feat: vertical slice proxy provider (#2)

Reviewed-on: #2
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>

pkg/apis/policybinding/v1alpha1/types.go

@@ -35,7 +35,7 @@ type PolicyBinding struct {
 type PolicyBindingSpec struct {
 	Policy string `json:"policy,omitempty"`
 	Group  string `json:"group,omitempty"`
-	User   int32  `json:"user,omitempty"`
+	User   int32  `json:"user"`
 	Target string `json:"target"`
 	Order  int32  `json:"order"`
 }

pkg/controllers/policybinding/controller.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"net/http"
 	"slices"
+	"strconv"
 	"time"
 
 	"golang.org/x/time/rate"
@@ -201,11 +202,16 @@ func (c *Controller) ensureFinalizers(ctx context.Context, pb *v1alpha1.PolicyBi
 }
 
 func (c *Controller) reconcileDelete(ctx context.Context, pb *v1alpha1.PolicyBinding) error {
-	r, err := c.authentik.PoliciesApi.PoliciesBindingsDestroy(ctx, pb.Status.PK).Execute()
+	pk, err := strconv.ParseInt(pb.Status.PK, 10, 32)
 	if err != nil {
-		// This handles an edge-case, where when the PolicyBinding on Authentik has already been deleted, but the finalizer is still present. We just remove the finalizer and return.
+		return fmt.Errorf("error parsing PK: %v", err)
+	}
+
+	r, err := c.authentik.ProvidersApi.ProvidersProxyDestroy(ctx, int32(pk)).Execute()
+	if err != nil {
+		// This handles an edge-case, where when the ProxyProvider on Authentik has already been deleted, but the finalizer is still present. We just remove the finalizer and return.
 		if r != nil && r.StatusCode != http.StatusNotFound {
-			return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsDestroy`: %w with response %v", err, r)
+			return fmt.Errorf("error when calling `ProvidersAPI.ProvidersProxyDestroy`: %w with response %v", err, r)
 		}
 	}
 
@@ -226,22 +232,15 @@ func (c *Controller) reconcileUpdate(ctx context.Context, pb *v1alpha1.PolicyBin
 	}
 
 	patchedPolicyBindingRequest := &authentikapi.PatchedPolicyBindingRequest{
+		Policy: *authentikapi.NewNullableString(&pb.Spec.Policy),
+		Group:  *authentikapi.NewNullableString(&pb.Spec.Group),
+		User:   *authentikapi.NewNullableInt32(&pb.Spec.User),
 		Target: &pb.Spec.Target,
 		Order:  &pb.Spec.Order,
 	}
-	if pb.Spec.Policy != "" {
-		patchedPolicyBindingRequest.SetPolicy(pb.Spec.Policy)
-	}
-	if pb.Spec.Group != "" {
-		patchedPolicyBindingRequest.SetGroup(pb.Spec.Group)
-	}
-	if pb.Spec.User != 0 {
-		patchedPolicyBindingRequest.SetUser(pb.Spec.User)
-	}
-
 	resp, r, err := c.authentik.PoliciesApi.PoliciesBindingsPartialUpdate(ctx, pb.Status.PK).PatchedPolicyBindingRequest(*patchedPolicyBindingRequest).Execute()
 	if err != nil {
-		return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsPartialUpdate`: %w with response %v", err, r)
+		return fmt.Errorf("error when calling `ProvidersAPI.ProvidersProxyPartialUpdate`: %w with response %v", err, r)
 	}
 
 	pb.Status.PK = resp.Pk
@@ -250,19 +249,12 @@ func (c *Controller) reconcileUpdate(ctx context.Context, pb *v1alpha1.PolicyBin
 
 func (c *Controller) reconcileCreate(ctx context.Context, pb *v1alpha1.PolicyBinding) error {
 	policyBindingRequest := &authentikapi.PolicyBindingRequest{
+		Policy: *authentikapi.NewNullableString(&pb.Spec.Policy),
+		Group:  *authentikapi.NewNullableString(&pb.Spec.Group),
+		User:   *authentikapi.NewNullableInt32(&pb.Spec.User),
 		Target: pb.Spec.Target,
 		Order:  pb.Spec.Order,
 	}
-	if pb.Spec.Policy != "" {
-		policyBindingRequest.SetPolicy(pb.Spec.Policy)
-	}
-	if pb.Spec.Group != "" {
-		policyBindingRequest.SetGroup(pb.Spec.Group)
-	}
-	if pb.Spec.User != 0 {
-		policyBindingRequest.SetUser(pb.Spec.User)
-	}
-
 	resp, r, err := c.authentik.PoliciesApi.PoliciesBindingsCreate(ctx).PolicyBindingRequest(*policyBindingRequest).Execute()
 	if err != nil {
 		return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsCreate`: %w with response %v", err, r)

pkg/generated/openapi/zz_generated.openapi.go

@@ -363,8 +363,9 @@ func schema_pkg_apis_policybinding_v1alpha1_PolicyBindingSpec(ref common.Referen
 					},
 					"user": {
 						SchemaProps: spec.SchemaProps{
-							Type:   []string{"integer"},
+							Default: 0,
-							Format: "int32",
+							Type:    []string{"integer"},
+							Format:  "int32",
 						},
 					},
 					"target": {
@@ -382,7 +383,7 @@ func schema_pkg_apis_policybinding_v1alpha1_PolicyBindingSpec(ref common.Referen
 						},
 					},
 				},
-				Required: []string{"target", "order"},
+				Required: []string{"user", "target", "order"},
 			},
 		},
 	}