update

reshnm · reshnm · commit 647c8335bd76 · 2025-06-04T10:02:59.000+02:00
diff --git a/lib/clusteraccess/clusteraccess.go b/lib/clusteraccess/clusteraccess.go
@@ -289,11 +289,22 @@ func (r *reconcilerImpl) ReconcileDelete(ctx context.Context, request reconcile.
 	return reconcile.Result{}, nil
 }
 
+// Manager is an interface for managing cluster access.
 type Manager interface {
+	// WithTimeout sets the timeout for operations.
 	WithTimeout(timeout time.Duration) Manager
+	// WithInterval sets the interval for polling operations.
 	WithInterval(interval time.Duration) Manager
+	// WithLogger sets the logger for the manager.
 	WithLogger(log *logging.Logger) Manager
 
+	// CreateAndWaitForCluster creates a new ClusterRequest/AccessRequest and waits for it to be ready.
+	// It returns the created Cluster if the AccessRequest is granted.
+	// ctx is the context for the operation.
+	// clusterName is the name of the cluster to create.
+	// purpose is the purpose of the cluster (e.g., "onboarding", "mcp", "workload").
+	// scheme is the runtime scheme to use for the cluster.
+	// permissions are the permissions to request for the AccessRequest.
 	CreateAndWaitForCluster(ctx context.Context, clusterName, purpose string,
 		scheme *runtime.Scheme, permissions []clustersv1alpha1.PermissionsRequest) (*clusters.Cluster, error)
 }
@@ -335,11 +346,11 @@ func (m *managerImpl) WithLogger(log *logging.Logger) Manager {
 func (m *managerImpl) CreateAndWaitForCluster(ctx context.Context, clusterName, purpose string,
 	scheme *runtime.Scheme, permissions []clustersv1alpha1.PermissionsRequest) (*clusters.Cluster, error) {
 
-	namespace := libutils.StableRequestNamespace(m.controllerName)
+	namespace := libutils.StableControllerNamespace(m.controllerName)
 
 	namespaceMutator := resources.NewNamespaceMutator(namespace)
 	if err := resources.CreateOrUpdateResource(ctx, m.platformClusterClient, namespaceMutator); err != nil {
-		return nil, fmt.Errorf("failed to create/update provider namespace: %w", err)
+		return nil, fmt.Errorf("failed to create/update namespace: %w", err)
 	}
 
 	cr := &clustersv1alpha1.ClusterRequest{
@@ -355,7 +366,7 @@ func (m *managerImpl) CreateAndWaitForCluster(ctx context.Context, clusterName,
 	}))
 
 	if err := resources.CreateOrUpdateResource(ctx, m.platformClusterClient, clusterRequestMutator); err != nil {
-		return nil, fmt.Errorf("failed to create/update onboarding cluster request: %w", err)
+		return nil, fmt.Errorf("failed to create/update ClusterRequest: %w", err)
 	}
 
 	err := m.wait(ctx, func(ctx context.Context) (bool, error) {
@@ -364,14 +375,14 @@ func (m *managerImpl) CreateAndWaitForCluster(ctx context.Context, clusterName,
 		}
 
 		if m.log != nil {
-			m.log.Info("Waiting for access request", "name", cr.Name, "phase", cr.Status.Phase)
+			m.log.Info("Waiting for ClusterRequest", "name", cr.Name, "phase", cr.Status.Phase)
 		}
 
 		return cr.Status.Phase.IsGranted() || cr.Status.Phase.IsDenied(), nil
 	})
 
 	if err != nil {
-		return nil, fmt.Errorf("failed to wait for cluster request: %w", err)
+		return nil, fmt.Errorf("failed to wait for ClusterRequest: %w", err)
 	}
 
 	ar := &clustersv1alpha1.AccessRequest{
@@ -394,7 +405,7 @@ func (m *managerImpl) CreateAndWaitForCluster(ctx context.Context, clusterName,
 	}))
 
 	if err := resources.CreateOrUpdateResource(ctx, m.platformClusterClient, accessRequestMutator); err != nil {
-		return nil, fmt.Errorf("failed to create/update onboarding access request: %w", err)
+		return nil, fmt.Errorf("failed to create/update AccessRequest: %w", err)
 	}
 
 	err = m.wait(ctx, func(ctx context.Context) (bool, error) {
@@ -403,14 +414,14 @@ func (m *managerImpl) CreateAndWaitForCluster(ctx context.Context, clusterName,
 		}
 
 		if m.log != nil {
-			m.log.Info("Waiting for access request", "name", ar.Name, "phase", ar.Status.Phase)
+			m.log.Info("Waiting for AccessRequest", "name", ar.Name, "phase", ar.Status.Phase)
 		}
 
 		return ar.Status.Phase.IsGranted() || ar.Status.Phase.IsDenied(), nil
 	})
 
 	if err != nil {
-		return nil, fmt.Errorf("failed to wait for access request: %w", err)
+		return nil, fmt.Errorf("failed to wait for AccessRequest: %w", err)
 	}
 
 	return createClusterForAccessRequest(ctx, m.platformClusterClient, clustersv1alpha1.PURPOSE_ONBOARDING, scheme, ar)
diff --git a/lib/clusteraccess/clusteraccess_test.go b/lib/clusteraccess/clusteraccess_test.go
@@ -2,9 +2,12 @@ package clusteraccess_test
 
 import (
 	"context"
+	"sync"
 	"testing"
 	"time"
 
+	"github.com/openmcp-project/controller-utils/pkg/clusters"
+
 	testutils "github.com/openmcp-project/controller-utils/pkg/testing"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -278,7 +281,103 @@ var _ = Describe("ClusterAccessReconciler", func() {
 
 var _ = Describe("ClusterAccessManager", func() {
 	It("should create and wait for onboarding cluster access", func() {
-		env := buildTestEnvironmentNoReconcile("test-03")
-		Expect(env).To(Not(BeNil()))
+		const (
+			clusterName    = "onboarding-cluster"
+			controllerName = "test-controller"
+			timeout        = 1 * time.Second
+			interval       = 20 * time.Millisecond
+		)
+
+		clusterRequest := &clustersv1alpha1.ClusterRequest{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      clusterName,
+				Namespace: utils.StableControllerNamespace(controllerName),
+			},
+		}
+
+		accessRequest := &clustersv1alpha1.AccessRequest{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      clusterName,
+				Namespace: utils.StableControllerNamespace(controllerName),
+			},
+		}
+
+		env := buildTestEnvironmentNoReconcile("test-03", accessRequest, clusterRequest)
+
+		manager := clusteraccess.NewClusterAccessManager(env.Client(), controllerName)
+		Expect(manager).ToNot(BeNil(), "should create a ClusterAccessManager")
+
+		manager.WithInterval(interval).WithTimeout(timeout)
+
+		scheme := runtime.NewScheme()
+		utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+		utilruntime.Must(clustersv1alpha1.AddToScheme(scheme))
+
+		var cluster *clusters.Cluster
+		var err error
+		var wg sync.WaitGroup
+		ctx, cancel := context.WithTimeout(env.Ctx, 1*time.Second)
+
+		defer cancel()
+		wg.Add(1)
+
+		go func() {
+			defer wg.Done()
+			cluster, err = manager.CreateAndWaitForCluster(ctx, clusterName, clustersv1alpha1.PURPOSE_ONBOARDING, scheme, []clustersv1alpha1.PermissionsRequest{
+				{
+					Rules: []rbacv1.PolicyRule{
+						{
+							APIGroups: []string{"*"},
+							Resources: []string{"*"},
+							Verbs:     []string{"*"},
+						},
+					},
+				},
+			})
+		}()
+
+		Eventually(func() bool {
+			// read rhe cluster request
+			if err := env.Client().Get(ctx, client.ObjectKeyFromObject(clusterRequest), clusterRequest); err != nil {
+				return false
+			}
+
+			// set status phase to REQUEST_GRANTED
+			if clusterRequest.Status.Phase != clustersv1alpha1.REQUEST_GRANTED {
+				clusterRequest.Status.Phase = clustersv1alpha1.REQUEST_GRANTED
+				if err := env.Client().Status().Update(ctx, clusterRequest); err != nil {
+					return false
+				}
+				return false
+			}
+
+			// read the access request
+			if err := env.Client().Get(ctx, client.ObjectKeyFromObject(accessRequest), accessRequest); err != nil {
+				return false
+			}
+
+			// set status phase to REQUEST_GRANTED and set the secret reference
+			if accessRequest.Status.Phase != clustersv1alpha1.REQUEST_GRANTED {
+				accessRequest.Status.Phase = clustersv1alpha1.REQUEST_GRANTED
+
+				accessRequest.Status.SecretRef = &clustersv1alpha1.NamespacedObjectReference{
+					ObjectReference: clustersv1alpha1.ObjectReference{
+						Name: "access",
+					},
+					Namespace: "default",
+				}
+
+				if err := env.Client().Status().Update(ctx, accessRequest); err != nil {
+					return false
+				}
+			}
+
+			return true
+		}, timeout, interval).Should(BeTrue())
+
+		wg.Wait()
+
+		Expect(err).ToNot(HaveOccurred(), "should not return an error when creating/waiting for onboarding cluster access")
+		Expect(cluster).ToNot(BeNil(), "should return a valid onboarding cluster")
 	})
 })
diff --git a/lib/clusteraccess/testdata/test-03/access-secrets.yaml b/lib/clusteraccess/testdata/test-03/access-secrets.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: access
+  namespace: default
+data:
+  kubeconfig: YXBpVmVyc2lvbjogdjEKa2luZDogQ29uZmlnCnByZWZlcmVuY2VzOiB7fQpjbHVzdGVyczoKLSBjbHVzdGVyOgogICAgc2VydmVyOiBodHRwczovL2FwaS5jbHVzdGVyLWIuZXhhbXBsZS5jb206NjQ0MwogIG5hbWU6IGNsdXN0ZXIKY29udGV4dHM6Ci0gY29udGV4dDoKICAgIGNsdXN0ZXI6IGNsdXN0ZXIKICAgIHVzZXI6IHVzZXIKICBuYW1lOiBjb250ZXh0CmN1cnJlbnQtY29udGV4dDogY29udGV4dAp1c2VyczoKLSBuYW1lOiB1c2VyCiAgdXNlcjoKICAgIHRva2VuOiBhYmM=
