implement createOrUpdate path of mcp controller

Author: Diaphteiros

api/clusters/v1alpha1/constants.go

@@ -84,4 +84,13 @@ const (
 	// SecretKeyCreationTimestamp is the name of the key in the AccessRequest secret that contains the creation timestamp.
 	// This value is optional and must not be set for non-expiring authentication methods.
 	SecretKeyCreationTimestamp = "creationTimestamp"
+	// SecretKeyHost is the name of the key in the AccessRequest secret that contains the host of the cluster.
+	// This value is optional.
+	SecretKeyHost = "host"
+	// SecretKeyCA is the name of the key in the AccessRequest secret that contains the CA certificate of the cluster.
+	// This value is optional.
+	SecretKeyCA = "ca.crt"
+	// SecretKeyToken is the name of the key in the AccessRequest secret that contains the token.
+	// This value is optional.
+	SecretKeyToken = "token"
 )

api/clusters/v1alpha1/constants/reasons.go

@@ -11,4 +11,8 @@ const (
 	ReasonConfigurationProblem = "ConfigurationProblem"
 	// ReasonInternalError indicates that something went wrong internally.
 	ReasonInternalError = "InternalError"
+	// ReasonWaitingForClusterRequest indicates that something is waiting for a ClusterRequest to become ready.
+	ReasonWaitingForClusterRequest = "WaitingForClusterRequest"
+	// ReasonWaitingForAccessRequest indicates that something is waiting for an AccessRequest to become ready.
+	ReasonWaitingForAccessRequest = "WaitingForAccessRequest"
 )

api/core/v2alpha1/constants.go

@@ -4,3 +4,14 @@ const (
 	// DefaultOIDCProviderName is the identifier for the default OIDC provider.
 	DefaultOIDCProviderName = "default"
 )
+
+const (
+	MCPLabel          = GroupName + "/mcp"
+	OIDCProviderLabel = GroupName + "/oidc-provider"
+)
+
+const (
+	ConditionClusterRequestReady   = "ClusterRequestReady"
+	ConditionPrefixOIDCAccessReady = "OIDCAccessReady_"
+	ConditionAllAccessReady        = "AllAccessReady"
+)

api/core/v2alpha1/groupversion_info.go

@@ -7,9 +7,11 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
 )
 
+const GroupName = "core.openmcp.cloud"
+
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "core.openmcp.cloud", Version: "v2alpha1"}
+	GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v2alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

go.mod

@@ -10,8 +10,9 @@ require (
 	dario.cat/mergo v1.0.2
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
-	github.com/openmcp-project/controller-utils v0.13.1
+	github.com/openmcp-project/controller-utils v0.14.0
 	github.com/openmcp-project/openmcp-operator/api v0.9.1
+	github.com/openmcp-project/openmcp-operator/lib v0.9.1
 	github.com/spf13/cobra v1.9.1
 	k8s.io/api v0.33.3
 	k8s.io/apimachinery v0.33.3

go.sum

@@ -99,8 +99,10 @@ github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus
 github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
 github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
 github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
-github.com/openmcp-project/controller-utils v0.13.1 h1:+06c0bs1BIO+hBsTcuiEK5y8vpDFoZPml59WNm8fagM=
-github.com/openmcp-project/controller-utils v0.13.1/go.mod h1:Z1ytVshYcgJq3VQVGqkuZsjO/BCr4UYAaVpHl6JSIMI=
+github.com/openmcp-project/controller-utils v0.14.0 h1:semDlO6fmEmTp7mT1j2ZmT1cCG3TtNujrMyKBU5Tzic=
+github.com/openmcp-project/controller-utils v0.14.0/go.mod h1:BA5sey3z1ISAqOP5CzgWGVcPeA906XgXEq4uBOpNfg4=
+github.com/openmcp-project/openmcp-operator/lib v0.9.1 h1:zp/1L/2ySLajx7z1NSGDzvaHZBy0NyCqBUtZMRybfLA=
+github.com/openmcp-project/openmcp-operator/lib v0.9.1/go.mod h1:DvL3Dl1sbqQTs6tfX2Bd4UxYt1hW+zBX2vRyoOdmgmI=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

internal/config/config.go

@@ -29,6 +29,9 @@ type Config struct {
 
 	// AccessRequest is the configuration for the access request controller.
 	AccessRequest *AccessRequestConfig `json:"accessRequest,omitempty"`
+
+	// ManagedControlPlane is the configuration for the MCP controller.
+	ManagedControlPlane *ManagedControlPlaneConfig `json:"managedControlPlane,omitempty"`
 }
 
 // Dump is used for logging and debugging purposes.

internal/config/config_managedcontrolplane.go

@@ -0,0 +1,36 @@
+package config
+
+import (
+	"k8s.io/apimachinery/pkg/util/validation/field"
+
+	commonapi "github.com/openmcp-project/openmcp-operator/api/common"
+)
+
+type ManagedControlPlaneConfig struct {
+	// MCPClusterPurpose is the purpose that is used for ClusterRequests created for ManagedControlPlane resources.
+	MCPClusterPurpose string `json:"mcpClusterPurpose"`
+
+	// StandardOIDCProvider is the standard OIDC provider that is enabled for all ManagedControlPlane resources, unless explicitly disabled.
+	// If nil, no standard OIDC provider will be used.
+	StandardOIDCProvider *commonapi.OIDCProviderConfig `json:"standardOIDCProvider,omitempty"`
+
+	// ReconcileMCPEveryXDays specifies after how many days an MCP should be reconciled.
+	// This is useful if the AccessRequests created by the MCP use an expiring authentication method and the MCP needs to refresh the access regularly.
+	// A value of 0 disables the periodic reconciliation.
+	// +optional
+	ReconcileMCPEveryXDays int `json:"reconcileMCPEveryXDays,omitempty"`
+}
+
+func (c *ManagedControlPlaneConfig) Default(_ *field.Path) error {
+	return nil
+}
+
+func (c *ManagedControlPlaneConfig) Validate(fldPath *field.Path) error {
+	errs := field.ErrorList{}
+
+	if c.MCPClusterPurpose == "" {
+		errs = append(errs, field.Required(fldPath.Child("mcpClusterPurpose"), "MCP cluster purpose must be set"))
+	}
+
+	return errs.ToAggregate()
+}