalError = "InternalError"
+	// ReasonWaitingForClusterRequest indicates that something is waiting for a ClusterRequest to become ready.
+	ReasonWaitingForClusterRequest = "WaitingForClusterRequest"
+	// ReasonWaitingForAccessRequest indicates that something is waiting for an AccessRequest to become ready.
+	ReasonWaitingForAccessRequest = "WaitingForAccessRequest"
 )
diff --git a/api/core/v2alpha1/constants.go b/api/core/v2alpha1/constants.go
@@ -4,3 +4,14 @@ const (
 	// DefaultOIDCProviderName is the identifier for the default OIDC provider.
 	DefaultOIDCProviderName = "default"
 )
+
+const (
+	MCPLabel          = GroupName + "/mcp"
+	OIDCProviderLabel = GroupName + "/oidc-provider"
+)
+
+const (
+	ConditionClusterRequestReady   = "ClusterRequestReady"
+	ConditionPrefixOIDCAccessReady = "OIDCAccessReady_"
+	ConditionAllAccessReady        = "AllAccessReady"
+)
diff --git a/api/core/v2alpha1/groupversion_info.go b/api/core/v2alpha1/groupversion_info.go
@@ -7,9 +7,11 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
 )
 
+const GroupName = "core.openmcp.cloud"
+
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "core.openmcp.cloud", Version: "v2alpha1"}
+	GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v2alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
diff --git a/go.mod b/go.mod
@@ -11,7 +11,8 @@ require (
 	github.com/onsi/ginkgo/v2 v2.25.1
 	github.com/onsi/gomega v1.38.1
 	github.com/openmcp-project/controller-utils v0.18.0
-	github.com/openmcp-project/openmcp-operator/api v0.11.1
+	github.com/openmcp-project/openmcp-operator/api v0.11.0
+	github.com/openmcp-project/openmcp-operator/lib v0.11.0
 	github.com/spf13/cobra v1.9.1
 	k8s.io/api v0.33.4
 	k8s.io/apimachinery v0.33.4
diff --git a/go.sum b/go.sum
@@ -99,6 +99,8 @@ github.com/onsi/gomega v1.38.1 h1:FaLA8GlcpXDwsb7m0h2A9ew2aTk3vnZMlzFgg5tz/pk=
 github.com/onsi/gomega v1.38.1/go.mod h1:LfcV8wZLvwcYRwPiJysphKAEsmcFnLMK/9c+PjvlX8g=
 github.com/openmcp-project/controller-utils v0.18.0 h1:9UESJdCuGkoXhsvRZ/gWPpJrdK8bHvjx0ZP5fROib3k=
 github.com/openmcp-project/controller-utils v0.18.0/go.mod h1:S4Ym/PWOR8hy8A4LN1hfLyIf9XTNGUrnryvGtFMiq/U=
+github.com/openmcp-project/openmcp-operator/lib v0.11.0 h1:ga+n/lKwovULi/KYw3HttWVMKplON4S4dzIAIBg5CV4=
+github.com/openmcp-project/openmcp-operator/lib v0.11.0/go.mod h1:/FjNH8TJfbRomUYNvhtt4Peb1nrhe1IovCfun9DUMhY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -29,6 +29,9 @@ type Config struct {
 
 	// AccessRequest is the configuration for the access request controller.
 	AccessRequest *AccessRequestConfig `json:"accessRequest,omitempty"`
+
+	// ManagedControlPlane is the configuration for the MCP controller.
+	ManagedControlPlane *ManagedControlPlaneConfig `json:"managedControlPlane,omitempty"`
 }
 
 // Dump is used for logging and debugging purposes.
diff --git a/internal/config/config_managedcontrolplane.go b/internal/config/config_managedcontrolplane.go
@@ -0,0 +1,36 @@
+package config
+
+import (
+	"k8s.io/apimachinery/pkg/util/validation/field"
+
+	commonapi "github.com/openmcp-project/openmcp-operator/api/common"
+)
+
+type ManagedControlPlaneConfig struct {
+	// MCPClusterPurpose is the purpose that is used for ClusterRequests created for ManagedControlPlane resources.
+	MCPClusterPurpose string `json:"mcpClusterPurpose"`
+
+	// StandardOIDCProvider is the standard OIDC provider that is enabled for all ManagedControlPlane resources, unless explicitly disabled.
+	// If nil, no standard OIDC provider will be used.
+	StandardOIDCProvider *commonapi.OIDCProviderConfig `json:"standardOIDCProvider,omitempty"`
+
+	// ReconcileMCPEveryXDays specifies after how many days an MCP should be reconciled.
+	// This is useful if the AccessRequests created by the MCP use an expiring authentication method and the MCP needs to refresh the access regularly.
+	// A value of 0 disables the periodic reconciliation.
+	// +optional
+	ReconcileMCPEveryXDays int `json:"reconcileMCPEveryXDays,omitempty"`
+}
+
+func (c *ManagedControlPlaneConfig) Default(_ *field.Path) error {
+	return nil
+}
+
+func (c *ManagedControlPlaneConfig) Validate(fldPath *field.Path) error {
+	errs := field.ErrorList{}
+
+	if c.MCPClusterPurpose == "" {
+		errs = append(errs, field.Required(fldPath.Child("mcpClusterPurpose"), "MCP cluster purpose must be set"))
+	}
+
+	return errs.ToAggregate()
+}
diff --git a/internal/controllers/managedcontrolplane/controller.go b/internal/controllers/managedcontrolplane/controller.go

Original file line number	Diff line number	Diff line change
`@@ -11,4 +11,8 @@ const (`
`11`	`11`	`ReasonConfigurationProblem = "ConfigurationProblem"`
`12`	`12`	`// ReasonInternalError indicates that something went wrong internally.`
`13`	`13`	`ReasonInternalError = "InternalError"`
	`14`	`+ // ReasonWaitingForClusterRequest indicates that something is waiting for a ClusterRequest to become ready.`
	`15`	`+ ReasonWaitingForClusterRequest = "WaitingForClusterRequest"`
	`16`	`+ // ReasonWaitingForAccessRequest indicates that something is waiting for an AccessRequest to become ready.`
	`17`	`+ ReasonWaitingForAccessRequest = "WaitingForAccessRequest"`
`14`	`18`	`)`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,9 @@ type Config struct {`
`29`	`29`
`30`	`30`	`// AccessRequest is the configuration for the access request controller.`
`31`	`31`	AccessRequest *AccessRequestConfig `json:"accessRequest,omitempty"`
	`32`	`+`
	`33`	`+ // ManagedControlPlane is the configuration for the MCP controller.`
	`34`	+ ManagedControlPlane *ManagedControlPlaneConfig `json:"managedControlPlane,omitempty"`
`32`	`35`	`}`
`33`	`36`
`34`	`37`	`// Dump is used for logging and debugging purposes.`