added webhook for oidc feature and corrected conversion

corrected image path

Author: dranicu

api/v1beta1/ocimanagedcontrolplane_conversion.go

@@ -36,7 +36,26 @@ func (src *OCIManagedControlPlane) ConvertTo(dstRaw conversion.Hub) error {
 	dst.Spec.ClusterType = restored.Spec.ClusterType
 	dst.Spec.Addons = restored.Spec.Addons
 	dst.Status.AddonStatus = restored.Status.AddonStatus
-	dst.Spec.ClusterOption.OpenIdConnectDiscovery.IsOpenIdConnectDiscoveryEnabled = restored.Spec.ClusterOption.OpenIdConnectDiscovery.IsOpenIdConnectDiscoveryEnabled
+
+	// Handle ClusterOption conversion
+	// Copy OpenIdConnectDiscovery if present
+	if restored.Spec.ClusterOption.OpenIdConnectDiscovery != nil {
+		if dst.Spec.ClusterOption.OpenIdConnectDiscovery == nil {
+			dst.Spec.ClusterOption.OpenIdConnectDiscovery = &v1beta2.OpenIDConnectDiscovery{}
+		}
+		dst.Spec.ClusterOption.OpenIdConnectDiscovery.IsOpenIdConnectDiscoveryEnabled =
+			restored.Spec.ClusterOption.OpenIdConnectDiscovery.IsOpenIdConnectDiscoveryEnabled
+	}
+
+	// Copy OpenIdConnectTokenAuthenticationConfig if present
+	if restored.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig != nil {
+		if dst.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig == nil {
+			dst.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig = &v1beta2.OpenIDConnectTokenAuthenticationConfig{}
+		}
+		*dst.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig =
+			*restored.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig
+	}
+
 	return nil
 }
 

api/v1beta2/ocimanagedcontrolplane_webhook.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta2
 
 import (
+	"github.com/oracle/oci-go-sdk/v65/common"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -56,6 +57,18 @@ func (c *OCIManagedControlPlane) ValidateCreate() (admission.Warnings, error) {
 	if len(c.Name) > 31 {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("Name"), c.Name, "Name cannot be more than 31 characters"))
 	}
+
+	if c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.IsOpenIdConnectAuthEnabled == *common.Bool(true) {
+		if c.Spec.ClusterType != EnhancedClusterType {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("ClusterType"), c.Spec.ClusterType, "ClusterType needs to be set to ENHANCED_CLUSTER for OpenIdConnectTokenAuthenticationConfig to be enabled."))
+		}
+		if c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.ClientId == nil {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("ClientId"), c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.ClientId, "ClientId cannot be empty when OpenIdConnectAuth is enabled."))
+		}
+		if c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.IssuerUrl == nil {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("IssuerUrl "), c.Spec.ClusterOption.OpenIdConnectTokenAuthenticationConfig.IssuerUrl, "IssuerUrl cannot be empty when OpenIdConnectAuth is enabled."))
+		}
+	}
 	if len(allErrs) == 0 {
 		return nil, nil
 	}

config/default/manager_image_patch.yaml

@@ -8,5 +8,5 @@ spec:
     spec:
       containers:
         # Change the value of image field below to your controller image URL
-        - image: tsmini/cluster-api-oci-controller-amd64:dev
+        - image: ghcr.io/oracle/cluster-api-oci-controller-amd64:dev
           name: manager