feat: relations

On-behalf-of: @SAP [email protected]
Signed-off-by: Artem Shcherbatiuk <[email protected]>

Author: vertex451

gateway/resolver/relationships.go

@@ -0,0 +1,174 @@
+package resolver
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/graphql-go/graphql"
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/trace"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	"github.com/openmfp/golang-commons/logger"
+)
+
+// RelationshipResolver handles resolution of relationships between Kubernetes resources
+type RelationshipResolver struct {
+	log *logger.Logger
+}
+
+// EnhancedRef represents our custom relationship reference structure
+type EnhancedRef struct {
+	Kind         string `json:"kind,omitempty"`
+	GroupVersion string `json:"groupVersion,omitempty"`
+	Name         string `json:"name"`
+	Namespace    string `json:"namespace,omitempty"`
+}
+
+// NewRelationshipResolver creates a new relationship resolver
+func NewRelationshipResolver(log *logger.Logger) *RelationshipResolver {
+	return &RelationshipResolver{
+		log: log,
+	}
+}
+
+// IsRelationshipField checks if a field name follows the relationship convention (<kind>Ref)
+func IsRelationshipField(fieldName string) bool {
+	return strings.HasSuffix(fieldName, "Ref")
+}
+
+// ExtractTargetKind extracts the target kind from a relationship field name
+// e.g., "roleRef" -> "Role"
+func ExtractTargetKind(fieldName string) string {
+	if !IsRelationshipField(fieldName) {
+		return ""
+	}
+
+	// Remove "Ref" suffix and capitalize first letter
+	kindName := strings.TrimSuffix(fieldName, "Ref")
+	if len(kindName) == 0 {
+		return ""
+	}
+
+	return strings.ToUpper(kindName[:1]) + kindName[1:]
+}
+
+// CreateSingleRelationResolver creates GraphQL resolvers for <Kind>Relation fields (e.g. roleRelation)
+func (r *RelationshipResolver) CreateSingleRelationResolver(sourceGVK schema.GroupVersionKind, fieldName string) graphql.FieldResolveFn {
+	return func(p graphql.ResolveParams) (interface{}, error) {
+		_, span := otel.Tracer("").Start(p.Context, "ResolveSingleRelation",
+			trace.WithAttributes(
+				attribute.String("sourceKind", sourceGVK.Kind),
+				attribute.String("fieldName", fieldName),
+			))
+		defer span.End()
+
+		// Get the source object from the parent resolver
+		sourceObj, ok := p.Source.(map[string]interface{})
+		if !ok {
+			return nil, fmt.Errorf("expected source to be map[string]interface{}, got %T", p.Source)
+		}
+
+		// Extract the relationship reference from the source object
+		refValue, found, err := unstructured.NestedFieldNoCopy(sourceObj, fieldName)
+		if err != nil {
+			r.log.Debug().Err(err).Str("field", fieldName).Msg("Error accessing relationship field")
+			return nil, nil // Return nil for optional field
+		}
+		if !found {
+			return nil, nil // Field not present, return nil
+		}
+
+		refMap, ok := refValue.(map[string]interface{})
+		if !ok {
+			r.log.Debug().Str("field", fieldName).Msg("Relationship field is not a map")
+			return nil, nil
+		}
+
+		// Create enhanced reference
+		enhancedRef, err := r.createEnhancedRef(refMap, sourceObj, sourceGVK, fieldName)
+		if err != nil {
+			r.log.Debug().Err(err).Str("field", fieldName).Msg("Error creating enhanced reference")
+			return nil, nil
+		}
+
+		return enhancedRef, nil
+	}
+}
+
+// createEnhancedRef transforms native Kubernetes references (e.g. roleRef) into our enhanced structure with explicit groupVersion and inferred namespace
+func (r *RelationshipResolver) createEnhancedRef(nativeRefMap map[string]interface{}, sourceObj map[string]interface{}, sourceGVK schema.GroupVersionKind, fieldName string) (map[string]interface{}, error) {
+	enhancedRef := make(map[string]interface{})
+
+	// Extract name (required)
+	name, ok := nativeRefMap["name"].(string)
+	if !ok {
+		return nil, fmt.Errorf("name is required in relationship reference")
+	}
+	enhancedRef["name"] = name
+
+	// Extract or infer kind
+	if kind, ok := nativeRefMap["kind"].(string); ok {
+		enhancedRef["kind"] = kind
+	} else {
+		// Infer kind from field name
+		targetKind := ExtractTargetKind(fieldName)
+		if targetKind != "" {
+			enhancedRef["kind"] = targetKind
+		}
+	}
+
+	// Extract or construct groupVersion
+	if groupVersion, ok := nativeRefMap["groupVersion"].(string); ok {
+		enhancedRef["groupVersion"] = groupVersion
+	} else if apiGroup, ok := nativeRefMap["apiGroup"].(string); ok {
+		// Construct groupVersion from apiGroup
+		switch apiGroup {
+		case "rbac.authorization.k8s.io":
+			enhancedRef["groupVersion"] = "rbac.authorization.k8s.io/v1"
+		case "":
+			enhancedRef["groupVersion"] = "v1"
+		default:
+			enhancedRef["groupVersion"] = apiGroup + "/v1"
+		}
+	}
+
+	// Extract or infer namespace
+	if namespace, ok := nativeRefMap["namespace"].(string); ok {
+		enhancedRef["namespace"] = namespace
+		return enhancedRef, nil
+	}
+
+	// Infer namespace from source object and relationship context
+	targetKind, _ := enhancedRef["kind"].(string)
+	inferredNamespace := r.inferNamespaceForReference(sourceObj, sourceGVK, fieldName, targetKind)
+	if inferredNamespace != "" {
+		enhancedRef["namespace"] = inferredNamespace
+	}
+
+	return enhancedRef, nil
+}
+
+// inferNamespaceForReference infers the namespace for a reference based on Kubernetes conventions
+func (r *RelationshipResolver) inferNamespaceForReference(sourceObj map[string]interface{}, sourceGVK schema.GroupVersionKind, fieldName string, targetKind string) string {
+	// For cluster-scoped targets (like ClusterRole), no namespace needed
+	if targetKind == "ClusterRole" || strings.HasPrefix(targetKind, "Cluster") {
+		return ""
+	}
+
+	// Default: try to use source object's namespace for namespaced targets
+	// This works for most cases where references point to resources in the same namespace
+	if metadata, found := sourceObj["metadata"]; found {
+		if metadataMap, ok := metadata.(map[string]interface{}); ok {
+			if namespace, ok := metadataMap["namespace"].(string); ok {
+				return namespace
+			}
+		}
+	}
+
+	return ""
+}
+
+// getOriginalGroupName converts sanitized group name back to original

gateway/resolver/resolver.go

@@ -30,6 +30,7 @@ type Provider interface {
 	CustomQueriesProvider
 	CommonResolver() graphql.FieldResolveFn
 	SanitizeGroupName(string) string
+	GetRelationshipResolver() *RelationshipResolver
 }
 
 type CrudProvider interface {
@@ -50,15 +51,17 @@ type CustomQueriesProvider interface {
 type Service struct {
 	log *logger.Logger
 	// groupNames stores relation between sanitized group names and original group names that are used in the Kubernetes API
-	groupNames    map[string]string // map[sanitizedGroupName]originalGroupName
-	runtimeClient client.WithWatch
+	groupNames           map[string]string // map[sanitizedGroupName]originalGroupName
+	runtimeClient        client.WithWatch
+	relationshipResolver *RelationshipResolver
 }
 
 func New(log *logger.Logger, runtimeClient client.WithWatch) *Service {
 	return &Service{
-		log:           log,
-		groupNames:    make(map[string]string),
-		runtimeClient: runtimeClient,
+		log:                  log,
+		groupNames:           make(map[string]string),
+		runtimeClient:        runtimeClient,
+		relationshipResolver: NewRelationshipResolver(log),
 	}
 }
 
@@ -397,6 +400,10 @@ func (r *Service) getOriginalGroupName(groupName string) string {
 	return groupName
 }
 
+func (r *Service) GetRelationshipResolver() *RelationshipResolver {
+	return r.relationshipResolver
+}
+
 func compareUnstructured(a, b unstructured.Unstructured, fieldPath string) int {
 	segments := strings.Split(fieldPath, ".")