Skip to content

refactor: move access request handling into own lib function #160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 10, 2025
Merged

refactor: move access request handling into own lib function #160

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 42 additions & 12 deletions lib/clusteraccess/clusteraccess.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,13 @@ type Manager interface {
// permissions are the permissions to request for the AccessRequest.
CreateAndWaitForCluster(ctx context.Context, clusterName, purpose string,
scheme *runtime.Scheme, permissions []clustersv1alpha1.PermissionsRequest) (*clusters.Cluster, error)

// WaitForClusterAccess creates or updates an AccessRequest for the given reference and waits until it is granted.
// localName is used to derive the name of the AccessRequest, which will be "<controllerName>--<localName>".
// ref is the reference to either a Cluster or a ClusterRequest, depending on refType.
// refType is either 'Cluster' or 'ClusterRequest' and determines what ref references.
// permissions are the permissions to request for the AccessRequest.
WaitForClusterAccess(ctx context.Context, localName string, scheme *runtime.Scheme, ref *commonapi.ObjectReference, refType ClusterReferenceType, permissions []clustersv1alpha1.PermissionsRequest) (*clusters.Cluster, *clustersv1alpha1.AccessRequest, error)
}

type managerImpl struct {
Expand Down Expand Up @@ -419,28 +426,52 @@ func (m *managerImpl) CreateAndWaitForCluster(ctx context.Context, localName, pu
return nil, fmt.Errorf("failed to wait for ClusterRequest: %w", err)
}

cl, _, err := m.WaitForClusterAccess(ctx, localName, scheme, &commonapi.ObjectReference{
Name: cr.Name,
Namespace: cr.Namespace,
}, ReferenceToClusterRequest, permissions)
return cl, err
}

type ClusterReferenceType string

const (
ReferenceToCluster ClusterReferenceType = "Cluster"
ReferenceToClusterRequest ClusterReferenceType = "ClusterRequest"
)

// WaitForClusterAccess creates or updates an AccessRequest for the given reference and waits until it is granted.
// localName is used to derive the name of the AccessRequest, which will be "<controllerName>--<localName>".
// ref is the reference to either a Cluster or a ClusterRequest, depending on refType.
// refType is either 'Cluster' or 'ClusterRequest' and determines what ref references.
// permissions are the permissions to request for the AccessRequest.
func (m *managerImpl) WaitForClusterAccess(ctx context.Context, localName string, scheme *runtime.Scheme, ref *commonapi.ObjectReference, refType ClusterReferenceType, permissions []clustersv1alpha1.PermissionsRequest) (*clusters.Cluster, *clustersv1alpha1.AccessRequest, error) {
ar := &clustersv1alpha1.AccessRequest{
ObjectMeta: metav1.ObjectMeta{
Name: cr.Name,
Name: StableRequestNameFromLocalName(m.controllerName, localName),
Namespace: m.controllerNamespace,
},
}

accessRequestMutator := newAccessRequestMutator(ar.Name, ar.Namespace)
accessRequestMutator.WithRequestRef(&commonapi.ObjectReference{
Name: cr.Name,
Namespace: cr.Namespace,
})
switch refType {
case ReferenceToCluster:
accessRequestMutator.WithClusterRef(ref)
case ReferenceToClusterRequest:
accessRequestMutator.WithRequestRef(ref)
default:
return nil, nil, fmt.Errorf("invalid ClusterReferenceType: %s", refType)
}
accessRequestMutator.WithTokenPermissions(permissions)
accessRequestMutator.WithMetadata(resources.NewMetadataMutator().WithLabels(map[string]string{
constv1alpha1.ManagedByLabel: m.controllerName,
}))

if err := resources.CreateOrUpdateResource(ctx, m.platformClusterClient, accessRequestMutator); err != nil {
return nil, fmt.Errorf("failed to create/update AccessRequest: %w", err)
return nil, nil, fmt.Errorf("failed to create/update AccessRequest: %w", err)
}

err = m.wait(ctx, func(ctx context.Context) (bool, error) {
if err := m.wait(ctx, func(ctx context.Context) (bool, error) {
if err := m.platformClusterClient.Get(ctx, client.ObjectKeyFromObject(ar), ar); err != nil {
return false, fmt.Errorf("failed to get AccessRequest: %w", err)
}
Expand All @@ -450,13 +481,12 @@ func (m *managerImpl) CreateAndWaitForCluster(ctx context.Context, localName, pu
}

return ar.Status.IsGranted() || ar.Status.IsDenied(), nil
})

if err != nil {
return nil, fmt.Errorf("failed to wait for AccessRequest: %w", err)
}); err != nil {
return nil, ar, fmt.Errorf("failed to wait for AccessRequest: %w", err)
}

return createClusterForAccessRequest(ctx, m.platformClusterClient, clustersv1alpha1.PURPOSE_ONBOARDING, scheme, ar)
cl, err := createClusterForAccessRequest(ctx, m.platformClusterClient, clustersv1alpha1.PURPOSE_ONBOARDING, scheme, ar)
return cl, ar, err
}

func (m *managerImpl) wait(ctx context.Context, test func(ctx context.Context) (bool, error)) error {
Expand Down