|
|
|
@@ -21,6 +21,7 @@ import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
"slices"
|
|
|
|
|
"strconv"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"golang.org/x/time/rate"
|
|
|
|
@@ -201,11 +202,16 @@ func (c *Controller) ensureFinalizers(ctx context.Context, pb *v1alpha1.PolicyBi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Controller) reconcileDelete(ctx context.Context, pb *v1alpha1.PolicyBinding) error {
|
|
|
|
|
r, err := c.authentik.PoliciesApi.PoliciesBindingsDestroy(ctx, pb.Status.PK).Execute()
|
|
|
|
|
pk, err := strconv.ParseInt(pb.Status.PK, 10, 32)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// This handles an edge-case, where when the PolicyBinding on Authentik has already been deleted, but the finalizer is still present. We just remove the finalizer and return.
|
|
|
|
|
return fmt.Errorf("error parsing PK: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r, err := c.authentik.ProvidersApi.ProvidersProxyDestroy(ctx, int32(pk)).Execute()
|
|
|
|
|
if err != nil {
|
|
|
|
|
// This handles an edge-case, where when the ProxyProvider on Authentik has already been deleted, but the finalizer is still present. We just remove the finalizer and return.
|
|
|
|
|
if r != nil && r.StatusCode != http.StatusNotFound {
|
|
|
|
|
return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsDestroy`: %w with response %v", err, r)
|
|
|
|
|
return fmt.Errorf("error when calling `ProvidersAPI.ProvidersProxyDestroy`: %w with response %v", err, r)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@@ -226,22 +232,15 @@ func (c *Controller) reconcileUpdate(ctx context.Context, pb *v1alpha1.PolicyBin
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
patchedPolicyBindingRequest := &authentikapi.PatchedPolicyBindingRequest{
|
|
|
|
|
Policy: *authentikapi.NewNullableString(&pb.Spec.Policy),
|
|
|
|
|
Group: *authentikapi.NewNullableString(&pb.Spec.Group),
|
|
|
|
|
User: *authentikapi.NewNullableInt32(&pb.Spec.User),
|
|
|
|
|
Target: &pb.Spec.Target,
|
|
|
|
|
Order: &pb.Spec.Order,
|
|
|
|
|
}
|
|
|
|
|
if pb.Spec.Policy != "" {
|
|
|
|
|
patchedPolicyBindingRequest.SetPolicy(pb.Spec.Policy)
|
|
|
|
|
}
|
|
|
|
|
if pb.Spec.Group != "" {
|
|
|
|
|
patchedPolicyBindingRequest.SetGroup(pb.Spec.Group)
|
|
|
|
|
}
|
|
|
|
|
if pb.Spec.User != 0 {
|
|
|
|
|
patchedPolicyBindingRequest.SetUser(pb.Spec.User)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resp, r, err := c.authentik.PoliciesApi.PoliciesBindingsPartialUpdate(ctx, pb.Status.PK).PatchedPolicyBindingRequest(*patchedPolicyBindingRequest).Execute()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsPartialUpdate`: %w with response %v", err, r)
|
|
|
|
|
return fmt.Errorf("error when calling `ProvidersAPI.ProvidersProxyPartialUpdate`: %w with response %v", err, r)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pb.Status.PK = resp.Pk
|
|
|
|
@@ -250,19 +249,12 @@ func (c *Controller) reconcileUpdate(ctx context.Context, pb *v1alpha1.PolicyBin
|
|
|
|
|
|
|
|
|
|
func (c *Controller) reconcileCreate(ctx context.Context, pb *v1alpha1.PolicyBinding) error {
|
|
|
|
|
policyBindingRequest := &authentikapi.PolicyBindingRequest{
|
|
|
|
|
Policy: *authentikapi.NewNullableString(&pb.Spec.Policy),
|
|
|
|
|
Group: *authentikapi.NewNullableString(&pb.Spec.Group),
|
|
|
|
|
User: *authentikapi.NewNullableInt32(&pb.Spec.User),
|
|
|
|
|
Target: pb.Spec.Target,
|
|
|
|
|
Order: pb.Spec.Order,
|
|
|
|
|
}
|
|
|
|
|
if pb.Spec.Policy != "" {
|
|
|
|
|
policyBindingRequest.SetPolicy(pb.Spec.Policy)
|
|
|
|
|
}
|
|
|
|
|
if pb.Spec.Group != "" {
|
|
|
|
|
policyBindingRequest.SetGroup(pb.Spec.Group)
|
|
|
|
|
}
|
|
|
|
|
if pb.Spec.User != 0 {
|
|
|
|
|
policyBindingRequest.SetUser(pb.Spec.User)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resp, r, err := c.authentik.PoliciesApi.PoliciesBindingsCreate(ctx).PolicyBindingRequest(*policyBindingRequest).Execute()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsCreate`: %w with response %v", err, r)
|
|
|
|
|
t.behrendt