Skip to content

Commit

Permalink
adds OIDC conditions
Browse files Browse the repository at this point in the history
  • Loading branch information
@Disper
Disper committed Sep 16, 2024
1 parent d52e212 commit 77e50eb
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 5 deletions.
2 changes: 2 additions & 0 deletions api/v1/runtime_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ const (
ConditionReasonAuditLogConfigured = RuntimeConditionReason("AuditLogConfigured")
ConditionReasonAuditLogError = RuntimeConditionReason("AuditLogErr")
ConditionReasonAuditLogMissingRegionMapping = RuntimeConditionReason("AuditLogMissingRegionMappingErr")
ConditionReasonOidcConfigured = RuntimeConditionReason("OidcConfigured")
ConditionReasonOidcError = RuntimeConditionReason("OidcConfigurationErr")
)

//+kubebuilder:object:root=true
Expand Down
34 changes: 29 additions & 5 deletions internal/controller/runtime/fsm/runtime_fsm_configure_oidc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,24 +17,32 @@ func sFnConfigureOidc(ctx context.Context, m *fsm, s *systemState) (stateFn, *ct

if !isOidcExtensionEnabled(*s.shoot) {
m.log.Info("OIDC extension is disabled")
s.instance.UpdateStateReady(
imv1.ConditionTypeOidcConfigured,
imv1.ConditionReasonOidcConfigured,
"OIDC extension disabled",
)
updateStatusAndStop()
}

if s.instance.Spec.Shoot.Kubernetes.KubeAPIServer.AdditionalOidcConfig == nil {
var error = errors.New("default OIDC configuration is not present")
m.log.Error(error, "default OIDC configuration is not present")
return updateStatusAndStopWithError(error)
validationError := validateOidcConfiguration(s.instance)
if validationError != nil {
m.log.Error(validationError, "default OIDC configuration is not present")
updateConditionFailed(&s.instance)
return updateStatusAndStopWithError(validationError)
}

err := createOpenIdConnectResources(ctx, m, s)

if err != nil {
m.log.Error(err, "Failed to create OpenIDConnect resource")
updateConditionFailed(&s.instance)
return updateStatusAndStopWithError(err)
}

s.instance.UpdateStateReady(
imv1.ConditionTypeOidcConfigured,
imv1.ConditionReasonConfigurationCompleted,
imv1.ConditionReasonOidcConfigured,
"OIDC configuration completed",
)

Expand All @@ -43,6 +51,13 @@ func sFnConfigureOidc(ctx context.Context, m *fsm, s *systemState) (stateFn, *ct
return updateStatusAndStop()
}

func validateOidcConfiguration(rt imv1.Runtime) (err error) {
if rt.Spec.Shoot.Kubernetes.KubeAPIServer.AdditionalOidcConfig == nil {
err = errors.New("default OIDC configuration is not present")
}
return err
}

func createOpenIdConnectResources(ctx context.Context, m *fsm, s *systemState) error {
srscClient := m.ShootClient.SubResource("adminkubeconfig")
shootAdminClient, shootClientError := GetShootClient(ctx, srscClient, s.shoot)
Expand Down Expand Up @@ -92,3 +107,12 @@ func createOpenIDConnectResource(additionalOidcConfig gardener.OIDCConfig, oidcI

return cr
}

func updateConditionFailed(rt *imv1.Runtime) {
rt.UpdateStatePending(
imv1.ConditionTypeOidcConfigured,
imv1.ConditionReasonOidcError,
string(metav1.ConditionFalse),
"failed to configure OIDC",
)
}

0 comments on commit 77e50eb

Please sign in to comment.