fix: system account setup

ZEISS · Dec 17, 2024 · b1a9dd3 · b1a9dd3
1 parent b86af9e
commit b1a9dd3
Show file tree

Hide file tree

Showing 11 changed files with 362 additions and 79 deletions.
diff --git a/api/v1alpha1/nats_account_types.go b/api/v1alpha1/nats_account_types.go
@@ -74,7 +74,6 @@ type NatsAccountSpec struct {
 	// Namespaces that are allowed for user creation.
 	// If a NatsUser is referencing this account outside of these namespaces, the operator will create an event for it saying that it's not allowed.
 	AllowUserNamespaces []string `json:"allowedUserNamespaces,omitempty"`
-
 	// These fields are directly mappejwtd into the NATS JWT claim
 	Imports     []*jwt.Import      `json:"imports,omitempty"`
 	Exports     []Export           `json:"exports,omitempty"`

diff --git a/api/v1alpha1/nats_config_types.go b/api/v1alpha1/nats_config_types.go
@@ -17,9 +17,9 @@ const (
 // NatsConfigSpec defines the desired state of NatsConfig
 type NatsConfigSpec struct {
 	// OperatorRef is a reference to the operator that is managing the config.
-	OperatorRef NatsOperatorReference `json:"operatorRef,omitempty"`
+	OperatorRef NatsOperatorReference `json:"operatorRef"`
 	// SystemAccountRef is a reference to the system account.
-	SystemAccountRef NatsAccountReference `json:"systemAccountRef,omitempty"`
+	SystemAccountRef NatsAccountReference `json:"systemAccountRef"`
 	// Gateways is a list of gateways that should be configured.
 	Gateways []NatsgatewayReference `json:"gateways,omitempty"`
 }

diff --git a/api/v1alpha1/nats_gateway_types.go b/api/v1alpha1/nats_gateway_types.go
@@ -10,35 +10,43 @@ const (
 	GatewayPhaseNone     GatewayPhase = ""
 	GatewayPhaseCreating GatewayPhase = "Creating"
 	GatewayPhaseActive   GatewayPhase = "Active"
+	GatewaySynchronized  GatewayPhase = "Synchronized"
 	GatewayPhaseFailed   GatewayPhase = "Failed"
 )
 
+// NatsGatewayRef is a reference to a NatsGateway
+type NatsgatewayReference struct {
+	// Name is the name of the gateway
+	Name string `json:"name"`
+	// Namespace is the namespace of the gateway
+	Namespace string `json:"namespace"`
+}
+
 type NatsGatewaySpec struct {
-	URL      string                `json:"url"`
-	Name     string                `json:"name,omitempty"`
-	Username string                `json:"username"`
-	Password SecretValueFromSource `json:"password"`
+	// URL is the URL of the gateway.
+	URL string `json:"url"`
+	// Username is the username of the gateway.
+	Username SecretValueFromSource `json:"username,omitempty"`
+	// Password is the password of the gateway.
+	Password SecretValueFromSource `json:"password,omitempty"`
 }
 
 type NatsGatewayStatus struct {
-	// Phase is the current state of the gateway
+	// Conditions is an array of conditions that the operator is currently in.
+	Conditions []metav1.Condition `json:"conditions,omitempty" optional:"true"`
+	// Phase is the current phase of the operator.
+	//
+	// +kubebuilder:validation:Enum={None,Pending,Creating,Synchronized,Failed}
 	Phase GatewayPhase `json:"phase"`
-
-	// ControlPaused indicates if the controller paused the control of the gateway
-	ControlPaused bool `json:"controlPaused,omitempty"`
+	// ControlPaused is a flag that indicates if the operator is paused.
+	ControlPaused bool `json:"controlPaused,omitempty" optional:"true"`
+	// LastUpdate is the timestamp of the last update.
+	LastUpdate metav1.Time `json:"lastUpdate,omitempty"`
 }
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 
-// NatsGatewayRef is a reference to a NatsGateway
-type NatsgatewayReference struct {
-	// Name is the name of the gateway
-	Name string `json:"name"`
-	// Namespace is the namespace of the gateway
-	Namespace string `json:"namespace"`
-}
-
 type NatsGateway struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/controllers/natsconfig_controller.go b/controllers/natsconfig_controller.go
@@ -35,6 +35,21 @@ type Template struct {
 	SystemAccountPublicKey string
 	SystemAccountJWT       string
 	SigningKey             string
+	Gateway                TemplateGateway
+}
+
+// HasGateways ...
+func (t *Template) HasGateways() bool {
+	return slices.Len(t.Gateway.Gateways) > 0
+}
+
+type TemplateGateway struct {
+	User     string
+	Password string
+	Gateways []struct {
+		Name string
+		URL  string
+	}
 }
 
 const authConfigTpl = `operator: {{ .OperatorJWT }}
@@ -48,8 +63,21 @@ resolver {
 }
 resolver_preload: {
 	{{ .SystemAccountPublicKey }}: {{ .SystemAccountJWT }},
-  ABZPDLWLRAVRE7LGVOB43OSPFG4Y4CEJROQI4YKZ4UN7JXI5ASKZJSSX: {{ .SystemAccountJWT }},
 }
+{{ if hasGateways }}
+gateway: {
+  authorization {
+    user: {{ .Gateway.User }}
+    password: {{ .Gateway.Password }}
+  }
+
+  gateways: [
+    {{- range .Gateway.Gateways }}
+    { name: {{ .Name }}, url: {{ .URL }} },
+    {{- end }}
+  ]
+}
+{{end}}
 `
 
 // NatsConfigReconciler reconciles a Natsconfig object
@@ -156,7 +184,9 @@ func (r *NatsConfigReconciler) reconcileConfig(ctx context.Context, config *nats
 		SystemAccountJWT:       systemAccount.Status.JWT,
 	}
 
-	tmpl, err := template.New("auth.conf").Parse(authConfigTpl)
+	tmpl, err := template.New("auth.conf").Funcs(template.FuncMap{
+		"hasGateways": tpl.HasGateways,
+	}).Parse(authConfigTpl)
 	if err != nil {
 		return err
 	}