refactor(config): update configuration handling for initializers (#109)

nexus49 · web-flow · commit dd7054765ff4 · 2025-10-13T19:36:50.000+02:00
• Introduces separate configuration structs for initializer and operator commands • Enhances clarity and maintainability of configuration management On-behalf-of: @SAP <bastian.echterhoelter@sap.com> Signed-off-by: Bastian Echterhölter <bastian.echterhoelter@sap.com>
diff --git a/Dockerfile b/Dockerfile
@@ -3,12 +3,6 @@ FROM golang:1.25.2-bookworm AS builder
 ARG TARGETOS
 ARG TARGETARCH
 
-### BEGIN GHE Configurations ###
-ENV GOPRIVATE="github.com/platform-mesh"
-ENV GOSUMDB=off
-
-RUN git config --global credential.helper store
-RUN --mount=type=secret,id=org_token echo "https://gha:$(cat /run/secrets/org_token)@github.com" > /root/.git-credentials
 WORKDIR /workspace
 
 # Copy the Go Modules manifests
diff --git a/cmd/initializer.go b/cmd/initializer.go
@@ -19,15 +19,16 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
-	"github.com/platform-mesh/security-operator/internal/controller"
 	mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager"
+
+	"github.com/platform-mesh/security-operator/internal/controller"
 )
 
 var initializerCmd = &cobra.Command{
 	Use:   "initializer",
 	Short: "FGA initializer for the organization workspacetype",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		ctx, _, shutdown := pmcontext.StartContext(log, appCfg, defaultCfg.ShutdownTimeout)
+		ctx, _, shutdown := pmcontext.StartContext(log, initializerCfg, defaultCfg.ShutdownTimeout)
 		defer shutdown()
 
 		mgrCfg := ctrl.GetConfigOrDie()
@@ -57,7 +58,7 @@ var initializerCmd = &cobra.Command{
 		}
 
 		provider, err := initializingworkspaces.New(mgrCfg, initializingworkspaces.Options{
-			InitializerName: appCfg.InitializerName,
+			InitializerName: initializerCfg.InitializerName,
 			Scheme:          mgrOpts.Scheme,
 		})
 		if err != nil {
@@ -93,11 +94,11 @@ var initializerCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
-		if appCfg.IDP.AdditionalRedirectURLs == nil {
-			appCfg.IDP.AdditionalRedirectURLs = []string{}
+		if initializerCfg.IDP.AdditionalRedirectURLs == nil {
+			initializerCfg.IDP.AdditionalRedirectURLs = []string{}
 		}
 
-		if err := controller.NewLogicalClusterReconciler(log, orgClient, appCfg, inClusterClient, mgr).
+		if err := controller.NewLogicalClusterReconciler(log, orgClient, initializerCfg, inClusterClient, mgr).
 			SetupWithManager(mgr, defaultCfg); err != nil {
 			setupLog.Error(err, "unable to create controller", "controller", "LogicalCluster")
 			os.Exit(1)
diff --git a/cmd/operator.go b/cmd/operator.go
@@ -35,6 +35,7 @@ import (
 	"github.com/spf13/cobra"
 
 	kcptenancyv1alphav1 "github.com/kcp-dev/kcp/sdk/apis/tenancy/v1alpha1"
+
 	corev1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1"
 	"github.com/platform-mesh/security-operator/internal/controller"
 	// +kubebuilder:scaffold:imports
@@ -134,7 +135,7 @@ var operatorCmd = &cobra.Command{
 			return err
 		}
 
-		conn, err := grpc.NewClient(appCfg.FGA.Target, grpc.WithTransportCredentials(insecure.NewCredentials()))
+		conn, err := grpc.NewClient(operatorCfg.FGA.Target, grpc.WithTransportCredentials(insecure.NewCredentials()))
 		if err != nil {
 			log.Error().Err(err).Msg("unable to create grpc client")
 			return err
@@ -153,7 +154,7 @@ var operatorCmd = &cobra.Command{
 			log.Error().Err(err).Str("controller", "authorizationmodel").Msg("unable to create controller")
 			return err
 		}
-		if err = controller.NewInviteReconciler(ctx, mgr, &appCfg, log).SetupWithManager(mgr, defaultCfg, log); err != nil {
+		if err = controller.NewInviteReconciler(ctx, mgr, &operatorCfg, log).SetupWithManager(mgr, defaultCfg, log); err != nil {
 			log.Error().Err(err).Str("controller", "invite").Msg("unable to create controller")
 			return err
 		}
diff --git a/cmd/root.go b/cmd/root.go
@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"flag"
+	"strings"
 
 	"github.com/go-logr/logr"
 	platformeshconfig "github.com/platform-mesh/golang-commons/config"
@@ -14,11 +15,11 @@ import (
 )
 
 var (
-	defaultCfg *platformeshconfig.CommonServiceConfig
-	appCfg     config.Config
-	v          *viper.Viper
-	log        *logger.Logger
-	setupLog   logr.Logger
+	defaultCfg     *platformeshconfig.CommonServiceConfig
+	initializerCfg config.Config
+	operatorCfg    config.Config
+	log            *logger.Logger
+	setupLog       logr.Logger
 )
 
 var rootCmd = &cobra.Command{
@@ -33,21 +34,32 @@ func init() {
 	rootCmd.PersistentFlags().AddGoFlagSet(flag.CommandLine)
 
 	var err error
-	v, defaultCfg, err = platformeshconfig.NewDefaultConfig(rootCmd)
+	_, defaultCfg, err = platformeshconfig.NewDefaultConfig(rootCmd)
 	if err != nil {
 		panic(err)
 	}
 
-	if err := platformeshconfig.BindConfigToFlags(v, initializerCmd, &appCfg); err != nil {
+	operatorV := newViper()
+	if err := platformeshconfig.BindConfigToFlags(operatorV, operatorCmd, &operatorCfg); err != nil {
 		panic(err)
 	}
-	if err := platformeshconfig.BindConfigToFlags(v, operatorCmd, &appCfg); err != nil {
+	initializerV := newViper()
+	if err := platformeshconfig.BindConfigToFlags(initializerV, initializerCmd, &initializerCfg); err != nil {
 		panic(err)
 	}
 
 	cobra.OnInitialize(initLog)
 }
 
+func newViper() *viper.Viper {
+	v := viper.NewWithOptions(
+		viper.EnvKeyReplacer(strings.NewReplacer("-", "_")),
+	)
+
+	v.AutomaticEnv()
+	return v
+}
+
 func initLog() { // coverage-ignore
 	logcfg := logger.DefaultConfig()
 	logcfg.Level = defaultCfg.Log.Level
diff --git a/internal/controller/invite_controller.go b/internal/controller/invite_controller.go
@@ -9,13 +9,14 @@ import (
 	lifecycle "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster"
 	lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine"
 	"github.com/platform-mesh/golang-commons/logger"
-	"github.com/platform-mesh/security-operator/api/v1alpha1"
-	"github.com/platform-mesh/security-operator/internal/config"
-	"github.com/platform-mesh/security-operator/internal/subroutine/invite"
 	ctrl "sigs.k8s.io/controller-runtime"
 	mccontext "sigs.k8s.io/multicluster-runtime/pkg/context"
 	mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager"
 	mcreconcile "sigs.k8s.io/multicluster-runtime/pkg/reconcile"
+
+	"github.com/platform-mesh/security-operator/api/v1alpha1"
+	"github.com/platform-mesh/security-operator/internal/config"
+	"github.com/platform-mesh/security-operator/internal/subroutine/invite"
 )
 
 type InviteReconciler struct {
diff --git a/internal/subroutine/invite/subroutine.go b/internal/subroutine/invite/subroutine.go
@@ -14,13 +14,14 @@ import (
 	lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine"
 	"github.com/platform-mesh/golang-commons/errors"
 	"github.com/platform-mesh/golang-commons/logger"
-	"github.com/platform-mesh/security-operator/api/v1alpha1"
-	"github.com/platform-mesh/security-operator/internal/config"
 	"golang.org/x/oauth2"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	mccontext "sigs.k8s.io/multicluster-runtime/pkg/context"
 	mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager"
+
+	"github.com/platform-mesh/security-operator/api/v1alpha1"
+	"github.com/platform-mesh/security-operator/internal/config"
 )
 
 const (
@@ -43,7 +44,8 @@ type keycloakUser struct {
 
 func New(ctx context.Context, cfg *config.Config, mgr mcmanager.Manager, pwd string) (*subroutine, error) {
 
-	provider, err := oidc.NewProvider(ctx, fmt.Sprintf("%s/realms/master", cfg.Invite.KeycloakBaseURL))
+	issuer := fmt.Sprintf("%s/realms/master", cfg.Invite.KeycloakBaseURL)
+	provider, err := oidc.NewProvider(ctx, issuer)
 	if err != nil {
 		return nil, err
 	}
