mvp working creation of proxy provider
This commit is contained in:
+72
-12
@@ -19,6 +19,7 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"golang.org/x/time/rate"
|
||||
@@ -39,10 +40,12 @@ import (
|
||||
"k8s.io/client-go/util/workqueue"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
v1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1"
|
||||
clientset "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned"
|
||||
operatorscheme "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/scheme"
|
||||
informers "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/proxyprovider/v1"
|
||||
listers "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/listers/proxyprovider/v1"
|
||||
authentikapi "goauthentik.io/api/v3"
|
||||
)
|
||||
|
||||
const controllerAgentName = "proxy-provider-controller"
|
||||
@@ -56,8 +59,9 @@ const (
|
||||
)
|
||||
|
||||
type Controller struct {
|
||||
kubeclientset kubernetes.Interface
|
||||
operatorclientset clientset.Interface
|
||||
kubeclientset kubernetes.Interface
|
||||
proxyProviderClientset clientset.Interface
|
||||
authentik *authentikapi.APIClient
|
||||
|
||||
deploymentsLister appslisters.DeploymentLister
|
||||
deploymentsSynced cache.InformerSynced
|
||||
@@ -71,7 +75,8 @@ type Controller struct {
|
||||
func NewController(
|
||||
ctx context.Context,
|
||||
kubeclientset kubernetes.Interface,
|
||||
operatorclientset clientset.Interface,
|
||||
proxyProviderClientset clientset.Interface,
|
||||
authentik *authentikapi.APIClient,
|
||||
deploymentInformer appsinformers.DeploymentInformer,
|
||||
proxyInformer informers.ProxyProviderInformer,
|
||||
) *Controller {
|
||||
@@ -90,14 +95,15 @@ func NewController(
|
||||
)
|
||||
|
||||
c := &Controller{
|
||||
kubeclientset: kubeclientset,
|
||||
operatorclientset: operatorclientset,
|
||||
deploymentsLister: deploymentInformer.Lister(),
|
||||
deploymentsSynced: deploymentInformer.Informer().HasSynced,
|
||||
proxyLister: proxyInformer.Lister(),
|
||||
proxySynced: proxyInformer.Informer().HasSynced,
|
||||
workqueue: workqueue.NewTypedRateLimitingQueue(ratelimiter),
|
||||
recorder: recorder,
|
||||
kubeclientset: kubeclientset,
|
||||
proxyProviderClientset: proxyProviderClientset,
|
||||
authentik: authentik,
|
||||
deploymentsLister: deploymentInformer.Lister(),
|
||||
deploymentsSynced: deploymentInformer.Informer().HasSynced,
|
||||
proxyLister: proxyInformer.Lister(),
|
||||
proxySynced: proxyInformer.Informer().HasSynced,
|
||||
workqueue: workqueue.NewTypedRateLimitingQueue(ratelimiter),
|
||||
recorder: recorder,
|
||||
}
|
||||
|
||||
logger.Info("Setting up event handlers")
|
||||
@@ -181,8 +187,55 @@ func (c *Controller) syncHandler(ctx context.Context, objectRef cache.ObjectName
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
logger.V(4).Info("sync ProxyProvider", "name", pp.Name)
|
||||
|
||||
if pp.Status.PK != "" {
|
||||
// We retrieve the existing PP from the API by slug.
|
||||
pk, err := strconv.ParseInt(pp.Status.PK, 10, 32)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error parsing PK: %v", err)
|
||||
}
|
||||
_, _, err = c.authentik.ProvidersApi.ProvidersAllRetrieve(ctx, int32(pk)).Execute()
|
||||
if err != nil {
|
||||
return fmt.Errorf("error retrieving existing ProxyProvider: %v", err)
|
||||
}
|
||||
|
||||
// We update the existing PP with the new spec.
|
||||
proxyProviderRequest := &authentikapi.ProxyProviderRequest{
|
||||
Name: pp.Spec.Name,
|
||||
AuthorizationFlow: pp.Spec.AuthorizationFlow,
|
||||
InvalidationFlow: pp.Spec.InvalidationFlow,
|
||||
ExternalHost: pp.Spec.ExternalHost,
|
||||
Mode: authentikapi.PROXYMODE_FORWARD_SINGLE.Ptr(),
|
||||
}
|
||||
resp, r, err := c.authentik.ProvidersApi.ProvidersProxyUpdate(ctx, int32(pk)).ProxyProviderRequest(*proxyProviderRequest).Execute()
|
||||
if err != nil {
|
||||
return fmt.Errorf("error when calling `ProvidersAPI.ProvidersProxyUpdate`: %w with response %v", err, r)
|
||||
}
|
||||
pp.Status.PK = strconv.Itoa(int(resp.Pk))
|
||||
err = c.updateProxyProviderStatus(ctx, pp)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error updating ProxyProvider status: %v", err)
|
||||
}
|
||||
} else {
|
||||
proxyProviderRequest := &authentikapi.ProxyProviderRequest{
|
||||
Name: pp.Spec.Name,
|
||||
AuthorizationFlow: pp.Spec.AuthorizationFlow,
|
||||
InvalidationFlow: pp.Spec.InvalidationFlow,
|
||||
ExternalHost: pp.Spec.ExternalHost,
|
||||
Mode: authentikapi.PROXYMODE_FORWARD_SINGLE.Ptr(),
|
||||
}
|
||||
resp, r, err := c.authentik.ProvidersApi.ProvidersProxyCreate(ctx).ProxyProviderRequest(*proxyProviderRequest).Execute()
|
||||
if err != nil {
|
||||
return fmt.Errorf("error when calling `ProvidersAPI.ProvidersProxyCreate`: %w with response %v", err, r)
|
||||
}
|
||||
pp.Status.PK = strconv.Itoa(int(resp.Pk))
|
||||
err = c.updateProxyProviderStatus(ctx, pp)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error updating ProxyProvider status: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -211,3 +264,10 @@ func (c *Controller) handleObject(obj interface{}) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Controller) updateProxyProviderStatus(ctx context.Context, pp *v1.ProxyProvider) error {
|
||||
ppCopy := pp.DeepCopy()
|
||||
ppCopy.Status.PK = pp.Status.PK
|
||||
_, err := c.proxyProviderClientset.ProxyproviderV1().ProxyProviders(pp.Namespace).UpdateStatus(ctx, ppCopy, metav1.UpdateOptions{FieldManager: FieldManager})
|
||||
return err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user