improve config

Diaphteiros · Diaphteiros · commit ad76427c58e2 · 2025-08-27T08:45:53.000+02:00
diff --git a/api/core/v2alpha1/constants.go b/api/core/v2alpha1/constants.go
@@ -3,6 +3,8 @@ package v2alpha1
 const (
 	// DefaultOIDCProviderName is the identifier for the default OIDC provider.
 	DefaultOIDCProviderName = "default"
+	// DefaultMCPClusterPurpose is the default purpose for ManagedControlPlane clusters.
+	DefaultMCPClusterPurpose = "mcp"
 )
 
 const (
diff --git a/internal/config/config_managedcontrolplane.go b/internal/config/config_managedcontrolplane.go
@@ -16,9 +16,9 @@ type ManagedControlPlaneConfig struct {
 	// MCPClusterPurpose is the purpose that is used for ClusterRequests created for ManagedControlPlane resources.
 	MCPClusterPurpose string `json:"mcpClusterPurpose"`
 
-	// StandardOIDCProvider is the standard OIDC provider that is enabled for all ManagedControlPlane resources, unless explicitly disabled.
+	// DefaultOIDCProvider is the standard OIDC provider that is enabled for all ManagedControlPlane resources, unless explicitly disabled.
 	// If nil, no standard OIDC provider will be used.
-	StandardOIDCProvider *commonapi.OIDCProviderConfig `json:"standardOIDCProvider,omitempty"`
+	DefaultOIDCProvider *commonapi.OIDCProviderConfig `json:"defaultOIDCProvider,omitempty"`
 
 	// ReconcileMCPEveryXDays specifies after how many days an MCP should be reconciled.
 	// This is useful if the AccessRequests created by the MCP use an expiring authentication method and the MCP needs to refresh the access regularly.
@@ -28,9 +28,12 @@ type ManagedControlPlaneConfig struct {
 }
 
 func (c *ManagedControlPlaneConfig) Default(_ *field.Path) error {
-	c.StandardOIDCProvider.Default()
-	if c.StandardOIDCProvider.Name == "" {
-		c.StandardOIDCProvider.Name = corev2alpha1.DefaultOIDCProviderName
+	c.DefaultOIDCProvider.Default()
+	if c.DefaultOIDCProvider.Name == "" {
+		c.DefaultOIDCProvider.Name = corev2alpha1.DefaultOIDCProviderName
+	}
+	if c.MCPClusterPurpose == "" {
+		c.MCPClusterPurpose = corev2alpha1.DefaultMCPClusterPurpose
 	}
 	return nil
 }
@@ -44,13 +47,13 @@ func (c *ManagedControlPlaneConfig) Validate(fldPath *field.Path) error {
 	if c.ReconcileMCPEveryXDays < 0 {
 		errs = append(errs, field.Invalid(fldPath.Child("reconcileMCPEveryXDays"), c.ReconcileMCPEveryXDays, "reconcile interval must be 0 or greater"))
 	}
-	if c.StandardOIDCProvider == nil {
-		oidcFldPath := fldPath.Child("standardOIDCProvider")
-		if len(c.StandardOIDCProvider.RoleBindings) > 0 {
+	if c.DefaultOIDCProvider == nil {
+		oidcFldPath := fldPath.Child("defaultOIDCProvider")
+		if len(c.DefaultOIDCProvider.RoleBindings) > 0 {
 			errs = append(errs, field.Forbidden(oidcFldPath.Child("roleBindings"), "role bindings are specified in the MCP spec and may not be set in the config"))
 		}
-		if c.StandardOIDCProvider.Name != "" && c.StandardOIDCProvider.Name != corev2alpha1.DefaultOIDCProviderName {
-			errs = append(errs, field.Invalid(oidcFldPath.Child("name"), c.StandardOIDCProvider.Name, fmt.Sprintf("standard OIDC provider name must be '%s' or left empty (in which case it will be defaulted)", corev2alpha1.DefaultOIDCProviderName)))
+		if c.DefaultOIDCProvider.Name != "" && c.DefaultOIDCProvider.Name != corev2alpha1.DefaultOIDCProviderName {
+			errs = append(errs, field.Invalid(oidcFldPath.Child("name"), c.DefaultOIDCProvider.Name, fmt.Sprintf("standard OIDC provider name must be '%s' or left empty (in which case it will be defaulted)", corev2alpha1.DefaultOIDCProviderName)))
 		}
 	}
 
diff --git a/internal/controllers/managedcontrolplane/access.go b/internal/controllers/managedcontrolplane/access.go
@@ -90,9 +90,9 @@ func (r *ManagedControlPlaneReconciler) createOrUpdateDesiredAccessRequests(ctx
 	// create or update AccessRequests for the ManagedControlPlane
 	if mcp.DeletionTimestamp.IsZero() {
 		oidcProviders = make([]*commonapi.OIDCProviderConfig, 0, len(mcp.Spec.IAM.OIDCProviders)+1)
-		if r.Config.StandardOIDCProvider != nil && len(mcp.Spec.IAM.RoleBindings) > 0 {
+		if r.Config.DefaultOIDCProvider != nil && len(mcp.Spec.IAM.RoleBindings) > 0 {
 			// add default OIDC provider, unless it has been disabled
-			defaultOidc := r.Config.StandardOIDCProvider.DeepCopy()
+			defaultOidc := r.Config.DefaultOIDCProvider.DeepCopy()
 			defaultOidc.Name = corev2alpha1.DefaultOIDCProviderName
 			defaultOidc.RoleBindings = mcp.Spec.IAM.RoleBindings
 			oidcProviders = append(oidcProviders, defaultOidc)
diff --git a/internal/controllers/managedcontrolplane/controller_test.go b/internal/controllers/managedcontrolplane/controller_test.go
@@ -155,7 +155,7 @@ var _ = Describe("ManagedControlPlane Controller", func() {
 				WithStatus(metav1.ConditionFalse).
 				WithReason(cconst.ReasonWaitingForAccessRequest)),
 		))
-		oidcProviders := []commonapi.OIDCProviderConfig{*rec.Config.StandardOIDCProvider.DeepCopy()}
+		oidcProviders := []commonapi.OIDCProviderConfig{*rec.Config.DefaultOIDCProvider.DeepCopy()}
 		oidcProviders[0].RoleBindings = mcp.Spec.IAM.RoleBindings
 		for _, addProv := range mcp.Spec.IAM.OIDCProviders {
 			oidcProviders = append(oidcProviders, *addProv.DeepCopy())

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,8 @@ package v2alpha1`
`3`	`3`	`const (`
`4`	`4`	`// DefaultOIDCProviderName is the identifier for the default OIDC provider.`
`5`	`5`	`DefaultOIDCProviderName = "default"`
	`6`	`+ // DefaultMCPClusterPurpose is the default purpose for ManagedControlPlane clusters.`
	`7`	`+ DefaultMCPClusterPurpose = "mcp"`
`6`	`8`	`)`
`7`	`9`
`8`	`10`	`const (`